Dental Neobanking Fundamentals: The Partnership Anatomy

SEP 15 25

OC morning; marine layer’s thick. Notes open.

Constraint: sponsor release windows and model approvals set the delivery pace more than app features.

The Three Agreements That Matter (and who owns what)

  • Sponsor/Sponsorship Agreement
    • Scope: BIN/program management, FBO structuring, ledger vs omnibus, card network access.
    • Regulatory allocation: Reg E/Z, UDAAP/EFTA, NACHA roles, BSA/AML responsibilities, SAR governance.
    • Evidence: policies/procedures, QA plans, complaint management, board reporting cadence.
  • Processor/Issuer Agreement
    • Controls: auth decisioning surface (MCC gating, velocity, geo), tokenization (VTS/MDES), PAN vaulting boundaries.
    • Configuration: AID tables for dual‑network debit, routing rules, clearing/settlement files, batch windows.
    • Evidence: uptime SLAs, incident/RCAs, change‑management notices.
  • Network Rules Acknowledgement
    • Obligations: routing enablement, dispute/chargeback windows, reason code handling, data field population (AVS/CVV/MCC).
    • Evidence: certification results, test authorizations, production pilots.

More context on the economics: Durbin Advantage and Unit Economics.

Dental Funds Flow and Reconciliation (the boring parts that matter)

Two primary inflows:

  • Card acquiring under MCC 8021 (dentists): debit/credit interchange + assessments + processor markup; settlement T+1/T+2.
  • EFT + ERA: payers remit 835 (ERA) via clearinghouse; cash lands via ACH (CCD or CTX) with addenda.

ACH mechanics that bite or save you:

  • CCD vs CTX: CCD allows one 80‑char addenda; CTX supports multiple addenda records—preferred for rich remittance.
  • Addenda mapping: tie BPR/TRN/CLP/CAS segments from 835 to ACH addenda; if ERA arrives out‑of‑band, maintain a correlation store on TRN and trace numbers.
  • Bank files: require SFTP+PGP delivery with committed delivery windows (e.g., 07:30, 11:30, 15:30 local). Missed windows create reconciliation drift.

Daily tie‑out at the Fed level:

  • BTR (Bank Transfer Report): end‑of‑day net position.
  • IMAD/OMAD: intraday Fedwire message accountability for wires/settlement.
  • Reconciliation loop: bank files → ledger → PM/RCM system; surface variances > threshold (e.g., $50) for ops review.

When to use instant rails:

  • RTP/FedNow for high‑value timing (payroll, supplier crunches) where finality offsets cost. Keep ACH for ERA fidelity and bulk remittance. See RTP/FedNow Rails.

Debit Routing and Durbin (not a toggle)

Durbin‑exempt status helps only if routing and data hygiene are correct.

  • AID configuration: enable both Visa/MC debit AIDs at the BIN and in terminal profiles; confirm processor supports least‑cost routing.
  • Test plan: certify both networks with test authorizations, then live penny auths; capture logs proving route selection.
  • Merchant data hygiene: MCC 8021 on acquiring; proper AVS/CVV where relevant; avoid miscoding that downgrades interchange.
  • Monitoring: report route distribution weekly; investigate anomalies (e.g., sudden single‑network dominance).

Compliance Primitives for Healthcare KYB/KYC (operationalized)

  • Provider identity: NPPES validation, DEA number format/status, state board license status.
  • Sanctions/adverse: OIG LEIE, OFAC; adverse media rules tailored to providers.
  • Ownership/control: CTA/BOI scope; collect/control persons even when <25% to meet control requirements.
  • Cadence: NPPES monthly, DEA expiration checks quarterly (or 90‑day window), LEIE monthly, state boards monthly at minimum.
  • Recordkeeping: retain evidence and screenshots with timestamps; examiner‑friendly.

Read: KYC/KYB and the cost anatomy in Compliance Costs.

Three Lines of Defense (exam‑ready)

  • First line: product/ops monitoring; auth controls (MCC, velocity); daily reconciliation; dispute workflows.
  • Second line: written program, QA sampling, training logs, model inventory and validations, vendor due diligence.
  • Third line: independent testing schedule, issue tracker with aging, board reporting pack.

Control Surface (where the work lives)

  • Authorization: MCC gating; amount/velocity thresholds; device/account pairing; geo fencing for unusual spend.
  • Storage: tokenization via VTS/MDES; PAN never touches practice systems; reduce PCI scope.
  • Settlement: daily BTR/IMAD/OMAD tie‑outs vs sponsor Fed account; variance alerts with playbooks.
  • Routing: dual‑network enablement checks; test harnesses; BIN lifecycle change control.
  • Disputes: documented Reg E/Z flows (if applicable), provisional credit standards, representment packages, deadlines calendar.

