regtech

PAYMENTS: $3 Billion revenue video game Fortnite used for money laundering using in-game currency

Human nature does not change. We can have arcane towers of financial services and regulatory architecture, but the outcomes are a rhyming echo of our DNA. Let's start with this: Fortnite, a virtual place where 200 million people spent time playing a game in 2018, earned $3 billion for its parent company. The video streamer most popular for playing Fortnite on (essentially) TV earned $10 million for the entertainment he provided to 20 millions followers. One of his videos gathered nearly 700,000 views -- for comparison, Conan O'Brien gets about 1.3 million per night.

Fortnite makes money by selling cosmetic upgrades to players, and since they inhabit this rendered world like any other social network, our dopamine center and social pressures motivate purchases for status. Given the payments infrastructure of this game and its virtual currency (not on the blockchain!) are comparatively weak, criminals have started using in-game value for money laundering. A report from The Independent linked below finds that stolen credit card credentials are being used to purchase game currency and then cashed out at discount on eBay. Additionally, over 50,000 instances of online scams related to the game made their way to social media per month. Welcome to the Internet, everyone! We can't help but remind you that Steve Bannon (yes, that one) and Brock Pierce (EOS, Tether, Puerto Rico, etc.) once ran the largest World of Warcraft virtual money exchange.

So should we bring down the financial regulators on Epic (the maker of Fortnite) as hard as New York state came down on Bitcoin companies with the BitPay regime, freezing innovation? Should KYC/AML be required for all video games? Under the Chinese model, Tencent's "Honor of Kings" mobile game generates $2 billion in revenue per year and is under the same strict government control/license as financial products. Players are checked against a registration database to control for age and name, and (we expect) the play time data flows into a social credit score. But recent studies of KYC/AML policies persuade us otherwise. When looking at the amount of criminal proceeds actually seized by authorities based on those policies, the amount is less than 1%. The cost may not be worth the outcome.

98082783-d8e0-4db1-b213-565cc67192bb[1].jpg
c69450f0-9df4-4a6f-92fb-9efd6e7bc934[1].jpg
4c497c0e-97b6-4c67-8cdd-8f45bbf8dbc3[1].jpg
895db28b-ca45-40f0-b5c6-ea420d9661b0[1].png

Source: Fortnite (IndependentSlateBitcoinist), Fortune (Streaming), Interest.co (Ron Pol on AML ineffectiveness), GamesIndustry (Tencent database), AML fines 

REGULATION: It's opposite day in the United States: protect the banks, not the innovators

Here's an odd one. FDIC Chairman Jelena McWilliams attended the American Banker's Association conference and focused on how to simplify regulatory supervision in order to help banks compete with Fintechs. In a similar vein, US State regulators continue the legal fight against the OCC, a federal agency trying to allow tech companies -- mostly lenders and payments companies like Square and SoFi -- to have a special Fintech charter. Part of this grind is the alphabet soup of American regulators and inevitable conflict over jurisdiction. As an example, the SEC just launched a new hub for innovation and financial technology, much in response to the rise in digital assets. Still, a meaningful portion of the American regulatory apparatus is functioning to protect its banking coral reef from competition.

When you look at the spirit of regulation in Europe, much of its mission is actually to increase competition with banks, helping Fintechs and other innovative players take market share from incumbent national champions. PSD2, the major directive in this regard, is colloquially referred to as "Open Banking" -- quite the different mindset. The desired strategic outcome is that many incumbents will be low cost capital-providing utilities, and some players will be platforms or aggregators of tech, capital and user attention. Tech companies can back into these positions as well. If regulators instead protect the capital providers and hurt competition as a result, you will end up with disconnected tech infrastructure and a 20th century financial product-push economy. 

c2b03180-00c2-4f26-97a7-525e43d33f58[1].png

Source: MarketWatch (Cards), CNBC (Amazon Lending), Autonomous NEXT (Travelers), Statista, Amazon

REGULATION: Landmark Treasury Report Supports Special Charters for Fintech Banks and Lenders.

