Adapting your tech stack for embedded finance

A guide for banks, credit unions, and electronic money institutions

By Alloy and Treasury Prime

Financial institutions (FIs) are feeling the impact of a consumer-driven shift from banks to brands. No longer the primary value drivers for the end-customer, FIs like banks, credit unions, and electronic money institutions (EMIs) are entering the embedded finance ecosystem. Their goal: to enhance their offerings through fintech partnerships aimed at building bolder, more customer-centric digital products.
Bain & Company reports that the total transaction value of embedded finance is expected to reach $7 trillion by 2026. And it’s no wonder; embedded finance allows FIs to create new revenue streams, boost customer engagement, and facilitate innovative partnerships. 
But first, FIs opening up to embedded finance must transform their tech stack to meet their organization’s specific challenges head-on while achieving their unique embedded finance goals. This also means finding best-in-class tech partners that enable them to offer scalable financial solutions to end-brands in a regulatory-compliant manner.


We’ve broken down how FIs can build a successful embedded finance tech stack. Use the links on the left to jump around, or keep reading.

What is embedded finance?

Embedded finance is any application of a financial service in a non-financial environment. It allows end-brands to partner with banks, credit unions, and EMIs to insert financial offerings into their digital ecosystems strategically and responsibly. These offerings often provide competitive advantages over traditional financial institutions, such as free accounts, no minimum balance requirements, or quicker direct deposits.

For example, Uber — a non-banking end-brand — leverages its relationships with embedded finance providers to offer rideshare drivers access to in-app banking products like deposit accounts and debit cards. These products are designed to cater specifically to the needs of gig workers, offering benefits like no-fee accounts, easy reimbursements for fuel payments, and instant access to earnings after each ride. Uber’s financial products are powered by a broad tech stack that includes payment infrastructure from Stripe, Branch, and Evolve.

Providers like Branch and Stripe have challenged FIs to open up their data and infrastructure to third-party providers through standardized application programming interfaces (APIs). By doing so, banks, credit unions, and EMIs are not just embracing open banking principles, they are also rising to better meet the demands of the financial landscape. This shift has enabled more immediate, personalized, and well-integrated financial services, and broader participation in the modern financial ecosystem.

Learn more: Understanding embedded finance: A deep-dive guide

Why assemble an embedded finance tech stack?

According to Cornerstone Advisors' 2024 What’s Going On In Banking report, the percentage of banks developing an embedded finance strategy has nearly doubled year-over-year, from 3.7% in 2023 to 7.0% in 2024.

Embedded finance partnerships have allowed FIs to quickly expand their reach and tap into new customer segments without having to rip and replace solutions entirely or increase marketing spend. They also allow FIs to swiftly integrate new distribution channels for their financial products, bypassing the constraints imposed by legacy systems and operational modes. 

Amid a rapidly changing backdrop, banks, credit unions, and EMIs are finding new growth opportunities in embedded finance while adhering to regulatory obligations.

While embedded finance may be a new banking channel, it helps FIs generate revenue in good old-fashioned ways such as through deposits, which the 2024 BAI Banking Outlook Executive Strategies Report named the number one business priority for bankers this year. 

Which tech is foundational to embedded finance?

Building an embedded finance tech stack involves navigating what can feel like a complex ecosystem of providers and solutions. The reality is that there are many interesting ways to slice off components of the banking ecosystem because there are so many niches, and banks need a lot of help building modern software. Here are the most critical pieces of an embedded financial tech stack:

1. API Gateways and core integrations

FIs seeking to update their tech stack for the embedded finance space often partner with fintech companies offering middleware solutions. These middleware solutions allow FIs to connect their core systems with fintechs and end-brands using APIs. APIs work like pipes, enabling the growth of the embedded finance market by helping financial organizations securely share financial data with third-party developers.

