BBanking

The EBA Report on White Labelling and its learnings for BaaS providers

The EBA Report on White Labelling and its learnings for BaaS providers
0
Shares
0
0
0
0
0
0

The European Banking Authority (EBA) has published a Report on White Labelling dedicated to the growing use of white labelling (or “banking as a service” or “fronting banking”) as a business model within the EU financial sector. White labelling, defined as the provision of financial products or services by a regulated provider under the brand of a partner (who may or more likely may not be regulated), is rapidly evolving and capturing attention from supervisors.

The EBA has carried out market research on the practice of white labelling banking services in the EU and has identified certain risks from this business model. The EBA has identified different areas where it sees risks stemming from the practice of white labelling:

Risks for Consumers

The main risk identified by EBA is the lack of transparency, namely that customers may not clearly know with whom they are contracting, as white labelling often hides the identity of the underlying regulated provider. This makes it hard for consumers to understand the roles and accountability of all involved parties.

Consequently, customers may not know whom to address with complaints or redress handling. Often, the partner handles the “first line of complaints” but it is not clear to the customer how escalation works or who is responsible for which part of a service.

EBA further finds that the division of responsibility and complexity of business products leads to contradictory information being provided to customers, who may therefore not know if the product is suitable for their needs.

The division of responsibilities makes the services susceptible to fraud in EBA’s opinion because impersonation or phishing fraud are easier to engineer where a customer may not know the legitimate contractual partner.

Increased data sharing between the regulated provider and the partner may in turn increase the risk of data breaches and unauthorized access. Additionally, both parties may use the data for additional purposes resulting in a complex set-up that requires carefully designed GDPR compliance and above all transparent communication with customers how their data will be used.

Finally, EBA mentions that white labelled services are often offered via digital channels. Elderly and digitally less savvy consumers may be unintentionally excluded, unless proactive accessibility and literacy measures are taken.

In the light of the EU Accessibility Act, that sets high standards for service providers regarding accessibility, this finding appears a bit outdated. Also, assuming that elderly people are less digitally savvy is a presumption that may be more of stereotype than actually founded in research.

Risks for Providers and Partners

As a second area of concern, EBA identifies the risks for the regulated providers and their partners to be too much of a dependency on each other.

Where regulated providers solely or mainly focus on white labelling, EBA finds that they may become dangerously dependent on partners for their business model. If a dominant partner withdraws, raises fees, or fails, this can threaten the regulated providers solvency and stability.

However, the dependency may cut both ways, because partners may face the risk that if a regulated provider discontinues services or loses their license, the partner’s business is at stake unless there is a redundancy in providers.

In a similar fashion, any reputational issues will affect the other parties as well and may require an intervention – most often by the regulated provider – to “step in” to prevent harm to the customer relationship.

While it may be said that the foregoing concerns hold true for any type of partnership and are not specific to white labelling in the financial service industry there are also issues that may arise from the lack of a direct customer relationship that are more specific to the industry.

Namely, the lack of direct interaction of the regulated provider with the customer may lead to inadequate scrutiny when onboarding customers, carrying out creditworthiness assessments or risk evaluations. These are serious concerns given that they relate to the core of prudential oversight that the regulated provider needs to ensure.

The same applies to AML/CFT if the regulated provider does not have sufficient oversight, controls or data access to ensure compliance, for instance due to outsourcing our split responsibilities with the partner or other parties on which reliance is placed.

BaFin has highlighted this risk in a supervisory notice on loan fronting detailing how such a set-up may increase the AML/CFT risk.

A risk that seems one that should be tackled more by the EBA an national regulators is that the distinction between agents and outsourcing and which regime to choose are not harmonized across the EU and therefore lead to legal uncertainty and various models and reporting and monitoring obligations that complicate the oversight.

Supervisory and System-Wide Risks

Finally, the EBA also points to more systemic risks from white labelling.

One is the lack of transparency which entity is providing which services, which may make it more difficult for regulators to exercise effective oversight. EBA also points out that due to divergent national laws, different supervisory scrutiny, there is a risk of regulatory arbitrage. Again, this may be the case but is not particular to fronting banking situations.

It also appears that the national regulators responded with quite different opinions regarding the risk that they associate with white labelling. Some deem the risk to be high in particular regarding risk management and AML/CFT risks others assess this to be only a medium risk.