3e574ecb-3dc9-487b-a622-96d2b73c0a3e[1].png

The recent trend has been that Fintech and Crypto startups can jurisdiction shop across the world for a friendly location, like Singapore. But in reality, the United States is still a massive gravitational force for both innovation and technology, and is the world's deepest capital pool in financial services. So with that context, we are thrilled to see a landmark 200+ page fintech report from the United States Treasury, touching on issues from payments, to lenders, to financial planning, to artificial intelligence (where we contributed our thoughts from Augmented Finance). Not crypto yet, though we are sure that will come. 

There is little to say, other than download and read it. Here are a few of the choice takeaways. First, the Treasury sides with the OCC on the idea of a special bank charter for technology firms. This charter would be less onerous than both an industrial loan company (ILC) and a full banking license, making life easier for digital lenders like Lending Club, On Deck, Square and SoFi. Digital Lenders could built out deposits, rather than relying on the shadow banking systems (i.e., credit hedge funds) for funding. The OCC has immediately jumped on this recommendation and is inviting fintech firms to apply. But remember, this hurts small and regional banks -- just imagine a local bank trying to compete with Stripe's new card issuing API. Such regional players have strong lobbies into industry groups and State regulators, so expect some type of allergic legal reaction to come. 

Other recommendations that jumped out at us include: (1) develop regulatory sandboxes like that of UK's FCA, (2) make it easier for bank holding companies to invest in tech, (3) smooth out the various regulatory bodies and interests that touch Fintech firms, (4) develop digital identity and strengthen the protection of consumer financial data (e.g. Equifax breach and GDPR), (5) digitization of the workflows in the mortgage sector and exploration of new approaches to credit modeling, (6) update the IRS income verification system, (7) modernize payments through faster retail payments systems, (8) level set digital wealth regulation (e.g., fiduciary rule from DOL vs SEC), and (9) take strategic efforts towards creating artificial intelligence within finance. We think these are all in the right direction of travel, and hope that the appropriate regulatory and legislative bodies are able to turn these non-binding recommendations into reality.

618a64bc-c955-4ccf-9df5-9fbcddb5c323[1].png

Source: Treasury (SummaryFull Paper), Bank Charter (OCC response), Stripe (Issuing)

REGULATION: Crypto Funds, RIAs, Regulations in a Box

The cost of launching a startup has fallen from a few million to a few thousand dollars. Why? Amazon and its cloud have collapsed the needed IT infrastructure to a cheap off-the-shelf subscription. Stripe Atlas has made corporate and payments gateway setup a breeze. But what if you're starting a financial entity, and not a software company? What if you're starting a Registered Investment Advisor, and not a wealth tech platform, or if you're starting a hedge fund offering a crypto index, and not a blockchain of blockchains? For that, let's take a look at compliance in a box. 

One of our favorite companies in the independent wealth management space is RIA in a Box. It does what it sounds like -- it sets up a Registered Investment Advisor entity, registers it with the SEC and the appropriate States, and manages ongoing compliance requirements as an affordable service. So if your advisory practice manages $5 million or $500 million, this solution can get you started. In fact, out of 12,000 RIA firms in the US, RIA in a Box has 3,000 as clients. Not surprisingly, Aqualine Capital Partners just acquired the firm through an LBO at an undisclosed price, which tells us that the firm is a cash cow -- an LBO requires a slug of debt that can be serviced by reliable, steady cashflow. And if you control the compliance reporting aspect of a financial entity, it's a very short reach to start selling regulatory, administrative and value-add software.

