SME owners are spoilt for choice for BaaS embedded SaaS solutions, but will regulators let it … More continue? GL Insight

Last week, when Xero spent US $2.5 billion to buy Melio and weave Melio’s bill-pay rails into Xero’s cloud ledger, the accounting giant confirmed what insiders have whispered for months: the next payments land-grab won’t be led by banks or flashy neobanks, but by software vendors whose day-one product had absolutely nothing to do with money.

Toast began life hawking point-of-sale hardware for bistros; now Toast Capital quietly extends short-term working-capital loans to more than 100,000 restaurants. Shopify lets merchants swipe cards, stash proceeds in Shopify Balance, borrow against their receivables and, if Ottawa eventually blesses it, park deposits outright. Call it Embedded Finance 2.0, where the “Pay” button graduates into a full on-platform treasury desk and the question morphs from Can we process a payment? to Should we hold your cash?

The logic is seductive. Merchants already live inside these dashboards, so the data firehose is constant: real-time ticket size, refund velocity, day-of-week sales quirks. In a world where underwriting used to mean poring over last quarter’s financials, SaaS firms now grant credit in minutes because they see tomorrow’s revenue today. Small wonder analysts peg the embedded-finance prize at US $146 billion next year, compounding 36 percent to US $690 billion by 2030. That’s not incremental revenue; that’s venture-scale upside hiding in plain sight.

Regulators Tighten the Screws

Which brings us to the buzz-kill second act. Most platforms eager to bankroll their users don’t actually own a banking charter. Instead, they “rent” one from community institutions such as Evolve, Cross River or Sutton. That outsourcing made sense when your goal was a sliver of interchange. It looks shakier now that you’re warehousing payroll and tax escrows. After the Synapse meltdown stranded end-customers without access to funds and a blizzard of fraud losses peppered the headlines, U.S. regulators decided that outsourcing the plumbing didn’t mean outsourcing accountability.

The FDIC has already slapped sponsor banks with consent orders demanding real-time visibility into fintech partners’ ledgers, sharper BSA/AML controls and board-level oversight. Reuters soon reported that examiners were turning up, physically, in fintech offices to inspect controls firsthand, a move that effectively drags non-banks into the same supervisory perimeter as traditional lenders.

MORE FOR YOU

Meanwhile, a fresh proposal would obligate sponsor banks to keep end-user balances at individual account level, eliminating the opacity that helped Synapse blow up. Banking lawyers warn the record-keeping cost could break the economics of low-margin BaaS deals, nudging software firms toward pricier state money-transmitter licenses, or the nuclear option of a national charter.

Across the Atlantic, the Bank of England’s Prudential Regulation Authority is poking at bank-as-a-service structures, while APRA in Australia refuses to water down prudential rules just so SaaS hopefuls can play banker. The thread that ties London, Washington and Canberra together is a simple phrase that keeps compliance officers up at night: regulatory crackdown.

Survival Playbook for Embedded Finance 2.0

How do software founders thread this regulatory needle without killing the growth story investors are salivating over?

First, the deep-pocketed few will likely chase full-fat charters. Intuit already controls an OCC-granted industrial loan company, and rumor has it Shopify is exploring a Canadian Schedule I license so it can plug directly into FedNow and CAD settlement rails. Owning the license erases sponsor fees, provides direct central-bank access and turns Fed holidays into just another dashboard metric. It also drags CEOs into capital-ratio land, where quarterly stress tests replace flashy conference-stage keynotes.

Second, mid-tier platforms are furiously diversifying sponsors. Stripe quietly maintains half a dozen partner banks across continents; Adyen splits deposits between its European and U.S. charters so funds never cross jurisdictions. A multi-tenant model may mollify supervisors who now demand credible “if-this-bank-fails” exit plans. It also means engineering teams must reconcile half a dozen core-banking APIs before morning coffee—a non-trivial tax on velocity.

Third, a new generation of BaaS providers such as Unit, Treasury Prime, and Griffin, is selling compliance as the actual product: automated KYC, ledger-level reporting, FDIC-ready dashboards baked right into the API call. The value prop is clear—“Let us worry about Section 314(b) so you can focus on restaurant software”—but only holds if the RegTechs stay ahead of evolving rules. If they lag, their SaaS clients inherit the audit headache anyway.

Lest we forget, heavier oversight could produce the ultimate plot twist: entrenching the very incumbents fintech promised to disrupt. Community banks, already sweating thin BaaS margins, might pull back, leaving only the megabanks able to swallow compliance overhead. Worse, chatter in policy circles suggests deposit-rate ceilings could surface to stop so-called “shadow banks” from poaching deposits via juicy yield. That would freeze innovation exactly when the real economy could use cheaper credit lines.

Investors haven’t missed the knife-edge. Venture capital still sports bruises from 2024’s BaaS flameouts, yet the deposit-plus-credit revenue multiplier looks too tasty to ignore. Boards are now forced into a binary decision: double down—pay up for ex-banker talent, spin up second-line compliance, turn ISO 20022 into a religion—or retreat to pure subscription margins and hope the competition does the same.

No Bullet Lists – Just Reality Checks

If Embedded Finance 1.0 merely added a Pay button, 2.0 aims to become the balance sheet. The platforms that survive will treat compliance as a feature, not a cost center. That means real-time ledgers auditors can query in a single GET request, FedNow and SEPA Instant wired in at the kernel, and credit models transparent enough that supervisors nod before shareholders cheer. SaaS founders used to brag about daily active users; tomorrow they might brag about their Liquidity Coverage Ratio. The irony would be delicious if it weren’t so expensive.

For all the hand-wringing, regulators may ultimately decide they can’t afford not to let software companies be banks. Once embedded finance volumes crest half-a-trillion dollars, systemic stability demands oversight inside the platforms where money truly lives. The badge on your business debit card might one day read Shopify, Toast or Xero—but the compliance brain under the hood will need to think, grizzled and cautious, like JPMorgan.

The real race in embedded finance is no longer to launch faster features, but to master risk so completely that regulators become partners rather than gatekeepers—and that contest has only just begun.