Dental Neobanking Fundamentals: The Partnership Anatomy

SEP 15 25

Morning in Orange County, marine layer still hanging around. Notes open and Column call notes from last week on the second screen.

Sponsor release windows and model approvals set the delivery pace more than app features, no matter how tempting it is to prioritize UI polish.

The Three Agreements That Matter (and who owns what)

  • Sponsor/Sponsorship Agreement
    • Scope: BIN/program management, FBO structuring, ledger vs omnibus, card network access.
    • Regulatory allocation: Reg E/Z, UDAAP/EFTA, NACHA roles, BSA/AML responsibilities, SAR governance.
    • Evidence: policies/procedures, QA plans, complaint management, board reporting cadence.
  • Processor/Issuer Agreement
    • Controls: auth decisioning surface (MCC gating, velocity, geo), tokenization (VTS/MDES), PAN vaulting boundaries.
    • Configuration: AID tables for dual-network debit, routing rules, clearing/settlement files, batch windows.
    • Evidence: uptime SLAs, incident/RCAs, change-management notices.
  • Network Rules Acknowledgement
    • Obligations: routing enablement, dispute/chargeback windows, reason code handling, data field population (AVS/CVV/MCC).
    • Evidence: certification results, test authorizations, production pilots.

More context on the economics: Durbin Advantage and Unit Economics.

Dental Funds Flow and Reconciliation (the boring parts that matter)

Two primary inflows:

  • Card acquiring under MCC 8021 (dentists): debit/credit interchange + assessments + processor markup; settlement T+1/T+2.
  • EFT + ERA: payers remit 835 (ERA) via clearinghouse; cash lands via ACH (CCD or CTX) with addenda.

ACH mechanics that bite or save you:

  • CCD vs CTX: CCD allows one 80-char addenda; CTX supports multiple addenda records-preferred for rich remittance.
  • Addenda mapping: tie BPR/TRN/CLP/CAS segments from 835 to ACH addenda; if ERA arrives out-of-band, maintain a correlation store on TRN and trace numbers.
  • Bank files: require SFTP+PGP delivery with committed delivery windows (e.g., 07:30, 11:30, 15:30 local). Missed windows create reconciliation drift.

Daily tie-out at the Fed level:

  • BTR (Bank Transfer Report): end-of-day net position.
  • IMAD/OMAD: intraday Fedwire message accountability for wires/settlement.
  • Reconciliation loop: bank files → ledger → PM/RCM system; surface variances > threshold (e.g., $50) for ops review.

When to use instant rails:

  • RTP/FedNow for high-value timing (payroll, supplier crunches) where finality offsets cost. Keep ACH for ERA fidelity and bulk remittance. See RTP/FedNow Rails.

Debit Routing and Durbin (not a toggle)

Durbin-exempt status helps only if routing and data hygiene are correct.

  • AID configuration: enable both Visa/MC debit AIDs at the BIN and in terminal profiles; confirm processor supports least-cost routing.
  • Test plan: certify both networks with test authorizations, then live penny auths; capture logs proving route selection.
  • Merchant data hygiene: MCC 8021 on acquiring; proper AVS/CVV where relevant; avoid miscoding that downgrades interchange.
  • Monitoring: report route distribution weekly; investigate anomalies (e.g., sudden single-network dominance).

Compliance Primitives for Healthcare KYB/KYC (operationalized)

  • Provider identity: NPPES validation, DEA number format/status, state board license status.
  • Sanctions/adverse: OIG LEIE, OFAC; adverse media rules tailored to providers.
  • Ownership/control: CTA/BOI scope; collect/control persons even when <25% to meet control requirements.
  • Cadence: NPPES monthly, DEA expiration checks quarterly (or 90-day window), LEIE monthly, state boards monthly at minimum.
  • Recordkeeping: retain evidence and screenshots with timestamps; examiner-friendly.

Read: KYC/KYB and the cost anatomy in Compliance Costs.

Three Lines of Defense (exam-ready)

  • First line: product/ops monitoring; auth controls (MCC, velocity); daily reconciliation; dispute workflows.
  • Second line: written program, QA sampling, training logs, model inventory and validations, vendor due diligence.
  • Third line: independent testing schedule, issue tracker with aging, board reporting pack.

Control Surface (where the work lives)

  • Authorization: MCC gating; amount/velocity thresholds; device/account pairing; geo fencing for unusual spend.
  • Storage: tokenization via VTS/MDES; PAN never touches practice systems; reduce PCI scope.
  • Settlement: daily BTR/IMAD/OMAD tie-outs vs sponsor Fed account; variance alerts with playbooks.
  • Routing: dual-network enablement checks; test harnesses; BIN lifecycle change control.
  • Disputes: documented Reg E/Z flows (if applicable), provisional credit standards, representment packages, deadlines calendar.

