• Fintech Brainfood
  • Posts
  • 🧠 Embedded Finance: Life after the consent orders. Apple vs DoJ

🧠 Embedded Finance: Life after the consent orders. Apple vs DoJ

Banks exiting their consent orders have high RoE but low risk appetite. Embedded Finance is an ouroboros. What does apple vs DoJ mean for Fintech? Lessons from their battles in the EU.

Welcome to Fintech Brainfood, the weekly deep dive into Fintech news, events, and analysis. Join the 39,040 others by clicking below. 

Hey Fintech Nerds 👋

I thought this was a slow news week. And then the DoJ sued Apple for antitrust.

So what for Fintech?

They allege Apple doesn’t allow access to tap-to-pay, Apple Wallet only works with Apple Pay, and has a monopoly over identity and payments in its ecosystem. To be fair, I agree. But for a full analysis, skip to “Things to Know” 👀

Embedded Finance is changing shape. So what will life be like after the consent orders? That’s your Rant this week (and it has pretty pictures too!)

Here's this week's Brainfood in summary

📣 Rant: Embedded Finance: Life after the consent orders

💸 4 Fintech Companies:

  1. Finalytics.ai - "Segment of One" analysis for Fintech companies

  2. Goliath Data - Find an off-market property with data science

  3. Druo - International Pay by Bank for B2B

  4. Firenzeme - Embedded investment-backed loans 

👀 Things to Know:

📚 Good Reads:

Weekly Rant 📣

Embedded Finance: Life after the Consent Orders

Almost precisely a year ago, I wrote a piece called "BaaS is Dead." Since then, the compliance and governance issues of small banks in the US have dominated the Fintech industry news. 

The latest BaaS (Banking-as-a-Service) consent order is gossip, and embedded finance still outranks GenAI as a discussion point in Fintech by a considerable margin.

Consent orders can disrupt entire companies as they look for new partners. We've seen job losses, pivots and banks exciting embedded finance or Banking as a Service entirely.

The mood is so negative that Jason Mikula, who's broken many of these stories, recently wrote a piece reminding everyone why he's optimistic and loves this industry.

But day by day, week by week, things are changing.

This year's Fintech meetup felt like the turning point. 

BaaS isn't dead; it's all grown up.

There will be more consent orders, but we need to discuss what life looks like after the consent orders. Then what?

Why embedded finance? The existential crisis for smaller banks

  1. Embedded finance gives them an opportunity to thrive 

  2. The embedded finance business model is lucrative for all involved

  3. Enforcement actions are bringing clarity

  4. Banks and the market is reacting by

    1. Hiring more compliance staff

    2. Changing the business model (to banks directly selling)

    3. Providers are pivoting their message and offering

    4. Leading to a market where demand outstrips supply

    5. With lots of banks now looking to enter embedded finance

  5. The next chapter

    1. Regionals and big banks start to eat market share

    2. Embedded finance goes into the world of Atoms

    3. "Banking" gets re-aggregated for consumers

    4. Banks will either be massive (e.g., Chase) or headless (e.g., Column)

  6. Summary: Embedded finance is good.

1. Why embedded finance? The existential crisis for smaller banks

As Kunle explains in his piece the amazing, consolidating US banking system, banks are a dying breed.

Over the past 40 years total US banking assets expanded > 10x, from ~$2 trillion in 1984 to >$22 trillion in late 2023. During that same period the number of commercial banks in the US has shrunk from ~14k to ~4k. The number of active bank charters has shrunk from ~18k to around 5k over the same time period.

He adds

At the same time, fewer charters get issued each year, than the number of acquisitions and failures. Between 2010 and 2022, only 62 new FDIC insured commercial bank charters were issued to de novo banks in the US. 

"de novo" means brand new. The alternative method is often to buy a small local bank and convert that charter. For example, SOFI purchased Golden Pacific Bancorp for $22.3m

It's very unlikely a Fintech company will get issued a banking license. The entire industry relies on smaller banks.

There aren't many good choices for banks to drive growth, especially smaller or regional banks. They could: 

  1. Keep doing the same thing and expect a different result. That's the definition of insanity. Rising interest rates haven't made it easier for small and regional banks to compete with the onslaught from the largest banks and Fintech disruptors in consumer and SMB. ❌

  2. Invest massively to compete. This strategy works for Chase and Capital One, which have the budget and have effectively maintained or grown their market share. It would ruin the profitability of regional or smaller banks. ❌

  3. Merge with someone or get acquired. This is happening at scale, but it's also capitulation. When banks acquire one bank's customer base often loses, it can end up on worse fee structures and the US loses its community bank ecosystem every day. ❌

Despite "record profits," when you adjust for inflation, most banks are much smaller than a decade ago. Banks desperately need new sources of revenue without their traditional cost structures.

