Embedded finance presents arguably the greatest opportunity for technology businesses to make bold plays into more traditional financial services markets. Here we explore the concept of embedded finance, how data-enabled customer focus and partnerships differentiate it from traditional models, and the legal and compliance challenges that need to be carefully managed across the various parties involved.
In a nutshell, it's about incorporating financial services into non-financial user experiences. It involves bringing financial services solutions to the point at which the customer transacts, increasing user convenience and opportunities for hyper-personalisation. Users can receive the financial services they need (whether lending, insurance, or payments, etc), without having to leave the customer journey to visit a traditional financial services institution.
This concept isn't new. For example, auto-loans have long been sold in car showrooms, saving the customer a separate trip to the lender. However, future embedded finance opportunities come from using Big Data and API integration to identify what customers need and offer it to them in a streamlined, hyper-personalised way.
Brands and platforms that already own the customer relationship can leverage it to enable access to other value-added and hyper-personalised financial services, increasing the overall value proposition for the user and ultimately, enhancing brand loyalty. Uptake of Buy-Now Pay-Later by merchants is one example of this.
At the same time, technology and software providers can offer specific financial services propositions without having to become a bank themselves. Combined with regulatory-mandated schemes such as open banking and open finance (below), this is disrupting the traditional model of incumbent players. Embedded finance also presents opportunities for smaller providers to offer more specialist products to niche market sectors, including to help improve financial inclusion by catering to traditionally underserved customers.
The vision is for financial services to sync seamlessly with other non-financial user interfaces, increasing proximity to financial services so the customer can transact where and when they need to - whether in e-commerce, travel, social media, professional services, or other sectors.
What sets the next generation of embedded finance aside from traditional financial services and white-label offerings is an API-first approach to integration with digital interfaces, and the use of rich data and AI/ML to enhance user experience and customisation.
Consider the example of a small businesses starting up and using an online e-commerce or accounting platform or selling products on an online marketplace. The transaction data held by the platform or marketplace means the provider can gain insights into the business's finances better than a traditional bank can. As a result, it can use AI and ML models to anticipate and fulfil the user's financial needs: whether initiating payments, ordering debit cards, embedding payroll solutions, or exploring opportunities for receivables-based financing. For the customer, this could provide access to capital that might not otherwise have been available, as well as to a more holistic experience from an already trusted business partner in an API-enabled one-stop-shop.
That provider won't normally be a bank, nor does it want to be. Instead, it might be a software company that partners with banks and other technology providers to support the distribution of financial products via non-financial means.
Data plays a crucial role in delivering optimal embedded finance experiences. The secret to success lies in using data to anticipate customers' needs and offer the right product at the right time. Big Data, AI and ML are key to that.
Many non-finance companies already have valuable customer relationships that generate rich data that can be leveraged for embedded finance. For those that don't, regulatory requirements are mandating increased access to financial services data in certain cases, offering further opportunities for new offerings.
This began as 'open banking', supported by regulatory requirements mandating banks to enable controlled access to payments data. Open banking providers became able to access consumers' banking data and even initiate payments on their behalf, without having to become the bank itself.
This concept is now being extended to other types of financial services data under a wider move towards 'open finance'. On 28 June 2023, the European Commission proposed an ambitious regulation on 'Financial Data Access' (FIDA, see our article here). The proposal aims to open up access to a wider range of financial data in a controlled manner, promoting the development of data-driven financial services and products. This would enable customers and firms to benefit from more tailored financial products, while ensuring better control of access to their financial data.
Data flows in embedded finance tend to be complex. Where the data is personal data, data protection law will be engaged on top of financial regulatory requirements. This raises questions about data acquisition, ownership, usage, retention, and disposal by different parties, as well as security risks such as unauthorised access, data breaches, and data misuse. Where personal data is being transferred cross-border, protections may be required, and different legal regimes may apply. Sophisticated data governance and technology risk management are therefore required, as well as ensuring data protection compliance and security best practice across all relevant parties. This is likely to necessitate a network of data processing agreements, contractual protections and internal policies as well as rigorous cyber security in order to achieve compliance.
Appropriate safeguards for data use remain vital. The EDPS acknowledges that consumers in financial services are often the weaker party and subject to information and power asymmetries compared to financial service providers. Open finance therefore needs to balance mandating access to data with ensuring customers have adequate control over access to their data, but without creating too high a compliance burden that suffocates innovation.
