Fintech 🧠 Food - 23rd May 2021 - Marqeta S1, Pipe fundraise, Fintech primitives and truly global digital identity
Hey everyone 👋, thanks for coming back to Brainfood, where I take the week's biggest events and try to get under the skin of what's happening in fintech. If you're reading this and haven't signed up, join the 6,031 others by clicking below, and to the regular readers, thank you. 🙏
They have an amazing conversation.
You do not want to miss this 👈
(Also available on your favorite podcast client, search "Under the Hood")
Weekly Rant 📣
Identity: Making the future of identity backwardly compatible with the past
One of my favorite lines from a recent blog post about Stripe was, "you can tell a lot of effort went into making this effortless." Great product just works and doesn't expect you to debug the financial system to use it.
Identity is a subject that doesn't "just work" because there are many parts to it.
When you're applying for and using a financial product, several overlapping processes are designed to prevent financial crime, fraud, or other risks like terrorist financing.
It's important to list these out because these processes are required by law and are unlikely to be removed or changed in the foreseeable future.
KYC (Know Your Customer). Checking a human who is applying for a product is a real person, and that person's documents have not been forged. This involves checking Government-Issued identity and perhaps another proof of address. Although in recent years, many Neobanks have begun to use Open Banking as a proxy for KYC (i.e. if you can log in to your bank, you're skipping to ID+V -- See below 👇)
ID+V (Identity and Verification). Making sure the person you're interacting with is the customer your previously KYC'd, and they can verify that. For example, once you're registered for a financial product, you might use a PIN code (something you know), a credit card (something you have), or your fingerprint (something you are) to ID+V yourself.
CDD (Customer due diligence). Checking that a customer has a known home address (from a reliable source like a utility provider like broadband or electricity). In some cases, if a customer could be high risk, they may also check the source of funds, source of wealth and set the customer up to be monitored on an ongoing basis (Enhanced Due Diligence)
SAR Process (Suspicious Activity Reports). If a financial institution suspects anything illegal about a transaction, they have to file a SAR (suspicious activity report). Notably, the financial institution cannot tell its customer why bank blocked a transaction, or that anything is wrong. Known as the "tipping off" rule, the idea is you can't let the criminals know you're on to them.
Risk-based approach. All financial institutions must be able to demonstrate they're regularly looking at the market for new risks (e.g., geographies), that they have "written policies and procedures" and training in place on those policies.
The problem is that most of the world looks at these rules and follows them, rather than looking at how to abstract them and make them effortless and more effective.
Of course, you can't boil the whole thing down to five bullet points. Still, I list these out because if we want a genuinely digital identity future that is backwardly compatible with the existing infrastructure, we must meet these requirements.
Last week, I mentioned two approaches to digitized identity (Digital Onboarding services like Alloy or Onfido and Government-issued digital identity services like Aadhaar).
Both of these approaches have made massive advances, reduced friction in the system, and help financially include hundreds of millions of people.
Government-issued identity has a high install base, is compatible with social welfare, and has the global standards for financial crime baked right in.
But challenges remain.
Government-issued identity doesn't work for the undocumented (e.g., refugees or the hundreds of millions of undocumented immigrants globally).
Government-issued identity is by its nature regional and not global. While passports help with international travel, your credit score and reputation don't have a passport.
Government-issued identity is not private by design. The very nature of the ID+V process requires showing original documents in the clear to a bank or 3rd party (like your passport). Your security is only as good as the security of the companies you've shared your data with.
Self Sovereign Identity (SSI)
SSI allows any individual or entity to present any credential to another party (e.g., I could show my passport to a bank or my Twitter OAuth login). The protocol handles the validation (e.g., Twitter did validate my login, and the bank did validate the passport).
SSI isn't limited to Government-issued credentials. Almost any data point can be a credential or shared. Meaning, the undocumented worker may not have a Government-id but may have a 5-year history of mobile payments in their country of origin that shows regular income. SSI could work better for the undocumented.
SSI may record all of these credentials in a distributed network or crypto network. In essence allowing the credentials to be shared in real-time, globally. SSI is more global.
Credentials can only be shared and viewed if the individual or entity approves them. In other words, if I reveal my passport to a bank, I have consented to do so. What's more, the bank or verifying party never has to hold the underlying data. The individual or entity gives "read-only access," which can help with privacy and reduce the blast radius of any hack (e.g., Equifax). SSI can be built to be more private by design.
The problems with SSI are
It has low install base currently
Most banks do the minimum, so they'll only rely on the Government-issued IDs
States don't recognize SSI as a form of identity unless there is a Government-issued identity
So how do we make backward compatible SSI?
I believe there is a role for trusted actors like banks. While some true believers suggest we can become entirely peer to peer, to be backwardly compatible, we need "trusted nodes." However, the role of banks could be as simple as verifying a credential via open banking services like Plaid. It is highly unlikely banks will engineer a new service (although that did happen in the Netherlands with some effect)
I believe crypto wallets are not (by themselves) the answer. A wallet can be compromised, and the user experience for getting it back often involves remembering a long seed phrase (a 12-word sentence) or having a hardware solution. Humans are not good at OpSec.
