November 7, 2023

Regulators are cracking down on banking software startups. That's bad news for Europe's fintechs

It’s not lack of funding that’s keeping fintech CEOs awake at night, it’s their software providers

Amy O'Brien

7 min read

The FCA and other regulators have been clamping down on banking software providers this year.

When asked to compare the Silicon Valley and European tech landscapes in a recent interview, Stripe cofounder John Collison described fintech as Europe’s true success story.

His theory is backed up by the stats. Until sky high interest rates and generative AI hype ate into fintech funding this year, it had been the best-funded European tech sector for the last decade. 61 of Europe’s 169 unicorns are fintechs, according to Dealroom data. 

But during this gold rush, the majority of Europe’s fintech poster children — from Revolut to Wagestream  — were built using the software foundation of others. Using banking-as-a-service (BaaS) providers, fintechs got their business up and running relatively quickly, bypassing the need to build out their own infrastructure or apply for their own banking licence. Research suggests as many as 82% of European fintechs have been built this way.  


But now these foundations are in danger of being swept away. 

The main companies providing European fintechs with their banking infrastructure have been hit with a wave of regulatory restrictions that could threaten their ability to stay in business. Early stage fintech founders tell Sifted they may have to shut up shop as a result. 

“Our launch is now cancelled which means we can’t fundraise,” one told Sifted. “It will probably end up being fatal for my business.” 

So how could fintech’s infrastructure be wiped out from beneath it?

What BaaS does

Put simply, BaaS companies do banking so that other companies don’t have to. 

At their core, they hold the relevant banking and payments licences needed to provide regulated financial services like accounts and payments. Baas companies then sell these services through end-to-end infrastructure to fintechs, legacy banks, and even non-financial institutions that want to provide services to end customers. 

By piggybacking on a BaaS provider, fintechs can get straight to launching certain financial products without having to go through the long and costly process of attaining their own licence. They also bypass the need to build out all the complicated infrastructure required for these services themselves, as it must be built by the holder of the licence.  

The most pertinent example of this structure is UK neobank Revolut which, famously, is yet to attain a banking licence in its home country, where it holds an e-money licence instead. So since 2017, it’s been using BaaS provider Modulr’s API platform to enable licenced activities like account creation — although early investors tell Sifted it’s been gradually building out its own payments infrastructure over time so it relies less on Modulr.

Though outshone by the region’s shiny neobank interfaces, BaaS providers are used by some 82% of Europe’s fintechs and enable an average 45% of their overall revenues, according to research by Aite-Novarica Group. 

But for every one European BaaS provider, there are thousands of fintechs — and the same research suggests they’re struggling to keep up. 

Aite-Novarica found that one in five fintechs are losing $11m a year in product delays due to their BaaS provider; 40% of fintechs have experienced service outages; 33% have lost customers as a result; and 20% have faced regulatory interventions due to issues with their provider. 

At the same time, investors are fleeing from the once-hot sector. Funding into BaaS startups fell 94% from $3344m in 2021 to $194m midway through 2023, according to Sifted data. 

So what is the BaaS problem? 

Compliance woes

In the last two years, Europe’s main BaaS providers have been issued with business-crippling restrictions by regulators. 

The most high profile of these was UK fintech Railsr. Once a poster child of London’s fintech scene and valued at $1bn in 2021, it fell from grace this year when it was sold in a pre-packaged bankruptcy deal to a consortium of investors and management in March. They bought it for £414,000, filings revealed. It was a close call that could have endangered the funds of the 4m end users of financial products enabled by Raislr.

Three months later, Railsr had the licence revoked for its European arm, UAB Payrnet, by The Bank of Lithuania after it found the fintech had made “serious, systematic and multiple violations” of anti-money laundering laws. Railsr’s UK bankruptcy filings also revealed the FCA had placed restrictions on Railsr onboarding new customers. 


Sources have told Sifted that one of the chief reasons Railsr attracted this scrutiny and struggled to find a buyer was the compliance problems it had run into after buying collapsed German fintech Wirecard’s UK client base in 2020. 