This is by no means easy to achieve. Open banking under PSD2 has shown the challenges of effective data access at scale and in a pro-competitive manner; proposals for targeted reforms (discussed here) seek to address some of the obstacles faced by open banking service providers, including competition with incumbent players.
Notwithstanding these challenges, there's no doubt that open finance can provide a powerful enabler for embedded finance.
Partnerships between regulated firms and non-regulated brands and technology providers are core to many embedded finance opportunities. However, different parties can have different priorities and cultures that might need to be reconciled, for example, reconciling the focus on agility and customer experience (a priority for brands and technology companies) with complex compliance expectations and the highly regulated financial services environment. This requires a shift to a more entrepreneurial and collaborative approach to relationship building.
The different roles and monetisation model require careful management of legal and regulatory risks while balancing commercial considerations and ensuring compliance. These risks, in addition to the data and cyber security issues discussed, are not unique to embedded finance, but they can be more challenging to manage given the multiple parties involved and shared responsibilities.
Operational resilience and ICT risk
Successful integration across different platforms and providers requires careful management of 3rd and 4th party risk. Resilience is not only a focus for regulators (see our articles here and here), it's also vital to maintaining customer loyalty.
Different offerings will encounter product-specific compliance challenges, whether insurance, consumer credit, payments or lending. Policy developments suggest an increasing focus on how data is used in these areas. For example, the collection and use of personal data to assess creditworthiness is expected to become more regulated by the EU's revised Consumer Credit Directive, which proposes setting clear limitations on the collection and use of personal data (including special categories of personal data and data originating from social media).
AI and ML
Artificial intelligence (and machine learning) allow financial services to learn from customer information and make rapid decisions. AI has a central role to play in successful embedded finance propositions. However, it needs to be applied in a safe, ethical, responsible and transparent way, or providers risk losing trust with users, as well as potential liability and/or regulatory action. AI regulation will most likely require providers to layer AI compliance measures over the top of product-specific regulation, with the EU's draft AI Act marking a potential turning point in the regulation of AI (see here for more on AI regulation).
Contractual risk allocation
The shared responsibility model, monetisation strategies and open architecture of embedded finance mean parties might need to shift away from a traditional liabilities management approach to contractual negotiations. They might need to spend more time understanding operational processes and how they each manage risk, rather than simply seeking to transfer liability. Ultimately, all parties are invested to ensure the platform works seamlessly and that risks are managed.
Consumer facing propositions heighten many of these challenges, not least following the FCA's new Consumer Duty in the UK. Whether a regulated firm or not, fair and transparent communication, avoiding foreseeable harm and supporting customers will help enhance customer experience and meet ever-increasing regulatory expectations.
Oversight, governance and accountability
Effective governance is central to all of the areas mentioned above, from processes to address risks arising from AI decision making, data governance, or a senior manager's ability to challenge ICT strategies. Governance and accountability are important for all parties looking to manage the enhanced risks of embedded finance but with regulators shining a spotlight on governance frameworks, the role of the board and senior managers, and the impact culture can play in managing risk, are particularly relevant for regulated firms.
The opportunities are vast. McKinsey estimated in 2022 that the market could double in size in three to five years. Risk is likely to remain a constraint on growth. However, policymakers are keen to encourage innovation and competition, even if regulators' focus on risk management and compliance shows no sign of waning. Businesses that are willing to invest in overcoming the various challenges have the potential to further disrupt the traditional financial services model.
Who will the winners be? Business that can make use of Big Data and advanced APIs most effectively to integrate financial products in the most seamless way, while complying with regulatory and legal requirements.
Alexander Schmalenberger, Verena Ritter-Döring and Stephanie Richter discuss what FIDA and the Data Act mean for financial data sharing in the EU.
1 von 6 Insights
Thomas Kahl looks at incoming security obligations for the financial industry under DORA.
3 von 6 Insights
Mary Rendle looks at the sometimes overlapping requirements on financial organisations in the UK and EU in the event of an ICT-related incident or other data breach.
4 von 6 Insights
Daniel Hirschfield looks at the joint data transformation programme, which is being led by the UK's financial regulators to transform how data is collected from the UK financial sector.
5 von 6 Insights
Kelly Burke and Matthias Brenner look at the role of regulation in raising trust in digital IDs.
6 von 6 Insights