EST. 2012 CODEGO GROUP LTD · MALTA BANKING AS A SERVICE EU IBAN · 6 COUNTRIES SEPA · SEPA INSTANT · SWIFT PCI DSS CERTIFIED 2025 API FIRST · WEBHOOKS 79 COUNTRIES DEPOSITS MULTI-CURRENCY · EUR · GBP · USD $1.1BN PROCESSED 2025 EST. 2012 CODEGO GROUP LTD · MALTA BANKING AS A SERVICE EU IBAN · 6 COUNTRIES SEPA · SEPA INSTANT · SWIFT PCI DSS CERTIFIED 2025 API FIRST · WEBHOOKS 79 COUNTRIES DEPOSITS MULTI-CURRENCY · EUR · GBP · USD $1.1BN PROCESSED 2025
Codego · Glossary · est. 2012 Reference · Vol. XII · Issue 04/2026 ● 12 countries · Malta HQ
G·1

What is Banking
as a Service?
A practical reference.

Banking as a Service is the model by which a licensed banking-infrastructure provider exposes core banking capabilities — accounts, cards, IBAN issuance, payments, KYC — through APIs, allowing non-bank companies to embed those capabilities in their own products without holding a banking licence themselves. This guide covers BaaS end-to-end: definition, history, architecture, regulation, market size and how to choose a provider.

01
Definition

Definition

Banking as a Service, abbreviated BaaS, is a delivery model in which a licensed banking institution or electronic-money institution exposes its core banking capabilities — account opening, ledger entries, IBAN issuance, payment initiation, card issuing, foreign exchange, KYC and AML controls — through programmable APIs. A non-bank partner — a fintech, a marketplace, a software platform, a corporate treasury team — consumes those APIs to embed banking features into its own product, branded under its own name, while the underlying licence, capital adequacy, regulatory reporting and money-handling responsibilities remain with the BaaS provider.

The term is sometimes used interchangeably with embedded finance, but the two are not the same. Embedded finance describes the user-facing outcome — financial features available inside a non-financial product. BaaS describes the infrastructure stack underneath. Every embedded-finance product is enabled by some form of BaaS.

02
Why BaaS exists

Why BaaS exists

Building banking infrastructure from scratch is structurally hard. A new bank needs a banking licence (years of applications and capital lock-up), a regulated technology stack with anti-money-laundering, sanctions screening and transaction monitoring, scheme certifications for cards, settlement accounts at central banks or correspondent partners, and ongoing prudential supervision. The total cost is generally measured in tens of millions of euros and a horizon of two to four years before a single customer is onboarded.

BaaS compresses that path. A fintech using a BaaS provider inherits the licence, the regulatory infrastructure and the scheme relationships of the provider. Time-to-market drops from years to weeks. The regulatory perimeter shrinks because the partner is a distribution channel rather than a deposit-taker. Operational risk concentrates in the provider, who runs it as core infrastructure rather than as a side concern.

03
Architecture

Architecture

A modern BaaS stack typically has the following layers:

  1. Regulatory and capital layer. The licensed entity itself — a bank, a payment institution or an electronic-money institution. Holds the customer-money safeguarding accounts, files regulatory returns and is the contractual issuer of record.
  2. Core banking ledger. A real-time double-entry ledger in which every customer balance, transaction, fee and chargeback is recorded with full audit trail. See Codego core banking.
  3. Payment rails. Connections to SEPA, SEPA Instant, SWIFT, local clearing systems, card schemes (Visa, Mastercard) and any blockchain rails the provider supports.
  4. Compliance engines. KYC onboarding, document verification, liveness checks, sanctions and PEP screening, ongoing transaction monitoring, risk scoring, regulatory reporting.
  5. API layer. The public interface through which partners issue cards, open accounts, move money and read state. Webhooks, idempotency, sandbox environments.
  6. Programme tooling. Self-service portals to configure card art, BIN ranges, fee schedules, controls, jurisdictions.

A BaaS provider that ships only one or two of these layers is more accurately described as a payments processor or a card-issuing platform. A full BaaS provider — like Codego BaaS — owns the stack from licence to API.

04
Use cases

Use cases

Neobanks

A consumer-facing app that offers accounts, cards and payments without a banking licence. The neobank operates the brand, the customer experience and the product surface; the BaaS provider operates the licence, the ledger and the rails. Most modern neobank MVPs are built this way.

Embedded finance in software

SaaS platforms — especially in HR, expense management, marketplaces, gig-economy payouts and SME accounting — embed accounts, cards and payments to capture transaction economics. The platform owns the workflow; BaaS provides the financial primitives.

