Fintech 🧠 Food - KYC is still broken

Hey everyone 👋, thanks for coming back to Brainfood, where I take the week's biggest events and try to get under the skin of what's happening in Fintech. If you're reading this and haven't signed up, join the 26,442 others by clicking below, and to the regular readers, thank you. 🙏

Hey Fintech Nerds 👋

Tech and Crypto have rallied on hopes we’re past the worst rate hikes and inflation.

Maybe we are. But don’t fight the Fed.

Tesla put up an amazing earnings and profit beat. But they also slashed prices from a recent high.

Techcrunch has a report that Stripe tried to raise $55bn and failed and has now set a timeline of ~12 months to go public.

The market is in this weird moment. Two steps forward, three steps back.

This market momentum might not last, but I can’t help thinking we’re trending the right way. There will be bumps in the road, but humanity shines best under pressure. So much of finance is still wildly inefficient. Fintech is just getting warmed up.

Here's this week's Brainfood in summary

📣 Rant: KYC is still broken. The total amount lost to money laundering annually is somewhere between the GDP of Indonesia or France. Despite billions in fines, the process is not getting more effective. AML and fraud prevention needs more fine-grained data, a standard for data sharing, and to think globally. It won’t be easy, but we need a standard for this that’s default digital, not default paper.

💸 4 Fintech Companies:

1. Noble - Credit Workflow Orchestration 

2. Atmos - Neobank for the Carbon Conscious

3. Keep - Brex for Canada

4. AiPrise - KYC Orchestration Platform

👀 Things to Know:

1. US Banks plan a wallet to compete with Apple & PayPal. The wallet won't be called "Zelle" but is designed to be an e-commerce option. 🤔 Competing for most with BNPL buttons and CashApp to create a merchant shopping ecosystem. There is a temptation to write this off as hopeless, but skeptics said that about Zelle too. EWS gets shit done.

2. Crypto Banks borrow billions to plug shortfalls. Silvergate and Signature both borrowed from their Federal Home Loans banks. 🤔 The real story is that so have most small banks as deposits evaporate. Why would a consumer store in a local savings bank when treasuries yield better? Clickbaity headline by WSJ, but then beating up on Crypto = clicks 🙄

📚 Good Read: On Chain FX and Cross Border Payments by Uniswap. The paper says FX and cross-border payment fees can be reduced by up to 80% when traded on-chain. This is because Automated Market Makers (AMMs) are 24/7 and give true PvP (Payment vs. Payment) settlement, unlike the correspondent banking system, which often has delays. This is a well-done paper, and while I have some caveats (in the good reads section), it's worth your time. 

Weekly Rant 📣

KYC is still broken.

The movie Catch Me if you Can is a rollercoaster story about the chancer Frank Abagnale, Jr., whose ability to forge checks and fake his identity allowed him to steal more than a million dollars from banks across the US.  As fun and iconic as the movie is, it shows what most of the banking industry defenses are designed to prevent.

Paper crime.

The financial services industry in most western markets is built on paper. Our laws about financial services, too, assume these paper processes. The biggest assumption is that we can use paper identities to prevent crime. The way we use these identities in finance is referred to as KYC.

To do almost anything in financial services, you need to Know Your Customer (KYC). It's the law. The fine for not doing KYC is a minimum of $500,000 and three years in jail. 

It is not optional.

These laws also extend internationally. "KYC and AML" is the basis of global economic policy and law enforcement.

In February 2022, when Russia invaded Ukraine, the immediate response of the Western bloc was to introduce "sanctions." In practice, this meant the US, Europe and UK released a list of named individuals that had to be frozen out of the global banking system. These individuals and companies could no longer trade dollars, euros, or sterling, and any holdings in foreign banks would be frozen.

This isn't an automated process.

Governments publish a list on their website as a PDF, and banks, Fintech companies, and anyone in financial services must figure out how to comply. 

On some level, it has been effective. There is a story this week that a former FBI agent allegedly received payments from a wealthy Russian Oligarch to help "get off the sanctions list." Studies estimate that Russia's economy is suffering from these sanctions, but it's a steady bleed rather than a killing blow.

It is, however, politically the best lever western governments believe they have. So they use a big stick to ensure the financial services industry complies. Since 2008, regulators have issued over $403bn in penalties for KYC and AML violations. There are fears this number could explode further as banks scramble to enact sanctions controls with the Russia-Ukraine conflict. 

The typical response to a fine is to hire more compliance officers, but now many are seeing repeat fines for the same failings. 

Fines don't work. 

The temptation is to beat up the banks, but it’s not that simple. No management team wants to be in the headlines or have a multi-billion dollar fine. Compliance professionals have challenging jobs and are often flying blind.

Imagine suddenly having to find every Russian national connected to your bank with millions of customers, some of whom opened an account in the 1970s. Now imagine those identity documents only ever existed on paper.

The premise of paper-based KYC and AML itself is outdated.

It's also ineffective. 

Various estimates put the total amount lost to money laundering and economic crime annually between $800bn and $2trillion. On the low end, that's the GDP of Indonesia; on the high end, it's nearly the GDP of France.

I cite this research paper more than almost any other. It concluded that criminal enterprises retain 99.95% of the proceeds of crime. Today's KYC and AML processes are ineffective at preventing drug, arms, and human trafficking. It does little to manage tax evasion and child sexual or labor exploitation. 

These are the worst issues in society, and our collective best answer doesn't work.

(Ok, I'm being slightly unfair; the study doesn't count all the crimes it prevents. There's also no way an Oligarch would be bribing people to get off a sanctions list if it wasn't at least somewhat effective. But let's agree it's a long, long way from optimal).

It does achieve additional costs for the industry and inadvertently excludes hundreds of millions of people from the banking system.

As a migrant, you may not have a local identity to pass KYC. As a low-income consumer, you're also high-risk by default, partly because criminals declare low incomes and partly because that segment is vulnerable to scams or becoming money mules.

When you layer on the cost of running a KYC program and the potential fines, a financial services company has to make significant revenue before this activity becomes profitable.

Digital and e-KYC reduced the cost on the front end but increased the risk on the back end (more on that later too).

Is there hope here, or are we screwed?

Let's zoom out

• How do these rules get set?

• How do KYC, AML, and Fraud processes work?

• Why is this broken? (the digital shift)

• How can we fix the problem? (more data)

• Why is this a privacy nightmare?

How do these rules get set?

KYC and AML rules in any formal sense emerged in the 1970s. In the US, the Bank Secrecy Act (BSA) was passed in 1970, and in 2002 the Patriot Act updated that (in the wake of 9/11). You'll see a similar pattern globally in the wake of 9/11. The UK passed the proceeds of crime and terrorism act and so on.

This was coordinated internationally by the Financial Action Task Force (FATF). Founded in 1989 by the G7, it sets standards for how AML controls should be implemented and assesses countries to ensure they implement those standards. More than 200 countries are committed to implementing these standards.

Failure to implement the standard lands a country on a grey or blacklist. 

The result of this international coordination is these standards get copied + pasted globally. 

Wherever there is a sovereign country, there are AML rules.

How KYC, AML and Fraud processes work

(Compliance nerds can skip this section or mark my homework, whichever 🤓. But it's important to level set for the following section, and recounting first principles is always helpful.)

At the simplest level, the best way to prevent the bad guys from doing bad things is to exclude them from the system. This is best done by not giving them an account during account opening.

At account opening, a potential customer is asked to give evidence of their legal identity and proof of address. Legal identity documents include photo IDs like passports, driver's licenses, and national ID cards and are documents issued by a government. The definition of "identity" in this sense is the one the government you're a citizen of recognizes you by.

These documents, along with any proof of address, are then to be examined by the bank or Fintech company for their authenticity before opening an account. Historically this happened at a branch, but today this is most often in the mobile app and powered by Fintech infrastructure companies like Alloy, Onfido, Socure, and Sardine*.

Once these documents are collected and reviewed for authenticity, the Fintech company or bank performs checks for economic crimes. 

There are three main types of economic crime.

1. Money laundering (Criminals moving money through the system)

2. Sanctions evasion and corruption (Individuals or corporations moving money that should not be allowed to or taking bribes)

3. Fraud (Attempting to steal or scam money from someone else)

(This is grossly oversimplifying, but a helpful shorthand).

The company has to check for all three types of economic crime in the customer's history and reject that customer at account opening. 

Often a potential customer is denied but not told why; if the bank or Fintech company suspects an economic crime, they can't tell the customer due to "tipping off rules." In the US, tipping off a money laundering carries an unlimited fine and up to 5 years in jail. In the UK, a Money Laundering Reporting Officer (MLRO) can be imprisoned if significant failings occur. 

The checks at account opening are customer due diligence (CDD), and where the customer could be high risk involves enhanced due diligence (EDD).

Many of these checks have to be run consistently either during reviews or at a transaction. Checks of a transaction are transaction monitoring.

Fintech companies, banks, and everyone in the flow of funds must have a system for this transaction monitoring. Banks must ensure Fintech companies have these processes in place through their 3rd party management. That's what Blueridge and other partner banks are being pushed by US regulators on. The ultimate burden always falls on the banks. 

Banks are the police of money.

Companies then have several risks to manage, usually at account onboarding but also during transaction monitoring if any new counterparties are involved (or the transaction is large)

Processes include:

Sanctions screening. Checking sanctions lists like OFAC (for the US) and their UK, EU, and other major jurisdiction counterparts. This is more complicated than it may appear. There are entire countries on the list, corporations, and specific individuals. These individuals go to great lengths to hide their identities and find their weak spots in the system. 

One weak spot is complex corporate hierarchies (layering). If a Delaware-based C-Corp in the US is owned by a holding company in Panama, which is partly owned by a trust in Jersey, which a holding company in the Bahamas partly owns, the paper trail can be hard to follow. Identifying ultimate beneficial owners (UBOs) can be incredibly challenging.

Adverse media screening. Perhaps a person or company isn't on a sanctions list but has been involved in criminal activity, bribery, or corruption.

Politically exposed person checks (PEPs). A close relative or friend of a politician may be vulnerable to bribes. This is why politicians sometimes moan about how hard it is to open a bank account or get a mortgage.

Money Mules are individuals who may knowingly or unknowingly move money on behalf of criminals. Criminals take out ads online saying, “make $100 a day working from home.” The consumer may use an existing or new bank or Fintech account to move the money.

These processes run at account opening and during a transaction. Sometimes a particularly large or strange-looking transaction will occur, triggering an investigation. This becomes a case that the Fintech or bank has to manage (they may use a case management tool like Hummingbird or as part of their wider suite like Unit21, Alloy, Comply Advantage, etc.

If they see suspicious activity or something that looks fishy, they submit a  suspicious activity report (SAR) to local law enforcement. 

Then there’s fraud. Where fraud differs is that the consequence often lies primarily with the Fintech, bank, or merchant in a transaction. In some payments, merchants are liable, and in others, banks are liable. If a consumer is defrauded using a credit card, the bank will refund them; the bank has liability.

Liability often means losses. So the motivation here has historically been to reduce losses. However, increasingly fraud is connected to organized crime, and the line between AML and fraud is blurring.

Fraud processes that occur at account onboarding include (but are not limited to):

1. Database checks. Has this customer been reported as a fraudster by a bank before? (This is easier for banks but hard for most Fintech companies to know, not all banks believe sharing is caring). Has the email or telco shown up in fraud reports? 

2. Document and manual checks. In the branch, the branch staff would check if a real person had walked through the door and looked like their Photo ID. They'd also look at the documents to evaluate if they were genuine.

Fraud processes at transactions might include

1. Transaction blocking. A bank or Fintech company might have rules or things they look for that become a straight no. The obvious would be if a stranger walked into a branch and tried to withdraw your life savings without proof of identity or a check appeared forged. Often when you've tried to buy something, and it doesn't work, chances are the transaction has been blocked.

2. Additional friction. Another way to manage fraud might be to make the transaction harder. In a branch, this might require a photo ID and proof of employment before you can withdraw a large amount. Some secondary check or step-up processes for the customer to pass before the transaction happens.

There is so much more to it than this, but this would be 100,000 words if we started to explore.

The era of digitizing paper processes

In the decades since paper dominated, countless other processes emerged. For example, after the rise of e-commerce card schemes introduced 3D-Secure, an additional friction process where a high-risk transaction requires further details from a consumer before it can occur. 

E-commerce merchants hate this because additional friction means customers abandon a purchase. More friction means fewer sales. 

Friction is the enemy.

The worst possible case of friction is when a transaction is blocked or paused for a legitimate customer. This is a false positive. False positives penalize good customers for catching the bad ones. 

Imagine trying to catch tuna, but the fishing net catches 10 other fish for every tuna you catch. 

False positives are measured as a ratio because, historically, there are many more false positives than actual positives. The same is true for Fintech companies, banks, and digital wallets. With the introduction of mobile electronic KYC (or e-KYC) became a thing.

Additional checks at account onboarding mean less customer growth (which, when you're being pushed to grow rapidly by VCs in, say, 2021, friction is something you're incentivized to remove). Additionally, companies that monetize via swipe fees (interchange) want more transactions to happen. Blocking them is blocking revenue. In growth mode, companies want to ensure it's fraud before blocking a transaction.

This tension has always existed between risk and growth.

But it shifted significantly in recent years.

Two massive shifts in Fintech and Finance.

From 2020 through 2021:

1. The pandemic meant branches were closed. The only way to open an account was through e-KYC. Anyone who needed finance suddenly had to sign up for mobile or online banking. Firstly, This led to a massive spike in signups via mobile.

2. Fintech investment ballooned. Anything digital saw such unbelievable growth in '20 and '21 that VCs were pouring fuel on the growth in the form of investment. 

Fintech investment boomed partly on the back of new infrastructure companies (e.g., Banking-as-a-Service) that can help a new Neobank get to market in as little as 8 weeks. That collapse in time to market massively reduced the cost to get to market and iterate on product-market-fit. The market flooded with entrepreneurs and builders with great ideas but perhaps not the most AML or fraud experience.  

For many large banks or enterprises that have historically had AML and fraud experience, being digital-only also created a wave of new potential scams and attacks. 

Branches are a surprisingly good fraud control. A fraudster in another country struggles to show up to a local branch. Also, the crime committed to an anonymous app takes less guts than walking in and sitting with a person for 20 minutes, convincing them you're really someone else.

Then 

1. Russia invaded Ukraine and created a wave of new sanctions and regulatory focus.

2. Regulators began to look closer at sponsor bank arrangements used by Fintech companies to get to the market.

3. The Crypto and Tech markets corrected, meaning Fintech companies had to find better unit economics.

4. Scams and fraud rates began to soar.

I showed this chart from Alloy last week that this impacts anyone in financial services; 91% say fraud is up significantly or somewhat. If you did this report again, even more would report a significant spike.

We have a market where starting a wallet is cheaper and faster than ever. The surface area for bad actors to attack got much broader; they can do it from anywhere in the world.

So how do we react?

Well, firstly, risk infrastructure became the hottest sector in Fintech. As demand for solutions that can plug the leak started to explode. But these tools are not being implemented in a vacuum.

They're being implemented in a highly complex, fragmented marketplace full of overlapping providers, terminology, priorities, and history. The industry's task is not as simple as having new tools; it is understanding how we get on the front foot. 

The problem with how we manage risk.

Precisely because these controls evolved from paper over decades, they're often seen in isolation in response to each threat. When e-commerce took off "card not present," fraud became an industry issue. Unlike in-store purchases, online transactions can be completed with just the card number and details. Hence, "card not present."

Merchants and issuers developed products, solutions, and processes to manage the risk; today, it's considered a reasonably well-managed risk. E-commerce transactions require additional friction or are blocked from certain card types and locations. 

Today, scams, authorized push payment (APP) fraud, and first-party fraud are hot issues. APP Fraud is when a customer intentionally moves money but may have been tricked into doing so. As P2P and real-time payments become the norm, consumers are especially vulnerable to scams. 

