Embedded Finance and BaaS: When Every Company Becomes a Bank
How embedded finance works: the BaaS stack, sponsor banks, middleware providers, and where crypto wallets fit in.
Embedded finance is the integration of financial services into non-financial software. A ride-sharing app that offers driver checking accounts, an e-commerce platform that underwrites merchant loans at checkout, a SaaS tool that issues corporate cards to its customers: none of these companies hold bank charters, yet all of them deliver banking products. The architecture that makes this possible is called Banking-as-a-Service (BaaS), and it has reshaped how financial products reach consumers.
Bain & Company estimated that U.S. embedded finance transaction value would exceed $7 trillion by 2026, more than double the roughly $2.6 trillion recorded in 2021. But the industry's rapid growth has outpaced its regulatory infrastructure, producing a wave of enforcement actions and at least one spectacular collapse. Understanding the BaaS stack, its economics, and its failure modes is essential for anyone building financial products today.
How the BaaS Stack Works
The BaaS model operates as a three-layer architecture. Each layer serves a distinct function, and the separation of concerns is what allows non-financial companies to offer banking products without obtaining their own charters.
Layer 1: The Sponsor Bank
At the foundation sits a licensed bank: the sponsor bank. This institution holds a state or national bank charter, maintains FDIC insurance, and has direct access to payment rails like ACH, Fedwire, and card networks. The sponsor bank is the legal entity behind every deposit account, card, and loan originated through the BaaS stack. It bears ultimate regulatory responsibility for all products distributed through its partners.
Prominent sponsor banks in the BaaS ecosystem include Evolve Bank & Trust, Cross River Bank, Lead Bank, Sutton Bank, and Thread Bank. Lead Bank closed a $70 million Series B in September 2025 at a $1.47 billion valuation, reflecting continued investor interest in well-run sponsor bank models.
Layer 2: Middleware Providers
Between the bank and the consumer-facing brand sits the middleware layer: companies like Unit, Treasury Prime, Synctera, and Marqeta. These providers offer APIs that abstract the complexity of banking infrastructure. They handle ledger management, KYC orchestration, card program management, dispute resolution, and compliance tooling. A fintech integrating with Unit, for example, can launch FDIC-insured deposit accounts and issue debit cards through a single API integration rather than building direct connections to bank core banking systems.
Layer 3: The Brand
The top layer is the consumer- or business-facing application that distributes the financial product. This could be a neobank like Chime, a payroll platform like Gusto, or a gig-economy marketplace like Lyft. The brand designs the user experience and owns the customer relationship. From the customer's perspective, the brand is the financial service provider, even though the underlying account is held at the sponsor bank.
The charter gap: The entire BaaS model exists because bank charters are expensive and slow to obtain. A full national bank charter requires OCC approval, minimum capital requirements, detailed business plans, and ongoing examination. Most fintechs would rather rent regulatory access than spend years and tens of millions of dollars acquiring their own.
What Can Be Embedded
The range of financial products delivered through embedded finance has expanded significantly beyond basic payments. Today, nearly every category of retail banking is available as an API.
| Product | How It Works | Example |
|---|---|---|
| Deposit accounts | Sponsor bank opens FDIC-insured accounts via API; funds held in FBO accounts | Lyft driver checking accounts |
| Debit cards | Card issuer (Marqeta, Lithic) provisions virtual or physical cards tied to embedded accounts | DoorDash Dasher Direct card |
| Credit cards | Sponsor bank underwrites; brand distributes and earns interchange | Apple Card (Goldman Sachs as issuer) |
| Lending | Point-of-sale installment loans or lines of credit via API | Shopify Capital merchant advances |
| BNPL | Split payments at checkout; underwritten by lending partner | Affirm at Amazon checkout |
| Payments | ACH, wire, and real-time payment rails accessible via API | Stripe Treasury for platforms |
| Insurance | Embedded underwriting at point of purchase | Tesla auto insurance at vehicle purchase |
Bain projected that embedded consumer payments alone would reach $3.5 trillion in U.S. transaction value by 2026, with embedded B2B payments growing threefold to $2.6 trillion over the same period. Payments and lending remain the two largest segments by revenue.
