In May 2024, a company in California suddenly made headlines across the financial press. Synapse Financial Technologies, once hailed as a pioneer in the next wave of financial innovation, filed for bankruptcy. The company had promised to revolutionize banking by providing “Banking-as-a-Service” (BaaS): an invisible layer of technology that allowed apps to plug directly into the financial system.

Through partnerships with small banks, Synapse offered FinTechs deposit accounts, debit cards, and payments so that the FinTechs themselves could avoid becoming banks. When Synapse collapsed, however, thousands of people lost access to their funds overnight. The question of who could be held responsible –  Synapse, the banks, or the FinTech apps – was left unanswered.

As I discuss in my recent paper, this episode is an example of how the shift from open banking’s focus on data sharing to BaaS’s  modularization of core banking functions creates both opportunities and structural vulnerabilities that existing regulatory frameworks struggle to address. By modularization, I mean the breaking down of banking into smaller, standardized components – account opening, payments, compliance checks, or lending – that can be delivered separately through application programming interfaces (APIs) and then reassembled by FinTechs or platform companies into products for customers.

Beyond Data Sharing

The story begins with open banking. In the aftermath of the global financial crisis, policymakers in the United Kingdom and the European Union looked for ways to spur competition in retail banking. Their solution was deceptively simple: Require banks to share customer data, with the customers’ permission, through standardized APIs. Open banking, they argued, would give consumers control over their financial information, lower barriers to entry, and create room for new services.

The idea quickly spread. In the U.S., firms like Plaid built businesses around aggregating financial data. In Asia, Singapore encouraged banks to develop open API marketplaces. What began as a regulatory experiment became a global movement to open up finance.

But open banking was never the end of the story. Sharing data is one thing. Sharing the functions of banking itself – account opening, payments, lending, compliance – is another. That is where Banking-as-a-Service enters.

What BaaS Really Means

BaaS unbundles banking into components and delivers them through APIs. Licensed banks reveal their infrastructure; FinTechs and even non-financial companies build products on top of it. The result is that consumers can get banking services not just from banks, but from shopping apps, ride-hailing platforms, or digital wallets.

From a consumer’s perspective, this is convenient and seamless. From a business perspective, it lowers costs and accelerates innovation. Banks, instead of building every app themselves, rent out their infrastructure. FinTechs, instead of applying for banking licenses, plug into someone else’s. The system seems efficient.

Yet efficiency has a flip side. Just as cloud computing has concentrated risk in a handful of providers, BaaS can create hidden dependencies. When one link in the chain breaks – as Synapse showed – the effects ripple across FinTechs, banks, and ultimately consumers.

The Global Experiment

The U.S. is not alone in grappling with this new architecture of finance. Around the world, regulators are discovering that existing frameworks do not neatly apply to BaaS.

• In Europe, open banking rules under PSD2 transformed payments and account aggregation. More recently, the EU’s Digital Operational Resilience Act extended oversight to technology providers, but BaaS intermediaries remain largely outside prudential frameworks.
• In the United Kingdom, regulators have championed FinTech and consumer protection. But the stress of Railsr, another BaaS provider, showed how fragile the ecosystem can be when intermediaries sit in the shadows of supervision.
• In the United States, attention to bank–FinTech relationships is growing. In mid-2024, the federal banking agencies issued a Request for Information (RFI) seeking comment on the risks and benefits of partnerships between banks and FinTech firms. The initiative underscores regulators’ recognition that reliance on third parties – including BaaS providers – raises questions of safety, soundness, and consumer protection, though no comprehensive framework has yet emerged
• Singapore has taken a voluntary approach to open banking, and its Payment Services Act brings many digital-payment providers under license. The Monetary Authority has also issued outsourcing guidelines. Even so, questions remain about liability when multiple actors are involved, particularly when infrastructure is shared without the middleware entity taking possession of consumers’ funds.
• In China, big tech companies like Ant Group turned finance into a feature of everyday digital life, embedding payments, credit, and wealth management into super-apps. Regulators eventually intervened, forcing Ant to restructure under stricter oversight – recognition that scale itself creates systemic risk.

Each jurisdiction offers part of the puzzle, but none has solved it.

Why It Matters

The transformation from open banking to BaaS is not just a story about technology. It reshapes the structure of financial intermediation. For over a century, consumers knew who their bank was, and regulators knew who to supervise. BaaS blurs these lines. Consumers may trust an app that looks nothing like a bank. Regulators may find that the real risks lie not with licensed institutions, but with intermediaries operating beyond the scope supervision traditionally applied to licensed banks and financial institutions.

This creates a classic law-and-economics problem. Private contracting cannot easily fix the misalignment of incentives and responsibilities. Consumers lack the information to understand the risks. FinTechs and middleware firms may pursue rapid growth while shifting risks onto banks or customers. And systemic vulnerabilities – where the failure of one intermediary cascades across an entire system – cannot be contained by bilateral agreements.

The stakes are high. If BaaS is left unchecked, financial innovation may come at the expense of consumer trust and systemic stability.

The Road Ahead

The lesson of Synapse is not that BaaS should be abandoned. On the contrary, the model holds promise: more inclusive services, lower transaction costs, and innovation at scale. But its success depends on embedding innovation within robust regulatory frameworks.

Across jurisdictions, policymakers are beginning to ask the right questions:

• Who is responsible when something goes wrong in a BaaS chain?
• Should intermediaries that perform core banking functions be licensed?
• How do we ensure resilience when financial services depend on a handful of middleware firms or technology providers?
• What happens when platform companies become the gateways to essential financial products?

The answers are far from settled. Some countries, like Singapore, are experimenting with activity-based regulation. Others, like China, have imposed restructuring. In the U.S., regulators are only starting to confront these issues.

What is clear – and what I emphasize in my paper – is that open banking frameworks alone, designed for data portability, are insufficient for the realities of modular finance. The shift from sharing data to unbundling banking functions demands a new regulatory conversation.

Conclusion

The collapse of Synapse pulled back the curtain on an invisible but critical layer of finance. It revealed how Banking-as-a-Service, though efficient and innovative, can also be fragile and confusing for consumers. As financial services migrate from banks to apps, and from branches to APIs, regulators face the challenge of adapting frameworks built for an earlier era.

The evolution from open banking to BaaS is a global experiment that continues. Whether it becomes a sustainable architecture for the finance – or a source of recurring crises – depends on how we address the vulnerabilities exposed today.

This post comes to us from Nydia Remolina, an assistant professor of law and the deputy director of the Centre for Commercial Law in Asia at Singapore Management University. It is based on her recent paper, “From Open Banking to Banking-as-a-Service: Regulatory Challenges in the Evolution of Financial Intermediation,” available here.