User Onboarding, Flow of Funds in Banking

There’s a majority of everyday users that take for granted what’s taking place under the hood of digital banking and financial services apps in our smartphones. For those born in the 90s (or later), online and mobile access through financial technology (FinTech) are tablestakes in delivering a standard user experience. Up until about 11 years ago, most common financial transactions (making a payment, depositing a check, opening a bank account, applying for a credit card) needed to be done in person at a bank branch or through the mail. Another person was needed to fulfill the transaction (e.g. teller at a branch, or a back-office support agent at a service center).

That’s definitely not the case in the industry today. With the exception of cash or coin transactions, most financial activity takes place digitally via mobile apps from financial institutions or fintech companies (partnered with banks). Bank accounts can be opened online in minutes. Transfers to external bank accounts can be completed in seconds. Physical checks can be deposited from anywhere.

With so many banking apps currently available, the overall customer onboarding journey has stayed simple and straightforward. Let’s explore what this user path looks like behind-the-scenes, and key points regarding flow of funds and account types, which can also impact the initial user experience.

User SCREENINg AT SIGNUP

When it comes to creating an account on a newly downloaded app, most initial requirements are the same. Name, email, phone number (if appl.), and password. For financial services, personal information (such as date of birth, full social security or tax identification number, physical address) is usually mandatory based on the products being provided. These strict guidelines come from federal rules that enforce anti-money laundering (AML) practices.

Proper compliance processes must be in place to verify the identity of users AND screen applicants against watchlists. Lack of necessary controls may not meet federal requirements and increase the likelihood of fraudsters and criminal activity on an app or platform. Many options for Know Your Customer (KYC) and Identity Verification exists through compliance-as-a-service vendors such as Jumio, Socure, and Beam. Some Banking-as-a-Service (BaaS) providers deliver this compliance layer as part of their program. Most direct-to-bank partnerships don’t include the bank’s compliance or support divisions.

At a high-level, the initial flow for a new user is:

  • User creates a profile by providing their name, email, phone number, a login ID, and a password;

  • After verifying this request to setup a profile (code sent via a text or email), a user will be asked to enter unique info — specifically date of birth, SSN or TIN, physical address. The amount of info is based on what account or services the user will receive;

  • This user information is submitted for KYC and ID verification processing via an application programming interface (API). The compliance vendor or BaaS provider reviews the data and provides a response within a minute (often seconds);

    • If there’s a positive match to a watchlist, the applicant would need to provide additional information (based on the finding) OR may be automatically declined. The request for info may be a selfie video, additional proof of ID, or answering additional questions;

  • If the identity is verified appropriately and there are no screening lists matches, then the user is approved to open an account and would then agree to disclosures and account agreements. Similarly, if additional info provided clears the new user then they are also approved.

The client would be assigned an account number and asked to fund the new account from an external source.

Linking a FUNDING SOURCE for new users

A newly opened checking, savings, investment, or crypto account needs funds in order to fulfill a transaction request. Most apps include in this in their user onboarding path right after account approval. The most common funding option comes from using another bank account held by the user. The nuance lies in how the link to the external source is made:

  • Account aggregation: a direct connection (via API) from an external deposit account and the new account that a user just opened. The customer will be asked to enter their bank login details through a 3rd party provider (such as Plaid or Yodlee). Once the login is successful, the link is tokenized and saved to a user’s profile (or node) on the new app or platform. Requests can then be made to ‘pull funds’ from OR ‘push funds’ to this external account via the ACH network (which can take 2-3 business days to process). To link also allows a platform to verify the balance and transaction data in the external account. Plaid (and similar companies) charge a fee based on the type of account link (one-time or recurring);

  • Micro-deposits: not all banks allow 3rd parties to access their client’s accounts — the backup option would be micro-deposit verification: a small deposit is sent by a platform to the external account; a user must correctly verify the amount and enter it into the app; the deposit is then debited and link established. This process can take 5-7 business days, but typically has no fee;

New users can also setup a recurring direct deposit from their employer of earned wages by providing their account and routing number (to their company’s payroll provider). It can take up 1-2 pay periods for the first direct deposit to go through. Customers paid with checks can also make deposits at eligible neobanks that offer Remote Deposit Capture (RDC) by taking a picture of the front and back of an endorsed check. Settlement times on RDC can vary widely based on the amount and payee bank.

A faster alternative to ACH and checks for account funding is card processing (aka ‘card-pulls’). Users can link the debit card they have at a a different bank and request for a transfer from card to account via the card network (such as Visa or Mastercard). The money movement would be within seconds, but does carry a higher cost than ACH — starting at $0.50 and up to 3% of the transferred amount based on network fees.

account typeS BASED ON USE CASE

At this point, a user has a new account, linked with a funding source, and initial deposit. Let’s go back to what type of account was created originally after the user passed ID verification and KYC checkpoints. The customer sees their respective balance and transaction ledger, but doesn’t know the specifics regarding custody and account titling. Depending on the use case and product scope of a platform, the account structure and ownership can vary.

