BaaS – Banking as a Service in Brazil: what it is and how it works

Participants in the Brazilian payments market, visualizing the new entrants and their innovations in business models, saw the opportunity to offer a service that would facilitate the entry of new participants by allowing the use of their technologies, without harming their current space, thus creating BaaS (Banking as a Service).

 

It also allowed companies that do not operate in this market, such as e-commerces, supermarkets, clothing or cosmetics stores, among other segments, to offer payment services without necessarily developing the technological and regulatory structure necessary for this.

 

Content

• What is BaaS – Banking as a Service?
• Who can offer the BaaS service?
• Who can contract the BaaS service?
• What are the opportunities associated with BaaS?
• What are the legal precautions that the BaaS contractor should take?
• What are the advantages and disadvantages of contracting the service?
• Is the BaaS service regulated? How does the public consultation work?
• Public Consultation on BaaS – BCB 108/204

This was done through the offering of Banking as a Service services, commonly known in the market as “BaaS”, by financial or payment institutions, as regulated by the Central Bank of Brazil.

 

What is BaaS – Banking as a Service?

 

Banking as a Service, or BaaS, which literally means “banking services as a service”, is a financial or payment solution technology that, once licensed to the contractor, allows it to offer financial or payment services to its users, without needing to own technology or the necessary authorizations granted by the Central Bank of Brazil to operate such activities, since it is the financial or payment institution regulated by the referred regulatory body that carries them out.

In short, this technology allows, through API (Application Programming Interface) connections between software, that the contractor provides services to its users that are, in reality, executed by the financial or payment institution that provides Banking as a Service.

Thus, the user only sees, as the direct service provider, the BaaS contractor, however, whenever the user executes some financial or payment service through its provider’s platform, it generates a technological communication with the financial or payment institution that, in turn, executes it.

It is worth noting that this technology should not be confused with the licensing of white label platforms, and should be treated as a complementary technology.

Banking as a Service providers can also offer white label platforms or instruments, which allow the contractor to contract a pre-developed web platform or mobile application, requiring only customization with its brand. In this case, the contractor will also not need to develop the necessary technology for the user interface.

That is, for a service to be characterized as Banking as a Service, there should not necessarily be the offer of white label platforms.

 

Who can offer the BaaS service?

 

Banking as a Service (BaaS) is offered by financial institutions and payment institutions authorized by the Central Bank, which include traditional banks and new regulated fintechs. These institutions have the infrastructure and regulatory compliance necessary to offer banking services. In addition, financial technology companies with a banking license, also known as neobanks or fintechs, are emerging as BaaS providers. These providers use their banking licenses to offer financial services to third parties through robust and secure APIs.

These established institutions provide the necessary infrastructure, including payment systems, accounts, compliance services and risk management. They invest in advanced technology to ensure seamless integration with the platforms of companies that use their services. In short, any financial or payment institution authorized by the Central Bank can position itself as a BaaS provider, offering a range of financial and payment services to other companies.

 

Who can contract the BaaS service?

 

The Banking as a Service service can be contracted by a wide range of companies, from fintechs and startups to large non-financial corporations that wish to integrate banking services into their platforms. Fintechs and startups are the main contractors, as they can use BaaS to offer financial services without the need to obtain their own banking license. This allows these companies to focus on innovation and customer experience.

In addition, e-commerce companies, marketplaces and other digital platforms can hire BaaS to offer services such as digital accounts, credit cards, loans and payments directly in their applications or websites. This provides a more integrated and convenient experience for users, increasing customer loyalty and engagement. Large technology companies are also exploring BaaS to expand their financial services offerings and improve their value proposition.

 

What are the opportunities associated with BaaS?

 

As we have seen, Banking as a Service allows the contractor to use the structure of a third party, which must be an institution regulated by the Central Bank of Brazil, to provide financial or payment services to its users.

One of the biggest opportunities of BaaS is the ability to expand the offering of financial services quickly and cost-effectively. Companies can introduce new financial products, such as digital accounts, debit and credit cards, loans and investments, without the need to develop their own banking infrastructure. This allows for a rapid response to market needs and the exploration of new customer segments.

 

As financial or payment services, we can mention, among others:

• Opening of digital accounts;
• Pix;
• Cards;
• Transfers (TED and DOC);
• Bills;
• Credit solutions;
• Open Finance;
• Payment Transaction Initiation.

