Out-Law Analysis | 11 May 2022 | 1:14 pm | 3 min. read
Embedding financial products and services within other products and services is a growing area of opportunity for banks, insurers and investment providers.
By developing solutions that make use of application programming interfaces (APIs), financial services providers can reduce friction and potentially provide customers with simplified digital experiences.
Embedded lending is one example. The potential to borrow, sometimes interest free, at the point of sale is helping ‘buy now pay later’ providers to increase their market share. It has become popular with millions of online customers for consumer purchases. There is also now a growing opportunity for business customers to access finance provided through embedded non-traditional lending platforms.
Embedded payments are another example. Unlike debit and credit cards, embedded payment providers work behind the scenes with banks and merchants to provide direct bank-to-bank transfers, improving the customer journey and potentially saving the customer some of the costs of transacting.
Embedding insurance within product purchases is another area of growth. It can reduce the cost of insurance distribution, and as with other forms of embedded financial services, expose the financial provider to a segment of the market with which it would not otherwise engage.
APIs have become central to embedding finance within online channels. Their use, however, may require a shift in thinking for some financial service providers.
In many scenarios, a financial service provider will not only be providing a regulated service – it will also be providing the API technology required for its products, services or customer data to be accessed through the third party’s embedded channel. As the provider of not only a financial product or service but now also technology, a host of new issues will arise.
As an API provider, the financial services business will need to ensure that its technology is robust and effectively integrated. Likely this will require providing testing facilities for third parties to use so that data formats, API standards and other technical and customer experience issues can be resolved before the embedded solution goes live.
When live, the levels of service offered for the embedded technology will need established and monitored. In particular, there may be cost implications if use by a large number of customers leads to unexpected spikes. API limits should be put in place and factored into fee arrangements.
Embedding financial products and services will often lead to the sharing of personal data between two separate organisations. Complexity of the roles that each organisation takes as it handles the data, potentially as data controller, joint controller or processor, will need to be addressed.
There are also growing expectations for regulated financial entities to have effective processes in place to protect all critical data, not just personal data, handled by third parties. In an embedded finance scenario therefore, data transfer arrangements may need to be considered from a number of legal and regulatory perspectives, and not only in terms of their compliance with data protection legislation.
Embedding financial products and services can lead to complex commercial and regulatory relationships. Commercially it may not always be clear which party is responsible for which part of the integrated solution.
The financial service provider may or may not have a direct relationship with the end customer. There may be a complex supply chain, and, in some circumstances, the financial services provider may only have a separate parallel relationship with the end customer to the provision of the embedded service.
However, as the ultimate customer will be engaging with products or services from two separate organisations, expectations for effective complaints processes and dispute resolution mechanisms will need to be considered. There will need to be transparency around which business a customer should complain to when something goes wrong, options in the event of disputes, fees and other commercial arrangements. Mishandling of these processes is a significant reputational risk.
Misunderstandings as to whether or not one party is providing a service directly to a customer or only acting on behalf of another could also result in regulatory non-compliance issues. As regulators move away from focussing on regulating outsourcing arrangements and towards ensuring that all third party relationships meet operational resilience expectations, regulatory requirements for data security, sub-outsourcing, business continuity, termination and exit arrangements take on added significance.
With unprecedented growth in online transactions since the beginning of the pandemic, demand for embedded finance solutions is set to accelerate. Financial service providers that understand and address the legal and regulatory issues which arise around embedding products and services into the channels of third parties will gain an advantage.