Compliance: Is it slowing down or speeding up BaaS? At WAU, we build it in from day one

Compliance is often seen as a business blocker. But according to several case studies—and our experience at WAU—it’s quite the opposite, as long as the organization is open to rethinking how it operates, reviewing its processes, and aligning them with the real needs of its customers.

Cassy Ramsey, Chief Risk Officer at Aion Bank, shared that involving second-line teams early in negotiations has been crucial to launching banking-as-a-service (BaaS) solutions in weeks instead of months.

BaaS emerged in the 2000s, when retailers and marketplaces began offering banking products directly through digital platforms.

Today, BaaS is within reach of almost any company. But it's also drawn attention from regulators. Some still see it as the "Wild West" of finance, mainly because a few players entered the space without the right controls in place, leading to compliance missteps and poor practices.

So, where are we headed?

From what we've seen at WAU, we believe we’re entering a more responsible era—one where risk and compliance functions act as enablers, not obstacles.

Breaking the “us vs. them” dynamic

Throughout my career in digital transformation, I’ve worked on all sides of the process—from software developer and systems architect to project leader and business advisor. That perspective gave me a clear understanding of frontline teams' challenges. It also showed me how common it is to have a “us vs. them” mindset between the first, second, and third lines of defense.

That’s why, in my current role, I draw on my tech and business experience. It’s taught me the value of a “right from the start” approach—especially when designing financial technology. And that’s nearly impossible if compliance is treated as a roadblock instead of a key partner.

Early involvement from compliance improves the customer experience, reduces manual errors, avoids unnecessary back-office costs, and streamlines delivery.

How many of us have experienced projects where compliance comes in at the last minute and forces a complete redo? Probably most of us. That’s why I’ve learned that early engagement doesn’t slow things down—it accelerates everything.

Why is BaaS hard for traditional banks?

In many traditional banks, compliance still joins too late. This is often due to outdated legacy tech—expensive mainframes, undocumented systems, rigid architectures—and a project culture rooted in waterfall methodologies.

Compliance and risk teams are rarely included, even when banks attempt agile. They’re often seen as the ones who stop progress.

But what if compliance speeds things up?

In several WAU projects, we've proven that bringing the risk team into the conversation from day one leads to faster results. There are no surprises at the end. Instead, compliance can monitor controls throughout the project.

That shift has allowed us to go from 12-month timelines to launch in weeks or months.

Regulation 2.0 for BaaS 2.0?

If BaaS 1.0 was all about fast growth with little regard for oversight, BaaS 2.0 is being shaped by banks that prioritize compliance.

Regulators are still adapting to this model. Like with many agile startups, it takes time for authorities to grasp the ecosystem fully. That’s why transparency and collaboration with regulatory bodies are more important than ever.

We've seen cases where BaaS providers failed simply because they didn’t truly understand their end users, or because their clients unknowingly broke AML rules.

How can we avoid these issues?

First, we must clearly explain the regulatory framework to each client. Only once they understand how to operate within those boundaries can we design a compliant and fast model.

Banks at the heart of BaaS 2.0

Many major banks no longer view BaaS as a threat but as a strategic complement. UniCredit made headlines by becoming the first central European bank to acquire a full BaaS provider, purchasing 100% of Aion Bank and Vodeno.

For BaaS 2.0 to succeed, compliance has to be at the core. But it also requires a mindset shift: from risk as defense to risk as an offensive strategy. That’s the only way to accelerate transformation truly.

Risk professionals can add far more value in this new landscape if they engage early, understand the business, and step out of their comfort zones.

Conclusion

At WAU, we’ve seen firsthand what it means to build real collaboration between tech, business, and compliance teams. It’s difficult to break the old habit of calling risk in at the last minute, to hear “no.” But when risk is involved early, it doesn’t block innovation—it enables it.

The Aion Bank case also proves that second-line teams shouldn't be barriers. They can become a competitive edge.

Integrated compliance doesn’t slow innovation—it gives it structure, speed, and long-term success.

We believe the future of banking isn’t just in the platforms themselves, but in how those platforms are built: with vision, with collaboration… and with responsibility from day one.

JUAN CARLOS GARAVITO