Fintech Trends in Q1 2022
The Weaponization of Finance
Mounting geopolitical turmoil over the Russian invasion of Ukraine and a deterioration of China’s relationship with the West have focused the global Eye of Sauron on the importance and interconnectedness of the world’s financial systems. We believe this has resulted in the global weaponization of finance and presents those of us in fintech with a unique set of challenges and opportunities.
The primary NATO non-military response to Putin’s actions, so far, has been financial sanctions, which have been surprisingly powerful. Two and a half weeks after the invasion of Ukraine, the US and allies disconnected key Russian banks from SWIFT, a messaging platform that links over 11,000 banks in 200 countries and powers 50 million transactions per day. Western governments also systematically froze $284 billion of the Russian Central Bank’s reserve assets, crippling its currency. The importance of financial access was reinforced by (ostensibly) voluntary corporate actions: PayPal, American Express, Visa, and Mastercard elected to suspend operations in Russia; the Big Four accounting firms severed ties; Goldman Sachs and Morgan Stanley, among others, exited; banks in Europe froze over $60 billion in oligarchs’ assets. As a result, the Russian economy is expected to shrink up to 15% this year. Outside of the actual battlefield, perhaps only the actions of oil companies and oil servicing companies — which also largely pulled out of Russia — have the potential to be more impactful, long term, on the Russian economy.
By surfacing the importance of financial sanctions as a national security tool, the war in Ukraine has focused attention on the banks and fintechs that make up global financial networks, increasing the focus on firms doing compliance and reporting. Currently, in the fiat world at least, banks bear most of the burden to check each individual transaction and ensure it conforms to relevant regulations, tax codes, or other sanctions. Complex ownership structures, multi-step transactions, and manual processes that result in high costs and long settlement periods magnify the difficulty of this task. KPMG estimates that annual compliance spend is so high — $780 billion — because of the reliance on legacy backend systems that do not allow for sophisticated reporting or analytics. Banks are overwhelmed and can’t keep up — compliance expenditure is up 60% since the 2008 financial crisis. And even as the penalties levied for non-compliance are skyrocketing, a slew of new rules have been released. To mitigate this heavy burden, banks have increasingly turned to nimbler fintechs for help over the last decade. This emerging industry is often called “regtech.”
Overall, regulation is both an opportunity and a challenge for fintechs. The use of regtech products has increased 7x to $76 billion over the past five years as fintechs help legacy financial systems control fraud, compliance, waste, and abuse. However, this still only represents 34% of the total corporate compliance spending. We expect this trend to continue as innovative models, like Chainalysis, an AML and risk detection solution for blockchains, and Tessian, a human layer protection provider that helps avoid phishing and other accidental data leakages, enter the space to better address compliance needs in a digital world.
At the same time, the cost of compliance has always been a challenge for underfunded, understaffed, and subscale fintechs that must navigate a morass of regulations while combating high instances of fraud. While the $56 billion of fraud losses due to identity theft alone in 2020 were certainly not isolated to the fintech space, they are notoriously bad at standing up fraud monitoring solutions and have estimated loss rates double that of the finance industry average. Regulators have increased scrutiny of fintechs in recent years for lax enforcement of anti-money laundering and other compliance failures, oftentimes resulting in a slowdown in growth or delays in product launches. Two prominent recent examples include reports that N26 was forced to stop onboarding new customers in Italy due to AML deficiencies and Chime’s delayed IPO due to fraud concerns.
The creation of clear, consistent, and streamlined data standards and APIs has been a rare global bright spot. Regulatory changes, such as PSD2 in Europe, are conducive to these types of businesses, as they require banks to release standardized sets of data via APIs that companies can build on. In the US, the CFPB is expected to follow later this year with its guidance requiring banks to share a minimum amount of data. It is also expected to define which businesses qualify as financial institutions and establish oversight of third-party aggregators to better control consumer data. We view this as a positive for the industry overall because it accelerates access to digestible data, enables innovation, and will allow for an ecosystem of regtech offerings to develop that can support existing financial infrastructure and emerging fintechs.
But, as with money, “mo data, mo problems.” We believe the increased global focus on financial compliance and the continually evolving technology landscape in financial services will make the development of inhouse compliance solutions increasingly impractical and accelerate the opportunities for specialized regtech startups. These startups will capitalize on the growing availability of data to build focused compliance solutions using new technologies such as advanced analytics, robotic process automation, and cognitive computing.
The Deglobalization of Finance
Just as the War on Terror inspired the Patriot Act, which radically increased government data collection and the federal oversight of AML/KYC compliance to prevent terrorist money from entering the financial system, we believe the efficacy of financial sanctions as punishment for the Russian invasion of Ukraine will mean that the umbrella of “national security” is broadened to include more fintechs and financial networks. To paraphrase Karl von Clausewitz: finance is (now) the continuation of war by other means. This shift will have significant global second order consequences.
