Executive Summary

White labelling is no longer an edge case in European finance. It is a mainstream distribution model reshaping how financial products appear, where they appear, and under whose brand they appear. In October 2025, the European Banking Authority (EBA) reported that 35 percent of banks responding to its Spring Risk Assessment Questionnaire were already using white labelling across products including accounts, cards, Buy Now Pay Later, and data-driven information services. This was not presented as a warning but as a milestone. The EBA did not call for new restrictions. Instead, it pointed supervisors and firms toward a shared destination for 2026: greater supervisory convergence, clearer customer disclosures, and a more coherent evidence base showing who is responsible for what.

This whitepaper tells the story of how white labelling arrived at this moment, why the model has become the preferred route to embedded and partner-led distribution, and how governance can keep pace. It translates the EBA’s 2025 report and accompanying factsheet into a model of operation that withstands supervisory scrutiny, protects customers, and strengthens commercial performance. Throughout, it also describes how enabling technology, particularly platforms like Brooklyn Solutions can turn governance principles into operational reality by ensuring accountability is visible, information is harmonised, and oversight is continuous.

 

Table of Contents

 

Introduction

For years, banks and financial institutions observed a visible shift in customer attention. People were spending more time in digital environments that were not owned by banks. They were shopping on marketplaces, booking travel through super apps, managing work through productivity suites, and navigating mobility platforms. Financial tasks that once occurred in bank-controlled space started to migrate toward the apps and communities where customers already lived their digital lives.

White labelling emerged as the preferred distribution mechanism in that environment. This was largely because it enabled licensed institutions to focus on manufacturing regulated financial products while allowing partner organisations to contribute their brand, customer interface, and established audience. In this arrangement, customers would encounter the product through a partner they already recognised and trusted, which meant they could access financial services in a context that felt both familiar and reliable. The bank, meanwhile, continued to operate as the manufacturer behind the scenes, ensuring regulatory compliance and product integrity without being directly visible to the end user.

This collaborative approach proved mutually advantageous: customers enjoyed the convenience of accessing trusted products through familiar channels; partners were able to deepen engagement with their audiences by offering valuable financial solutions; and banks successfully extended their market reach without the need to invest in new distribution channels or develop additional front-end platforms.

But distribution power has a habit of outrunning governance. As institutions accumulated partners, which ranged from financial entities to retailers, mobility platforms, travel brands, fintechs and niche software providers, it became harder to trace who was responsible at each step. This resulted in expanded cross-border activity, new data flows emerging, and non-financial partners began playing front-line roles in marketing, onboarding and customer support. The very characteristics that made white labelling successful also increased the risk of blurred accountability.

The EBA’s 2025 package of materials, released in October 2025, represents a comprehensive and coordinated response to the evolving landscape of white labelling in European financial services. This package comprises several key documents: the main EBA report, which clarifies definitions, sets the regulatory scope, identifies both risks and opportunities, and presents evidence from banks and supervisors, while also outlining expectations for supervisory focus in 2026; an accompanying factsheet, which explains the white labelling model in accessible terms and highlights both its benefits and the governance challenges it presents; and a public press release, which underscores the scale of white labelling adoption and signals the EBA’s intention to pursue supervisory actions in the coming year. By bringing together these materials, the EBA delivers a unified message: white labelling is now firmly established within the sector, but its continued success will depend on the maturity of market participants; a maturity grounded in clarity, consistency, and customer trust.

What White Labelling Is (and What It Is Not)

The EBA provides a specific definition: A financial institution creates a financial product and distributes it under the brand of the partner only. The provider’s brand does not appear in the customer journey. The partner’s brand is the only visible brand.

It is essential to separate white labelling from Banking as a Service (BaaS). In many BaaS models, the bank remains visible at key points in the journey. For the EBA, that visibility means it is not white labelling. This distinction matters because it determines how responsibilities are explained to customers, what must appear in disclosures, how outsourcing rules apply, how AML and fraud oversight are configured, and how supervisors classify the model.