2. The opportunity to survive and thrive: embedded finance and banking as a service. 

In contrast to most of the industry, a relatively small bank, The Bancorp, announced that in Q4 2023, it delivered 31% revenue growth year over year, 26% return on equity (RoE), and a 41% efficiency ratio. Even if you exclude the rise in interest rates, that's exceptional performance for a small bank a year after the banking crisis.

(h/t Ryan Alfred and Banking Embedded)

Bancorp was an early mover in embedded finance and several others, such as Evolve Bank and Trust, Blueridge Bank, and Coastal Community. 

Notably, Bancorp counts Chime as a customer with over 15 million retail accounts. What makes Bancorp even more interesting is they use the deposits from embedded finance to fund specialist lending programs like institutional wealth management.

This is a model to survive and thrive. 

Many have taken that path, which new providers enable.

New providers like Unit, Treasury Prime, and Stripe often enable banks that didn't have the technology budget to enter embedded finance. They even help find and qualify new potential customers for the bank. In principle, these tech providers can also codify the bank's risk appetite and provide tools to help them with oversight.

The catch is the possible regulatory blowback. But The Bancorp has now exited its OCC consent orders. They're now living life after.

3. Embedded finance is lucrative and good for innovation and the wider economy.

Despite regulatory actions, the business remains a no-brainer. Banks get deposits without paying for marketing or branch infrastructure. This low-cost deposit base can then be deployed for lending in niche, under-served segments they know well. 

This chart from banking embedded shows just how many deposits are coming from Fintech for some of the biggest banks

(Thanks to embedded banking for the image)

Non-banks get an engine to turbocharge revenue. Canonically, Shopify now generates 76% of its revenue from financial services despite starting as a subscription business for e-commerce merchants. Embedded finance is undefeated. Assuming you solve some adjacent problem well enough. 

(Some folks in Fintech and even Shopify product managers hate when you point this out. And look, I get it "SHOPIFY IS A FINTECH" isn't a new or nuanced take. But it's also one heck of a compelling stat.)

Small banks have driven this revolution. 

4. Enforcement actions are bringing clarity to the space.

a) What went wrong. One thing has become abundantly clear: mistakes were made. The raft of consent orders from the OCC, FDIC, and state regulators show that many of the banks that entered embedded finance were not set up for success. Orders often focus on inadequate third-party oversight, from Unfair Deceptive Acts And Practices to FDIC disclosures and, crucially, BSA/AML failings. 

It's much harder to see the impact of an AML failing from the outside since banks and law enforcement often report this. We can see that many non-bank programs that had partnered with banks were not making basic things like proper FDIC insurance disclosures in their documentation.

It's the banks' job to ensure that happens. The way they do this should be in their contract and under regular oversight. It's those contracts and that oversight that's failed.

That's what "inadequate supervision" in regulator speak means in practice. Banks thought the tech providers in the middle could help with some of the compliance (in the late 2010s some even advertised this capability), Fintech companies thought they were buying a low cost, faster route to market where someone else manages the compliance.

I used this meme in 2022 to describe it 

The consent orders show this is categorically not the case anymore.

b) Why did it go wrong? A lot of early movers were victims of their success. As I wrote in Embedded Finance in crisis:

The banks that got into embedded finance early have already made changes since they received regulatory enforcement actions. Far from dying out as a result, they're thriving. 

It's worth looking at what's happening under the hood a little closer.

5. What's happening now

a) Hiring gaps are being fixed. Risk staff as a percentage of total headcount has shot up from ~6 or 10% to 30%. Compliance is critical to winning in embedded finance. 

(Thanks to embedded banking for the image)

My take: I'm always loathed to say headcount is the only answer, but it's a big part of the answer. If you serve 10 to 20 programs, some of which have millions of customers, they're your customers as a bank. You need a compliance team that can handle that volume, even if the Fintech or program does a lot of the work and tech.

b) The business model is changing. The regulators and bigger sponsor banks have made it very clear that the banks own the relationship with the sponsored program and end customers. The banks have to lean into and manage the contracting process. 