Deposit accounts are in a consumer or business’ name, each with unique account and routing numbers. These accounts can be freely controlled and transacted by users. They resemble traditional bank account structures and functionality — most common for neobank and challenger bank use cases in which users need access via multiple payment rails (ACH, card processing, wires, checks) and a debit card. Many fintech platforms gravitate toward this account type since its provide all the features needed for their future roadmap. The downside is that onboarding and KYC requirements may be high for some users (especially those not willing to provide a full SSN or DOB). The upside comes from revenue opportunities through interest earned on user deposits, and interchange revenue from user card spend.

For Benefit of’ (or FBO) accounts are held under the name of a platform (such as PrizePool) for the benefit of the platform’s users. In essence, it’s an omnibus account with a subledger at the individual user level. This account type is for use cases in which platforms take action often on behalf of users, such as batching individual payments in order to invest or make payouts in a bulk transfer request. This is common for prepaid card programs, savings-only wallets, and crypto investing companies that facilitate higher earnings or investment opportunities. The downside is that bank partners may require additional licensing (such as money transmitter licenses) based on the money movement involving two or more different parties. The upside comes from less KYC, consolidating transfer requests (in order to save on transaction fees), and earning deposit interest on user funds.

Custody (or Bank FBO) accounts operate similar to a standard FBO but with a bank trust as the account owner or custodian. The platform entity is not responsible for taking custody of user funds. Transaction requests are limited to a single-purpose (based on a custody account agreement). The downside is that bank partners monetize off of the deposit interest since the accounts are held in trust by the bank. The upside is that platforms may not need additional licensing requirements.

For the apps and platforms enabling financial service products, the account type is a critical decision to make from the beginning. There are implications of KYC, compliance, functionality, and future product roadmap. Balancing the current needs of users with operational requirements is challenging, especially for new startups.

Specialty flows off Platform

We covered common onboarding needs in user screening and verification, funding for initial deposit, and choosing account type. How about funds movement to external parties and accounts?

The majority of use cases involve sending money to a 3rd party (i.e. not back to the user OR staying within a platform) — this can be to another user, cryptocurrency exchange, or investment platform. This movement off-platform can present additional risks to fintech companies and banks. If not monitored appropriately, a platform (and bank partner) can be facilitating criminal activity such as money laundering or terrorist financing.

International transactions is a high-risk activity that requires heightened controls. Receiving or sending funds to other countries must be in accordance with regulatory guidelines such as those from the Office of Foreign Assets and Control (or OFAC). This can include a list of sanctioned countries and individuals which are not allowed to transact with US entities based on foreign policy. Failure to comply can result in penalties and suspension of a platform (and its bank partner).

For crypto and investment platforms that gather user funds for lump transfers and investment, money transmission is another risk area to be aware of. Directly managing funds on behalf of users typically requires registration as a money service business (MSB) with FinCEN and state-by-state money transmitter licenses (MTLs). These certifications help ensure government oversight and action on companies based on their flow of funds and custody controls. In the example of crypto exchange, most new platforms partner with a bank (to manage fiat deposits and payments), a custodian (for the cryptocurrency), and a liquidity provider (to convert between crypto and fiat). The entity managing the movement between these 2-3 organizations on behalf of users would need MTLs (unless they’re leveraging a bank trust as custodian for all currencies).

WRAP-UP for PLATFORMS EXPLORING EMBEDDED BANKING

From this discussion, there’s multiple layers involved in providing financial services to consumer and business users at fintech and non-fintech companies. From compliance screening, account approval, deposits, and payouts — platforms needs to be aware of each area and what’s most important both for user experience and risk management.

Once a user is onboarded and has an account approved, a general flow of funds diagram typically looks like:

Screen Shot 2021-07-06 at 3.16.04 PM.png

The new user account (in green) was recently opened (through a BaaS provider or direct-to-bank partnership) and sits at the partner bank. Based on the nuances of the use case, this account can get funded by numerous sources (direct deposit, the user’s account at another bank, another 3rd party). Funds in the account can be transferred in a similar way or used for spend via a debit card.

As platforms grows beyond their minimum viable product (MVP), providing enhanced access to payment rails and services becomes critical. Using FBO accounts with prepaid card programs can minimize the future product scope for platforms. Despite a higher initial cost, flexible account structures can save companies in the long-run.

The diagram above can vary by bank partner and product scope, but the overall flow in and out is mostly the same. As companies evaluate potential vendors and partners, its important not to get the discussion bogged down in account type. Narrow down the dialogue to needs and flows to ensure the best recommendation. More details covered in our updated 2021 BaaS guide (as part of subscriber-only content below).

Join our community @FinTechtris for more industry content & insight (includes deep dives & sector analysis).

As a bonus, access our subscriber-only resources to help your team evaluate bank partnerships, user onboarding, and flow of fund models!

Signup for our weekly newsletter today —>

Previous
Previous

Challenger Banks Disrupting Financial Services Globally

Next
Next

DEEP DIVE on PayPal: Fintech's First Global Company