Compliance Profiles of 2023's Fintech Financing Winners
Reviewing a few of last year's funding winners from a Risk/Compliance lens
As the year kicks off, there has been a lot of doom and gloom about the state of fintech funding particularly in the last week (with some notable exceptions). However, money still flowed in the billions across the globe. One thing that caught my eye this week (and I'm kicking myself because I can't find the post) is where it was highlighted that of numerous fintech funding success stories in 2021, there were a number that turned out to be compliance nightmares - in hindsight, some of them were crypto related but not all of them were. It got me thinking about what to look for in the current batch of startups, and while no one has a crystal ball, certainly we can perform our own "compliance risk rating" of sorts on some of these companies.
To make it straightforward and understandable, I picked the fintech startups with the biggest rounds of funding between Jan 1 and Dec 31 of last year, and then analyzed several compliance related components - is the nature of the business heavily regulated, what is the state of the compliance function/staff/leadership, how does the company address compliance publicly, what is the state of the jurisdiction in which the company exists (i.e. how tough are the regulators in the country), and are there any egregious consumer complaints that give a bad sign for the future? I chose the top three that came out of my Crunchbase research (link here, with some exclusions). Based on a combination of these factors, I give each company a compliance risk rating between 5-25 (with 5-9 being low, 10-14 being moderate, 15-19 being high, 20-25 being critical) which can give us an idea of which companies we might want to keep an eye on in the future, perhaps in these very pages. Without further ado, here's our analysis:
1) Finastra
Nature of the Business: a company that I personally became familiar with due to their brilliant webinars over the last few years, they have offered a massive number of fintech related software services to other businesses and financial institutions. In the last several years, they have really gone in on their focus on compliance, with the big move being this past September when they launched a "Compliance as a Service" solution. I would say while they don't have a significant deal of compliance exposure themselves because they aren't a bank and not solely on the hook for the services they provide, they are a BAAS (or in this case, CAAS) provider and happen to be extremely large, and so we rate them accordingly. Risk Rating - 2
Staff: The Chief Compliance Officer has a great deal of experience and has been in place for over five years. However, a couple things do concern me - first off, she doesn't have any experience as a regulator herself, which is always something that can be an area of concern (and makes the difference in those fintechs that do really well from a compliance POV). Second, she manages all three lines of defense, which isn't always the best since the third line in particular needs to have independence from other groups (i.e. 1st line controls, 2nd line risk/compliance). Lastly, the rest of the team's leadership while very well-versed in risk management and legal experience, isn't as strong in terms of Compliance. The experience is great, but these other elements being missing could create some concern, if not for them then potentially for customers. Risk Rating - 3
Compliance-Related Public Statements: I usually go off of what's on the website and how Compliance is prioritized. On the one hand, as we mentioned earlier, they offer CAAS products and made a big deal of them. However, just going on their webpage, for whatever reason finding anything about this compliance offering without having to dig around and poke around significantly is quite difficult. If you google "compliance finastra" many hits will appear, but nothing otherwise. To me while this isn't as tangible of a risk indicator, it suggests the culture and the view towards which a company treats compliance. Is Finastra as confident in compliance as their previous press releases indicated? Risk Rating - 3
State of regulation in its jurisdiction - There is little to worry about Finastra here. The company is based in the UK which is regulated by the FCA, and their focus is on markets, brokers, lenders, crypto/payments, investments, and other types - but not software companies like Finastra which don't directly handle funds or accounts whether consumer or otherwise. Risk Rating - 1
Consumer complaints if any - Not many, and in fact very little. The company seems to have a fantastic reputation amongst its numerous B2B customers, as evidenced by reviews and feedback at various sites. Risk Rating - 1
Overall Compliance Rating - 10 (Moderate)
2) Tabby
Nature of the business: The company was originally based in Dubai but recently shifted operations to Riyadh, a sign of the times in Middle East business in general as the Saudi pitch to investors and companies continues to pay dividends and is driven by a move to require any foreign companies expecting contracts with the Saudi government to move their regional headquarters there, and Riyadh is the main beneficiary of this. They play in the BNPL space, which after being all the rage during the pandemic and then taking a tumble in 2022 and early 2023, appear to be back on the upward move as Klarna, one of the world’s leading BNPL providers, reported its first quarterly profit in 3 years a few months ago. Nevertheless, regulators across the globe are much more clued in on this business model than a few years ago and scrutiny will be high. Risk Rating - 4