My take: Every bank getting into embedded finance is now looking for automation, consultancy and support. Interestingly, the specialists they're relying on historically primarily sold to tech-first, nonbank types.

c) Providers are pivoting their message and strategy. The unit just announced a suite of compliance tools for partner banks, and Treasury Prime sadly laid off 50% of its staff. It will now focus only on enabling the "bank direct" business model. Providers cannot sell to a Fintech company and help that relationship along. The sale is owned by the bank; the provider sits behind that. 

My take: This is a shame on some level. The great re-aggregation of financial services is starting in B2B, where a single company like Ramp, Brex, or Mercury can offer checking, treasuries, investments, and debt from multiple underlying banks. I'd love to see that for consumers. I get consumer has more risk, but the providers would be natural aggregators of the best products. But heyo. Where are we we are.

d) Leading to a market where demand outstrips supply. The CEO of a very large and popular BaaS bank said something super interesting over dinner this past week (paraphrasing)

For roughly every 30 potential customer requests, we might approve one of those. We're saying no to a lot of things that look risky, but I have to admit my biggest and most well-run customers looked just like that when we first onboarded them.

My take: That, right there, is why there's still a giant opportunity for new market entry. If banks must be selective, we have a market with less innovation. However, if the demand is still there, many smaller banks that have seen the opportunity will want to enter. That's exactly what's happening.

e) Creating lots of tourists. They're entering this space because they can see the opportunity, and many rightly try to do so thoughtfully and learn as they go. Fintech Meetup was packed with banks ready to partner.

My Take: These are community bankers who aren't used to having a board risk committee. There will be banks that have yet to enter embedded banking, who in 2 to 3 years, will be in a world of hurt if they don't heed the lessons of the early movers like Bancorp. The flip side is that by the time they get there, they may also have won an incredible set of partners and set themselves up for success.

f) Regulators are still playing catch-up. The OCC has been active for several years with consent orders, but the FDIC has become much more active over the past 12 months. In principle, the bar is the same for every bank: They need to be FFIEC compliant (Federal Financial Institutions Examination Council). In practice, most banks haven't had to operate with that level of scrutiny, and regulators haven't had to enforce until things started to go wrong.

My Take: This is coming out in the wash. In my day job, I've seen how providers can help banks that are new to this world quickly become FFIEC compliant and use embedded finance as the wedge to get more automated and data-driven as they do.

6. The next chapter of Banking as a Service 

a) The big banks are here. Regionals like Fifth Third don't get much attention in the Fintech world, but after they acquired BaaS provider Rize Money, they're quietly powering some massive programs. Last week, the Head of Embedded Finance for two separate top 20 banks added me to LinkedIn. What do you suppose their day looks like? 

Ultimately, the opportunity is too good for any bank to ignore. The bigger banks will move slowly and cautiously, but they're coming. If you wind that forward 20 years, you can see a world where banks no longer want to own distribution. They'd all start to look like Column, Lead Bank (or Griffin in the UK, who just raised their Series A). Banks, with a charter but no UI at all. Headless banks.

b) Atoms become bits, creating more customers. Embedded finance has primarily helped businesses whose distribution is digital. Navan is in travel, Shopify is in e-commerce, SaaS companies, marketplaces, etc. Software is eating all sectors of the economy, and venture capital is now increasingly in gaming, defense, and transport. As software eats those sectors, the internet becomes a default, and where the internet goes, embedded finance follows. 

Ignore affinity and co-brand (let’s assume they continue to exist.) Embedded finance will go deeper. We've already seen fleet cards and construction vertical SaaS companies that embed finance. Bilt Rewards is an example of a company bringing it to real estate to some extent. Next, it goes deeper into logistics, shipping, and the long tail of companies that traditionally worked with local banks by default but went digital during the pandemic. 

c) The concept of a "bank" will eventually be re-aggregated. Today, it takes 20 fintech apps to do finance: a brokerage, crypto exchange, bank account, and mortgage provider. B2B Fintech is showing the way, with technology companies like Mercury or Ramp providing one hub for financial products re-packaged from various brokers or banks. 

Robinhood and Revolut are both speed-running this model, trying to offer just about every product possible. If you look at CashApp recently, it's heading that way too. These things aren't starting from the place of being your financial hub, but it's where they might end up. 