Treating all third-party distribution arrangements as interchangeable risks, confusing customers and misaligning governance. The EBA’s 2025 report emphasises the need for classification that is consistent and clearly evidenced.

 

Key Findings from the EBA Report

Through the European Banking Authority (EBA) White Labelling Report, there were two anchoring narratives.

  1. Scale: In the Spring 2025 RAQ, 35% of respondent banks confirmed they already use white labelling across a wide range of services including accounts, cards, credit products such as Buy Now Pay Later, and open banking style information services.
  2. Shift in Partner type: The partner universe has tilted toward non-financial entities, reflecting the platformisation of commerce and services. Distribution now happens where customers already are, not where banks wish they were.

However, despite the findings of the report, the EBA did not propose prohibitions. Instead, it signaled a new phase: White labelling will appear in the 2026 supervisory priorities across the EU, and firms will be expected to put customers beyond doubt about which entity provides the regulated product and how they can complain if something goes wrong.

However, there is the promise and the paradox to consider. The promise of white labelling is familiar and compelling. It reduces time to market for partners who do not want to become regulated institutions. It gives licensed providers access to new customers without building new distribution. It uses shared infrastructure to lower cost and broaden choice. Embedded finance thrives because it meets customers where they already are.

These are genuine benefits. The EBA acknowledges that white labelling can improve competition, increase access, and in some cases improve inclusion by reaching customers who would never seek out a standalone financial product.

But there is a paradox. The same features that create these benefits also create governance challenges. Brand separation blurs accountability. Role specialisation splits responsibilities across parties. Cross-border expansion introduces jurisdiction specific rules. Partners without financial regulation experience may write front end messages that drift away from approved language. Data may move too freely or not freely enough. AML and fraud controls may fragment. Complaints may bounce between entities. Supervisors may struggle to see like-for-like evidence when two similar models are documented completely differently.

The EBA’s recommendations target these frictions directly. They call for clarity of responsibilities, effectiveness of disclosures, consistent evidence, and governance that is visibly operational rather than theoretical.

 

The Need For Governed Growth

Why introduce a model for governed growth?

Because the EBA’s message is clear: governance maturity is essential for scale without risk. The model for governed growth addresses the frictions identified in the EBA report and translates them into operational disciplines:

  • Visibility of responsibilities: For every arrangement, institutions should be able to show, in a single page, who performs each activity, from onboarding and KYC to complaint handling and incident management.
  • Continuous oversight: Governance cannot rely on one-off onboarding. It must detect events, monitor patterns, and route alerts to the right owner within agreed time windows.
  • Harmonisation across borders: Use a common control library with country-specific overlays to ensure consistency while meeting local requirements.
  • Disclosure quality: Place identity statements and complaint routes in the customer journey, test comprehension, and measure effectiveness.

By implementing these disciplines, they turn governance from theory into practice.

 

Evidence and Measurement

Supervisors will not settle for static documentation. They will want evidence that governance works in practice. Key measures include:

  • Customer outcomes: Comprehension of provider identity, complaint resolution time, repeat complaint trends.
  • Financial crime: Completeness of due diligence, timeliness of suspicious activity reporting, false positive rates.
  • Operational resilience: Detection and recovery times for incidents, concentration risk in partner portfolios.

Metrics need narratives and narratives need metrics. Numbers alone do not persuade. Words alone do not hold up to scrutiny. The combination earns trust.

 

Two Narratives From the Field

A BNPL programme across three countries: A licensed lender launches a Buy Now Pay Later product through a large marketplace across three Member States. Early journey drafts hide the provider’s identity behind expandable text. Compliance objects. Identity declaration is moved into the main decision point. Complaint routes are added in plain language. Test participants are asked whether they recognise who provides the credit. Recognition rises from around half to above 85%. Behind the scenes, responsibilities for creditworthiness, arrears and refunds are made explicit. Incident thresholds are agreed. When chargeback ratios rise in one market, monitoring triggers a joint review. Checkout language is adjusted. Credit risk thresholds are recalibrated. Disputes fall. The model becomes a case study of governed growth.

