TrustTech — Navigating the Regulatory Landscape (Part 4)
It was back in 2016 when the GDPR was adopted by the EU and it has since taken the world by storm. Dubbed one of EU’s great regulatory achievements, the GDPR is a huge step in terms of data privacy and data protection for the end customer. However, it is still an ongoing topic for the tech world, with many of the large tech companies having faced fines for non-compliance (latest example is Meta receiving a EUR 1.2 billion fine for violating the GDPR, source: EDPB). And it’s not only the tech giants; other companies, such as the well-known FinTech Klarna, have not been exempt from regulatory scrutiny (Source: EDPB). The GDPR is only one example of the rich tapestry of EU regulations ensuring unparalleled protection for its citizens from the threats lurking in the digital world. However, navigating and keeping up with this legal labyrinth might pose a challenge for companies, but it also presents an opportunity to develop innovative TrustTech solutions that ultimately benefit customers.
The Regulatory Layer is a trusted companion towards the regulatory compliance
This article is the fourth in our series dedicated to TrustTech. TrustTech expands the traditional definition of cybersecurity to include technologies that promote trust across all layers of the Trust Backbone: infrastructure, identity, regulatory, and ethical. The Trust Backbone is a mesh connecting everything and everyone in the digital world. In our two previous articles we talked about how TrustTech protects the data transport through the backbone and how it ensures that only authorized parties are participating in the data exchange. The Regulatory Layer encompasses the laws, policies, and standards that govern data protection, privacy, and responsible technology usage, as well as EGC, fraud prevention and much more. Solutions on this layer interact with the Digital Infrastructure and Identity layers to guide companies out of the regulatory labyrinth into the compliance oasis. These solutions provide the necessary tools and expertise to ensure businesses of all sizes can thrive within the bounds of EU and global regulations while safeguarding the privacy and trust of their customers.
Most of the EU startups active on the Regulatory layer are early-stage, with 79% of the deals being pre-seed, seed, or early-stage VC, and late-stage deals accounting for just above 8%. The Regulatory layer has seen a steady increase in the number of startups founded, as well as in the capital invested since 2019. The amount of capital invested almost doubled between 2019 and 2023, with a spike in 2021 exceeding the $800 million mark. So far, the exit landscape does not match the high funding we’ve seen in this space, with only smaller exits reported. The Austrian scaleup kompany was acquired by Moody’s Rating for more than EUR 100 million. Furthermore, Mangopay acquired the Polish fraud detection and prevention company Nethone for an undisclosed amount. The Regulatory space in the EU has seen some six acquisitions since 2020, all of which were undisclosed.
The space is poised for growth. The global RegTech market is valued at $12 billion in 2023 and is projected to grow to $60 billion by 2030 with a CAGR of 24.9%. Similarly, the compliance software market was estimated at $2.3 billion in 2022 and forecast to reach $7.1 billion by 2023 (12.1% CAGR).
The EU Anti-Money Laundering Directives: Safeguarding the EU’s financial integrity
While the GDPR has garnered significant attention, the European Union’s regulatory landscape extends far beyond data protection. The other prominent EU regulations in the realm of TrustTech include the NIS2, the ePrivacy Directive, the Cybersecurity Act, the AI Act and others. Check out the figure below for a summary of the most relevant EU regulations:
One set of directives that plays a crucial role in safeguarding the EU’s financial integrity is the Anti-Money Laundering Directives (AMLDs). The AMLDs are of particular relevance considering the global scale of money laundering. The United Nations Office on Drugs and Crime (UNODC) estimates that between 2 and 5% of global GDP is laundered each year, amounting to between EUR 715 billion and 1.87 trillion (!) each year. Money laundering refers to the process of concealing the origins of unlawfully acquired funds and transforming them into legitimate sources of income, thereby evading legal repercussions such as prosecution, conviction, and the confiscation of illicit assets. As such, money laundering fuels criminal activities and corruption, hindering productivity and slowing down economic growth in both major financial markets as well as emerging markets. Comprising a series of directives, the AMLDs are designed to combat money laundering and terrorist financing within the European Union. Among these directives, the 6th Anti-Money Laundering Directive stands out as the latest and most comprehensive installment in the ongoing battle against financial crime.
The AMLDs have far-reaching implications for companies, particularly those involved in financial services. They mandate strict due diligence measures, enhanced customer identification, and comprehensive transaction monitoring. Companies, especially banks, must establish robust internal policies and procedures to detect and report suspicious transactions to the competent authorities. The severity of the consequences of non-compliance with the AMLDs is reflected in the EUR 238 million settlement paid by Credit Suisse to avoid prosecution by French authorities for money laundering and fraud charges (Source: Le Monde). Deutsche Bank (Source: U.S. Department of Justice), N26 (Source: Financial Times), HSBC Bank (Source: FCA), and others have faced similar fates in regard to deficient anti-money laundering controls.