Challenge

Much like brand-new underground pipes, APIs often have to integrate with very old systems. An FI’s existing core systems may not be API-compliant, forcing it to invest significant time and resources into developing configurable, parameter-driven products for embedded finance. These banking cores can be very brittle, with servers tending to go offline on the weekends or shut down for updates. Abstracting away those performance issues so that a fintech can interface with a core in real time is very challenging.

Solution

FIs need a secure, scalable, and reliable API gateway so they can extend necessary functions and data from their core systems to both fintech and end-brand partners. This API gateway should support industry-standard protocols, such as REST and JSON, and provide comprehensive documentation as well as developer support. 

Meanwhile, FIs need their core banking systems, including their account management, payments, and ledger systems, to be properly integrated with an API gateway that can support fast, seamless integrations between their existing systems and their partners’ systems. This may require some modifications or enhancements to enable real-time data exchange and transaction processing.

Example of an API gateway solution

Treasury Prime facilitates integration between FIs and their fintech partners through modern APIs. Their built-in embedded finance ecosystem strategically connects FIs to fintech partners. In doing so, they aim to foster mutually beneficial embedded finance partnerships that drive growth for both parties while adhering to high regulatory compliance standards.

2. Compliance and fraud

FIs involved in embedded finance are responsible for ensuring compliance with applicable regulations — like know-your-customer (KYC), anti-money Laundering (AML), and fraud prevention — across their entire embedded finance portfolio. This includes conducting due diligence on partners, implementing robust compliance controls, and monitoring transactions for suspicious activities.

In recent years, regulatory bodies have increased their scrutiny of the embedded finance landscape. For example, the Financial Conduct Authority (FCA) in the United Kingdom (UK) and the Federal Financial Supervisory Authority (BaFin) in Germany have carried out consent orders and taken enforcement actions against financial institutions for compliance failures related to their embedded finance partnerships. In the United States (US), agencies such as the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) have also expressed their expectations for robust compliance management in the context of embedded finance.

Challenge

Failure to comply with regulations can result in significant fines, reputational damage, and even the loss of banking licenses. A significant portion of severe enforcement actions have affected FIs involved in embedded finance banking-as-a-service (BaaS) partnerships. S&P Global Market Intelligence reports that banks offering BaaS accounted for more than 13% of severe enforcement actions from federal bank regulators last year.

Solution

FIs must leverage solutions that facilitate compliance across their entire embedded finance ecosystem. This requires robust data analytics capabilities and interpretable decisioning systems, which are fundamental in compliance audits. Reporting tools for embedded finance partners should provide insights into transaction volumes, error rates, and key risk indicators while supporting regulatory requirements.

Compliance solutions for embedded finance should enable FIs to proactively identify and resolve any issues or anomalies by offering valuable insights into customer behavior and fraud risk management. These insights should be robust enough to inform strategic decision-making (including guiding fraud risk decisioning for embedded finance partners) and should help optimize offerings for maximum profitability.

Similarly, many fraud detection solutions leverage proprietary ML algorithms to identify and prevent fraud in real time. Advanced fraud decisioning algorithms can help protect FIs, their fintech partners, and end-brands from loss of customer goodwill due to reputational damage. Importantly, it can also help them avoid steep compliance fines imposed by regulators in addition to any financial loss due to fraud.

Learn more: 25% of companies lost over 1 million EUR/USD to fraud in 2023.

Examples of compliance and fraud solutions

Historically, banks ensured that their controls worked by examining a random sample of accounts. Today, solutions like Alloy run every transaction through software to make sure they are compliant.

Identity Risk Solutions like Alloy provide end-to-end compliance and fraud reporting tools to help banks manage fraud risk and streamline compliance throughout the customer lifecycle. In doing so, these solutions reduce the burden on banks and help embedded finance partnerships adhere to regulatory standards.

AFEF inline 5

Compliance assurance platforms like Cable are another type of compliance technology that helps FIs manage regulatory requirements by running KYC/AML checks and performing transaction monitoring.