Staff: The team appears to be primarily focused on AML, as evidenced by the fact that their head of Compliance is only ranked as a “Compliance Manager & MLRO” (money laundering reporting officer), but BNPL is an area that the Saudi regulators (Saudi Central Bank aka SAMA) are taking renewed interest in. The team is also quite small with just a handful of interns along with a few other full time employees. If the company has intentions to scale, this will need to improve, like yesterday. Risk Rating - 4
Compliance-Related Public Statements: The company seems proud to tout their compliance with Islamic Banking regulations, which are prominent in the Middle East and have become an increasing focus for new companies that are trying to penetrate this growing market. However, one thing to note is that in their terms and conditions, the jurisdiction noted is still the UAE, rather than Saudi Arabia. It’s unclear whether this means that they simply haven’t file the paperwork to transfer their primary base of operations to Saudi Arabia including regulatory applicability, on the other hand their Islamic Banking/Sharia compliance certification is noted as being overseen by the Saudi Central Bank. Not a huge deal but something to keep an eye on. Risk Rating - 2
State of regulation in jurisdiction - As noted previously, the Saudi Central Bank proposed new rules to regulate BNPL providers. However, one perspective is that this will only help companies like Tabby gain more of a foothold in the area, as they already have an established business that will probably just need some tweaks and could even be used as a test case for the regulators, while a newer emerging business in an earlier stage might be faced with more challenges. Still, the risk can’t be dismissed as the regulation is just coming into play and this is Tabby’s core business, after all. Risk Rating - 3
Consumer complaints if any - Having come up through the UAE, there’s quite a paper trail when it comes to this company, well before the expansion/move was made to Saudi Arabia. Upon review of several consumer websites, with one featuring a ton of angry customers, another leaning in a more positive direction, and another somewhere in the middle, we think that the latter is about right for their perception. As always, the concern is that as a fintech startup becomes more seasoned, their customer service drops off and this is apparent in some of the comments/feedback. Still, the diverse range of opinions is a good sign (for now). Risk Rating - 3
Overall Compliance Rating - 16 (High)
3) Beyond Finance
Nature of the business: This company plays in the debt consolidation space, which has historically been fraught with significant risks for consumers. Beyond Finance, being a newer player to the game (founded in 2016) obviously aims to change that, yet it’s worth noting that not only is this practice pretty old (dating back centuries), but it’s also pretty mature and has had time to go through numerous permutations. That also includes regulatory scrutiny being significant, depending on the jurisdiction the company plays in (and how they market). Risk Rating - 5
Staff: The Chief Compliance Officer is seasoned with over 30 years of experience working in various roles, including numerous stints as CCOs in other companies, and the rest of the senior team are no slouches either with similar backgrounds including time spent at large consulting firms focusing on the same. The one area where they lose some points is that no one has any experience as a regulator. Risk Rating - 2
Compliance-related Public Statements: While they tout some strong disclosures on their home page relating to the details and ranges of the amounts and rates of their loans, as well as non-discrimination and non-guarantee statements, there is really very little else they focus on from a Compliance perspective. On their “about” page, they tout their credentials where compliance seems to be non-existent (let’s be real, most people when they think of debt are in fear and I don’t see much to acknowledge that fear), and the leaders cited by them don’t include the CCO (weirdly enough, the CEO isn’t shown), and in citing the organizations they’re a part of they don’t mention which regulations or which associations they are involved with that would give folks comfort around their compliance chops. They get points for all sorts of disclosures, but based on all of this it makes you feel like they are of the mindset “compliance because we have to.” Risk Rating - 4
State of regulation in jurisdiction: They are federally regulated, as they acknowledge in the privacy policy their being subject to GLBA, but they have arranged themselves where they aren’t subject to FDCPA or Reg B/fair lending regulations for example because technically they are not a debt collector nor are they a lender, instead they have a number of “affiliate companies” that do the work for them. Risk Rating - 2
Consumer Complaints if Any: I’ll give them a lot of credit here - they are rated well across numerous dimensions by their customers. They have an A+ on BBB, even their Google Reviews are over 4.5 stars, and their TrustPilot ratings are fantastic. Clearly, in spite of working in a tenuous space with a lot of bad history, customers are happy with what they are getting and there’s not much we can find that proves otherwise. Risk Rating - 1
Overall Compliance Rating - 14 (Moderate)
So you get the idea - some companies are generally fine, while others present higher risks. The remaining companies we had on our list of those receiving the highest funding rounds in 2023, which we encourage you all to check out and evaluate using the same approach, are below:
4) Mercado Pago
6) Octane
7) DMI Finance
9) Balance
10) Tamara
It’s useful to not just view companies with funding success through the lens of sales and dollars, but also through how they’re set up for compliance and risk now and in the future. Today’s success stories could easily become tomorrow’s front page news (for all the wrong reasons).