A travel brand’s card and the naming question: A travel brand wants a card in its own name. The bank prefers co-branding. Co-branding reduces confusion but dilutes design control. Pure white labelling maximises design control but increases disclosure obligations. Both journeys are tested. With a well-placed identity statement and a clearly visible complaint route, customers understand the relationship at levels comparable to the co-branded version. The bank maps the legal classification and confirms the outsourcing treatment. The travel brand achieves its design goals without reducing clarity. The governance narrative becomes a competitive differentiator.

 

Opportunities for Innovation and Growth

White labelling is reshaping the financial services landscape, moving from a niche tactic to a mainstream distribution model. The European Banking Authority’s 2025 report confirms that over a third of EU banks already deploy white labelling across products such as current accounts, cards, Buy Now Pay Later, and data-driven services. This trend reflects a broader shift toward embedded finance, where financial products are delivered seamlessly within non-financial ecosystems.

The opportunity lies in meeting customers where they already are, on e-commerce platforms, travel portals, and mobility apps, rather than expecting them to visit traditional banking channels. This approach accelerates time-to-market for partners who want to offer financial products without becoming regulated institutions, while enabling banks to expand reach without building new front ends. It also reduces infrastructure costs by leveraging shared technology and creates space for niche products that cater to specific customer segments.

External research reinforces this trajectory. A recent McKinsey report on embedded finance highlights that integrated financial services could generate $40 billion in annual revenues in Europe by 2030, driven by partnerships between regulated providers and digital platforms. These collaborations not only enhance convenience but also foster financial inclusion by reaching underserved segments through trusted consumer brands.

However, innovation at this scale introduces complexity. As the EBA notes, governance maturity must keep pace with distribution power. Without clear accountability and robust oversight, the benefits of white labelling can quickly erode under regulatory and operational pressure.

 

The Risk Landscape

The EBA’s October 2025 report and supporting analysis identify several critical risks associated with white labelling in financial services:

  • Lack of Transparency
    Customers often do not know who the regulated provider is, making it difficult to understand roles and responsibilities. This creates confusion about contractual relationships and escalation paths for complaints, undermining trust and accountability.
  • Contradictory Information
    Fragmented responsibilities between providers and partners can lead to inconsistent messaging. Customers may receive conflicting information about product suitability, terms, or complaint handling, increasing the risk of mis-selling.
  • Fraud and Financial Crime Exposure
    Impersonation and phishing attacks become easier when customers cannot clearly identify the legitimate provider. Split responsibilities for onboarding and monitoring weaken AML/CFT controls, creating vulnerabilities in fraud prevention.
  • Data Privacy and Security Risks
    Increased data sharing between regulated providers and partners heightens the risk of unauthorized access and breaches. Complex arrangements often lack clear GDPR compliance frameworks, and customers may not understand how their data is used.
  • Operational Dependency
    Providers that rely heavily on a single partner risk solvency if that partner fails or withdraws. Conversely, partners face similar exposure if a regulated provider loses its license. These dependencies amplify systemic risk and complicate recovery planning.
  • Customer Exclusion and Accessibility Concerns
    White-labelled services are often offered via digital channels, which may unintentionally exclude less digitally savvy consumers. While the EU Accessibility Act sets high standards, failure to meet these requirements can lead to compliance issues and reputational harm.
  • Regulatory Complexity and Arbitrage
    Divergent national laws and supervisory practices create legal uncertainty. The lack of harmonisation between outsourcing and agency regimes complicates oversight and increases the risk of regulatory arbitrage across jurisdictions.

 

Why TPRM and GRC Matter More Than Ever

White labelling is not merely a commercial arrangement; it is treated as a form of outsourcing under the EBA’s Guidelines on Outsourcing Arrangements and, for ICT-related aspects, falls under the Digital Operational Resilience Act (DORA). This classification elevates governance obligations from best practice to regulatory mandate.