BaaS allows for greater customization of financial services. Companies can create tailor-made offers for different customer segments, increasing the relevance and attractiveness of products. In addition, the integration of financial services can promote innovation in business models, allowing the creation of new products and services that better meet the needs of customers.

 

As an example, we can mention some hypothetical cases:

• Opening of Payment Accounts: a company has an interest in offering payment accounts to its users, which allows them to receive funds and make payments through cards and Pix. To do so, it can contract BaaS services that offer the opening of payment accounts with the aforementioned features, combined with a white label application.
• Pix: a company that already offers payment accounts intends to start offering the Pix functionality, it can contract BaaS services exclusively to integrate the Pix functionality into its payment accounts already opened and in operation.
• Payment Transaction Initiator: a company wants to start allowing payments to be made through its messaging application, so it contracts the BaaS service, which integrates its technology so that the company’s users can initiate payment transactions without leaving the application.

From this, it is possible to see that BaaS services allow the performance of several different services, in different ways, increasing the range of possibilities for new entrants, including, from such operations, bring innovations to the market.

Companies that use BaaS can access new markets and geographic regions more efficiently. The robust infrastructure and regulatory compliance of BaaS providers allow companies to expand their international operations with ease, offering consistent, high-quality financial services in different jurisdictions.

 

What are the legal precautions?

 

The objective of contracting BaaS is to streamline the process of offering financial and/or payment services for new market entrants, both from a technological and regulatory point of view.

Although this facilitation is evident, there are still legal precautions that BaaS contractors should be aware of to ensure a good relationship with the service provider by fulfilling contractual obligations, considering that it will be the contractor’s main supplier, as it will be the one that will allow the operation of the service.

However, in addition, such legal precautions aim to mitigate risks related to the business, such as risks related to the consumer relationship with users, maintenance of technology services, as well as risks related to the regularity of its operation, mainly thinking about, in the future, to start operating directly, as an institution regulated by the Central Bank of Brazil, no longer depending on the BaaS provider.

Therefore, below we bring the main points of attention for the company or its legal department to evaluate before proceeding with the hiring of BaaS:

• Regularity of the Supplier: to ensure the regularity of its operations and avoid future risks related to the continuity of its business, one of the most important points that must be evaluated when choosing the supplier or during the negotiation is its compliance with the Central Bank of Brazil. In this sense, it is recommended to evaluate the existence of an authorization to operate before the referred regulatory body, as well as the type of institution in which the supplier is authorized, to verify if the authorization allows the supplier to provide the services it is offering.
• Customer Base: due to the nature of the services provided and regulatory requirements applicable to the supplier, it must have access to the contractor’s customer base data. Because of this, it is recommended that during the contractual negotiation the existence of protective clauses to the contractor’s customer base is evaluated, ensuring that it will not be affected or used for other purposes beyond the execution of the contract without the contractor’s prior authorization.
• Contractual compliance obligations: payment and financial services are activities regulated by the Central Bank of Brazil, which generates compliance obligations to be fulfilled by the BaaS provider. Therefore, even if the activity to be performed by the contractor is not directly regulated, certain information must be reported by the supplier to the Central Bank of Brazil, as well as certain acts must be performed by the provider of financial and payment services as required by the referred regulatory body.

Due to this, the supplier may contractually require certain obligations to be adopted by the contracting party, such as the implementation of a Policy for the Prevention of Money Laundering and Terrorism Financing in the terms required by the norms of the Central Bank of Brazil, among others, which aim to guarantee the compliance of the activities by the supplier, through the actions of the contracting party, since many times the supplier will not have direct contact with the users.

• Contractual Instruments to be signed with users: in this aspect, it is important to clarify to the user that the financial or payment services are provided by the contracting party through a supplier contracted for this purpose, to avoid doubts if in some instrument or payment receipt, the corporate name of the supplier appears as the institution responsible for executing such service (example, in a payment receipt for sending a transfer by a third party, it appears that the payment executed to the user had the BaaS supplier and not the contracting party as the recipient institution).

This will serve to mitigate risks related to complaints that may be submitted through platforms (for example, Reclame Aqui!), through direct contact with the supplier or even to the ombudsman of the Central Bank of Brazil – in the latter case, the supplier itself must respond and handle the complaint, which can generate potential impacts on the supplier’s relationship with the complainant.

