Visual Framework
Embedded Finance Compliance Responsibility Framework
Who owns each compliance obligation under each program model — across BSA/AML, KYB/KYC, OFAC, Regulation E, consumer protection, and bank reporting. The ownership map changes significantly depending on whether you're on BaaS, PayFac, or a direct bank model.
Platform owns
Full responsibilityShared
Delegated or co-ownedBank/BaaS owns
Primary at bank layer| Compliance Obligation | BaaS Model | PayFac Model | Direct Sponsor Bank | MTL Model |
|---|---|---|---|---|
| BSA/AML Program Policies, monitoring, SAR filing |
Shared BaaS handles layer; platform delegated obligations |
Shared Bank is primary; platform has sub-merchant obligations |
Platform owns Full program under bank oversight |
Platform owns Platform is the MSB |
| KYB / KYC Business + individual identity verification |
Shared BaaS provides tools; platform collects |
Platform owns Platform underwrites sub-merchants |
Platform owns Bank sets standards; platform executes |
Platform owns |
| OFAC Screening Sanctions list checks |
Shared BaaS screens; platform must also screen |
Shared |
Platform owns Required at onboarding + transaction level |
Platform owns |
| Regulation E Consumer electronic fund transfer protections |
Bank/BaaS owns Bank is primary; platform has disclosure obligations |
Shared |
Platform owns Error resolution, disclosures, dispute handling |
Platform owns |
| Bank Reporting Periodic reports, exam support |
Bank/BaaS owns BaaS provides to bank; platform provides to BaaS |
Shared |
Platform owns Direct reporting cadence with bank |
Platform owns State regulator reporting |
| Sub-Ledger / FBO Reconciliation Daily balance reconciliation to bank account |
Shared BaaS provides tools; platform must verify |
N/A No FBO structure |
Platform owns Critical daily reconciliation requirement |
Platform owns |
| Consumer Protection / UDAAP Unfair, deceptive, abusive practices |
Shared |
Shared |
Platform owns |
Platform owns |
| State Licensing Money transmitter / lending licenses |
Bank/BaaS owns Bank charter covers most states |
Bank owns |
Bank owns |
Platform owns 49 state licenses + DC |
The key insight: Moving from BaaS to a direct sponsor bank model doesn't just change your economics — it changes your compliance ownership profile significantly. Programs that migrate to direct often discover their compliance infrastructure was not built for the full ownership load. Designing compliance architecture for your target program model — not your current one — is the correct approach.