2f0628ec-71cd-4a24-a357-c4673c72bad7[1].png
f78f5168-6f90-438d-9f5b-367ceb4f214b[1].png

Now think about crypto funds. It's the same problem -- nobody has any idea how to structure them, which regulatory jurisdiction to pick, what bank to use, or how crypto assets are treated. Traditional counsel could easily cost over $100,000 to go through the motions. Enter the Crypto Fund-in-a-box companies! Take Vauban, which provides an interface to select a type of investment fund, its jurisdiction, target size at launch, while a real-time entity structure is built on screen indicating the cost of setup. Other similar plays include Fundplatform, Otonomous, and Bluemeg (note: we don't know or endorse any of these). Could the ease of solving this international puzzle lead to a similar growth outcome for crypto fund entities? Looking at the data, the first 5 months of 2017 saw 40 new crypto funds; there were 45 new entrants over the same period in 2018. Market volatility has not deterred fund formation. That doesn't mean funds won't fail (e.g., Apex Token Fund shutting down after failing to raise $25mm), but it does mean more will keep trying if it's as easy as clicking a button.

93321073-95d9-4f60-a55e-86b1280fb57c[1].png
9b6af1e7-4c0c-41e3-8724-f14bb91e6123[1].png

Source: RIABiz (RIA in a box), Crypto Fund in a Box (VaubanFundplatformOtonomousBlueMeg), Financial Planning (RIA totals), Autonomous NEXT (Crypto Fund totals), Stripe Atlas

ARTIFICIAL INTELLIGENCE: Machine Readable Regulations

ce29ad3b-aeb0-4e3b-ac8a-9efffbd754ee[1].png

We started with two difficult entries to highlight how the major platform shift technologies, blockchain and AI, are bringing out some of the worst impulses in human beings to take advantage of each other. And further, these tendencies become enshrined in software -- from decisions learned out of data, to bots endlessly begging to steal your money. From this perspective we pivot to Regtech, and in particular to projects that we think could be antidotes for the malaise.

The first is an effort by the FCA to explore offering regulations in a machine readable format. That means that a regulator would provide standards and perhaps even executable code that could plug into Fintech software stacks. Imagine Python's Django, but with a regulatory module that pre-packages data formats for compliant reporting. Similar ideas have been floated by self-regulatory organizations in Crypto, looking to build into tokens the ability to determine regulatory requirements, like accredited investor status or KYC/AML. But to do this at the level of the regulator is far more meaningful because (a) there is way more law that needs to be translated, which relates to real rather than imagined economic activity, and (b) this regulation is a result of an established governance process, which is still immature in decentralized communities. Imagine putting all of the FCA on Github and satisfying requirements through something like the Digital Asset Modeling Language. Compliance costs would actually become trivial.

But now is a moment of transition. Case in point, last week we attended the fifth London cohort of the Barclays Techstars, where a RegTech startup called Audit XPRT introduced their automated audit and compliance solution that uses machine learning to extract structured rules from unstructured paper documents. The aspiration is to reduce compliance-related costs ($270 billion) by 90% and achieve 5 months of work in 5 minutes. Another example is Governor, which creates dashboards of real-time tracking across Risk, Compliance and Corporate Governance. Or take Suade, which tags existing data with an overlay that maps to regulatory requirements and provides apps out of the box against which the data can be checked, no disruption to the bank’s current architecture. It may feel slow, but the law's getting digital.

c2cc9774-06c2-4dd7-b52b-0ac8528b56e6[3].png
2585906b-5230-4181-9df9-ac0f4b496716[3].png

Source: Github (Ethereum proposals), FCA (machine readable initiative), Digital Asset (DAML), Thomson Reuters/Tabb Forum (Infographic), SuadeGovernor (infographic), AuditXPRT

ARTIFICIAL INTELLIGENCE: $1 Trillion in Exposure from Artificial Intelligence on Finance.

4b3b71d6-e5be-4f77-92c2-c840c06198e2[3].png

We looked at the applications of AI across the front, middle and back offices of banks, investment managers and insurance companies, highlighting a rich ecosystem of sophisticated software. The outcome is Augmented Finance --  an investor’s guide to how AI is pulling apart and breaking down the financial services industry. We estimate the economic impact of AI on financial firms globally, finding nearly 20% of costs potentially reduced through implementations, equivalent to $1 trillion by 2030.