In addition to complaints, any lack of clarification may result in lawsuits by the user against the contracting party or even the supplier.

 

What are the advantages and disadvantages of contracting the service?

Like any service and business model structures, there are advantages and disadvantages associated with BaaS, which must be considered by the contracting party before formalizing the contract.

As an advantage, we can mention the facilitation for the offering of financial or payment services by companies that do not have such activities as a core or that intend to enter the market, but do not have the necessary structure.

It is notorious that institutions that offer payment or financial services, in their great majority, need prior authorization to operate from the Central Bank of Brazil, and it is certain that the duration of the authorization process is, on average, one to two years.

In addition, once regulated, there are several regulatory rules that must be complied with, requiring a robust framework of internal compliance rules, as well as the implementation of processes that aim to comply with such rules, under penalty of relevant administrative sanctions to be applied to both the institution and its directors.

Therefore, the BaaS service allows a company to perform regulated activities, without the need to be regulated by the regulatory body and without having to comply with the large number of requirements applicable to financial and payment institutions, except those required contractually by the supplier. In addition, depending on the BaaS service contracted, there is no need to develop the technologies necessary for the execution of this service, again, facilitating the process of starting its activities.

From this, the BaaS service allows the loyalty of its customers, since it will allow the offer of financial or payment products and services in order to aggregate the user experience within the platform already offered by the company, in the case of companies that are not from the financial market segment, or generate the acquisition and loyalty of new customers, by adding various features to a digital account, for example.

With regard to the disadvantages, although they seem small compared to the great advantages of this business model, they must be considered. The main points are: (i) cost; (ii) exposure of the customer base; and (iii) dependence on the supplier.

Because it is a service that promises a full range of services, depending on the BaaS service of interest, it can be very costly to implement the technologies and for the subsequent monthly maintenance of the offer of this service. Therefore, although it allows starting activities in a facilitated way, it will demand a relevant investment, both in terms of payment of the supplier’s remuneration and in terms of hiring employees to execute all the requirements necessary for the operation of the service.

Furthermore, we have seen that it is necessary to share the data of the contracting party’s users so that the supplier can operate its financial and payment services, which generates an exposure to what can be understood, even, as a competitor. Therefore, the exposure of the customer base is a risk associated with the use of the BaaS service, which must be well negotiated when formalizing the contract.

Finally, it is important to emphasize that the contracting party will be entirely dependent on this supplier to perform this service, so it is extremely important to ensure a good relationship and compliance with the contractual requirements. In the same vein, due to such dependence, the bargaining power to demand compliance with certain contractual obligations by the supplier itself is lost, as well as any impact on the operation of the supplier’s services, will reach the contracting party’s operation immediately.

Having clarified what the BaaS service is, its operation and main characteristics, it is possible to conclude that it is a great option to start your activities in the payment and/or financial market, even if, in the future, you intend to seek the necessary authorizations to operate independently before the regulatory body.

To shield yourself from the disadvantages related to the structure of the BaaS service, just perform a good analysis and contractual negotiation with the supplier, as well as implement internal processes that allow compliance with contractual obligations, especially those related to compliance.

 

Is the BaaS service regulated? How does the BaaS public consultation work?

Until the year 2024, the Central Bank of Brazil (BCB) recognized the existence of the BaaS, Banking as a Service, service, however, there was still no specific regulation on the subject. Thus, on October 31, 2024, the Central Bank of Brazil published the Public Participation Notice No. 108/2024, with a proposal to regulate BaaS – Banking as a Service.

This regulation will be done through a joint resolution of the National Monetary Council and the Central Bank of Brazil and, in general, aims to provide more security and promote efficiency, competitiveness, soundness and the prevention and mitigation of risks of products and services offered by regulated institutions, as well as for the contracting of their services and for the customers affected by BaaS relations, having the following main aspects:

• The object and scope of application;
• The definitions of BaaS;
• The principles for the provision of BaaS services;
• The scope of the services to be provided;
• The rules for contracting BaaS services;
• The responsibilities of the parties involved;
• The aspects of customer relationship;
• The mechanisms for monitoring and controlling the services provided through BaaS; and
• The general provisions.

Scope of services: the proposal defines a strict list of services that can be provided through BaaS, such as:

(i) opening, maintaining and closing deposit or payment accounts;

(ii) payment services related to electronic money, post-paid payment instrument and accreditation of payment instruments in payment arrangements;

(iii) offer and contracting of credit operations; and

(iv) other services, as long as they are regulated in the future by the Central Bank of Brazil.