Sample funds‑flow (ACH + ERA)

Payer (Insurer)  Clearinghouse (835 ERA) ──────▶ Practice PM/RCM
                                                  
          └─ ACH (CCD/CTX + addenda) ──────────────┘

Bank delivers ACH file (SFTP+PGP)  Ledger  Reconcile to ERA (BPR/TRN/CLP)

Sample funds‑flow (Cards)

Patient  POS (MCC 8021)  Acquirer/Processor  Network  Issuer
                                   
                             Settlement T+1/T+2  Practice account

What VCs and Partners Should Expect (and will ask for)

  • Interchange and routing math: Durbin‑exempt status + correct MCC routing yields better economics—if AIDs and BIN config are right.
  • Healthcare KYC/KYB: higher baseline cost; moat = operational monitoring cadence + evidence, not logos.
  • Rails mix: instant where finality has ROI; ACH where addenda fidelity and batch efficiency matter.
  • Exam artifacts: policy binder, QA plan, training logs, model validations, vendor DD files, incident RCAs, complaint log.
  • SLAs to know cold: auth uptime, SFTP delivery windows, dispute TATs, P1 incident response.

If you want the deep dive on economics and sequencing, start with Deposits → Credit.

Economics

  • Durbin status (<$10B) and trajectory; interchange split; debit routing support.
  • Deposit sweep/interest terms; fee schedules; minimums and breakage.

Risk/Compliance

  • BSA/AML program maturity; last exam/consent order status; third‑party oversight program.
  • Reg E/Z governance; UDAAP coverage; complaint management tooling; QC/QA plan.
  • Model risk management: model inventory, validation cadence, change controls.

Technical

  • Authorization control surface (MCC gating, velocity, geofence); tokenization boundaries (VTS/MDES).
  • Routing: BIN/AID configuration process; dual‑network enablement; least‑cost routing support.
  • Files/APIs: SFTP+PGP delivery windows for ACH/settlement; format specs; incident SLAs and RCAs.

Operations / SLAs

  • Onboarding SLA (KYC/KYB); dispute/chargeback handling timelines; Reg E provisional credit posture.
  • Incident response (P1/P2 definitions); on‑call rotation; release windows and change freezes.

References

  • Active vertical programs (size, mix); prior exam themes; sponsor’s view on healthcare KYB/KYC.

Documents to Request

  • Policies and procedures (BSA/AML, Complaints, Reg E/Z, Third‑Party Oversight).
  • QA plan and sampling results; training logs; model validations; vendor due diligence files.
  • BIN management SOP; routing change controls; incident RCAs from the past 12 months.

Test Scripts to Run (before go‑live)

  • Dual‑network authorizations: certify both debit networks; capture route logs; measure distribution.
  • ACH file intake: deliver CCD and CTX with addenda; verify parsing into ledger; tie out to 835 ERA mappings.
  • SFTP+PGP windows: verify delivery at all promised times; simulate delay and confirm alerts.
  • Dispute flow: walk a Reg E case end‑to‑end; check clocks, letters, and provisional credit.
  • Variance drill: inject a $37 mismatch and trace detection → escalation → resolution.

People to Meet

  • Sponsor PM + Compliance lead + BSA Officer; Technical lead over settlement files; Disputes manager.

Minimal RACI (who owns what)

  • Reg E disputes: Sponsor (A/R), Fintech (R), Processor (C), Network (I)
  • KYC/KYB standards: Sponsor (A), Fintech (R), Vendors (C), Processor (I)
  • Transaction monitoring/SARs: Sponsor (A), Fintech (R), Processor (C), Network (I)
  • Debit routing config (BIN/AID): Processor (R), Sponsor (A), Fintech (C), Network (C)
  • BIN lifecycle/change control: Sponsor (A), Processor (R), Fintech (C), Network (I)
  • Tokenization boundaries (VTS/MDES): Processor (R), Network (C), Fintech (C), Sponsor (A)
  • Settlement files delivery (ACH/wires): Sponsor (A/R), Processor (C), Fintech (C)
  • Incident response (P1/P2): Sponsor (A), Processor (R), Fintech (R), Network (I)
  • Complaint management/UDAAP: Sponsor (A), Fintech (R), Processor (C)
  • Model risk governance: Sponsor (A), Fintech (R), Independent validator (C)

Related