Compliance with the EU AMLDs is a complex endeavor. The directives are not static; they evolve in response to emerging risks and technological advancements. Companies must continuously innovate and adapt their systems and processes to remain compliant. Furthermore, the cross-border nature of financial transactions necessitates harmonization of AML efforts across EU member states and coordination with non-EU regulations, adding an extra layer of complexity. On top of the AMLDs, EU companies must keep up with multiple other regulations, making compliance a delicate balancing act. The effort to understand and implement multiple regulations simultaneously can very well become a burden to SMEs with limited resources and expertise.
However, it’s not just the regulation that’s complex. Criminals have adeptly embraced cutting-edge technology to elude traditional AML efforts. They employ professional money laundering cells that operate outside the confines of predictable transactional patterns that most regulations were designed to catch. Furthermore, criminals have become adept at navigating the newest (financial) technologies, rendering some regulatory norms less effective. One such technological advancement that has aided criminals is the rise of cryptocurrencies. These digital currencies exist outside of formal financial systems and are detached from personal identities, making them a convenient tool for money laundering. While traditional banks have fortified their defenses against money laundering, online banking vulnerabilities persist in many countries. Criminals exploit these weak links for money laundering and terror financing. They employ social engineering to infiltrate bank accounts, transferring funds to unwitting victims’ accounts, and coercing them into revealing sensitive information or granting remote access. The creation of synthetic identities allows criminals to exploit the lack of stringent customer verification to open credit cards, make online deposits, or secure loans. Banks find themselves chasing phantom individuals, only discovering issues when suspicious activity arises.
Empowering AMLD compliance with TrustTech
The complexity of AMLD compliance and sophisticated money laundering techniques necessitate advanced solutions to help companies navigate this intricate regulatory landscape. TrustTech, with its focus on promoting trust across all layers of the trust backbone, offers a range of solutions to address AML challenges effectively. Robust Know Your Customer (KYC) procedures are at the forefront of any AML effort, ensuring companies are transacting with legitimate individuals and entities. Furthermore, AML efforts might benefit from solutions offering a risk-based approach. By assigning risk levels to each customer and transaction, companies can allocate resources more effectively, focusing heightened due diligence on high-risk cases while streamlining processes for low-risk ones. Once these tools are in place, companies can implement screening methods. Online transaction screening solutions employ real-time data analysis and artificial intelligence to identify and flag suspicious transactions. They enable companies to monitor transactions as they occur and take immediate action when anomalies are detected. This is complemented with examining historical transaction data, customer behavior patterns, and other relevant information. This offline monitoring helps uncover hidden risks and potential money laundering activities that may not be apparent through real-time screening alone. Sanctions screening solutions help companies ensure that they do not engage with individuals, entities, or countries subject to international sanctions. These tools automatically check customer data against global sanctions lists and provide alerts when matches are found, preventing inadvertent involvement in prohibited transactions.
G+D Ventures is invested in Salv, a Tallinn-based startup offering AML automation solutions. Aside from offering the traditional AML solutions listed above, Salv is building “Bridge”, the world’s first real-time FinCrime-fighting platform with a focus on collaboration. It is a platform and network to connect financial services companies for fast AML clearing and increased automation. This addresses the issue of professional money laundering cells, allowing financial institutions to collaborate and “connect the dots” between suspicious transactions. Head over to their website to learn more about how Salv is automating AML: https://salv.com/.
In addition to offering these tools for uncovering money laundering, many AML solutions also offer AMLD compliance program auditing, ensuring companies are up-to-date with the latest regulatory requirements. They might also assist in implementing reporting procedures, record keeping, employee training and other AMLD requirements. In this way, AML solutions can help companies navigate the complex AMLD regulatory landscape. However, building trust is not just about regulatory compliance; it’s about fostering a sense of security, transparency, and ethical conduct within the financial ecosystem. TrustTech solutions play a pivotal role in achieving these objectives while ensuring that businesses meet their AMLD compliance requirements.
That’s it for our overview of the Regulatory Layer of the Trust Backbone. In the next and final installment of our TrustTech series we are going to look into how the Ethical layer of TrustTech helps maintain societal values.
Check out our website to find out more about G+D Ventures and our Portfolio!
G+D Ventures is a European TrustTech investor based in Munich, Germany. G+D Ventures invests in predominantly early-stage European TrustTech startups developing solutions for greater security and trust in the digital world. TrustTech expands the traditional definition of cybersecurity to include technologies that promote trust across all layers of the Trust Backbone: infrastructure, identity, regulation, and ethics.