AI is not a panacea nor a single thing. It's math, data and software, searching for the right use case. In this dive, we looked at conversational interfaces, biometrics, workflow and compliance automation, and product manufacturing in lending, investments and insurance. In the front office, the most promising applications focus on integrating financial data and account actions with software agents that can hold conversations with clients, as well as support staff. In the middle office, as regulations become more complex and processes trend towards real-time, artificially intelligent oversight, risk-management and KYC systems can become very valuable. And in product manufacturing, we see AI used to determine credit risk using new types of data (e.g., social media, free text fields), take insurance underwriting risk and assess claims damage using machine vision (e.g., broken windshield), and select investments based on alternative data combined with human judgment.

In the US alone, 2.5 million financial services employees are exposed to AI technologies. There is potential cost savings of $490 billion in front office, $350 billion in middle office, $200 billion in back office, totaling $1 trillion across banking, investment management and insurance. Not surprisingly, many firms talk about AI, but very few actually hold intellectual property in the space. And the best performer -- Bank of America -- is still leagues behind the GAFA. Talk about Black Swan risk!

369a8618-ea5e-4fcf-9771-ccab9bc2ebe5[1].png

In mapping out the future of AI in financial services, we saw several routes. One potential path is that AI tech companies like Amazon and Google continue to add skills to their smart home assistants, with Amazon Alexa sporting over 20,000 skills already, outcompeting finance companies and stealing their clients. Another potential path is the example of China, where tech and finance merge (e.g., Tencent, Ant Financial) to build full psychographic profiles of customers across social, commercial, personal and financial data. And last, but increasingly tangible, is the path is towards decentralized autonomous organizations that are built by the crypto community to shift power back to the individual, with skills made from open source component parts. 

BLOCKCHAIN: Do Criminals or Bankers want Crypto-Privacy?

Source:  ChainLink

Source: ChainLink

Ask any self-respecting financial incumbent about why public blockchains aren't good enough for enterprise use, and you get roughly the following response on why private chains (e.g., Ripple, Chain, R3, Hyperledger/IBM) are preferred. First, public blockchains don't have privacy, and large financial clients (e.g., hedge funds that do not want to reveal their trading positions) require it by definition. Second, interoperability is a problem -- financial institutions already have large enterprise technology vendors that power their complex workflows. Those workflows are the lifeblood of the middle office. One cannot just "put data on the blockchain" and disconnect the internal glue of the institution. Third, scale and speed are a problem. And last, banks are in the business of being Trusted Counterparties, not some hacker scheme like Bitcoin.

And yet when it comes to those exact same characteristics for the public blockchains, the banks assume that crypto-privacy is for criminal activity. At a recent ICO panel, we discussed whether gray market activity frequency was different on public chains vs banks. CEO of blockchain compliance company Coinfirm and former head of global AML for Royal Bank of Scotland in Europe suggested that the rates of illegal activity are similar inside of crypto and traditional finance. The only exceptions were Zcash and Monero, which are essentially impenetrable to crypto-Regtech firms.

Well, crypto-privacy is about to get another big boost. The Dandelion project could make Bitcoin transactions more anonymous. And the Metropolis upgrade for Ethereum will allow developers to leverage zero knowledge proofs, which are the cryptographic tool that make Zcash tick. Crypto-scalability is also around the corner with several projects -- LightningPlasmaRaiden -- and could get Ethereum to be competitive with Visa and Mastercard networks within a few years. On interoperability, consider Chainlink linking external data through APIs to blockchains and raising 32 million, or TenX converting any crypto-asset into purchasing power in the real economy, or the decentralized crypto-transactions that are powered by "atomic swaps". Privacy and scalability are pretty good when everything happens in a global interconnected decentralized mesh. Which leaves us the last point -- who is the Trusted Counterparty? Not banks.

ICO: They Huffed and They Puffed and They Blew the Crypto House Down

Source: Autonomous NEXT

Source: Autonomous NEXT

Cryptocurrencies most threaten those jursidictions where residents want to pull currencies out of the economy into international havens. Think Russia and China. And so we see the Eastern sovereigns trying to wrangle control of the crypto-economy, like the media companies that had tried to fight digital piracy. Except countries have the power to jail people for promoting Initial Coin Offerings. Just over the weekend in China, the ICO market hasbeen put on ice by China's Central Bank, which has sent Bitcoin tumbling from nearly $5,000 to below $4,400. But the community believes this to be a temporary measure for controlling the market and protecting the population from fraud, rather than a permanent moratorium.