Sample funds-flow (ACH + ERA)

Payer (Insurer)  Clearinghouse (835 ERA) ──────▶ Practice PM/RCM
                                                  
          └─ ACH (CCD/CTX + addenda) ──────────────┘

Bank delivers ACH file (SFTP+PGP)  Ledger  Reconcile to ERA (BPR/TRN/CLP)

Sample funds-flow (Cards)

Patient  POS (MCC 8021)  Acquirer/Processor  Network  Issuer
                                   
                             Settlement T+1/T+2  Practice account

What VCs and Partners Should Expect (and will ask for)

  • Interchange and routing math: Durbin-exempt status + correct MCC routing yields better economics-if AIDs and BIN config are right.
  • Healthcare KYC/KYB: higher baseline cost; moat = operational monitoring cadence + evidence, not logos.
  • Rails mix: instant where finality has ROI; ACH where addenda fidelity and batch efficiency matter.
  • Exam artifacts: policy binder, QA plan, training logs, model validations, vendor DD files, incident RCAs, complaint log.
  • SLAs to know cold: auth uptime, SFTP delivery windows, dispute TATs, P1 incident response.

If you want the deep dive on economics and sequencing, start with Deposits → Credit.

Economics

  • Durbin status (<$10B) and trajectory; interchange split; debit routing support.
  • Deposit sweep/interest terms; fee schedules; minimums and breakage.

Risk/Compliance

  • BSA/AML program maturity; last exam/consent order status; third-party oversight program.
  • Reg E/Z governance; UDAAP coverage; complaint management tooling; QC/QA plan.
  • Model risk management: model inventory, validation cadence, change controls.

Technical

  • Authorization control surface (MCC gating, velocity, geofence); tokenization boundaries (VTS/MDES).
  • Routing: BIN/AID configuration process; dual-network enablement; least-cost routing support.
  • Files/APIs: SFTP+PGP delivery windows for ACH/settlement; format specs; incident SLAs and RCAs.

Operations / SLAs

  • Onboarding SLA (KYC/KYB); dispute/chargeback handling timelines; Reg E provisional credit posture.
  • Incident response (P1/P2 definitions); on-call rotation; release windows and change freezes.

References

  • Active vertical programs (size, mix); prior exam themes; sponsor’s view on healthcare KYB/KYC.

Documents to Request

  • Policies and procedures (BSA/AML, Complaints, Reg E/Z, Third-Party Oversight).
  • QA plan and sampling results; training logs; model validations; vendor due diligence files.
  • BIN management SOP; routing change controls; incident RCAs from the past 12 months.

Test Scripts to Run (before go-live)

  • Dual-network authorizations: certify both debit networks; capture route logs; measure distribution.
  • ACH file intake: deliver CCD and CTX with addenda; verify parsing into ledger; tie out to 835 ERA mappings.
  • SFTP+PGP windows: verify delivery at all promised times; simulate delay and confirm alerts.
  • Dispute flow: walk a Reg E case end-to-end; check clocks, letters, and provisional credit.
  • Variance drill: inject a $37 mismatch and trace detection → escalation → resolution.

People to Meet

  • Sponsor PM + Compliance lead + BSA Officer; Technical lead over settlement files; Disputes manager.

Minimal RACI (who owns what)

  • Reg E disputes: Sponsor (A/R), Fintech (R), Processor (C), Network (I)
  • KYC/KYB standards: Sponsor (A), Fintech (R), Vendors (C), Processor (I)
  • Transaction monitoring/SARs: Sponsor (A), Fintech (R), Processor (C), Network (I)
  • Debit routing config (BIN/AID): Processor (R), Sponsor (A), Fintech (C), Network (C)
  • BIN lifecycle/change control: Sponsor (A), Processor (R), Fintech (C), Network (I)
  • Tokenization boundaries (VTS/MDES): Processor (R), Network (C), Fintech (C), Sponsor (A)
  • Settlement files delivery (ACH/wires): Sponsor (A/R), Processor (C), Fintech (C)
  • Incident response (P1/P2): Sponsor (A), Processor (R), Fintech (R), Network (I)
  • Complaint management/UDAAP: Sponsor (A), Fintech (R), Processor (C)
  • Model risk governance: Sponsor (A), Fintech (R), Independent validator (C)

Healthcare banking peers—if you want the RACI or diligence templates, send a note. LA/OC coffee or a quick Zoom works.

Related