“Bad” actors and those uncomfortable with Western financial hegemony are responding to this new dynamic in real time by trying to either fragment these global financial networks or move to systems with lower compliance requirements. The most obvious vulnerability long-term is the US dollar as the global reserve currency. More than 50% of historical transactions over the SWIFT network were USD denominated (another 30% were in the pound or euro). Russia and China have since developed their own SWIFT networks, SPFS and CIPs respectively, and moved away from holding USD reserves to try to circumvent Western control. Russia has demanded that its oil be purchased in Rubles and has attempted to repay USD-denominated sovereign debt in Rubles, with mixed success.
This also means that financial networks (both government and corporate) will increasingly be fair game for state-sponsored hackers and targets for cyber warfare. Microsoft recently reported that Russia was responsible for 58% of state sponsored hacks, mostly targeting government agencies, followed by North Korea at 23%, and China at 8%. However, China boasts a 44% efficacy on penetrating targeted networks vs. a 10–20% nation stage hacking average success rate. China’s use of cyberespionage is noteworthy in that it is also a means for geopolitical ends by targeting countries where Chinese politicians are making strategic moves or universities that have published sustained criticism of CCP policies.
Other seeking to avoid oversight have begun moving to alternative exchanges and payment rails outside the control of the mainstream financial services landscape, such as cryptocurrency. While Western regulators have asserted that cryptoexchanges and other fintechs are not exempt from sanctions enforcement, movement between multiple wallets, exchanges, and the inherent anonymous nature of cryptocurrency make enforcement challenging.
This may accelerate the use case for stablecoins, fiat-backed cryptocurrencies, or other blockchain- based payment rails that provide an open-sourced, transparent record of global transactions in real time. While long time proponents of Bitcoin, like Peter Thiel, believe that crypto could help combat authoritarian power, others see it as an escape from oversight. At the Bitcoin 2022 conference, Peter stated, “the real competitor for Bitcoin is not Ethereum. That’s a payment system. It’s not even gold. It’s something like the S&P 500. It’s the stock market as a whole.” Bitcoin maximalists, often for libertarian reasons, believe it will eventually replace fiat money as the primary store of value globally. However, these believers may have some recent unwelcome bedfellows with spiked helmets as this scenario would also radically undermine Western state control of financial networks and the ability to wield them as compliance weapons.
The biggest fear in Cryptoland has always been that the US government will overreact and impose onerous regulations that effectively kill the crypto industry or co-opt the movement with a coercive sovereign cryptocoin. Ronald Reagan famously said that the government’s view on the economy (especially anything new) was: “If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.” If BTC and ETH hope to replace or challenge fiat currency without undermining the global geopolitical status-quo making an enemy of the most powerful nation states, compliance must therefore be made a feature, not a bug. This highlights perhaps the biggest missed opportunity and philosophical challenge of cryptocurrency: the future of cryptoregulation.
Cryptoregulation at the Crossroads
Crypto is being increasingly regulated around the world, and three key topics are front of mind for both governments and the crypto industry. The first is the treatment of stablecoins or central bank digital currencies; the second is the treatment of cryptocurrencies as securities; and the third is the expectation of privacy.
In 2021, the Bitcoin network processed an estimated average of $489 billion per quarter. For the first time in its 12-year history, its transaction volume surpassed PayPal’s. While it still lagged far behind both Mastercard and Visa, with $1.8 trillion and $3.2 trillion per quarter, respectively, it is also growing much faster. Over the last few years, the SEC under Jay Clayton and now Gary Gensler have begun to craft a regulatory framework for crypto. They have done this, so far, though speeches and targeted enforcement rather than comprehensive legislation.
Based on SEC Chair Gary Gensler’s speech at the Penn Law Capital Markets Association Annual Conference on April 4, it is clear that further regulation is coming for crypto trading, lending platforms, stablecoins, and tokens. Gensler asserted that crypto platforms “likely are trading securities,” and asked staff to urge platforms to get registered and expect to be regulated like exchanges, particularly to handle custody issues, trading of securities and non-securities, and market-making functions.
The other option for the US government is to co-opt the movement. In January of this year, US regulators released a long-awaited report on central bank digital currencies. While it indicated no immediate plans to issue digital currency, it did indicate willingness to supply retail digital currency to the public indirectly through private financial intermediaries. Such intermediaries, including commercial banks, would then be responsible for managing customers’ central bank digital currency (CBDC) holdings and payments. The actions of Chinese regulators have been more decisive, effectively banning crypto while building a state version of the Digital Yuan currently in beta and being prepared for imminent release.
The European Union has taken a different tact focused on transparency. MiCA, Europe’s regulatory body, drafted a new requirement for all crypto transactions to include information on the parties involved, essentially outlawing anonymous crypto transactions in order to promote greater transparency for transactions involving unhosted wallets. It is also expected to release a more comprehensive set of rules on crypto later this year.
Members of the European Parliament want the European Banking Authority to create a public register of businesses and services involved in crypto-assets that may have a high risk of money- laundering, terrorist financing, and other criminal activities, including a non-exhaustive list of non- compliant providers. Before making the crypto-assets available to beneficiaries, providers would have to verify that the source of the asset is not subject to restrictive measures and that there are no risks of money laundering or terrorism financing. Coinbase CEO Brian Armstrong blasted the proposal as “anti-innovation, anti-privacy, and anti-law enforcement.” Coinbase Chief Policy Officer Faryar Shirzad warned it could mean recording and reporting transactions through self- hosted wallets “even if there is no reason to suspect wrongdoing.”
