Share
What fraud risks do sponsor banks face in the embedded finance ecosystem?
Most sponsor banks and their partners are focused on compliance, not fraud. However, embedded finance products carry significant fraud risks that could cause sponsor banks to suffer financial losses.
Imagine this scenario: A sponsor bank and a retail chain want to launch a digital wallet and credit card program that will be accessible right from the retail chain’s app: a platform with over five million downloads and hundreds of thousands of active monthly users. The sponsor bank does due diligence and determines that the retail chain — the end-brand hosting the financial offer and interfacing with the customer — is a good fit for their embedded finance portfolio. After all, the sponsor bank wants to grow their deposits, and the app’s wide reach is promising.
But there are a few speed bumps impacting this embedded finance union: the retail chain’s parent company has worked with a fintech intermediary to launch embedded finance products in the past, but their KYC program was less robust than the sponsor bank’s. Aware that the retail chain’s past experience may have colored their approach to risk management, the sponsor bank decides to outline the specific compliance and fraud requirements that the retail chain must implement but ultimately leaves execution up to them.
A month after launching the digital wallet and credit card program, a synthetic identity fraud ring targets the retail chain’s new credit card program. The attackers take advantage of the retail chain’s pre-approved onboarding process to open a large number of accounts in a short period of time and quickly commit bust-out fraud. A substantial amount of funds are lost before the third-party attack can be stopped.
Now, who is ultimately responsible for covering these financial losses? If your answer is, “Well, it depends,” then you are right.
The fraud and embedded finance dilemma
Embedded finance represents both an opportunity and a threat for sponsor banks. The opportunity lies in their ability for sponsor banks to expand their portfolio and increase revenue. However, the complexity of embedded finance relationships and a lack of clarity surrounding roles often cause complications once fraud does strike. Who in the partnership is responsible for the loss? Is it the end-brand or the sponsor bank?
Typically, the answer is the end-brand. But even if the sponsor bank is not directly responsible for covering the losses, they still need to be invested in embedded finance fraud prevention for several reasons:
- Sponsor banks want these programs to remain open and profitable.
- They want to limit any of the reputational damage that might accompany a fraud incident. Keeping fraudsters out of their financial ecosystem, which includes partnerships, is important in that regard. (Even if the parties suffering financial loss are technically considered “a partner’s customers,” the sponsor bank is still serving those customers’ needs.)
- They do not want to draw increased regulatory attention to their embedded finance programs as a whole because of one partnership.
Also, if the end-brand ultimately goes out of business due to unchecked fraud in its embedded finance program, then the sponsor bank could actually be on the hook for the fraud loss. This could be the case, for instance, if the retail chain in the example above overextends and can no longer cover its operating costs due to significant loss.
Still, the foremost concern of a sponsor bank entering the embedded finance ecosystem is compliance risk, and given recent headlines, it should remain of the utmost importance. However, making compliance the sole focus of embedded finance partnerships poses its own threats.
Any time a company opens a new financial product line, it attracts fraudsters looking to exploit a new channel. And the world of embedded finance, where financial products are being established in non-financial environments, is even more enticing to fraudsters. Experience matters when it comes to preventing fraud, and fraudsters will often go after businesses that are new to financial services and may be unfamiliar with the risks that come along with it.
Instead, sponsor banks need to begin embedded finance partnerships with solutions that provide holistic insights into regulatory compliance and fraud prevention. Then, they have a chance to mitigate compliance and fraud risk and improve their relationships with end-brands and their fintech partners.
What challenges do sponsor banks face when it comes to fraud protection for embedded finance products?
While sponsor banks might be tempted to establish one-size-fits-all fraud prevention processes to maintain oversight over their embedded finance partnerships, this can cause significant roadblocks:
- First and foremost, this is not a realistic goal. Just as fraudsters keep changing their tactics and exploring new channels to commit fraud, sponsor banks, end-brands, and fintech intermediaries alike need to adapt fraud prevention strategies to combat fraud attacks.
- If a sponsor bank built their solution in-house, their infrastructure might not provide the necessary flexibility and agility to accommodate the needs of every embedded finance partnership either.
- As a result, they could squeeze end-brands and fintechs into rigid systems, potentially stunting growth, creating confusion, and causing a lack of accountability. Workflow complications and increased customer friction can impact operational overhead and damage conversion rates.
In short, no one is really happy, and the embedded finance partnership suffers.
An example of changing fraud prevention needs
Let’s say a sponsor bank has two very different embedded finance partnerships. The first partner is a financial end-brand: a fintech offering custom debit cards to small business customers. The second partner is a non-financial end-brand: in this case, an insurance company that offers high-yield savings accounts to consumers with very specific rules about the timing of deposits and withdrawals.
The insurance company’s offering is vulnerable to identity theft, phishing and social engineering attacks, and account takeover. In addition to those fraud types, debit card programs could also experience synthetic identity and card-not-present fraud. While there is overlap, it is fair to say that the partnerships have different vulnerabilities and needs when it comes to fraud prevention.
For more insights into current fraud trends, download Alloy’s 2024 State of Fraud Benchmark Report.
So, how does a sponsor bank decide the threshold for their minimum fraud prevention standards? Let’s say they hold both partnerships to the same baseline requirements using their own infrastructure. The situation becomes a catch-22.
Attempting to account for synthetic identity and card-not-present fraud in the debit card programs could add customer friction for the insurance company that has already established stringent rules with its customers. On the other hand, if the sponsor bank tries too hard to alleviate customer friction and removes too many safeguards, they could open the door for more fraudsters coming in through vulnerabilities in the debit card program.
Without an agile solution, sponsor banks are left navigating a tricky, complex path and potentially incurring too much risk. Now, multiply this scenario across dozens or even hundreds of partnerships, and the complexity of the embedded finance ecosystem becomes much more evident.
How can an Identity Risk Solution alleviate the potential fraud risks in embedded finance partnerships?
An Identity Risk Solution, like Alloy, certainly helps sponsor banks ensure that their embedded finance partners comply with mandatory know you customer (KYC), know your business (KYB), and anti-money laundering (AML) regulations. But it also prevents fraud at origination, provides visibility into potential fraud threats throughout the customer lifecycle, allows users to test scenarios and implement new step-up verifications based on those projected outcomes, and decreases manual reviews.
Discover how Alloy can help you elevate your fraud prevention strategies.
Alloy for Embedded Finance
Alloy launched Alloy for Embedded Finance so that sponsor banks can collaboratively manage identity risk alongside fintech and non-financial end-brands while they maintain oversight of any regulatory requirements. The product uses a centralized dashboard and parent/child account structures, so sponsor banks (parent accounts) establish baseline policies and maintain visibility into their partnerships’ manual reviews and performance (child accounts).
Alloy for Embedded Finance allows sponsor banks to:
- Customize controls based on a partner’s product type and maturity, so that end-brands still have the flexibility to deliver personalized customer experiences.
- Configure risk thresholds, define rules-based alerts, and tailor fraud prevention strategies according to the unique risk profiles and business objectives of their partnerships.
- Scale and future-proof embedded finance programs for changing regulations, evolving threats, and growth.
- Streamline compliance policies to reduce customer friction.
When it comes to fraud prevention, Alloy enhanced the merged lists feature, which auto-approves or denies evaluations based on one or more personally identifiable information (PII) elements. Lists defined at the parent level are synced across all child accounts. This allows sponsor banks to detect bad actors across their entire portfolio while continuing to provide their partners with a level of autonomy.