Demand for embedded finance– the integration of financial services into non-financial platforms & products– is still surging amid the ever-growing use of smartphones, real-time payments, eCommerce, and digital banking applications in our day-to-day lives.

Yet this rapid growth is unfolding against a sharply shifting regulatory backdrop. Heightened regulatory scrutiny and a spike in enforcement actions against sponsor banks from 2022-2025 sent a chill through the embedded finance ecosystem as regulators reassessed how banks should partner with and manage oversight on fintechs.

Banks, in turn, have become increasingly selective of the fintech partners they onboard– holding those seeking sponsors for payment, card, account, and wallet products to significantly higher standards for regulatory compliance. In this environment, compliance has evolved from an operational burden to strategic advantage for fintechs competing to secure bank partnerships.

A recent report by Visa & Datos Insights highlights key capabilities that fintechs must demonstrate to differentiate themselves to potential bank sponsors:

1. Demonstrating “bank readiness” during bank diligence
2. Implementing a robust three-tier compliance framework (fintech operations, bank oversight, independent audits)
3. Developing proactive, consultative relationships with financial regulators

For fintechs, the opportunity to launch embedded products is massive– but access to it depends on gaining bank partners’ trust. Fintechs that demonstrate robust compliance will best position themselves to win sponsor capacity, earn faster approvals, and expand product scope going forward.

What regulators want from fintechs (now)

Understanding what regulators scrutinize is essential for fintechs because banks will evaluate potential partners through this same lens. Regulators focus on whether banks truly understand and can manage the risks their fintech partners introduce. In turn, Banks aren’t just looking for relationships with innovative fintechs— they’re looking for partners who can demonstrate they won’t increase regulatory risk.

Tactically, Visa and Datos Insights outline several key areas that regulators examine when assessing sponsor bank programs including:

1. Risk & compliance framework: Documented controls with clear escalation procedures and regular risk assessments & controls testing.
2. Oversight & monitoring: Real-time transaction monitoring, regular reporting on compliance KPIs, audit trails for changes to policies or programs, with regular assessments of third-party service providers and audits on KYC/AML procedures.
3. Staffing: Fintechs rely on dedicated expertise beyond bank partners’ existing staff for compliance, sales, and customer service specific to each program type e.g. Card issuing or processing, cross-border payments.
4. Marketing & compliance controls: Clear review processes, audit trails, and timelines for marketing approvals with SLAs, as well as pre-approved templates and guidelines for different marketing channels.
5. Ongoing management & development: Continuous documentation of communication, training, and adaptation to regulatory changes.

Based on this, how can fintechs position themselves as the partner banks want to work with?

1. Demonstrate "bank-readiness" before approaching potential bank sponsors

Every bank has a robust checklist of information they collect when kicking off due diligence on potential partners.Fintechs should be prepared to provide bank sponsors documentation on and discuss:

• Due diligence preparation: Prepared due diligence package that outlines organizational structure, key team members, detailed background information, financial documentation, pro forma projections, and cap table.
• Business planning: Detailed business plan with product features, functionality, and customer acquisition strategy.
• Risk management & compliance: Established policies and procedures for BSA/AML, KYC/KYB, PCI-DSS (if applicable), disaster recovery, third-party providers data-handling and PII, among any other relevant processes.
• Financial preparation: Budget allocation for diligence and setup fees, as well as monthly compliance, SaaS/FBO fees, transaction fees, and minimums– detailed breakdown of fees in the Visa & Datos Insights report.
• Implementation readiness: Fintechs should be prepared to take a "Crawl, walk, run" approach to onboarding, with initial controlled testing periods, detailed scoping sessions with various bank departments, and thorough cross-checking of cardholder agreements and procedures.

Fintechs that arrive at partnership discussions with this foundation signal to banks that they understand the regulatory landscape and are serious about long-term partnership success.

2. Build a three-tier compliance framework

The most successful fintech-bank partnerships operate with a three-tier compliance structure that provides multiple layers of oversight and verification. This framework not only satisfies regulatory requirements but also creates clear accountability and risk management.