 

The following services are not included in the scope of the BaaS service:

(i) customer service on behalf of the BaaS service provider institution;

(ii) data processing and storage and cloud computing; and

(iii) partnerships within the scope of Open Finance.

 

Also, the proposal determines that such services can only be provided:

 

(i) by financial institutions and other entities authorized to operate by the Central Bank of Brazil; and

(ii) electronically, through the integration of processes and systems.

 

Rules for contracting the service: the proposal prohibits the contracting of the BaaS service:

(i) with the objective of having the company contracting the services act on behalf of the institution providing the BaaS services to make the contracted services available;

(ii) between the contracting company and more than one institution providing BaaS services;

(iii) with a contracting company that, in its name, uses terms characteristic of the names of the institutions of the National Financial System or the Brazilian Payment System or similar expressions in a foreign language; and

(iv) with a contracting entity whose control is exercised by an administrator or any related party:

1. a) of the institution providing BaaS services;
2. b) of the controlling entity of the institution providing BaaS services; or
3. c) of a correspondent in the country with a contractual relationship with the institution providing BaaS services.

 

Relationship with the client:

The company providing the service must be widely identified in an accessible and visible way to the customers of the contracting company, in the channels of the latter, as well as in contracts, other documents and in payment instruments related to the contracted services. Also, the same rates allowed by the current regulations to financial institutions, payment institutions and other institutions authorized to operate by the Central Bank of Brazil must be applied to the customers of the company contracting the services. Finally, according to the proposal, the institution providing BaaS services must ensure the service of customer demands within the scope of the provision of services, and may use the company contracting the BaaS services to carry out accessory services.

Regulatory Controls Required:

According to the proposal, a series of responsibilities must be observed by BaaS service providers, such as maintaining rigorous internal controls, the quality and timeliness of information provided to customers, structure and procedures for identifying and qualifying customers, with the purpose of preventing fraud and money laundering. Also, a director must be appointed who is responsible for compliance with the applicable rules.

The proposal is available for consultation on the Federal Government’s website, more specifically on the Participa + Brasil Portal, and is open until January 31, 2025, for suggestions.

 

Public Consultation on BaaS – BCB 108/2024

On October 31, 2024, the Central Bank of Brazil (BCB) launched Public Consultation Notice No. 108/2024, aiming to regulate the provision of Banking as a Service (BaaS) by financial institutions, payment institutions, and others authorized to operate by the BCB. The objective is to establish guidelines that ensure security, soundness, and risk mitigation in the financial system, in addition to promoting efficiency and competitiveness in the products and services offered.

The draft resolution defines the actors involved in BaaS: the providing institution (institutions authorized by the BCB), the receiving entity (third parties that wish to offer financial services), and the end customers. The scope of services includes opening, maintaining, and closing accounts; payment services related to electronic money and postpaid payment instruments; offering and contracting credit operations; and other services that may be regulated by the BCB.

The contracting of BaaS services has specific restrictions. Credit unions and leasing companies are prevented from acting as BaaS service providers. In addition, service confederations constituted by central credit cooperatives and consortium administrators cannot act as providers or recipients of these services. The proposal also prohibits the recipient from contracting more than one providing entity, establishing a relationship of exclusivity.

The governance and controls required of BaaS service providers are rigorous. These institutions must ensure compliance with current legislation, maintain robust internal controls, guarantee the quality and timeliness of information provided to customers, and implement effective procedures for the prevention of fraud and money laundering. The appointment of a director responsible for compliance with the applicable rules is mandatory.

Initially, the public consultation was open for contributions until January 31, 2025. However, in response to requests from representative associations and aiming to allow a more in-depth analysis of the proposal, the BCB extended the deadline for submitting suggestions until February 28, 2025.

The BCB’s initiative seeks to discipline the BaaS business model, which has grown significantly in recent years, providing greater access to financial products and services through partnerships between regulated institutions and non-financial entities. The regulation intends to mitigate risks associated with these operations, guaranteeing transparency, security, and soundness to the National Financial System.

The contributions received during the public consultation will be analyzed by the BCB and by the National Monetary Council (CMN) to improve the draft resolution, aiming to meet the needs of the market and ensure the protection of financial service consumers.

For further information regarding our services, get in touch: