Fintech 🧠 Food - BaaS is Dead.

Hey everyone 👋, thanks for coming back to Brainfood, where I take the week's biggest events and try to get under the skin of what's happening in Fintech. If you're reading this and haven't signed up, join the 28,936 others by clicking below, and to the regular readers, thank you. 🙏

Health warning 🩺 - This week as every week I'm writing in generalities and backward looking based on personal experience. I may not know about your product, solution or how you solved the problem. I'm also aware that many have and will solve the industries problems well. I'm always open to learning. Please get in touch with more.

Hey Fintech Nerds 👋

How was your week?

As soon as I hit send last week, the announcement UBS is buying Credit Suisse hit. The move pushed by the Swiss regulator has spooked markets more in an attempt to calm them. Trust and confidence in financial markets have evaporated, but when all about are losing their heads try not to lose yours. 

Then that report hit. If you missed it, a short seller called Hindenburg has alleged that Block (AKA Square) has between 40% to 75% fake, fraudulent, or illicit accounts. Block hasn't responded. We should give them time to do so.

But it points to why regulators and traditional bankers for a long time had concerns about Fintech. This issue isn't about a single market actor; it impacts anyone who's done digital account onboarding. The "friction" of conversion at onboarding also stops bad actors. We can and must find a better balance.

Crypto is under pressure as the SEC has issued a Wells notice to Coinbase. Coinbase will be fine. But the regulatory and government position is now openly adversarial. This will be a forcing function to Crypto in the long run. My worry is we destroy what made it special in the process.

Business models are under pressure as the tiny revenues from interchange propped up an ecosystem of providers who shared revenue. This Banking-as-a-Service business model doesn't apply to all providers or Fintech companies, but it applies to many. 

At the same time, regulators are scrutinizing this model, as it creates an accountability gap. Who owns the regulatory risk? Many little dinosaur arms do not want to touch this one, but the opportunity is the opposite. The best providers, partner banks, and Fintech companies are those building trust, solving visibility gaps, and controlling risk.

We need to lean into trust. Doing right starts with better controls.

Compliance is a competitive advantage.

But it's also a rising tide.

As an industry, we can do better by closing visibility gaps, leaning into regulatory complexity, and pushing to take ownership and accountability.

PS. No Brainfood next weekend; I'm doing a week's vacation in Cancun and need to put the laptop away :) ✈☀

Here's this week's Brainfood in summary

📣 Rant: BaaS is Dead

💸 4 Fintech Companies:

1. Hedgeful - Invest like a family office 

2. Staging Labs - Safer by design web3

3. Notice - Pricing data for private companies

4. Gigastar - The creator investment platform for fans

👀 Things to Know:

1. Block shares plunge 19% on allegations of fraud by short seller

2. UBS to buy Credit Suisse

📚 Good Read: 4D Chess in Card Payments

Weekly Rant 📣

BaaS is dead.

If the past two weeks have taught us anything, trust and confidence in banking are everything. 

The bad news is still rippling throughout the economy, and the effect on Fintech providers and their downstream B2C and B2B Fintech companies is still being felt as

1. Regulatory scrutiny into the relationship between partner banks, BaaS providers, and Fintech companies heightens 

2. The crowded BaaS provider landscape fights for a dwindling revenue pool

3. The bedrock of BaaS providers 

The foundations that the Fintech industry is built on have been shaken, and this process will continue until we chart a new course for social trust among businesses and consumers.

BaaS can and will unleash generations of change for non-finance brands and new Fintech companies. But only if the whole industry cooperates and takes collective responsibility for risk.

Today there’s a lack of clear accountability and the fraud AML and risk management is creating an environment that’s hard to trust.

So how do we get better?