Bringing these together could we:
Use existing digitized KYC approaches (e.g., Open Banking) as an on-ramp to SSI (some projects already do this). What if every time I signed up for a new service, it automatically added that action to an SSI network?
Manage everything via an identity or crypto wallet (e.g., Metamask). What if I had one central place to manage all of my credentials and data?
Have privacy by design way of moving data between endpoints (e.g., "prove" I am who I say I am without ever showing the underlying document, with Zero-Knowledge Proofs). What if I could prove my identity without sharing the underlying data?
Turn Government-issued documents into NFTs (I haven't seen anyone do this, but unlike an SSI credential, it lives on any compatible bit of software). What if I could gain access to services with an NFT that proved my credentials?
Create a market for reputation (e.g., Bitclout). What if, instead of just institutions, the crowd could define how trusted I am (or my pseudonyms are)?
Create a user-centric based market for data (e.g., BAT Token). What if, instead of endless cookies and GDPR banners on a website, my digital wallet took care of identity and credentials?
Create a software agent or DAO to manage the above. What if software could help with all of the OpSec and human challenges of access and control?
Create a new definition of identity, where we recognize that identity is broader than government-issued, and it encompasses many aliases and many data endpoints. What if my identity became my identities and I had complete control of it via a dashboard?
What if we could make it work so well that you can tell a lot of effort went into making it effortless?
For me, the big insight is that markets buy and sell risk today. But they don't buy and sell data endpoint risk, nor is there a way to score the trust of an endpoint with credentials.
The reality is with crypto-networks and APIs; we have a lot of the legos.
We may just have to put them together.
4 Fintech companies 💸
Zwitch - BaaS Platform for India
Zwitch offers APIs for payments, card issuance, lending, KYC, and onboarding in India. Zwitch has partnered with major banks such as ICICI and Yes Bank to provide a direct deposit service.
The Indian API provider landscape is growing rapidly; companies like RazorPay already offer services that are as comprehensive as Stripe. They even provide some things Stripe doesn't like cash advances and working capital loans. Long India.
Pomelo - "Fintech as a Service" for Latam
Pomelo will allow fintech and non-bank businesses to launch prepaid and credit cards via "compliant" onboarding procedures. Issuing a card in many parts of Latam is still way too hard, taking 12 to 18 months with many of the leading Issuer Processors in the region today. Pomelo, like many BaaS players, aims to bring that down to weeks.
Given the massive popularity of the API-first BaaS players in the US market, it's not surprising to see this growing in the Latam region. Latam has an enormous need for inclusive financial products and entrepreneurial innovation. While Nubank has been disruptive, creating an on-ramp for many more players could lead to "digital community Neobanks" that we're now seeing emerge (e.g., banks for landlords, banks for the black community, etc.)
Sanlo - Growth Capital for Videogames developers
Sanlo provides growth capital based on game metrics (like app downloads) and benchmarking vs. industry standards. This data allows the developer to project the game's potential success and enables Sanlo to provide capital.
Vertical specific lending on alternative data sets is a massive theme. Companies like Pipe and Clearbanc have found their niche with SaaS and e-commerce businesses; Sanlo aims at the video game segment. Very similar to Sugar, who I covered a few months ago.
Goldfinch - Bringing Crypto Loans to the Real World
Goldfinch has created a Liquidity Pool (LP) that allows investors to deposit their Eth in return for a ~10% yield. That liquidity is provided to local lending businesses in markets like Mexico, Nigeria, and South East Asia, who make loans to borrowers in fiat in their local market.
In the back of my mind is everyone I've ever worked with in AML screaming at me that this feels risky. Crypto + emerging markets + lending. But, if you segment the two, a local lending business, if reputable, should own and manage its risk. Goldfinch is effectively providing capital to lenders and turning crypto investors into decentralized asset managers. Neat.
Things to know 👀
Marqeta did $290M in net revenue in '20 with 41% gross margins in 36 countries and has issued 320M cards and $60bn sales. Customers include Klarna, Instacart, Doordash, and Square. Importantly, Marqeta is growing with its customers.
Quoting John Street Capital, "They have customer concentration risk with $SQ is their largest Customer, representing 60%, 70%, 66% and 73% of our net revenue in the years ended December 31, 2019, and 2020, and the three months ended March 31, 2020, and 2021, respectively."
🤔 My Analysis: Marqeta turned issuer processing on its head. Traditionally a very stodgy and complex business, buying card issuing involved long sales cycles and complexity.
🤔 My Analysis: Marqeta is not only concentrated on Square but also the US market. However, their global, big tech clients may want to expand outside the US, and Marqeta could be well placed to help there.
🤔 My Analysis: For smaller startups, Marqeta might be expensive and slow to market (even though they're pretty fast). Startups may begin on platforms like Privacy.com, Synapse, or Unit. What intrigues me is, do scale-ups graduate from those BaaS platforms and move down or stay there?
Revenue-based financing startup Pipe.com raised $250m just 15 months after its $6m seed round in Feb 2020. Pipe helps SaaS businesses raise financing based on their ARR / MRR projections. Pipe.com doesn't lend the money directly but has created a platform for investors to fund those future revenue streams in return for a fee.