Advanced fraud detection solutions like NeuroID work to detect behavior anomalies, while platforms like Inscribe and Socure help organizations build trust through digital identity verification. Alloy’s Identity Risk Solution brings them all together.

Learn more: Alloy helps Ramp with KYB and KYC checks, boosting fraud detection efficiency by 75%

3. Data orchestration  

Despite the growing adoption of embedded finance, some FIs are resistant to this fundamental restructuring of how financial products are delivered. They are worried that they will become "dumb pipes" disintermediated from end-customers. While Alex Johnson of Fintech Takes notes this concern may be misguided, it does point to the challenges of FIs being removed from end-brands and their customers. In the embedded finance ecosystem, it's crucial that FIs have a way to sync data across systems. This is true not only from an operational standpoint, but from a risk management standpoint as well.

Challenge

Layered partnerships in embedded finance enhance the strength of innovation but reduce interoperational visibility, leading to siloed systems. These barriers may cause operational challenges and complicate the coordination of compliance controls and fraud risk policy changes.

Solution

FIs need centralized data orchestration that provides real-time visibility into tech and end-brand partners' financial operations. These data orchestrators should provide various functions, including aggregating data from various systems and centralizing it for better operational control and risk management. Data orchestrators feature a unified dashboard, where FIs can monitor key financial data such as transaction volumes and customer activity. By choosing a data orchestrator that leverages advanced analytics and machine learning (ML), embedded finance providers can help FIs make data-driven decisions and maintain control over their offerings.

Examples of data orchestrators 

Different types of data orchestrators may specialize in unifying data for different end goals. For example, Codat is a financial data orchestrator whose API platform enables banks to easily access and integrate with their small and midsize business customers' financial data. Codat does this by orchestrating data from alternative data sources used by this customer segment, including accounting software, payment processors, and e-commerce platforms. 

Despite being an Identity Risk Solution, Alloy is also a data orchestrator. By orchestrating identity data from over 200+ alternative and traditional data sources, Alloy offers a holistic view of identity across bank, credit union, and EMI fintech portfolios. For FIs, orchestrating identity data across systems ensures safer, more transparent, and compliant embedded finance operations.

Data orchestration is the key to collective risk intelligence. Learn how.

4. Data security 

FIs are responsible for safeguarding not only customers' finances, but their data as well. To do so, FIs involved in embedded finance must adhere to stringent data security standards set by regulatory bodies such as the Federal Trade Commission (FTC) in the US, the Information Commissioner's Office (ICO) in the UK, and the Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany.

These regulatory bodies enforce data protection laws, such as the Gramm-Leach-Bliley Act in the US, the Data Protection Act 2018 in the UK, and the European Union’s General Data Protection Regulation (GDPR). These laws require financial institutions to maintain robust safeguards to protect customer information and prevent unauthorized access to consumers' personal financial information.

To comply with these regulations and ensure the security of customer data in the complex landscape of embedded finance, FIs must implement secure data handling practices. When a customer initiates a transaction through an end-brand, their sensitive data is tokenized or encrypted before being sent to the FI for processing. The FI then decrypts the token, processes the transaction, and sends a response back to the third-party platform without exposing the customer's data. This is especially important given the complex nature of embedded finance ecosystems, where data is shared and processed across multiple entities. 

Challenge

The nature of embedded finance means that sensitive customer data is shared with and stored by third-party platforms, expanding the potential attack surface for data breaches. Preventing these data breaches across the entire embedded finance ecosystem — with multiple interconnected systems and partners with varied risk tolerance — is complex and challenging.

Solution

Advanced encryption and tokenization can keep customer data safe from hackers and other bad actors. By implementing these security measures and adhering to industry standards like PCI DSS and SOC 2, FIs can ensure that customer data remains secure. Regular security audits and penetration tests can help FIs identify and address potential vulnerabilities, further strengthening the overall integrity of the embedded finance ecosystem.