1. Understand why was BaaS successful in the first place

2. Recap the BaaS actors and their roles

   1. The Fintech companies

   2. The provider stack

   3. The bank

3. Understand how the business models and incentives shape decision making

   1. For Fintech company

   2. The provider

   3. The bank

4. Where has it started to go wrong

   1. The market structure wasn't designed; it emerged

   2. Creating a lack of clear accountability for risk and fraud

   3. The power dynamic between the sponsor bank and the Fintech company is broken

   4. The VC cash tap has run dry

   5. Fraud and AML are an epidemic

   6. Sponsor banks need help to manage this issue

5. How we do better

   1. Better data science

   2. Treat Fraud and AML as the same thing in real-time

   3. Better data collaboration

   4. Appropriate friction for appropriate risk

   5. A single real-time dashboard for sponsor banks

   6. Possible rule-making

6. A call to action. 

1. Banking-as-a-Service unleashed innovation

It's worth a quick history lesson on why this category even exists.

Before 2010 getting new financial products to market would take, on average, 12 months and start at $500k to $1m for launch. Innovation meant having a mobile app that distributed the same old financial products from the same old brands. 

The first wave of the internet saw internet-only banks like ING emerge or companies like Capital One, who were good at the traditional product set. But the products were loans, credit cards, debit cards, checkings, and savings.

There was an opportunity to

1. Reduce the time to market

2. Reduce the CapEx (upfront cost)

3. Reduce the Opex (maintenance cost)

4. Broaden the scope of innovation by doing the above

The first wave of "BaaS" appeared in 2012 / 2013 when new issuer processors like Marqeta, Galileo, and GPS entered the picture. An issuer processor is a provider with direct access to Visa or Mastercard and can help manage much of the complexity of running a card program. Being new, these providers were more open to smaller up-start companies who wanted to launch a card program, and they had more developer-first APIs.

The net effect was that these providers reduced the time and cost to market and won some interesting customers. For example, Chime, CashApp card, Monzo, and Revolut all bootstrapped growth offering pre-paid and debit card programs via these new providers in their early stages. 

So far, so good. 

But it still wasn't cheap and wasn't fast, especially when compared to a merchant's experience with Stripe or Braintree at the time. Why did it still take months - shouldn't that be instant? Why did it still cost 6 figures, couldn't there be a better way?

Yes.

Instead of competing with the issuer processors, a new generation of providers emerged above the issuer processors. One of the early movers was Synapse, followed by Treasury Prime and then a wave of companies in every geography like Railsr, Swan, and Unit. Heck, now even Stripe does Banking-as-a-Service.

(As an aside, the precursor to many of these BaaS platforms was Standard Treasury, founded in 2013 and later sold to a bank you may have heard of called Silicon Valley Bank. The idea was to catch this BaaS wave before it happened by layering the technology over a bank; the bank would become a platform. An API-first, digital offering. This direct model of BaaS may yet make a comeback. You'll find the former founder giving the history lesson here, and its well worth your time)

These API-first providers further reduced the time and cost of getting to market. In many cases, they also reduce the ongoing cost of maintaining connectivity with partner banks and issuer processors. A new Fintech company could sometimes have a live working card within ~8 weeks and for a flat monthly SaaS fee. 

As every company became Fintech in 2020, these providers scooped up new customers. The space for niche banking, targetting immigrants, low-income consumers, or new business banks opened up as entrepreneurs could quickly validate a new idea or concept.

Today logos like Angelist, Klarna, Navan, and Ramp use BaaS offerings. 

It's hard to say all these companies would not have launched a debit card without BaaS. But I am confident many would not have. 

2. BaaS actors and roles

The fortunate thing about writing weekly Brainfood is I've written some stuff before. Here's a quick recap of the market actors. The full post is here, covering embedded finance from the brand perspective.

3. BaaS business models and incentives

Now we get to the good stuff.

Business models drive incentives. 

But often, founders of Fintech companies don't start a company with the end game business model in mind. They start a company to solve a problem they experienced or understand well. Immigrants founded Fintech companies to make getting an account for migrants easier; communities of color create accounts to serve their population. 

But there are a finite number of business models in finance, and the model you pick can come with strings attached.

Let's start with the simplest example; a debit card program by a bank for its customers. In this example, the bank is the debit card issuer because they issue the cards (geddit?). Let's also assume the bank does its own issuer processing in-house. In this example, the bank retains 100% of the economics and 100% of the risk.

I will make the maths easy (wrong) for simplicity (and because I have dyscalculia and I'm writing this from a plane).

• Let's pretend there's 2% of a transaction available.

• If customers spend $10m monthly on cards, the bank will generate $200,000 monthly. 

• Let's assume they lose 0.5% of all transactions to fraud and chargebacks. At $10m total spend, that's $50k of losses.

• Leaving the bank with around $150,000 in gross revenue (before staff, technology, etc.).

The debit card issuer wants the highest amount of transactions happening on their card. More users and spending higher amounts = more revenue. 

--> Therefore, the incentive is to get more users and create more spending. 

Some other important notes. The bank also holds the underlying deposits, and deposits are the lifeblood of banking. Deposits enable lending but must be sticky. The bank is ultimately responsible to the regulator for any risk and will see fraud as a cost. 

--> When going direct, a bank will typically balance the risk/reward of user growth vs. deposits that could leave or be fraudulent. 

All fairly basic so far, but that was an easy one.

Example 2: A Fintech company integrating directly with an issuer processor. In this case, the Fintech company is the issuer. The bank is the BIN sponsor (or sponsor) because they sponsor Fintech to use the card network. The new actor is the issuer processor, the IT department connecting the bank systems to the card network, and the Fintech company. 

BIN stands for Bank Identification Number - typically the first four to 6 numbers you see on a credit or debit card. Think of it like an area or zip code but for banks. 

In this example, who retains the risk and, therefore, economics is more negotiable. Again the maths here is wrong for simplicity and to demonstrate the point.

On the transaction

• 2% of a transaction available.

• If customers spend $10m monthly on cards, the 3 parties could $200,000 monthly. 

• If the bank has the heaviest fraud and risk liability, it may take up to 1.5% if the total transaction amount, gaining $150k but losing $50k.

• The issuer processor might take 0.05% of the transaction $5000. 

• Leaving $45,000 in gross revenue for the issuer (before staff, marketing, technology, etc.).

--> The Fintech debit card issuer's incentive is to grow users and purchase volume. They're also burning VC cash to spend on marketing and must show growth.

Fintech companies see any friction to user growth as a problem with the product to be fixed. 

--> The Bank's incentive is to minimize losses and maximize revenue. This commercial imperative should create a natural tension to push back against the Fintech company.

Historically, banks have been cautious of rapid account growth because it could be a sign of illicit activity and fraud. 

This was how the market looked up until the mid-2010s, until three things happened.

1. Some Neobanks started to gain traction, and Chime, Nubank, Monzo, and Revolut were becoming exciting names in tech more broadly and driving entrepreneurs and VCs to the space.

2. The API-first providers served the growing demand to build Fintech companies which reduced cost and time to market.

3. The Durbin Amendment to the Dodd-Frank act incentivized small banks to become sponsor banks to grow deposits and generate new revenue.

We've covered the Durbin Amendment countless times on Brainfood, and it's almost a cliche now, but as a quick recap. After the financial crisis, the Durbin Amendment wanted to ensure small banks in America thrived (vs. "too big to fail"). It capped the interchange revenue a bank with more than $10bn in assets could receive to 0.05% + 21 cents.

Small banks now had a competitive advantage if they could become sponsor banks. But many lacked the technology or experience to run a sponsorship program. Luckily the API-first program managers (AKA BaaS providers) had arrived to simplify the technology and make it super developer friendly. 

Example 3: A Fintech company integrating with a BaaS provider who uses a Durbin-exempt sponsor bank. In most cases here, the Fintech company is the issuer. However, the API provider acts as the program manager for many early-stage companies. This should ensure some of the sponsor banks' risk appetite is managed. The API provider has managed much of the tech integration into an issuer-processor and the bank, making the developer's life much simpler. 

Risk and economics are negotiable, but we can imagine two examples one for a very early-stage company and another for a massive, at-scale consumer Fintech with millions of customers.  

For the early-stage company: 

• 2% of a transaction available.

• If customers spend $10m monthly on cards, the 4 parties could $200,000 monthly. 

• If the bank has the heaviest fraud and risk liability, it may take up to 0.5% if the total transaction amount, gaining $50k but losing up to $50k. (This may be ok if it is aiming for deposits)

• The issuer processor might take 0.05% of the transaction $5000. 

• The BaaS provider may not initially share any economics, but as the company scales will begin to share more. Lets assume it takes 0.75% and shares 0.75% with the Fintech company

• Leaving $75,000 in gross revenue for the issuer (before staff, marketing, technology, etc.).

* Note: Not all BaaS providers share the card economics; some charge a SaaS fee. In that case, the incentives are much more simple. Sell more SaaS.

You immediately see that the incentive of the smaller bank creates a different picture. Many of these small banks are local lenders who likely couldn't attract deposits nationally, creating a natural break in their growth. So new deposits = new growth. Yay.

--> Smaller banks want deposits, and bank sponsorship helps drive that

--> BaaS providers want revenue, and sharing interchange helps drive that

--> Fintech companies want to bootstrap growth, and sharing interchange helps drive that too

Win. Win. Win?

I was a little unfair in the above economics suggesting sponsor banks are more ok with fraud; they're not. But some lacked the sophisticated controls of a large bank that might have operated as a sponsor bank for decades.

Before we finish this section, we should talk about the giant Fintech card issuers. While many started small, they've grown in power and presence as they can represent 10s of billions in deposits and 10s of millions of consumers. Whether they use a BaaS provider or not, many still partners with sponsor banks. 

In some cases, a sub $5bn asset sponsor bank is the primary BIN sponsor for a Fintech company that dwarfs it. The Fintech company likely owns the lion's share of economics and fraud risk in these examples. 

--> The sponsor bank wants to attract and retain these whale clients

--> The Fintech company wants the most responsive and economically viable sponsor bank

David meets Goliath. 

4. Where things start to go wrong.

a) This market structure wasn't designed; it emerged by accident. 

A regulatory change, market timing, and happy accidents had something to do with it. You also have a string-and-tape approach to bits of regulation and infrastructure. 

Where consumer money sits is in an FBO account. The for-benefit-of account was created for companies that transfer money but never hold it. It is a pooled account where every consumer's funds are co-mingled, but each customer's dollars in / out are recorded. Each state has a license, and almost none was designed for today's market structure.

Suppose you contrast this with Europe, where e-Money regulations are much broader in scope and designed to capture card issuing risk. In that case, it's much clearer what the roles and responsibilities of each participant are. There are also strict rules about how those deposits must be held and insured. If you take, for example, the failure of a Wirecard. No customer deposits were lost, and all were held 1:1 at large financial institutions. 

As an aside, some e-money license holders in the UK can store deposits with the Bank of England, making them theoretically more secure than deposits at a commercial bank.

If I were a regulator looking at market structure, this would be a lesson to take.

b) The lack of clarity leads to a lack of clear accountability.

In a model with a sponsor bank, MTL holding a Fintech company, and a BaaS provider, there are a lot of little T-Rex arms about who has ultimate responsibility for what. Good actors are leaning into the space providing tools and ownership, but when you speak to folks in regulators and government, that is not universal. Sadly, far from it.

The problem is who's accountable depends on which sponsor bank, BaaS provider, and Fintech company is involved and who holds what liability or risk. The isn't a single industry answer to questions about 3rd party management or AML risk. 

The regulators can examine the banks, but they often point at their larger, scarier Fintech clients and say, "we can tell them what to do but can't make them do it."

Because.

c) The power dynamic and incentives are broken. 

Banks hold the ultimate responsibility to regulators but often lack the commercial leverage you'd see in traditional models. BaaS providers aren't always regulated, and many young Fintech entrepreneurs lack experience.

The subjective intent of all of these parties may be positive. The entrepreneur wants to create financial inclusion, the BaaS provider wants to enable that, and the sponsor bank is doing amazing things with a tiny team and budget.

But by the time the Fintech company becomes enormous and starts to suffer fraud losses or regulatory backlash, all of that is forgotten. Things are easier when a company is younger, and the next funding round is all but guaranteed.

d) The VC cash has run out.

A traveling circus could have started a Neobank or BaaS provider in 2021 and got funded. The market correction was probably due, but it has left us with a glut of Neobanks and BaaS providers fighting after a vanishing number of customers. It's not easy being another consumer Neobank.

User growth isn't guaranteed anymore by VC marketing dollars. Those who made it to market could show bootstrapped revenue and user growth.

This crowded market will create plenty of losers but some winners. Those winners that get big may want to leave their BaaS provider to improve their unit economics. There's a certain ceiling to this business model. This is starting to play out with stories like UK BaaS provider Railsr heading for bankruptcy protection.

It's far from game over for BaaS. Long term, they can create more value than they cost. I suspect BaaS providers sharing interchange won't be the best route to goal forever (and you already see many going wider into credit, lending, and focussing on non-bank brands).

e) Fraud and AML is an epidemic and hurting growth and costs

There will be more stories like the allegations against Block from this week. Fintech and banks that have leaned into digital account opening have a truly staggering fraud problem at their doorstep. 

The battle against friction created an opportunity for fraud. 

Fraud and anti-money laundering are the same things dressed up in different outfits. 

Historically fraud was a commercial issue, and so a card issuer or bank would accept some fraud as a cost of doing business. By removing friction, you might gain some fraud but gain way more good customers. In contrast, money laundering was the serious older brother of fraud aiming to stop organized crime, sex trafficking, and terrorism. 

Historically, you manage money laundering after the transaction by monitoring transactions, reporting suspicious activity, and managing the case. Fraud, however, was something you'd either try to prevent or fight.

Account onboarding became a critical time for both to catch the bad guys. If you view account onboarding as a tick-box process that must be done with the least friction, then a minimalist reading of the BSA/AML rules will result in a high conversion onboarding process.

Over the past two years, this has made fraud and money laundering something that can be done remotely at scale, attacking the system's weakest parts. 

Tommy from Alloy said it best: "digital reduced the CAC of fraud."

f) Sponsor banks have no way to restrict the activity of Fintechs

We must fix this issue.

Fraud and Money Laundering sound like white-collar crimes, but they fund the worst things in society. Child exploitation, human trafficking, and organized violence exploit the weakest Fintech onboarding to wash their proceeds of crime through the system.

And the sponsor banks are largely unable to stop it.

Sponsor banks ultimately have to trust what the Fintech companies are telling them. If the transaction monitoring systems are poor, if the fraud controls are weak, sponsor banks have a visibility problem. Remember, sponsor banks are the ones who will face the exams and the regulators.

Sponsor banks need a dashboard that collates their policies, risks, and real-time fraud and AML data into a single view. With that, they could do their job. Without it, they're flying blind.

5. How we do better

The first step to solving a problem is admitting we have one.

The sentiment on Fintech Twitter is largely "Ok, this is normal in Fintech companies, and we have to fix it." That's progress, but it's not the whole answer. You better believe this issue impacts every bank that rushed to do digital account opening during the pandemic. So big banks, you don't get to point at Fintech and say, "I told you so."

Same for the regulators and government who pushed hard to distribute stimulus checks and PPP loans. 

We, the financial services industry, can do better.

a) Better data science. To quote Sardine* CEO Soups "Most fraud problems are data science problems." Fraud was always the friction department that got in the way of growth, but that is a data science problem. Too much friction creates too many false positives and an unacceptable decline in revenue and profitability. Data science isn't about eliminating fraud; it's about smashing it as low as practical and having the best possible experience for good consumers.

That means getting better at identifying good behavior and bad. That is a gnarly data science problem. But it's also where the best data scientists can make an incredible difference.

Most Fintech companies and banks could have a net reduction in friction for good customers and significantly reduce fraud and AML if they had the best tools and performance working in harmony. 

Fraud and AML platforms aren't just tools. They're an extension of your team.

b) "FRAML." Fraud and AML are the same; they have different economic consequences for the financial institution. However, fraud was always managed in real-time, and AML was a lagging indicator and more of a process. Often what starts as fraud is AML. 

Fraud controls are also great at spotting money laundering before it happens. I hear weekly stories from the Sardine* ops team about how the ML models picked up AML signals from a device and flagged those to the client. With an early warning like this, FI could block a transaction from what was clearly a sanctioned entity before it happened.

Historically AML was 30 days later and transaction monitoring. Fraud was everything else. The default needs to be real-time everything and a single dashboard.

c) Better data collaboration. No more black boxes for data. The top 7 banks in the US share data and the large banks in the UK do. But they don't share it with Fintech companies or Crypto businesses. Sharing data is challenging (because it's often PII and highly regulated), but it can be done. It's an issue that has been discussed forever, but no more talk; let's get this done.

As a Brit, and a reformed banker, I sometimes find the competitive dynamic in Fintech companies naive. Banks have collaborated on the non-differentiating, non-competitive elements of their business for decades. Fintech infrastructure players and companies can do better here.

d) Appropriate friction for appropriate risk. If the data science says a customer is a super low risk at onboarding, give them a low friction experience. But that's not it, not job done. If that customer starts acting suspiciously, layer that friction back on. 

Laying in wait is a trick many fraudsters use; they try and hide or port accounts after onboarding, knowing that onboarding is where most controls are. 

Of course, you can only do this if you're always vigilant.

e) A single real-time dashboard for downstream risk. Sponsor banks don't have to fly blind if they can see the policies and real-time data about fraud, AML, and patterns in their Fintech client base. Themis and Cable are dashboards for policies. Sardine* has a real-time dashboard for sponsor banks called portfolio insights (competitors, hmu if you have something similar, happy to call that out too).

f) Possible rulemaking. This is the biggie. The OCC, CFPB, and states have gaps in how the MTL works. 

A federal-level "super MTL" for e-money regulation in Europe feels like a no-brainer to me. Such a rule would clarify accountability and what happens when something goes wrong. The FDIC should likely input what happens to consumer deposits in FBOs and how these should be segregated (remember FTX?)

I'd also love to see a rapid expansion of the innovation / Fintech arms of the regulators. My experience with the FCA from 2013 through 2018 was that it got this bit right. The innovation team knew that the Fintech companies had good intentions but often (not always) lacked experience. The role here is much more a good cop than a bad cop. And even in a neutral posture, it's a visible cop. 

6. A call to action. 

Fintech has genuinely created financial inclusion. Whether cashflow-based underwriting, early wage access, or credit builders, none would exist without the Fintech movement.

But we have a problem.

The banking crisis and the Hindenburg report created a trust problem. 

The trust of consumers, businesses, and regulators of the financial services industry (and frankly government) is shattered. 

But it's always darkest before the dawn. 

There is so much we can do together to make this better.

If you want to do better or just spitball ideas of other things we can do, reply to this email and send your thoughts.

Because of fuck fraud. Fuck AML. 

It's ruining what Fintech was all about. 

Let's kick its ass.

ST.

PS. Here’s a Masterclass from Soups on how to detect more of this stuff.

4 Fintech Companies 💸

1. Hedgeful - Invest like a family office 

Hedgeful is an all-in-one investment platform to build and manage your portfolio across traditional and alternative asset classes. In addition to stocks and bonds, Hedgeful will invest in credit, inflation, commodities, real estate, and cash. The service is available through an online platform with live chat support.

🤔 Most consumers cannot access the non-traditional asset classes but lack the time and patience to build a portfolio and wealth. Hedge funds can access these assets and may sell them through wealth managers, but those wealth managers often have high limits and don't always appeal to younger generations. First came Robo for Gen Y, and now proper wealth management. As the shift from Gen X to Gen Y comes in the next decade, there's a window of opportunity to compete for that wealth accumulation, and Hedgeful is in the sweet spot for that if their website is anything to go by. It looks like Stripe's design team had a take on traditional wealth managers (like Charles Schwab).