German rival Solarisbank has come under similar regulatory scrutiny: the German regulator  placed a “permission proviso” on the fintech in January that means it needs to gain approval from the regulator before onboarding any new customers. 

This is weighing on the business: it had to tap existing investors for €38m in July “to strengthen governance and compliance”, and is reportedly struggling to raise further funding. 

Then last month, Sifted revealed that the FCA restricted Revolut’s provider Modulr from onboarding new partner clients. 

All these restrictions have exposed a fundamental flaw in the BaaS business model — one that investors say wasn’t such a problem in the sector’s well-funded past. 

“There’s an asymmetry to the entire model that’s suddenly causing consequences,” says Yann Ranchere, an ex-fintech investor who is now head of revenue at compliance fintech Ondorse.

On the one hand, fintechs choose to partner with BaaS companies for speed so that they can scale and onboard new customers faster and easier. But on the other, it’s the underlying BaaS provider who has regulators knocking on their door if those customers breach compliance laws.

“In the last five years that regulatory pressure has increased: there's more regulation, which means more things to do,” Ranchere says, citing the new UK consumer duty as another set of rules that BaaS providers suddenly have to comply with.

“And they’re being more proactive: the regulator wants to be able to knock at your door any time to check how things are going,” Ranchere says. “But this is fundamentally changing the BaaS business model.” 

What does it mean for fintech? 

It’s an asymmetry that has fintech founders awake at night. Since the Modulr news, Sifted has received dozens of emails from fintech CEOs that are worried for the future of their business.

“If you hold a licence and know that you could get that regulatory mark against your name forever, your mindset is completely different from someone who is building something on top of something else,” Alex Misfud, cofounder and CEO of Weavr, tells Sifted.

“There is no alignment of risk and reward in this model any more,” he says. “I honestly think the BaaS model will not survive as it stands today.”

The FCA did not provide further detail on why Modulr’s restriction was introduced. But several industry sources tell Sifted that Modulr grew rapidly after Railsr collapsed in the UK, as it became the main alternative option for fintechs to switch to. 

And a sharp uptick in customers means a sharp uptick in compliance checks. Most of the companies Sifted hears from are early stage fintechs — the worst-affected by the restrictions as they were waiting in line to be onboarded after larger fintech clients with an existing customer base.  

I honestly think the BaaS model will not survive as it stands today.

One early stage fintech founder told Sifted that their Modulr contract had been pushed back for months as a result, and he had had to lay off 80 people.

In the meantime, the founder has been approached by a reincarnated Railsr offering onboarding at an “extremely aggressive price” compared to the contract they had with Modulr. 

Are there alternatives? 

Weavr is looking to avoid the issues other Baas companies have faced by taking more of the processes usually left to fintechs in-house. As such, Weavr handles customer onboarding, authentication, and transaction monitoring on behalf of fintechs. This means companies that want to use the startup’s software have to accept this condition and abandon their existing mechanisms for these tasks. 

As a result, Weavr is “much more expensive” than the likes of Railsr and Modulr, Misfud says. 

“And we’re not shy about it. We’re very clear that you can’t take the financial services without the compliance service — but we’re also clear that it will cost you much less in the long-term if you’re saved from compliance issues that arise if these are separate,” says Misfud. 

French embedded finance provider Swan is another company that is taking this approach. But Ranchere cautions that it may not be scalable. 

“When customers start to have specific requirements, it becomes even more work,” he says. 

He predicts that the “next generation” of banking software providers will focus on compliance as the main product use case, rather than as an “afterthought”, as has been the case with the embattled sector in the past. 

“Ultimately, these companies have had a volume problem. They accepted more customers than they should have and that’s always the thing that will get you into regulatory trouble.”

“But naturally, like oil and water, they had to separate at some point.” 

Amy O'Brien

Amy O'Brien was a reporter at Sifted, covering fintech