The Economics: Why Durbin Matters
The business model of most BaaS-powered fintechs depends on a regulatory detail that has nothing to do with technology: the Durbin amendment to the Dodd-Frank Act. Section 1075, enacted in 2010, caps debit card interchange fees for banks with over $10 billion in assets. The Federal Reserve's Regulation II sets the cap at 21 cents plus 5 basis points per transaction, with a 1-cent fraud-prevention adjustment: roughly 24.5 cents on a $50 purchase.
Banks with under $10 billion in assets are exempt. Their debit interchange rates run between 0.8% and 1.5% per transaction: significantly higher than the regulated cap. On a $50 purchase, an exempt bank might earn 40 to 75 cents rather than 24.5 cents. This gap is the economic foundation of the neobank model. Fintechs partner with small, Durbin-exempt sponsor banks to issue debit cards, capture the higher interchange revenue, and share it with the bank.
The Durbin exemption underwrites fintech: Without access to exempt interchange rates, the unit economics of most consumer neobanks collapse. This is why sponsor bank selection is not just a compliance decision: it is a revenue decision. The card network fee stack determines whether the product is viable.
In August 2025, a U.S. District Court vacated Regulation II entirely, ruling that the Federal Reserve exceeded its statutory authority. The decision is stayed pending appeal to the Eighth Circuit, so the existing cap remains in effect. But the ruling introduces significant uncertainty into the interchange economics that BaaS fintechs depend on.
The Regulatory Model and Its Weaknesses
In a BaaS arrangement, the sponsor bank is the regulated entity. The OCC or state regulator examines the bank, not the fintech. The bank is responsible for ensuring that every product distributed through its partners complies with BSA/AML requirements, transaction monitoring obligations, consumer protection laws, and fair lending standards.
This creates a fundamental tension: the bank bears the regulatory risk, but the fintech controls the customer relationship and often holds the data. A survey found that 90% of sponsor banks struggle with compliance in BaaS relationships. The difficulties include limited visibility into fintech partners' operations, inconsistent compliance policies across jurisdictions, and unclear regulatory expectations for novel product configurations.
The 2024 Consent Order Wave
Regulators responded to these structural weaknesses with a wave of enforcement actions. Q1 2024 alone produced seven consent orders against BaaS-involved banks. As Piermont Bank's CEO observed: every bank that touches BaaS was getting an enforcement action.
| Bank | Regulator | Date | Key Issue |
|---|---|---|---|
| Blue Ridge Bank | OCC | January 2024 | Failed BSA/AML program; exited BaaS entirely by end of 2024 |
| Piermont Bank | FDIC | February 2024 | Unsafe and unsound practices; lacked controls for third-party scope |
| Sutton Bank | FDIC | February 2024 | Third-party risk management deficiencies in AML/CFT oversight |
| Evolve Bank & Trust | Federal Reserve | June 2024 | AML, risk management, and consumer compliance deficiencies |
| Thread Bank | FDIC | May 2024 | Order specifically called out BaaS business |
| Cross River Bank | FDIC | April 2023 | Early enforcement action that signaled the coming crackdown |
The consent orders share common requirements: strengthened third-party risk management frameworks, enhanced BSA/AML programs, improved recordkeeping, board-level oversight of fintech relationships, and prior written approval before onboarding new partners. Evolve Bank was banned from establishing new fintech partnerships without explicit regulatory approval.
The Synapse Collapse
The systemic risks of the BaaS model became concrete on April 22, 2024, when Synapse Financial Technologies filed for Chapter 11 bankruptcy. Synapse was a BaaS middleware provider connecting fintechs to partner banks. Within weeks, the consequences for end users became severe.
On May 11, 2024, Evolve Bank froze funds and ceased processing payments for Synapse-related accounts. Over 100,000 people lost access to their money. The bankruptcy trustee, former FDIC Chair Jelena McWilliams, reported that $85 million in customer savings was missing. Customers had $265 million in balances according to fintech records, but the partner banks only held $180 million. The shortfall appeared to stem from Synapse's ledger: balances changed from one day to the next without corresponding fund movements, with some discrepancies affecting millions of dollars.