While we do not know how the future will pan out, these developments illustrate the tension between regulators and proponents of a decentralized economy. If done right, regulating crypto will drive further innovation and adoption. From a regulatory perspective, one problem is that the blockchain technology all cryptocurrencies are built on was created for Bitcoin, which had a semi anonymous, censorship-resistant currency as its key goal. At the same time, many of the providers of those services would also find it useful to say, “We comply with regulations, we have regulators’ stamp of approval,” as a sign of stability. There is tension between these two regimes that has not yet been resolved. Recent events mean this tension may be accelerating significantly.
That said, we are optimistic for a bright cryptofuture. Even the overall foot-dragging global regulatory response to crypto described above has not been able to stop new innovation or slow accelerating economic activities in crypto. New technology is a hard thing to permanently defeat- Napster and then LimeWire were ultimately killed in court, but the technology they unleashed barely slowed. Streaming ultimately transformed the music industry by nurturing new businesses like Spotify and Apple Music (side-by-side with gray-market technologies like uTorrent, Frostwire and GigaTribe). In a world where finance is politicized and weaponized and where financial connectivity is key to sovereign state survival, there may be no alternative to further cryptoregulation in the coming years, but it is unlikely to change the endgame.
Regtech as a New Fintech
As financial access and control increasingly take center stage worldwide, fintech’s that focus on regtech should flourish. In contrast to many technology companies that think only about regulatory risk, fintechs will also think about regulatory opportunity. Delivering the best experience for clients means not merely delivering better payment pages, better terminals, and better reporting than other providers, but also building compliance into the product so transparency and reporting is seamless — without as much time-consuming technology, process, or legal overhead. Compliance-as-a-Service is a powerful new fintech business model focused on providing plug- and-play solutions for companies entering a new market or vertical. Companies that focus on monitoring, compliance, and reporting will be increasingly valuable and strategic. Three illustrative examples of fintech companies turning regulation into an opportunity are Vanta, Hummingbird, and Silent Eight.
Vanta — Cloud-based Compliance Management Solution
Founded in 2017 and led by Christina Cacioppo, CEO, Vanta provides a platform for companies to automate their security monitoring and prepare for SOC 2, ISO 27001, or HIPAA compliance certifications. The platform connects to services including Google Cloud Platform, Amazon Web Services, GitHub, Okta, and Slack. Nearly 1,000 companies, including Clubhouse, Lattice, Calm, Loom, Notion, and UserTesting, use Vanta to power their security and compliance.
Vanta’s approach applies continuous monitoring of other software businesses, such as Datadog or PagerDuty, to what has until now been an annual or semi-annual audit scramble. While an auditor still needs to go through a customer’s books, they can do so with Vanta’s reports, which keep a business honest about its security and data compliance year-round. That means fewer surprises, inside and outside a business.
The company closed a $50 million Series A funding in May 2021. The round was led by Sequoia Capital, with participation from existing investor Y Combinator.
Hummingbird — Compliance CRM Platform
Hummingbird provides a platform to organize the data, processes, and insights needed to enhance anti-money laundering and counter-terrorist financing investigations. It reduces paperwork, provides analytics, and enables collaboration for compliance professionals and law enforcement agents.
Financial crime investigators typically work on 100 to 200 cases a week. The team set out to build a specialized CRM for compliance and risk teams that would bring together these disparate data sets onto one platform, helping them handle these high-case volumes.
Hummingbird’s core founding team is composed of fintech veterans, with about half coming from Block and the other half coming from blockchain payments company Circle. The company CEO, Joe Robinson, ran risk and data science at Circle for about two years, where he realized some of the challenges facing compliance professionals that drive the less than 1% success rate of global anti-money laundering controls.
Hummingbird’s clients today include payments firms like Stripe, crypto exchanges like Coinbase, and banking-as-a-service provider Evolve Bank & Trust. The company, which has a presence in seven countries, also works with e-commerce clients like Etsy.
Silent Eight — AI-based Custom Compliance Models
Silent Eight is a technology company leveraging AI to create compliance platforms for financial institutions to investigate every suspicious transaction, beneficiary, and customer in real time and fight to eliminate financial crime. Founded in Singapore and with global hubs in New York, London, and Warsaw, the platform is deployed in over 150 markets.
Every day, millions of financial crime professionals work diligently to stop illicit funds from entering and moving through the global financial system — all researched and explained each time at unparalleled speed and scale.
The company closed a $40 million Series B funding round in March 2022. The round was led by TYH Ventures and welcomed HSBC Ventures, the firm’s latest customer to also become an investor. OTB Ventures, Wavemaker Partners, SC Ventures (Standard Chartered Bank’s venture unit), Aglaia, and Koh Boon Hwee, Chairman and General Partner of Altara Ventures, continued their investment from previous funding rounds.
Written by Phin Upham