2. Staging Labs - Safer by design web3

Saferoot, the first product from Staging Labs will automatically move your NFTs or Crypto to a backup in the case of an error, hack, or scam. The team aims to make "security by design" a default for web3 and something any user can access.

🤔 The biggest challenge facing self-custody wallets is user security. Users consistently lose money to their own errors or scams, and the wallets can't help them because DeFi is irreversible. There's a massive need for the type of service a wallet can recommend or even bake in that helps users. Staging Labs are pre-seed, so its hard to tell where they go next, but this kind of thing is needed.

3. Notice - Pricing data for private companies

Notice's platform contains a benchmark price for privately held company stock (e.g., Stripe, Airtable, Chime). Notice aggregates data from brokers, funds, public comparisons, and historic financing to inform their algorithm. The algo provides an estimated price (mark-to-market) every 60 seconds and sells to companies, investors, press, and employees. 

🤔 In a world where the tech industry is incentivized on stock, understanding valuation is still challenging. Having a credible and neutral pricing estimate is valuable. I could imagine this concept expanding into other asset classes where pricing data isn't as discoverable as in public markets.

4. Gigastar - The creator investment platform for fans

Gigastar allows fans to invest in their favorite creators to share a % of a Youtube channel's future earnings. Creators can list on the Gigastar market; fans buy tokens that provide funding to the creator to grow their business.

🤔 Today, fans of creators can tip, subscribe to or buy merchandise, and creators have several platforms to help them invest. But taking out a loan is still challenging, and the investment space is still early and fragmented. The idea of fans investing and sharing the upside has potential. However, given current market conditions, my temptation would be to steer clear of tokens and look to make a classic crowd equity investment in a business.

Things to know 👀

1. Block shares plunge 19% on allegations of fraud by short seller

The short seller Hindenburg has accused Block that up to 40% to 70% of its accounts could be fake or fraud. The report states that Blocks systems take a "wild west" approach to compliance, KYC and AML. The group alleges this approach has fuelled growth but misled investors on the real metrics. 

First, a health warning. The company hasn't yet responded, and we should give it time to prove itself. Block is a well-run organization operating at scale. A short seller is financially interested in dressing up anything they've found to be as ugly as possible. However, this is a thorough, well-researched report pointing to the most important topic in our industry.

🤔 Whatever the truth about Block, we will see more stories like this. For the past decade, digital-only onboarding has become the default. Fintech solutions fought to remove friction in that process, and many treated it as a tick-box process. Collect the right data? Done. Except, no, not done, the identity could be fake or stolen, or the user could be pressured into opening an account as a part of a scam.

🤔 The issue was made much worse during the pandemic. In an emergency, consumers desperately needed financial services, and branches closed. Digital account opening was a lifeline to get instant cash and PPP loans. The government underwrote those loans and stimulus checks and needed to go out fast. The pressure for speed created an opportunity. Fraudsters took advantage. And we're seeing this come out in the wash.

🤔 Identity fraud is the single largest issue facing Fintech. The single biggest point of friction for any Fintech product is onboarding. Removing friction has the highest ROI in the short term for user growth, but it can lead to bad outcomes: fraud, sex trafficking, and organized crime. But we don't have to have friction or fraud. We need the right friction at the right time.

🤔 Fraud controls at onboarding are critical. As an industry, there are some simple things we can do. 1) Check for more data. Opening an account has high abandon rates instead of asking consumers for pages and pages of data. Ask for a little and verify as much as possible behind the scenes from data providers, bank account history, email history, Telco, and more. 2) Spot suspicious activity or behavior on the device. A good user probably doesn't have to copy and paste their last name to remember it. 3) No more one size fits all. Layer on friction if the risk seems high. Remove it when data proves risk is low.