🤔 My Analysis: There is no better example that funding is a momentum game than Pipe.com, "it's massively oversubscribed," and rounds being pre-empted is a sign of the times. But has Pipe.com invented something genuinely new to warrant that?
🤔 My Analysis: The pros here are strong. Its non-dilutive capital (the user of Pipe.com isn't giving up equity in their company like they would with VC capital). Pipe.com isn't in the business of lending or taking the risk; it's more P2P, making it more of a transactional business than a lending business (which says tech company valuation, not lending business). They're selling to growth businesses, which is always a great way to grow with your customer.
🤔 My Analysis: But P2P lending models have been tried and ultimately end up being not tech businesses. It's also clear they're distancing themselves from being "a lending business," but it's unclear the regulator will always agree. It looks and feels a lot like lending (albeit data-driven). Although "revenue as an asset class" is a compelling tagline.
Crypto crashed, which Emily Nicole covered brilliantly. As always, Cathie Wood had sage words. "You never know how low is low when a market gets very emotional, a lot of traders see bitcoin dropping below the 200-day moving average, which was $40,000. So traders, once they see that happen, they just dump and run. I think we're in a capitulation phase… which is a great time to buy, no matter what the asset is."
Fidelity launches 0 Fee brokerage accounts for teens. Fidelity will issue debit cards and offer savings and investments to teens whose parents use the firm. 🤔 Interesting they're competing with both apps like Robinhood and teen apps like Greenlight. Using parents as a way to bootstrap is also neat. I have to admit, as incumbents, both Fidelity and Vanguard are way better at what they do than many of the banks.
Amount.com raised $99m at $1bn. Amount allows banks to offer digital lending products with 100% SaaS and gained huge traction during the pandemic. 🤔 Solutions like Amount price on a "per successful loan" basis are a win/win. There's little to no upfront cost to their customer until that customer makes money. It's consumptive SaaS but for banks, and very compelling. (Amount is not the first to price this way, but the time to market and SaaS nature of Amount.com is especially strong at this model).
Neobank current will become a "Polkadot validator" as it dips a toe into the Defi space. The founders of Current are well-known Crypto fans; if you follow Stuart, the CEO on Twitter, you'll see this. 🤔 While we've seen the main coins appear in many fintech apps, we haven't seen companies take an active role in running the networks or participating beyond offering their customers trading. Keep an eye out for what Current does next.
Good Reads 📚
Fintech hasn't unbundled banking. Fintech has atomized banking. The endgame of this atomization is to reduce every financial services function down to its most elementary (primitive) version, in much the same way that Amazon ushered in the age of public cloud computing.
We see this with companies like Moov, who take base primitives of finance (like ACH payment, wire payment) and allow entrepreneurs to rebuild them in any way they see fit. But if everything is atomized, where is the gravity? Alex speculates its merchants, communities, and employees. If banks focus on financial health, maximizing lifetime earnings, and becoming ultra low cost, they might have a shot at bringing these three together.
Alex's thinking is similar to the most recent 11:FS Report, rebuilding banking from the inside. We talk about how the monolithic codebases are broken down into software primitives and the architecture to recombine those without vendor lock-in.
🤔 My Analysis: You have to credit Moov to get everyone talking about the primitives of finance. What developers build when you give them great primitives is astonishing, but the lesson from AWS is it's not just the primitives themselves. Developers need an environment that is instant, resilient, and adaptable. The primitives alone don't give you that.
🤔 My Analysis: The reality is the primitives will be provided by many different suppliers and many different APIs. Right now, there's a ton of non-differentiated code in most organizations stringing all of those together.
🤔 My Analysis: There's also a very regionalized issue with the primitives of finance. That primitive only works in one market. There is still a ton of room to make APIs "so effortless you can tell a lot of effort went into it." And there's a tension between those two concepts. Becoming more atomic and having more control, vs. becoming increasingly global and value add.
The blog post is a case study of FTX.com an exchange that exists "outside the US financial system." If you head to their website from the US, you're given a message not to sign up there. FTX is the fastest growing crypto exchange that does interesting things like offer crypto derivatives, offers its own token, and allows its customers to buy synthetic versions of stock or commodity investments.
The Eurodollar, like Crypto, once existed entirely outside the US financial system, but in the end, became beneficial to US interests. Something similar could quickly happen with Crypto if all the offshore liquidity is on one platform. That platform can launch new financial products faster than other exchanges; it will set the rules for a market that exists because the usual rules don't apply.
🤔 My Analysis: Eventually, the US onshore and global banks became key risk managers and gatekeepers to the Eurodollar market. The best way for the US regulators to help mitigate some of the risks in the Crypto markets is to have the on-off ramp (the banks) bring liquidity in return for some stability.
🤔 My Analysis: Getting US dollars in and out of Crypto is still way too hard. That's partly by design, in the hope that not too many big market players or retain customers get burned. But it's too late for that; the consumer lost big in the past week with the crypto capitulation. The Crypto Genie is out of the bottle. The industry wants liquidity; the state wants stability. There's a trade here that works for both sides.
Tweets of the week 🕊
That’s all folks 👋