Fintechs maintain first-line compliance operations, which include ownership and execution of KYC/AML, transaction monitoring, flagging suspicious activity, and maintaining marketing approval workflows. Those working directly with bank sponsors (i.e. without a Banking-as-a-Service provider or another third party that supports compliance) should at least have a full-time compliance officer or be prepared to add a compliance function to support the program.

The second line, bank oversight, is responsible for maintaining real-time visibility into every transaction, with control over freezing or closing accounts. As the Visa & Datos Insights report emphasizes: "Sponsor banks can no longer rely on periodic sampling or after-the-fact reviews; instead, they should maintain real-time visibility into their partners' operations."

Third-line independent auditors perform external verifications, third-party reviews, and formal control testing to validate that what’s on paper performs according to plan. This is the assurance layer that exam teams expect as programs scale and diversify.

Bank regulators will also look to validate integration points across all three tiers: Communication protocols, escalation paths, technology enabling continuous oversight, and exportable evidence packages for banks & regulators.

3. Engage proactively with regulators

In practice, fintechs can proactively take steps to leverage regulatory engagement as a competitive advantage, as banks are far more likely to sponsor fintechs that regulators already view favorably.

• Document everything thoroughly: Clearly define roles and responsibilities, document procedures and workflows, and establish real-time activity records, dashboards, and audit trails.
• Seek feedback early and often: Brief OCC/FDIC exam teams on new programs before launch, request feedback on compliance approaches, and demonstrate willingness to iterate based on regulator input.
• Commit to rigorous validation: Validate controls through extended testing periods, with transparent reporting of issues and remediation. One sponsor bank executive highlights that "[regulators] want three to six months of the partner literally running parallel with the bank standing beside them to validate the system. Then they want another six to 12 months where the bank is very aggressively sampling and testing."

Timeline and investment considerations

Building bank-ready compliance infrastructure requires both time and resources. Fintechs should plan to invest 12-24 months in building comprehensive compliance programs before seeking bank sponsorship, including:

• Hiring dedicated compliance personnel
• Implementing monitoring and reporting technology
• Developing and documenting policies and procedures
• Conducting internal audits and remediation
• Building relationships with external auditors

View these startup costs as strategic investment in market access– not having adequate compliance infrastructure will ultimately cost a business in lost time, failed partnership negotiations, and missed market opportunities.

What’s next for fintechs

Bank sponsorship has always been a gateway for fintechs to access embedded finance opportunities. Today's environment has made securing that sponsorship more challenging– and on the flipside, more valuable for fintechs that succeed in doing so. So how can fintechs push past the noise and win bank sponsorship?

The answer is compliance.

Navigating regulatory requirements can feel complex, but founders don’t have to do it alone. Fintechs can draw on support from BaaS services, experienced third-party consultants, or directly engage financial regulators (like the Federal Reserve or OCC) for clarity. These teams not only understand the payments ecosystem, but can also advise on building solutions, tools, and products to support operational and risk/compliance readiness, particularly for complex use cases like cross-border programs. If recommendations or introductions to independent third‑party consultants are needed, please contact your Visa representative to discuss options.

* Actual fund availability for all Visa Direct transactions may depend on receiving financial institution, account type, region, compliance processes, along with other factors, as applicable.

Disclosures

Case studies, comparisons, statistics, research and recommendations are provided “AS IS” and intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. Visa neither makes any warranty or representation as to the completeness or accuracy of the information within this document, nor assumes any liability or responsibility that may result from reliance on such information. The Information contained herein is not intended as investment or legal advice, and readers are encouraged to seek the advice of a competent professional where such advice is required.

All studies, surveys, research, and materials owned or commissioned by Visa shall not be used, reproduced, copied, or recirculated without the prior written consent of Visa.

Sources

¹ Fintech Business Weekly, “Consent Order Double Header Suggests the BaaS Reckoning Isn’t Over.”

² Banking Dive, “BaaS Outlook 2025: Banks, Fintech Partnerships Brace for Continued Regulatory Enforcement Under Trump.”