🤔 We'll see KYC vendors under pressure and pivot toward fraud prevention. That's a complicated beast to get right when companies are chasing revenue growth in much harsher market conditions. Being great at catching this stuff is a complex data science and teamwork problem. But a rising tide lifts all. Don't hate; collaborate. 

I joined Sardine* because this issue had been bubbling and needed a megaphone. But it's not a competitive thing. It's an all-of-us thing. Let's do better.

2. UBS to buy Credit Suisse

UBS will acquire troubled Swiss Bank Credit Suisse for $3.2bn in a deal brokered by the Swiss regulator FINMA. CS shareholders receive 1 UBS share for every 22.48 CS shares, and the Swiss National Bank supported a $108bn loan for the takeover. This deal has wiped out $17bn worth of bonds held by European investors, and the move by Switzerland has generated significant criticism from analysts and many economists.

🤔 Financial markets are like a patient in intensive care; regulators are the doctors. Credit Suisse selling to UBS stops the bleeding for now. In the short term, markets reacted positively to the news. But it doesn't solve the structural issues CS had. New management is not a guarantee of better performance. Long-term - Did the regulator make a mess of this by rushing to finish it?

🤔 In financial services, debt should always be senior to equity. But in this case, shareholders in Credit Suisse got something while these bondholders will get nothing. The reality is more nuanced, the contingent convertibles (or "CoCos") are a type of bond that also counts as a part of the banks regulatory capital. The bonds were created after the financial crisis to shift risk away from the taxpayer, and because they're risky, they carry a higher yield. These bonds are supposed to absorb losses and would be the first debt not to be honored, but the fact some equity got kept ahead of them is sparking concern.

🤔 Large central banks have lined up to say they would not do what Switzerland did. The Bank of England, ECB, and Fed have all said they would not follow suit. In a crisis, mistakes sometimes get made, but sometimes they cause more panic than they solve. Perhaps a better solution would have been to convert these bonds to equity first and then let the chips fall where they may. 

🤔 The solution from central banks and governments has been to consistently swap market risk (bad things happening in the market that causes short-term pain) for systemic risk (things that could take down the whole system). We do this by having central banks bail out banks, backstop deposits, or force mergers. The market needs confidence, but it must also be able to fail.

🤔 In software, there is a concept called graceful degradation. The idea is that something doesn't fail all at once, but a bit of it can fail without impacting everything else. Achieving that with a BANK as complex as CS is non-trivial. But we should put effort into how we supervise graceful degradation instead of bailouts, backstops, or acquisitions. Banks should have "plans" for winddown, but instead of stress testing, we should run 1000s of simulations to identify routes to do this (e.g., with something like Simundyne)

Good Reads 📚

1. 4D Chess in Card Payments

I had FOUR people recommend this Read to me this week, in which Nikil from Lithic covers the regional debit networks. These regional networks are lower cost than Visa or Mastercard but don't have global ubiquity like those brands. Merchants could save as much as 25% of their interchange fee by leveraging these networks, which under a new FTC consent order, must be made available to merchants for least cost routing. 

🤔 Those who understand the infrastructure win. This post lit up the world of Fintech this week because it clearly explains the kind of regulatory quirk that makes such a massive difference when you understand it. Financial services are full of these weird idiosyncratic things that you can optimize the business if you take the time to understand. 

🤔 The timing for this post is great, as everyone is looking for better unit economics. That's always true, but especially in this market. Not knowing the US debit card rails nearly as well as Nikhil, I'll finish by saying if you haven't read this, you absolutely should.

Tweets of the week 🕊

That's all, folks. 👋

Remember, if you're enjoying this content, please do tell all your fintech friends to check it out and hit the subscribe button :)

Disclosures: (1) All content and views expressed here are the authors' personal opinions and do not reflect the views of any of their employers or employees. (2) All companies or assets mentioned by the author in which the author has a personal and/or financial interest are denoted with a * (3) Any companies mentioned in Rants are top of mind and used for illustrative purposes only.