Fragmented value chains and cross-border partnerships demand a governance architecture that is both comprehensive and adaptive. At its core, this means:

  • Third-Party Risk Management (TPRM) that goes beyond initial onboarding to include continuous monitoring, risk scoring, and escalation protocols.
  • Integrated Governance, Risk, and Compliance (GRC) frameworks that harmonise controls across jurisdictions, track obligations in real time, and produce evidence supervisors can trust.

The EBA’s supervisory priorities for 2026 will focus on whether firms can demonstrate accountability, validate disclosure performance, and show governance as a living practice, not a static document. Institutions that fail to operationalise these principles risk regulatory findings, reputational damage, and erosion of customer trust.

White labelling is not just a distribution model – It’s a governance challenge. Fragmented value chains and cross-border arrangements demand:

  1. Robust TPRM frameworks to manage onboarding, due diligence, and continuous monitoring of third parties.
  2. Integrated GRC systems to harmonise controls, track compliance, and produce evidence that supervisors can trust.

The EBA’s supervisory priorities for 2026 will focus on whether firms can prove accountability, demonstrate disclosure effectiveness, and show governance in action. Static documentation will not suffice, governance must be a living practice.

 

How Brooklyn Solutions Empowers Safe, Scalable White Labelling

Governance principles are essential, but they do not execute themselves. The Brooklyn Platform provides the technology layer that transforms governance from theory into operational reality. Below are the must-have capabilities for a governed white labelling model, and how Brooklyn delivers them:

  • Third-Party Onboarding & Due Diligence
    Brooklyn platform streamlines your risk management by enabling pre-contract risk assessments and post-contract due diligence through customisable surveys. Our survey functionality allows you to gather essential information for Know Your Customer (KYC), Know Your Business (KYB), Anti-Money Laundering (AML), and Counter-Terrorist Financing (CFT) requirements efficiently. By leveraging surveys, you can automate data collection, accelerate onboarding, and maintain compliance integrity without relying solely on separate module-based checks.
  • Continuous Monitoring
    Governance cannot stop at onboarding. Brooklyn enables real-time monitoring of compliance breaches, operational failures, and reputational risks. Alerts are routed to the right teams instantly with action workflows, ensuring issues are addressed before they escalate into findings or customer harm.
  • Contract & SLA Management
    Brooklyn centralises all agreements in a secure digital repository and automates workflows for renewals and compliance checks. This eliminates manual tracking and ensures that contractual obligations remain current and enforceable across all partnerships.
  • Cross-Border Compliance
    With a common control library and local regulatory overlays, Brooklyn harmonises governance across jurisdictions. This approach simplifies compliance in multi-country arrangements and provides clear evidence for supervisory reviews.
  • Data Privacy & Security
    Brooklyn enforces GDPR-compliant data handling, maintains detailed audit trails, and enables secure data sharing between providers and partners. This reduces the risk of unauthorised access and ensures transparency in how customer data is used.
  • Reporting & Analytics
    Brooklyn provides dynamic dashboards for risk exposure, incident tracking, and regulatory reporting. Evidence is structured and ready for supervisors, eliminating last-minute document assembly and reducing audit stress.

Brooklyn turns trust into something observable. Responsibilities become visible, monitoring is continuous, and evidence is always ready when needed.

Try Brooklyn Solutions Today

Book a Demo

Conclusion

The EBA’s message is not that white labelling has gone too far; it’s that it must grow up. The 2026 supervisory cycle will examine how responsibilities are allocated, how disclosures perform in practice, how evidence is organised and whether governance has kept pace with distribution. Firms that invest now in clarity, observation and evidence will discover that governance accelerates rather than slows their ambitions.

White labelling succeeds when trust wins. Trust is earned when responsibilities are visible, outcomes are measured and the story is easy to follow. Governance provides the principles. Technology makes them real. Brooklyn Solutions stands at that intersection, helping firms scale with confidence, clarity and credibility.