What Went Wrong
The root cause was structural: Synapse created an infrastructure where no single party (bank, fintech, or end user) had a complete and accurate view of the data. The collapse was triggered by disputes with partner banks and fintech clients, operational breakdowns, and a fundamental mismatch between internal ledgers and bank-held funds. The affected fintechs included Yotta (roughly 85,000 accounts locked), Copper, Juno, and potentially as many as 100 fintech partners and 10 million end customers.
The aftermath stretched into 2025. In November 2025, the bankruptcy case was dismissed because Synapse lacked funds to repay creditors. In December 2025, the CFPB allocated $46 million from its civil penalty fund to Synapse victims: described as the first fintech-related distribution from that fund.
The FBO problem: Customer deposits in BaaS arrangements are typically held in For Benefit Of (FBO) accounts at the sponsor bank. FDIC insurance protects against bank failure, but it does not protect against middleware failure. When Synapse collapsed, the funds were technically at the bank, but nobody could agree on which dollars belonged to which customers. The clearing and reconciliation layer simply broke.
From Hype to Sustainable Models
The BaaS industry has undergone a correction. The 2020 to 2022 period was characterized by rapid growth, loose partnerships, and minimal regulatory scrutiny. A single sponsor bank might maintain 70 or more fintech relationships, as Blue Ridge Bank did at its peak. The 2023 to 2025 period brought a reckoning.
Consolidation and Selectivity
Middleware providers have become significantly more selective about which fintechs they onboard. Unit and Synctera now prefer Series C or later companies, or publicly traded firms. The era of any startup with a pitch deck launching a debit card program is over. Treasury Prime has rebranded its efforts around “rebuilding trust and scale,” an implicit acknowledgment that the industry's credibility was damaged.
The Direct Model
A significant structural shift is underway: the three-layer BaaS stack is collapsing into two layers. Column, founded by a Plaid co-founder, holds its own national bank charter and builds modern API infrastructure directly on top of it. This eliminates the middleware layer entirely. Column reported $153.1 million in estimated revenue in 2025, up 219% year over year. Lead Bank has taken a similar approach, partnering directly with Stripe and Visa in April 2025 for a stablecoin payment card program.
The direct model addresses the core weakness exposed by Synapse: when the bank and the technology platform are the same entity, there is no gap in data visibility or regulatory accountability. The tradeoff is that these institutions must build and maintain both banking operations and modern software infrastructure, which requires a different kind of organization than either traditional banks or pure-play middleware providers.
Key Middleware Providers in 2026
| Provider | Model | Status |
|---|---|---|
| Unit | Middleware (API layer between banks and brands) | Active; raised selectivity bar for fintech clients |
| Treasury Prime | Middleware (BankOS platform) | Active; focused on auditable embedded programs |
| Synctera | Middleware (compliance-focused) | Active; raised $15M in 2025 |
| Column | Direct (owns national bank charter + API) | $153.1M revenue in 2025 (219% YoY growth) |
| Lead Bank | Direct (state-chartered bank + BaaS platform) | $70M Series B at $1.47B valuation (Sept 2025) |
| Bond (FIS) | Middleware (acquired by FIS in June 2023) | Absorbed into FIS embedded finance suite |
| Marqeta | Card issuing and processing | Active; primary infrastructure for card programs |
Where Crypto Wallets Fit In
Embedded finance has traditionally required the full BaaS stack: a sponsor bank, a middleware provider, and a brand. Every layer adds cost, compliance burden, and counterparty risk. The Synapse collapse demonstrated what happens when the middleware layer fails. But a different architecture is emerging for digital value storage: one that bypasses the sponsor bank model entirely.
Embedded wallets that hold stablecoins or Bitcoin on self-custodial rails represent a structural alternative to BaaS deposit accounts. When a user holds USDB in a non-custodial wallet, the brand does not need a sponsor bank to hold the funds. There is no FBO account, no middleware ledger to reconcile, and no gap between recorded balances and actual holdings. The user controls their own keys, and the stablecoin balance is verifiable on-chain or on the Layer 2.
