Here's something nobody tells you about building a neobank: sponsor release windows and model approvals set the delivery pace more than app features. No matter how tempting it is to prioritize UI polish, the real schedule lives in three agreements that you don't fully control.
The first is the sponsorship agreement. This covers BIN/program management, FBO structuring, ledger vs omnibus decisions, and card network access. It allocates regulatory responsibilities (Reg E/Z, UDAAP/EFTA, NACHA roles, BSA/AML, SAR governance) and requires evidence: policies/procedures, QA plans, complaint management, board reporting cadence. The second is the processor/issuer agreement. This defines your authorization decisioning surface (MCC gating, velocity, geo controls), tokenization boundaries (VTS/MDES), PAN vaulting, AID tables for dual-network debit, routing rules, clearing/settlement files, and batch windows. Evidence here means uptime SLAs, incident RCAs, and change-management notices. The third is the network rules acknowledgement: routing enablement, dispute/chargeback windows, reason code handling, data field population (AVS/CVV/MCC), certification results, and production pilots.
More on the economics in Durbin Advantage and Unit Economics.
The funds flow in dental banking has two primary inflows. Card acquiring under MCC 8021 (dentists): debit/credit interchange plus assessments plus processor markup, settlement at T+1/T+2. And EFT plus ERA: payers remit 835 (ERA) via clearinghouse while cash lands via ACH (CCD or CTX) with addenda. The ACH mechanics matter. CCD allows one 80-char addenda record. CTX supports multiple addenda records and is preferred for rich remittance. You need to tie BPR/TRN/CLP/CAS segments from the 835 to ACH addenda, and if ERA arrives out-of-band, maintain a correlation store on TRN and trace numbers. Bank files require SFTP+PGP delivery with committed windows (e.g., 07:30, 11:30, 15:30 local). Missed windows create reconciliation drift.
Daily tie-out at the Fed level: BTR (Bank Transfer Report) for end-of-day net position. IMAD/OMAD for intraday Fedwire message accountability. Reconciliation loop: bank files to ledger to PM/RCM system, surface variances above threshold (e.g., $50) for ops review. Use RTP/FedNow for high-value timing (payroll, supplier crunches) where finality offsets cost. Keep ACH for ERA fidelity and bulk remittance. See RTP/FedNow Rails.
Durbin-exempt status helps only if routing and data hygiene are correct. Enable both Visa/MC debit AIDs at the BIN and in terminal profiles. Confirm processor supports least-cost routing. Certify both networks with test authorizations, then live penny auths, capturing logs proving route selection. MCC 8021 on acquiring, proper AVS/CVV, avoid miscoding that downgrades interchange. Report route distribution weekly and investigate anomalies (sudden single-network dominance is a red flag).
Healthcare KYB/KYC compliance primitives: NPPES validation, DEA number format/status, state board license status. Sanctions/adverse checks against OIG LEIE and OFAC with adverse media rules tailored to providers. Ownership/control under CTA/BOI scope (collect control persons even below 25%). Cadence: NPPES monthly, DEA expiration quarterly (or 90-day window), LEIE monthly, state boards monthly minimum. Retain evidence and screenshots with timestamps. More in KYC/KYB and Compliance Costs.
Three lines of defense, exam-ready. First line: product/ops monitoring, auth controls (MCC, velocity), daily reconciliation, dispute workflows. Second line: written program, QA sampling, training logs, model inventory and validations, vendor due diligence. Third line: independent testing schedule, issue tracker with aging, board reporting pack.
Payer (Insurer) → Clearinghouse (835 ERA) ──────▶ Practice PM/RCM
│ ▲
└─ ACH (CCD/CTX + addenda) ──────────────┘
Bank delivers ACH file (SFTP+PGP) → Ledger → Reconcile to ERA (BPR/TRN/CLP)Patient → POS (MCC 8021) → Acquirer/Processor → Network → Issuer
│
Settlement T+1/T+2 → Practice accountWhat VCs and partners will ask for: interchange and routing math (Durbin-exempt status plus correct MCC routing yields better economics if AIDs and BIN config are right), healthcare KYC/KYB details (higher baseline cost, moat is operational monitoring cadence plus evidence), rails mix rationale (instant where finality has ROI, ACH where addenda fidelity and batch efficiency matter), exam artifacts (policy binder, QA plan, training logs, model validations, vendor DD files, incident RCAs, complaint log), and SLAs you should know cold (auth uptime, SFTP delivery windows, dispute TATs, P1 incident response).
For the deep dive on economics and sequencing, start with Deposits to Credit.
Sponsor bank diligence checklist (field-tested):
Economics: Durbin status (<$10B) and trajectory, interchange split, debit routing support, deposit sweep/interest terms, fee schedules, minimums and breakage.
Risk/Compliance: BSA/AML program maturity, last exam/consent order status, third-party oversight program, Reg E/Z governance, UDAAP coverage, complaint management tooling, QC/QA plan, model risk management (inventory, validation cadence, change controls).
Technical: Authorization control surface (MCC gating, velocity, geofence), tokenization boundaries (VTS/MDES), BIN/AID configuration process, dual-network enablement, least-cost routing support, SFTP+PGP delivery windows for ACH/settlement, format specs, incident SLAs and RCAs.
Operations/SLAs: Onboarding SLA (KYC/KYB), dispute/chargeback handling timelines, Reg E provisional credit posture, incident response (P1/P2 definitions), on-call rotation, release windows and change freezes.
References: Active vertical programs (size, mix), prior exam themes, sponsor's view on healthcare KYB/KYC.
Documents to request: Policies and procedures (BSA/AML, Complaints, Reg E/Z, Third-Party Oversight), QA plan and sampling results, training logs, model validations, vendor due diligence files, BIN management SOP, routing change controls, incident RCAs from the past 12 months.
Test scripts to run before go-live: dual-network authorizations (certify both networks, capture route logs, measure distribution), ACH file intake (deliver CCD and CTX with addenda, verify parsing into ledger, tie out to 835 ERA mappings), SFTP+PGP windows (verify delivery at all promised times, simulate delay and confirm alerts), dispute flow (walk a Reg E case end-to-end, check clocks, letters, provisional credit), variance drill (inject a $37 mismatch and trace detection to escalation to resolution).
People to meet: Sponsor PM plus Compliance lead plus BSA Officer, technical lead over settlement files, disputes manager.
RACI (who owns what):
- Reg E disputes: Sponsor (A/R), Fintech (R), Processor (C), Network (I)
- KYC/KYB standards: Sponsor (A), Fintech (R), Vendors (C), Processor (I)
- Transaction monitoring/SARs: Sponsor (A), Fintech (R), Processor (C), Network (I)
- Debit routing config (BIN/AID): Processor (R), Sponsor (A), Fintech (C), Network (C)
- BIN lifecycle/change control: Sponsor (A), Processor (R), Fintech (C), Network (I)
- Tokenization boundaries (VTS/MDES): Processor (R), Network (C), Fintech (C), Sponsor (A)
- Settlement files delivery (ACH/wires): Sponsor (A/R), Processor (C), Fintech (C)
- Incident response (P1/P2): Sponsor (A), Processor (R), Fintech (R), Network (I)
- Complaint management/UDAAP: Sponsor (A), Fintech (R), Processor (C)
- Model risk governance: Sponsor (A), Fintech (R), Independent validator (C)