What are the learnings?

Firstly, the EBA report is only a first step, but it is highly likely that it will be followed up with more regulatory oversight and possibly legislative acts. Further, EBA will urge more convergence between national regulators and more information exchange. EBA will further develop a questionnaire that national regulators may use to better analyze a white labelling situation and allocation of responsibilities between the partners.

Secondly, the mitigation of risks identified by the EBA report will be crucial to pass supervisory scrutiny. This means for instance:

  • Customer communication must be transparent, including the roles of the parties and guidance must be provided where to address complaints and find help.
  • Communication by the non-regulated partners needs to be monitored by the regulated partners to ensure compliance and consistency.
  • Mapping out responsibilities under GDPR, transparently informing customers about the use of their data, and robust access management and ICT security will be key.
  • The risk of dependency on each other will be difficult for partners to avoid but including exit or wind-down plans in the agreements may avoid at least a time crush should a cooperation end.
  • Regulated providers need to ensure compliance with AML/CFT and risk management requirements. Either this will mean less outsourcing or a very robust outsourcing management with strong controls.
  • Partners will need to become “semi-regulated” regarding compliance with DORA and regulatory requirements where outsourced to them.
  • AML/CFT measures need to be adequate to the risk taking into account the specific risks that are inherent in fronting banking that may increase it.

While this will add more pressure on regulated providers and partners, the advantages of white labelling should not be forgotten (and EBA does point them out as well!):

  • Non-regulated partners are often faster to innovate and develop new solutions thus pushing the industry to a more customer friendly standard.
  • Sharing the cost of regulation allows also for niche products targeting specific customer interests to be offered.
  • Non-regulated partners can learn with the help of a regulated partner how to navigate a business in the financial industry before setting out on their own with their own license.
  • Regulated partners gain access to new customer groups via the partner that they would not have been able to reach themselves.

On a positive note, the EBA report will be the steppingstone for better harmonization across the EU and converging supervisory oversight. A less optimistic outlook could also be that regulatory oversight will become oppressive and solely risk-focused which may lead to white labelling providers eschewing jurisdictions with more robust supervision or partners looking for unregulated ways of offering products.

0
0

Susanne started her legal career at Linklaters. Most recently, she headed the legal department of PayPal for the DACH region. Before that, she worked at eBay mainly on payment related topics. Her focus are regulatory issues and product advice in the payment and ecommerce industry. Susanne dealt with completely different legal topics as head of legal director for the Bundesdruckerei (federal printing office).



By continuing, you accept our privacy policy.
You May Also Like
PPayment
Buy Now Pay Later und der neue Anwendungsbereich des Verbraucherdarlehensrechts The implementation deadline for CCD2 is approaching – and consumer credit law will soon apply to BNPL models
Read More
  • 9 minute read

The implementation deadline for CCD2 is approaching – and consumer credit law will soon apply to BNPL models

Buy Now, Pay Later (BNPL) has evolved from a simple payment method into a major financing tool in e-commerce—and is now under regulatory scrutiny. The Second Consumer Credit Directive and its implementation in Germany expand the scope of consumer credit law significantly. This article explains which BNPL models will fall under consumer credit rules in the future and where lawmakers draw the line.
Read More
FFinTech
Zwischen Swipe und Aufsicht Social Commerce boomt – doch rechtlich ist nicht alles erlaubt. Wann Plattformen Zahlungsdienste erbringen und welche Ausnahmen greifen, erklärt der Beitrag. Regulation
Read More
  • 6 minute read

Between swiping and regulation

Social commerce is transforming social media platforms like TikTok into virtual marketplaces—but without a license to provide payment services, legal challenges arise. This article examines how existing payment regulations apply to new platform models and the regulatory tightrope they must walk.
Read More
FFinTech
BaFin puts turbo certificates on a tight leash 1
Read More
  • 2 minute read

BaFin puts turbo certificates on a tight leash

General ruling to restrict the marketing, distribution and sale of turbo certificates to retail investors With its general ruling, BaFin imposed restrictions on the marketing, distribution and sale of turbo certificates. It sets out strict conditions for all sales activities relating to turbo certificates targeting retail investors.
Read More