Doing this badly just looks like a PFM dashboard or cross-selling the same products I have elsewhere. Doing it well means these apps could operate as a hub for consumers. That's only possible if we have a regulatory environment that allows it.

d) All but the biggest banks become headless. If embedded finance is so lucrative, why would banks operate any other way, especially smaller ones? Banks with large, profitable existing franchises are unlikely to give those up, but the prize for doing embedded finance well is too great to ignore.

The trick is doing it well. It's easy to say but hard to do, especially when everyone is trying to do it.

7. Summary

Embedded finance gave us innovation but faced a regulatory backlash. The banks that moved first are coming out on the other side, now risk-averse but successful. This creates a cycle where new banks enter to capture the unmet demand, who will learn risk lessons the hard way and respond accordingly.

This business model won't disappear; it will get stronger. 

Most banks have no good choices without the new business model presented by embedded finance. 

Embedded finance is difficult.

But it's also brilliant. 

It gave us get paid early, earned wage access, expense management cards that work like magic. 

And more than anything, it gave small community banks a lifeline.

That should be celebrated. 


Further reading. 

BaaS is dead (Contains a good first principles explainer). 

Embedded finance in crisis (Explores current issues in much more depth).

4 Fintech Companies 💸

1. Finalytics.ai - "Segment of One" analysis for Fintech companies

Finalytics helps credit unions and small banks optimize branches, model expected customer profitability, create dynamic website content and cross-sell to consumers. They offer turnkey integration with platforms like Salesforce, plus MX, Q2, and Google Analytics. 

🧠 This solves a resource gap for smaller banks. Scale users of Salesforce would build this through their marketplace and internal marketing team. Anything "zero integration" or "out of the box" is like catnip for small banks. (Pro tip: If you're a Fintech selling to a small bank, the answer to every question on the RFP is "out of the box.")

2. Goliath Data - Find an off-market property with data science

Goliath data collects "intent signals" for properties to become available and close with signals like "empty nester," high equity, police warrants, or tax delinquencies. Goliath is not a data broker but a platform that uses data to identify leads for properties not on the market.

🧠 The infrastructure and supply chain of real estate is a Fintech trend. Instead of building better.com, Fintech companies are now building world-class bits of the value chain like lead sourcing. When you consider just how massive the real estate market is, that makes complete sense as a platform. Data is the competitive advantage for Fintech's next decade.

3. Druo - International Pay by Bank for B2B

Druo helps companies pay, get paid, and verify a potential recipient using an international network of open banking connections. Users can pay from a Wells account in the US to an HSBC account in the UK, for example. 

🧠 Why isn't pay by bank a thing internationally? A few payment companies (like Earthport, later acquired by Visa) have created an alternative to SWIFT for international wires. They do this by connecting many local payment systems (like ACH to Faster Payments in the UK). Open Banking provides an interesting authentication layer over the top, but it also potentially circumvents many checks that would be applied to international wires (like sanctions). It's a great idea, but compliance is hard.

4. Firenzeme - Embedded investment-backed loans 

Loans secured by an investment (a Lombard loan) are typically only given to customers with £1m+ ($1.27m) invested. Firenzeme enables this functionality for much smaller loans (e.g., $30k) to enable loans for a broader market. Advisors and wealth managers can embed lending into their offerings.

🧠 This is a neat way for a Roboadvisor to diversify revenue. I could imagine someone like Robinhood or Public moving into this space, where lending isn't their specialism. There's also a collection of smaller brokers across Europe who could benefit from this type of offering.

Things to know 👀

The lawsuit claims alleges Apple is.

  1. Suppressing super apps that provide services across multiple devices.

  2. Suppressing cloud streaming services.

  3. Limiting messaging apps with blue vs green bubbles.

  4. Sells smartwatches that only work with iPhones.

  5. Denies access to non-Apple digital wallets and tap-to-pay.

On Fintech specifically, the suit alleges Apple.

  • Blocks access to tap-to-pay (NFC chips) to 3rd parties.

  • Does not allow alternatives to the Apple Wallet to store credit cards, IDs, or tickets in the app.

  • Does not allow subscriptions and in-app purchases from 3rd party wallets.

  • Apple Wallet only supports Apple Pay and does not offer 3rd-party payment services.

  • Use this position to extract rent from banks and payment companies.

🧠 The biggest thing in Fintech since Visa/Plaid. The DoJ has been here before, but that was breaking up a potential deal. Apple has live products, and millions of customers use them.