The Regulatory Advantage of Non-Custodial Models
The distinction between custodial and non-custodial matters for regulation. A company that holds customer funds typically needs a money transmitter license or must partner with a licensed entity. A company that provides software for users to manage their own funds faces a different regulatory profile. As discussed in the custodial vs. self-custodial analysis, non-custodial architectures can reduce (though not eliminate) regulatory requirements for the application layer.
This matters for embedded finance because it changes the cost structure. A traditional BaaS integration might require months of bank due diligence, ongoing compliance fees, and revenue-sharing with the sponsor bank and middleware provider. An embedded wallet integration using a protocol like Spark requires an SDK integration and no banking partnership. The tradeoff is that the embedded wallet holds stablecoins rather than FDIC-insured deposits: a meaningful distinction that users and regulators care about, but one that is increasingly accepted as stablecoin regulation matures.
BaaS Deposits vs. Embedded Stablecoin Wallets
| Characteristic | BaaS Deposit Account | Non-Custodial Stablecoin Wallet |
|---|---|---|
| Requires sponsor bank | Yes | No |
| FDIC insured | Yes (pass-through) | No (reserve-backed) |
| Middleware dependency | High (ledger, KYC, compliance) | Low (SDK only) |
| Reconciliation risk | High (FBO accounts, multi-party ledger) | Low (balances verifiable on-chain) |
| Integration time | 3 to 12 months | Days to weeks |
| Revenue model | Interchange, interest on deposits | Transaction fees, yield pass-through |
| Regulatory complexity | Bank examination, BSA/AML, consumer compliance | MSB registration (varies by model) |
| User custody | Bank holds funds | User holds keys |
The Convergence Ahead
The embedded finance market is not choosing between traditional BaaS and crypto wallets. Both models will coexist, serving different use cases with different tradeoff profiles.
For products that require FDIC insurance, credit underwriting, or integration with legacy payment systems like ACH and card networks, the BaaS model (increasingly in its direct, charter-holding form) remains necessary. For products focused on global value transfer, programmable payments, or environments where banking infrastructure is unavailable or prohibitively expensive, non-custodial stablecoin wallets offer a faster and structurally simpler path.
The real-time payments landscape is already blurring these boundaries. Systems like FedNow bring instant settlement to traditional banking, while stablecoin transfers on Layer 2 networks achieve similar speed without the banking stack. Lead Bank's April 2025 partnership with Stripe and Visa for a stablecoin-linked payment card is one example of how these worlds are converging: a chartered bank using crypto rails for card-based spending.
What Builders Should Consider
- If your product requires FDIC-insured deposits, you need a BaaS partner or your own charter. There is no shortcut.
- If you are embedding dollar-denominated value storage without insurance requirements, non-custodial stablecoin wallets eliminate multiple layers of counterparty risk.
- Middleware provider selection matters more after the Synapse collapse. Evaluate not just API quality but financial stability, regulatory standing, and data reconciliation practices.
- The Durbin exemption is under legal challenge. Any business model dependent on exempt interchange rates should scenario-plan for a world where the exemption narrows or disappears.
- Regulatory expectations for BaaS relationships have permanently increased. Budget for compliance costs that did not exist three years ago.
Building Embedded Wallets on Spark
For developers exploring the non-custodial path, Spark provides the infrastructure to embed Bitcoin and stablecoin wallets into any application. The Spark SDK handles key management, transfers, and Lightning compatibility, allowing brands to offer financial functionality without the BaaS stack. Users hold their own keys, balances are transparent, and there is no FBO account to reconcile.
General Bread is one example of a Spark-powered wallet that demonstrates this model: a consumer-facing application offering dollar-denominated value storage and payments without a sponsor bank relationship. USDB on Spark provides yield-bearing stablecoin holdings with self-custodial security, an architecture that would not have been possible in the traditional BaaS framework.
The embedded finance market's next chapter will be defined not by which companies can rent bank charters, but by which can deliver financial functionality with the fewest intermediaries, the least counterparty risk, and the most transparent accounting. For an increasing number of use cases, that means moving beyond Banking-as-a-Service entirely.
This article is for educational purposes only. It does not constitute financial or investment advice. Bitcoin and Layer 2 protocols involve technical and financial risk. Always do your own research and understand the tradeoffs before using any protocol.