top of page

Banking-as-a-Service: Turn Your Core into a Revenue Platform

  • Writer: WAU Marketing
    WAU Marketing
  • Feb 12
  • 4 min read

Updated: Jun 23

Most banks see their core as a cost center. The ones winning the region started seeing it as a product they could sell.


It's a small shift in mindset with large consequences. For decades, the core was infrastructure: something you maintain, audit, and pay for. Banking-as-a-Service (BaaS) flips that idea. The banking capability your institution already has—opening accounts, moving money, issuing cards, originating credit—stops being just the internal engine and becomes something others pay to consume. The bank becomes a platform. And a platform charges.


What BaaS is, without the noise


BaaS means exposing your banking capabilities through APIs so third parties—a retailer, an app, a marketplace, another fintech—can offer financial services without becoming a bank. The retailer brings the brand and the customer relationship; your institution brings the license, the compliance, and the infrastructure. What the end customer sees as "the store's account" runs, behind the scenes, on your core.


This isn't regional theory. Latin America's fintech ecosystem grew from 703 companies in 2017 to more than 3,000 across 26 countries by 2023, according to the study by the Inter-American Development Bank and Finnovista—a 340% rise in six years—and the most common business model among them is now B2B. Behind every one of those fintechs is a question: who lends them the banking infrastructure? That's the opportunity.


The size of the prize


McKinsey estimates that by 2030, embedded finance—the umbrella BaaS powers—could represent 10 to 15% of banking revenue pools. And that 20 to 25% of retail and SME lending revenue could originate through embedded finance, against 5 to 10% today, in its analysis of how banks and customer platforms are converging. In 2024 alone, embedded payments generated close to $58 billion in revenue for non-financial platforms. The question for your institution is which side of that figure you want to be on: do you collect it, or does whoever had the architecture to offer it collect it from your customer?


The revenue lines it opens


The interesting thing about BaaS is that it isn't one source of money, it's several at once:


  • Platform and API fees. A recurring charge for platform access plus an initial onboarding. Predictable, month over month.

  • Usage-based fees. Charges by volume: API calls, active accounts, cards issued. It grows with your partner's success.

  • Per-transaction fees. Every loan disbursed or payment processed through your API leaves a fee. It's the classic embedded-credit model and scales with volume.

  • Shared interchange. When your partner issues a branded card on your license, the per-transaction percentage gets split.

  • Net interest margin. The deposits you capture through your partners broaden your funding base.


None of these lines requires you to open a new branch. They require your core to be able to offer them.


And here's the filter: your architecture decides whether you can play


BaaS sounds like a commercial strategy, but it's won or lost in the technical layer. You can't offer as a product something your core doesn't expose. A monolithic core, where every capability is coupled to the rest and nothing reaches the outside without an integration project, simply isn't sellable. Each new partner would become a months-long custom build, and the economics don't work.


What BaaS demands is an API-first, composable core: decoupled capabilities—accounts, payments, cards, credit—exposed as standardized, secure, versioned services, ready for a third party to connect in days, not quarters. This ties directly to something we've written before: composable banking isn't an architectural luxury, it's the prerequisite for monetizing your core. Without that foundation, BaaS is a slide deck; with it, it's a business line.


The risk no one should ignore


Let's be direct, because this part gets left out of almost every upbeat BaaS article: opening your license to third parties means opening your risk surface. When a partner makes a compliance mistake, the regulator doesn't go after the partner—it goes after you, the license holder.


In Mexico, distributed-infrastructure and embedded-finance models have already outgrown the categories of the 2018 Fintech Law, which is why a reform—the so-called Fintech Law 2.0—is under discussion, aimed at better regulating exactly these schemes, according to an analysis published in LexLatin. The regulatory trend, in Mexico and beyond, is moving toward supervising by function—who originates, who bears the risk, who manages the data—not just by entity type. And the local regulator has already shown it acts: the CNBV revoked a Sofipo's license in late 2024 for sustained breaches. BaaS without third-party governance, real-time monitoring, and per-partner traceability isn't an opportunity, it's a liability.


How we see it at WAU


At WAU we design cores built to be a platform from day one: capabilities exposed as clean APIs, with the governance, per-partner monitoring, and traceability that offering BaaS without losing regulatory control demands. We don't help you "have APIs"; we help you turn your core into a revenue line that scales without multiplying your risk.


If you want to stop seeing your core as an expense and start seeing it as a product—with real numbers on which lines it can generate and what your architecture needs to support them—let's talk. We'll map the case together. 👉 Book a conversation with our team.


Sources


Comments


bottom of page