🧠 This is huge but won’t resolve quickly. Apple is litigious and is fighting the EU every step of the way. They did ultimately yield and make NFC and app side-loading available, but only in the EU. By doing so, Apple forced the DoJ to act.

🧠 Apple has gone from the darling of tech to widely regarded as the villain. The Apple ecosystem “just works” like magic, and part of that is because they control the ecosystem. But now they’re too big and too important to not be open to competition. Their privileged position is over.

🧠 The DoJ needs to succeed. Identity, payments, and ticketing are critical infrastructures one company can’t own. However, what the settlement ends up being will be critical. The devil is in the details.

🧠 Expect side-loading of apps and tap-to-pay for 3rd parties. It’s life in Europe, and companies like Overlay* already use it for in-store open banking (pay by bank) payments. I imagine DoJ’s goal is to drive Apple into a similar position it has in Europe.

Robinhood has launched in the UK, offering no-commission trading and zero FX fees on buying stocks. The service also offers up to 5% AER on uninvested cash and up to $2.25m FDIC protection (far higher than the standard UK FSCS insurance of £85,000).

🧠 This is a compelling package. Don’t sleep on the zero FX fees. The ultimate hidden fee for non-US investors is the rates paid in FX. Legacy brokerages like Hargreaves Lansdown and Interactive Investor will struggle to compete since that’s a lucrative part of the business.

🧠 Market entry is hard. Robinhood tried a few times to enter the market and hasn’t quit. In 2020, there was a pandemic, and in 2022, it attempted to acquire UK service Ziglu before re-focussing on its US business as tech began to correct.

🧠 Public.com recently paused its UK offering while UK home-grown players stumble. Meanwhile, the home-grown competitor Freetrade has stumbled forward through various crowdfunding rounds. This could be really good timing.

🧠 Prize for persisting. 2020 the market has shifted away from memestock trading. Now, I can’t escape offers for high-yield savings and investments on the London Underground.

🧠 Robinhood still gives me heartburn. Even in a gillet and with sensible pension and savings products, it’s the company of handing options trading to the mass market. I believe in allowing people access to this product on the basis of knowledge instead of net worth. But how you do that is critical.

🧠 Someone has to be the innovator and push the boundaries, and Robinhood has unquestionably done more good than bad. My broader worry is that the next meme stock and crypto craze will create more losers than winners, resulting in real financial harm.

Good Reads 📚

I love this piece by Alex Johnson. He puts his finger on numerous trends that make the next generation of Fintech companies and e-commerce seem baffling to us millenials. Yet, to a generation of people, things like this make complete sense. The below quote is a perfect example. The whole piece goes much deeper and gives tangible examples. Well worth a proper read.

Financialization – the evolution of financial services from an enabler of economic activity to an economic activity in and of itself. 

So, for instance, if you became an adult at the same time that commission-free stock and crypto trading became widely available, you might naturally wonder why your bank keeps trying to refer you to a brokerage service rather than simply offering fractional investing directly within its mobile app.

It wouldn't seem strange to your parents, but it would seem deeply strange to you.

This is why the evolution of entrepreneurship fascinates me. 

In the same way that the meme stock and crypto mania of 2021 forced banks and many fintech companies to question their wealth management products for younger customers, I think the continued growth of the influencer economy may start to force banks and fintech companies to rethink how they can and should support young, aspiring entrepreneurs.     

HTTPZ is the logical conclusion of encryption on the internet: users encrypt their data using their own keys locally before sending encrypted data to servers, which can then compute over that data. Under an HTTPZ configuration, you can assume that servers are breached at all times. It simply does not matter that an attacker has access to a server if all user data is encrypted using keys that users store on their own devices.

That's all, folks. 👋

Remember, if you're enjoying this content, please do tell all your fintech friends to check it out and hit the subscribe button :)

(1) All content and views expressed here are the authors' personal opinions and do not reflect the views of any of their employers or employees. 

(2) All companies or assets mentioned by the author in which the author has a personal and/or financial interest are denoted with a *. None of the above constitutes investment advice, and you should seek independent advice before making any investment decisions.

(3) Any companies mentioned are top of mind and used for illustrative purposes only. 

(4) A team of researchers has not rigorously fact-checked this. Please don't take it as gospel—strong opinions weakly held 

(5) Citations may be missing, and I've done my best to cite, but I will always aim to update and correct the live version where possible. If I cited you and got the referencing wrong, please reach out