Examples of data security solutions

Basis Theory’s tokenization platform collects, and secures sensitive data, like credit card information, for use. This allows FIs to experiment responsibly with data in SOC 2-compliant environments. Basis Theory’s tokenization ensures that personally identifiable information (PII) remains secure throughout the transaction process, reducing the risk of data theft.

How to vet embedded finance technology

An embedded finance tech stack will be reflective of each FI’s individual risk tolerance and the risk tolerance of their end-brand partners. Still, it is up to banks, credit unions, and EMIs to lead the charge by vetting their embedded finance technology. 

To vet embedded finance solutions, FIs should start by asking these ten questions:

1. Is it quickly deployable?

Software exists to streamline activities that previously would have required human labor. The more processes FIs can outsource, the faster they can bring their embedded finance products to market.

The alternative to using a solution like Alloy or Treasury Prime is to build out APIs and infrastructure for KYC, AML, transaction monitoring, and more. However, this takes time, and time is money. 

Software development kits (SDKs) simplify the integration process for fintech partners and end-brands, allowing them to incorporate banking functionality into their applications quickly and easily. By leveraging pre-built solutions, FIs can significantly reduce the time and resources required to launch embedded finance offerings. As a result, they can respond quickly to changing customer demands, better staying ahead in a competitive market.

2. Does it have a robust API?

Robust APIs allow for easy integration with fintech platforms that enable real-time data exchange with end-brands. Well-documented and secure APIs facilitate seamless communication between a sponsor bank's core systems and fintech partners' applications. This lets FIs offer a wide range of embedded finance products and services, such as account opening, payments, lending, and wealth management, through their fintech partners' platforms.

3. Is it scalable?

Thanks to APIs' continued innovation, financial sector leaders have gained confidence in their ability to support automation and generate scalability with new embedded finance offerings. This is important because embedded finance tech stacks must be able to handle higher transaction volumes and data processing requirements without compromising performance or security. Scalable infrastructure ensures that your bank or credit union can seamlessly accommodate growth and maintain a high-quality user experience for their end-brand partners and their customers.

4. Is it fintech-friendly?

To attract end-brand partners, FIs need to be aware of how well an embedded finance solution meets their partners’ specific growth needs. Historically, banks would hire a team to build on a tech platform. Before solutions like Treasury Prime, they’d use spreadsheets, chewing gum, and band-aids to hold everything together — and that doesn't scale in the way an embedded banking partner requires. 

Over time, banking components that once worked may experience compatibility issues with fintech and end-brand partners. Modern embedded finance tech stacks require tools designed with fintech and end-brand partnerships in mind.

5. Is it regulator-friendly?

While FIs have extensive experience dealing with regulations, fintechs and end-brands may not have as much expertise in this realm. 

A regulator-friendly tech stack includes risk management features intended to keep FIs and their end-brand partners compliant. Real-time transaction monitoring, perpetual KYC/AML compliance, and SAR filing can help FIs confidently navigate the regulatory landscape and mitigate risks associated with partnerships between FIs, fintechs, and end-brands. This ensures a stable and compliant ecosystem for all stakeholders involved.  Additionally, FIs should engage with their respective regulators to ensure they are comfortable with the tech stack.

[arrow icon] Do you know when and how to file a Suspicious Activity Report (SAR)?

6. Is it flexible and customizable?

FIs should seek tech stack components that allow for customization and flexibility to meet the unique needs of their end-brand partners and target segments. This might include the ability to adjust risk oversight and configure product offerings, pricing, and branding to align with each partnership's specific requirements. 

For example, Alloy’s embedded finance solution lets FIs sponsoring end-brands customize compliance oversight and fraud risk controls. FIs can drag-and-drop risk management workflows — or hand control over to their partners as needed across their embedded finance portfolio.

7. Does it honor existing commercial agreements?

A bank's commercial agreements with its partners dictate specific requirements for customization, data sharing, security, compliance, and integration. An embedded finance tech stack should support the tracking and reporting of metrics necessary for fulfilling service level agreements (SLAs), accurately calculating revenue sharing, and protecting intellectual property rights as outlined in the commercial agreements. 

