Three regulators on three continents will tell you they want the same outcome. Money that moves safely. Consumer trust intact. The central bank’s view of the system preserved.
They will not agree on a single sentence about how.
Israel: trust by relationship
A small number of large institutions. A regulator (the Bank of Israel) that prefers structured experimentation over published rule-making. A clearing rail (MASAV) that, until recently, required you to be a bank to participate.
The philosophy: trust by relationship. New categories — BaaS, indirect MASAV representation, sponsor-bank models — get co-defined as the first programs go live. The system is small enough to afford this. It is also opaque enough that newcomers struggle to find the door.
Working here forces a specific habit: write down what you mean, carefully. When you are negotiating a new category with the regulator in private, the artifact that matters is the document you both sign at the end. There is no published rule book to point at. The rule book is the document being written right now, in the room.
Right about: when a category does not exist yet, defining it carefully with a regulator who can stop a launch beats defining it in a comment thread later. The first BaaS launches in Israel will be cleaner than copy-paste-from-the-US programs would have been.
Wrong about: the speed of the regulatory clock determines the speed of the market.
The United States: trust by composition
Dozens of regulators (OCC, FDIC, state DFS, Fed, CFPB, FinCEN). Thousands of banks. Two competing instant-payment rails (RTP and FedNow). An ecosystem of sponsor banks that productize their compliance overhead so fintechs can plug into it.
The philosophy: trust by composition. You build a stack — fintech, vendor, sponsor bank, regulator. Each layer has a defined role, a published rule set, a known set of audits. Innovation comes from writing a new layer that fits cleanly between the existing ones.
What this lets you do: ship fast. The contracts between layers are mostly known. A new fintech can model their compliance posture by reading three white papers and the FDIC handbook. The first program goes live in months, not years.
What it does not let you do: trust the layer below you. The Synapse collapse in mid-2024 was the inevitable result of composition without verification. Each layer assumed the layer below it was operating well. None of them had visibility into whether that was actually true.
Right about: published rules and a defined sponsor-bank model let a thousand fintechs ship without re-litigating the basics. The compounding is enormous. The BaaS industry exists because the US made this choice.
Wrong about: when one sponsor bank fails, the whole tower above it shakes. Composition is fragile when the layers cannot fully trust each other.
The European Union: trust by published rule
PSD2 (now PSD3 in flight). SEPA. E-money licenses. A regulatory tradition of writing the rules first and asking the market to comply.
The philosophy: trust by published rule. Regulator publishes a directive. Member states transpose. Institutions implement. Audit checks compliance. Innovation comes from reading the directive carefully and finding what is permitted that no one has used yet.
What this lets you do: read your way to certainty. A lawyer plus a license plus a careful reading of the directive tells you almost everything about what an institution can and cannot do. PSD2 opened up cross-border open banking across an entire continent because Article 66 said it had to.
What it does not let you do: keep up with the world. Written rules age. PSD2 was a 2015 mental model. It did not plan for stablecoins, agentic commerce, or the velocity changes the last three years brought. PSD3 will fix some of that. PSD4 will fix some more. The rule-writing cadence sets the innovation ceiling.
Right about: there is no genuine ambiguity about what an institution can or cannot do. Read the directive plus the license, and you know.
Wrong about: published rules age. The market that follows them ages with them.
What it looks like to operate across all three
A platform that operates in all three has to internalize all three philosophies at once. That is the actual product problem.
A new feature is approved in Israel through a private negotiation with the Bank of Israel. The same feature is approved in the US by reading the published rules and writing a memo to the sponsor bank’s compliance team. The same feature is approved in the EU by checking which PSD2 article applies and filing the relevant disclosure with the local supervisor.
Same feature. Three different approval paths. Three different documents. Three different audiences for those documents.
The PM who does this well does not pretend the three are the same. They build three approval surfaces into the platform itself — three contracts, three audit-log views, three documentation paths — and accept that "the same feature in three jurisdictions" is, operationally, three different launches.
What the three teach each other
The regulator is not a deploy variable. The regulator is a first-class user, different in each market, with different needs and different ways of saying no. Israel teaches that categories matter. The US teaches that composition matters. The EU teaches that the document matters.
The platforms that compound take a position on each, write that position down, and revisit it every time a new program plugs in. The platforms that do not end up retro-fitting the regulator into a settings page.
That path does not scale.
The 2026–2027 patterns to watch
Three regulatory shifts to keep in peripheral vision, regardless of where you operate.
PSD3 is in committee in 2026 and will likely land in 2027. It will name agentic commerce explicitly. The platforms that have already named agent-to-agent payment flows in their internal contracts will have an enormous head start.
US sponsor-bank consolidation post-Synapse is reshaping which banks are open to new fintech relationships. The fintechs winning right now are the ones who picked their sponsor bank’s compliance posture deliberately, not the cheapest one.
Israel’s BaaS framework is the unwritten one becoming written. The first three programs will set the template. Whoever ships those three programs will be cited in every later document.
The regulator is the slowest-moving but most consequential user of any platform that touches money. The PM job is to build for them as carefully as you build for the people who pay you.