Crypto on-ramps and off-ramps

Crypto-native products use BaaS providers to issue fiat IBANs, run settlement accounts for fiat deposits and withdrawals, and issue crypto-funded cards that spend stablecoins or on-chain assets on Visa and Mastercard rails.

Corporate treasury and B2B payments

Corporates with high transaction volumes, multiple subsidiaries or international payouts use BaaS for branded virtual IBANs, automated reconciliation, and programmatic card issuance for vendor payments and expense management.

05
Regulation

Regulation

BaaS sits inside an established regulatory framework, not outside it. In the European Union, the relevant regimes are PSD2 for payment services, the EMI Directive for electronic-money institutions, the Capital Requirements Directive for banking, AMLD for anti-money laundering, and increasingly the AI Act and DORA for operational resilience. In the United Kingdom, FCA authorisation governs payment institutions and electronic-money institutions; the Bank of England oversees banks. In the United States, the regulatory perimeter is more fragmented — federal banking regulators, state-level money transmitter licences and the OCC's special-purpose national bank charter all play a role.

For partners, the practical implication is that the BaaS provider's licence sets the perimeter of what the partner can and cannot do. A provider with an EMI licence can issue electronic money, accounts and cards but cannot lend on its balance sheet. A provider with a full banking licence can take deposits and lend. The choice of provider therefore shapes the product roadmap.

06
How to choose a BaaS provider

How to choose a BaaS provider

Six questions decide most BaaS evaluations:

  1. What licence does the provider hold, and where? EMI versus banking licence determines what products are possible. Geographic licence determines which jurisdictions the partner can operate in without separate local authorisation.
  2. What is the time-to-market? Self-service onboarding (≈ 15 days, see Codego white-label card) versus enterprise-led integration (≈ 60-120 days) is the single biggest variable.
  3. Which schemes are supported, and how? Visa Principal Member, Mastercard Principal Member, BIN sponsorship across both — each model has different commercial implications.
  4. Is the ledger real-time and auditable? Eventual-consistency ledgers create reconciliation pain at scale. Real-time double-entry is the standard.
  5. What is the integration surface? One API for cards, accounts, payments and KYC versus multiple APIs from multiple partners. Engineering effort and operational complexity scale with surface area.
  6. What is the commercial model? Volume minimums, monthly platform fees, interchange share, FX margin. Total cost of ownership over three years matters more than the headline rate card.
07
Frequently asked questions

Frequently asked questions

Q1.Is BaaS the same as open banking?
No. Open banking is the regulatory framework — primarily PSD2 in the EU — that requires banks to share customer-account data and initiate payments through standardised APIs. BaaS is the commercial model in which a licensed institution sells access to its banking infrastructure to partners. Open banking exposes existing accounts; BaaS lets partners create new banking products.
Q2.Does the BaaS partner need its own licence?
Generally no. The BaaS provider's licence covers the regulated activity. The partner registers as an agent or distributor of the provider in the relevant jurisdictions and operates within the provider's compliance framework. Some partners eventually obtain their own licence for strategic reasons; it is not required to launch.
Q3.How long does a BaaS launch take?
A standard white-label card programme with EU IBAN, SEPA, SEPA Instant and SWIFT can be live in around fifteen days on a self-service BaaS provider like Codego. More complex programmes — multi-jurisdictional, lending, deposit products — take longer because the regulatory and operational footprint is larger.
Q4.Who owns the customer in BaaS?
Commercially, the partner owns the customer relationship, the brand and the product. Legally, the customer's funds sit at the BaaS provider and the customer accepts the provider's terms of service alongside the partner's. This dual relationship is standard practice and should be disclosed clearly to end users.
Q5.Can a BaaS partner offer credit cards?
Credit issuance requires a banking licence to lend on balance sheet. A BaaS provider with a banking licence can support credit programmes; a provider with only an EMI licence cannot. Codego operates under an electronic-money distribution licence: prepaid and debit programmes are supported natively, while revolving credit requires a different regulatory perimeter.
Q6.How big is the BaaS market?
The Banking-as-a-Service platform market is estimated at around USD 5 billion in 2025 with projected growth to USD 19 billion by 2035, a compound annual growth rate of around 14 to 15 per cent, driven by embedded finance adoption and the maturation of regulatory frameworks across the EU, UK and US.
08
Related

Related

Codego Banking as a Service

Codego's full BaaS stack — EU IBAN, SEPA, SWIFT, multi-currency wallets, card issuing, BIN sponsorship and KYC, on one regulatory umbrella.