Russia, on the other hand, has been sending out mixed signals. First it was reported that the Moscow Stock Exchange was introducing crypto for qualified investors. Then this news was denied by the exchange, claiming that many options are on the table but none have been implemented. Further, Ethereum is likely to be behind a Russian crypto-ruble, either to be controlled by the nation or perhaps via a proxy bank or a foundation. You can see a great run down of these events at Token Economy. And while in the West, blockchain companies are primarily outsourced Fintech R&D for incumbents, in the East the cryptoeconomy is a way for people to have a free banking system and movement of money. Maybe not for much longer.

We'd be remiss not to mention the governance attempts from inside the community itself. Countries and regulators may try to shut down unlawful activity, but the best hope in our view is from the community itself. To that end see these independent efforts to beef up ICO launches with a diligence framework: (1) Cryptoassets: A crowd sourced evaluation & due diligence framework, (2)  Independent SRO, The Financial Commission, Extends Fintech Certification to ICOs, and (3) The ICO Governance Foundation: Cleaning up the ICO market. A lot of folks in this decentralized world trying to own stuff.

REGULATION: Regulatory Tidal Wave

Source: ESMA, Crowdfund Insider

Source: ESMA, Crowdfund Insider

 Startups are built through an evolutionary approach: seed thousands of ideas, and separate the wheat from the chaff. We need fertile fields in which to plant the Fintech startups that will create the solutions of the future. At its best, regulation is the science of closely managing the soil in which business occurs. Too little, and we have wild booms and busts that erode consumer trust. Too much, and we are locked into calcified and arcane rule-sets detached from reality. The global set of different regulatory regimes provides as close as you can get to a controlled experiment for these issues.

Regulatory momentum made quite a bit of noise in the news recently. First, the Dubai Financial Services Authority created a special license for Fintech companies to foster innovation. Financing access and financial inclusion were the key drivers. Hong Kong's Monetary Authority made overtures to China, in particular the Office of Financial Development Service, the People’s Government of Shenzhen Municipality. Given the scale and success of Ant Financial and Tencent, these connections are important. The Monetary Authority of Singapore also released a paper focused on roboadvisors, which provides fairly loose guidelines (certainly looser than the American version).

Europe also made moves, with the European Commission Consultation Paper on Fintech, and a response by the European Securities & Markets Authority. And lastly, the US Office of the Comptroller of the Currency came out with a Fintech FAQ, addressing primarily questions of neobanks and digital lenders. Time to shop jurisdictions?

OPEN BANKING: Regtech as Point of the Spear

Source: Latham Watkins, IFLR

Source: Latham Watkins, IFLR

We really enjoyed the International Financial Law Review conference on Fintech in Europe. It was refreshing, surprisingly, to hear about innovation from the point of view of the lawyers, who focused much more on the nuts and bolts of deploying technology in a highly regulated market. Knowing the Fintech sandbox can save years of wrong-headed effort. We highly recommend you review the notes from the sessions.

A couple of conversations stuck with us. First, you are likely familiar with PSD2, which is forcing banks in Europe to adopt an open-API approach to customer payment data and access. But, although PSD2 would enable Fintech companies to get data from APIs, it impedes screenscraping and requires data protection. This could be a net loss for startups according to Davis Polk and neobank Monzo. Separately, everyone agreed that Regtech as a category will only be successful if its startups solve real problems, and that those startups should be led by a team that has industry experience and knowledge, and not just hustlers. Lastly, the conversation around intellectual property that startups own pointed to a key issue in Fintech. How many startups that focus on customer experience actually have a patent? Are they missing out, or do they just not have any valuable intellectual property (and are therefore not defensible in the long run)?