Risk management in embedded finance wasn’t working, so Alloy fixed it.

Alloy introduces a win-win risk management solution for all sides of embedded finance partnerships

In an embedded finance partnership, banks and fintechs have different priorities when onboarding new customers — but those priorities don’t actually have to compete with each other.

For many banks, embedded finance has been a ticket to reinvigorated, rapid growth. Opening an embedded finance channel can significantly boost deposits and open up new customer segments. However, as regulatory scrutiny on bank/fintech partnerships continues to grow, it has become even more critical that banks efficiently and effectively control and monitor their embedded finance programs.

On the other hand, fintechs offering embedded finance products typically prioritize customer experience to unlock high growth and lack compliance expertise. This is especially true for early-stage startups looking to make their offerings and experiences accessible to as many good customers as possible.

After years of building financial products, I know fintechs are focused on creating great, differentiated customer experiences. But, as regulatory scrutiny and fraud threats grow, it will become increasingly important that they proactively manage compliance and fraud risk.

Balancing risk management with customer experience is a constant negotiation within any financial institution. Scale this across a fintech partner network, and the system starts to break.

Leveraging Alloy’s platform to help all players in the embedded finance ecosystem effectively manage shared risk together

Navigating the complexities of compliance while delivering a differentiated client experience requires a novel approach. I’m excited to announce the work we’ve been doing at Alloy to help solve this problem. With our new embedded finance solution, we’ve applied our learnings from years of powering embedded finance models for sponsor banks, BaaS providers, fintechs, and other players in the embedded finance ecosystem — such as Electronic Money Institutions (EMIs) in the UK — to provide a solution that equips banks with control across their portfolio while enabling collaboration with their partners all within one platform.

Before diving into Alloy's expanded embedded finance capabilities, I'll share a few of the challenges we've seen in the industry to set the stage for why we built our new solution.

How did financial institutions traditionally approach risk management in embedded finance, and why doesn’t it work for banks or fintechs?

Currently, sponsor banks and fintechs typically pick one of two common models for embedded finance compliance (as coined by Alex Johnson):

• Compliance-as-a-Service: The sponsor bank requires fintechs to adopt the bank’s compliance infrastructure and policies, limiting the control fintechs have over their risk management practices.

• Bank-as-Regulator: The sponsor bank outlines minimum requirements based on existing regulatory guidance and internal best practices, and leaves it to fintech partners to be responsible for standing up the technology and data sources to execute.

Neither model enables a balance of visibility and control for all players in the ecosystem.

Challenges presented by a Compliance-as-a-Service model

• Banks will impose a “one-size-fits-all” approach that leads to a lack of flexibility for mature fintech partners. Existing tools used by banks to manage risk don’t provide fintechs enough insight into their own policies and performance. While some fintech partners might be young startups with little to no experience managing fraud and compliance risk, others are more mature and equipped to optimize their own controls.

• Both sponsor banks and fintech partners may be locked into data vendors that do not meet their evolving needs. A fintech partner may already have a preferred compliance data vendor that differs from what their sponsor bank is using. If the bank directs the fintech partner to use the bank’s chosen vendor, this might come at the cost of a poor client experience. Fintechs have unique business models and products that often target unique populations, and serving those populations well means tailoring the data providers and decisioning logic. As regulation, fraud, risk appetite, and growth goals evolve, so do the ideal data partners for each product and population.

Challenges presented by a Bank-as-Regulator model

• Sponsor banks don’t have sufficient oversight or control over whether their fintech partners follow the compliance requirements they set. Sponsor banks, as regulated entities, are ultimately responsible for the customers that their fintech partners onboard. They take a strong interest in ensuring the appropriate KYC/KYB, AML, and ongoing due diligence has been conducted on the end users. But if fintech partners have their own technology to manage and monitor customer activity, it is very difficult for the banks to know and stay in the know that their fintech portfolio is consistently following the requirements, which can open them up to regulatory penalties and financial losses. Any visibility requires the sponsor bank to conduct a lengthy, manual audit, adding to operational overhead for already stretched teams.

• Fintechs are reliant on point solutions that only support a limited number of data sources. As with the Compliance-as-a-Service model, fintechs are similarly hampered by vendor lock-in challenges, limiting their ability to scale and adapt to evolving threats.

How is Alloy transforming risk management for bank/fintech partnerships?

Alloy’s platform is designed to solve identity risk problems for both banks and fintechs. Today, we service nearly 600 of the world’s largest banks and fintechs — including sponsor banks and BaaS providers — with solutions for compliance, fraud, and credit risk management. Leveraging the power of the Alloy platform, I am excited about our new features custom-designed for embedded finance providers, which makes it even more seamless for sponsor banks to have complete control over their programs to ensure compliance while providing flexibility for fintechs to tailor their risk measures in line with their unique needs.

Get oversight and control over your entire partner portfolio

We recognized that our clients had different approaches to embedded finance – some prefer to control policies end-to-end across their portfolios. In contrast, others are more comfortable outsourcing parts of risk management to their more mature fintechs. To accommodate these diverse operating models, we introduced a provisioning dashboard with parent/child account structures, allowing them to configure different levels of permissions to provide appropriate control. Sponsor banks (or ‘parent accounts’) are able to designate the level of autonomy or guardrails to put into place for each of their fintechs (or ‘child accounts’) directly in the platform:

• Controlled child accounts have restrictions on editing the decisioning logic pushed down by their parent but still have visibility into their policies, manual reviews, and performance, so over time, they can become more active participants in their risk management.

• Autonomous child accounts, on the other hand, can create their own custom rules on top of the baseline policies enforced by their parent so they can tailor risk measures that don’t add unnecessary friction to end users.

Regardless of the child account model used for each fintech, parents have complete oversight across their programs to ensure they are fully compliant. They can build and enforce policy changes at scale by defining and passing rules onto select (or all) partners with one click, with no coding required. This provides sponsor banks peace of mind that their policies are implemented consistently while reducing operational overhead.

Keep your fintechs happy

We understand that every fintech has its own unique requirements and objectives – a policy or data vendor that works for one fintech may not necessarily be the best fit for another. With Alloy, you can do away with ‘one-size-fits-all’ policies and customize and tailor your controls to align with each individual fintech partner’s specific needs. Are your fintechs already using data sources that they’re happy with? Or do you need to try and test new ones to get the results you’re looking for? With access to the industry’s broadest network of data sources, you can avoid vendor lock-in while keeping up with the complex and varied needs of the fintechs you serve. Plus, Alloy simplifies the compliance reporting and audit processes for fintechs so they can stay focused on building and improving their core product and optimizing their customer experience.

Keep known bad actors out of your entire partner portfolio

We also introduced merged lists, an enhancement to our approve/deny lists, which auto-approve or auto-deny evaluations based on one or more PII elements. The lists defined at a parent level are synced to all child accounts, but child accounts can also customize their own lists, effectively ‘merging’ lists with their parents. This powerful feature enables embedded finance providers to detect and decision on bad actors across their entire portfolio while accounting for the nuances of each fintech.

Your identity risk problem in embedded finance is solvable

Alloy’s identity risk platform provides flexibility in how embedded finance providers manage identity risk across their programs, enabling greater alignment with partners and ensuring compliance every step of the way. Our best-in-class compliance and risk tooling allows banks to focus on growing their business and open up new revenue streams, without compromising on risk, while enabling fintechs to customize controls and maintain their competitive edge.

By embracing a collaborative approach to risk management, sponsor banks and fintechs can unlock new opportunities, drive revenue growth, and deliver unparalleled value to customers in the age of embedded finance.