Predictions for Fintech: Compliance Culture

Last year I wrote about my outlook for the European banking-as-a-service (BaaS) space. Some of what I predicted has played out, but I didn’t expect such a tumultuous year for the sector! Raislr, once valued close to $1B, sold to a consortium for under $500k. A continued higher interest rate environment put pressure on BaaS’s operating as EMI’s, who have much higher capital and liquidity requirements than banks and are restricted from offering customers interest-bearing accounts.

Most importantly, I didn’t anticipate that regulatory scrutiny around compliance would be the most-important theme to impact BaaS as we near year-end. We have likely only seen the very beginning of how this story will unfold to impact BaaS and Fintech as a whole.

EMIs and the BaaS sector embody the opening up of European financial regulation that has been a huge driver of fintech innovation in Europe over the last 15 years. It’s clear that we’re in a defining moment if we’re to maintain a good trajectory forward.

Regulatory Rumblings:

We saw early signs of this last year in the US, when the OCC, the regulator governing national-chartered banks in the US, repeatedly made loud warnings about the inherent risks of fintechs leveraging the licences of partner banks, which the regulators referred to as the “de-integration” of banking. The OCC called out these bank-fintech partnerships as a “complex set of arrangements” that could put the whole financial system at risk if not properly supervised.

As UK regulators grapple with this issue of it being so much ‘easier’ for businesses today to engage in regulated activities (with an EMI licence, or help of a BaaS, etc), what’s also top-of-mind is protecting consumers from unprecedented levels of fraud. Generative AI supercharges the risk of financial fraud, making impersonation and phishing scams massively more prevalent and convincing (my colleague Laura has written more about this topic here). This type of ‘authorised push-payment’ (APP) fraud today totals to more than £500m of losses in the UK alone, and is expected to rise to £1.5B in the next four years. UK regulators have already taken bold steps to put the burden on financial institutions and fintechs to control this problem. Starting in 2024, financial institutions will be mandated by the Contingent Reimbursement Model (CRM) to fully reimburse the victims of authorised fraud, with the sending and recipient bank splitting the cost 50/50.

In the EU, over the summer the European Commission published proposals for PSD3 (to replace PSD2), as well as a new Payment Services Regulation (PSR). Among key changes, some businesses that were previously unregulated will fall under the scope of regulators, and new consumer protection rules around fraud that put liability on PSPs. Although these laws likely won’t take full effect until 2026, preparations will need to start much sooner.

Uncovering Solutions Through Innovation:

Taking all of this together, I expect compliance and risk management will be significant areas of investment across banking-as-a-services businesses, traditional financial institutions, and neobanks alike in the next year. If you’re lending your licence, having robust guardrails will be extremely important to ensure that everyone serving customers on your infrastructure meets their compliance responsibilities — or else risk paying a steep price.

In this environment, buyers across all of these businesses will be more receptive than ever to new technologies or products to help them shore up their defences. I am very excited to see what new businesses emerge from this environment.

At Balderton we are experienced investors in the compliance and risk-management space, having backed businesses like ComplyAdvantage, the leading AI-driven AML platform; Recorded Future, sophisticated threat intelligence; and Credit Benchmark, credit-risk data platform.

For founders building in this area, we would urge you to consider the following strategies to achieve the largest outcome.

• Design for network effects. Your product performs better, or your product is more useful, the more customers you have. Strong network effects also equate to a strong competitive moat. Examples: communication platforms, cross-network data-sharing platforms, closed-loop payment networks.
• Sophisticated tech negates the ‘buy or build’ debate. You’re an expert in novel technologies that banks & fintechs are unlikely to have expertise on internally. Example: LLM-based applications.
• Own the underlying data. You have unique IP to sell or build on. If you’re a seller of data, you can sell to end-customers directly, who want the raw data, or you can also distribute through aggregators and applications, who resell your data onwards to the rest of the market. Example: ML-driven fraud platforms, credit bureaus
• TAM expansion. Regulation driving expansion of relevant customer segments and/or use-cases. Examples: Expansion of KYC/KYB and AML requirements into non-financial services, like real estate, auction houses, etc

If you’re a founder building in this space, I’d love to speak! We are actively investing from pre-seed to late-stage businesses. You can reach out to me at greta@balderton.com.