8. Does it have a good track record with clients and partners?

When it comes to mounting an embedded finance tech stack, due diligence is key. Read about any prospective technology partners online, and read reviews from their clients and collaborators. Ask: What is the provider’s track record in terms of uptime, reliability, and performance? Follow them on social channels like LinkedIn to connect with their experts, and learn strategies for improving your embedded finance strategy.

9. Can I secure buy-in?

FIs may have difficulty deciding on embedded finance solutions and prioritizing solutions that satisfy all stakeholders. Getting everyone on board means prioritizing cost-effective solutions and ROI. This is particularly important when considering the investment required to upgrade core systems, improve data warehousing capabilities, and strengthen compliance measures to support partnerships with fintechs and end-brands. 

To secure buy-in, FIs should look to a potential tech partner’s case studies to see what results executive-level decision-makers can expect.

[arrow icon] Discover how Mountain America Credit Union used Alloy to reduce fraud by 29%.

10. Is it manageable?

On average, FIs engaging in embedded finance today support roughly four end-brand partners each — adding up to more than 300,000 consumer accounts, and 3,500 small business or other commercial accounts per embedded finance provider. Still, a few larger players in the space support 12 or 13 partners, more than 1 million consumer accounts, and between 25,000 and 50,000 commercial accounts. No matter the FI’s partnership count, the ideal embedded finance solution can help make an influx of embedded finance customers more manageable. 

Ready to build an embedded finance tech stack?

Unlock embedded finance with Alloy and Treasury Prime

The structure of embedded finance partnerships is inherently challenging. However, financial institutions can position their embedded finance products for success by carefully evaluating their goals, assessing their core needs, and strategically assembling the right combination of technologies.

Alloy is an omnichannel Identity Risk Solution serving the embedded finance ecosystem. Our unified platform empowers banks, credit unions, and EMIs to navigate the complexities of regulatory compliance, risk management, and partner collaboration with ease. Alloy works with Treasury Prime to simplify embedded finance growth for FIs, their fintech partners, and end-brands. 

With Alloy, financial organizations can:

  • Streamline compliance processes and ensure regulator adherence across their entire embedded finance portfolio
  • Tailor risk management practices to the unique needs of each end-brand partner while maintaining oversight and control
  • Access a wide range of data sources. Adapt to evolving threats and opportunities with a built-in network of data vendors
  • Collaborate seamlessly with fintech and end-brand partners, driving innovation and delivering value to customers

Don't let the challenges of embedded finance hold you back. Discover how Alloy’s Identity Risk Solution can help you build a thriving, compliant, and customer-centric embedded finance ecosystem.

Banks, credit unions, and EMIs use Alloy for embedded finance.

About Alloy

Alloy solves the identity risk problem for companies that offer financial products. Today, over 600 banks and fintechs turn to Alloy’s end-to-end identity risk management platform to take control of fraud, credit, and compliance risk, and grow with confidence. Founded in 2015, Alloy is powering the delivery of great financial products to more customers around the world. Learn more at alloy.com. 

About Treasury Prime

Treasury Prime is building the future of finance. Through its cutting-edge embedded banking software, Treasury Prime facilitates seamless connections between banks and enterprise partners, equipping them with everything they need to launch innovative financial products with a strong commitment to responsible practices. Beyond its core banking offerings, which encompass accounts and payment infrastructure, Treasury Prime also provides a robust partner marketplace. This marketplace offers a wide range of auxiliary services tailored to meet the diverse needs of bank-fintech partnerships. Treasury Prime was named Best Banking-as-a-Service Platform in the Tearsheet Embedded Awards 2021 and 2022, and was named to CB Insights' annual 2021 Fintech 250 list.

More on embedded finance

See what you’re missing

First, we’ll learn about your needs, answer your questions, and then see how Alloy can help.
Back