First-party fraud is when a fully verified customer, who's a real person, commits fraud. Like buying something online and pretending the goods never got delivered by starting a chargeback. That eats time and money for the card issuer and the merchant, but for the customer has almost no consequences (other than them potentially being added to industry naughty lists).

First-party fraud can be anywhere from 60 to 90% of all fraud experienced in a Fintech company.

How do you defend against your own customers?

Especially if you know nothing about them as they walk in the door.

That friction vs. revenue trade-off starts to look different when fraud rates are so high, and the barrier for bad actors to create a new account somewhere else and get away with first-party fraud all over again is very low.

The trade-off is also not always managed by banks. If you're a sponsor bank, you can oversee the Fintech companies you sponsor, but the power dynamic isn't always obvious. When you stack a massive Fintech company on a tiny bank, the commercial incentive to push back isn't always as strong as it could be. 

Big banks have another problem. They have 30+ systems, in-house build, specialists, and countless teams. When a new threat emerges, it could take time to react to.

Account onboarding solutions focus on the risks at onboarding, and transaction monitoring tends to look at transactions. Then the fraud and compliance teams try and put a puzzle of data together to solve the risk unique to their client base.

We also see a patchwork of providers. Some specialize in e-KYC across a broad range of markets (e.g., Trulioo), and some go much deeper into the financial services value chain (e.g., Alloy), and some specialize in one specific bit of the process, like Inscribe, who just raised $25m to do fraud checks on paper documents.

Completing that puzzle is hard.

It becomes a data problem.

How do we solve it?

Data exists in silos. Each bit of data is a clue (or signal), but the connection between those becomes critical. Like a detective looking at blood spatter, phone records, and CCTV, it's not just the transaction or photo ID. It's the combination of them plus everything else.

The more data we have about a person, device, how they behave, and what else they've done anywhere else, the more sophisticated we can be in targetting the bad guys and preventing false positives.

That's the hardest with sanctions and AML. But we've always viewed sanctions as an onboarding and transaction problem. Again it's a data problem that we have to be detectives.

Each Fintech company sees only the data it can gather, and the same for banks and payment networks. They look down and see their customers, transactions, and data. They can't see what their counterparties see (other banks, Fintech companies, and payment networks).

Banks share a limited set of bad actor data in some jurisdictions, but many Fintech companies are locked out of that (for example, Early Warning Services in the US). The data set is usually related to bank and customer transactions but doesn't include the whole world of Crypto. Crypto exchanges share information to catch bad guys and work with law enforcement, but they don't have a way to share that with banks.

If we assume that, as an industry, our controls won't stop a sanctioned entity or money launderer from getting into the system, we need to get smart about how to catch them.

Fines are not the answer; collaboration is.

Regulators are the examiner. They take data feeds from the private sector finance industry and examine them to ensure it is complying and performing well. If it finds a failing, the big stick is to fine the institution.

But it’s law enforcement who then follows up on sanctions or crimes.

There’s a mismatch here, with nobody seeing the full picture.

The answer probably isn’t another government-run database or agency but a way to collaborate across those lines. There is no dashboard for regulators or law enforcement to see what’s in front of them vs. something like Dune.xyz which gives very clear macro views into the Crypto industry based on a public data set.

Also, crazy idea; what if sanctions lists had a half-decent API?

We need collaboration between market actors and regulators

We need to share data.

You can't go to a fraud or risk conference without hearing this mantra. But sharing data is like teenage sex; everyone talks about it, but almost nobody is doing it, with a few exceptions.

One initiative to do this at the corporate level is the Interbank Information Network by JP Morgan, a secure way for banks to share suspicious activity and cases. It is literally displacing emails and phone calls. Another is a DAO created by Unit21 for Fintech companies to share data, and Sardine* is building a similar initiative.

We need more fine-grained data.

The more fine-grained the data, the more clues we have. Historically the industry had a series of black boxes and would return "is high risk" or "decline." Thankfully that trend is changing, and most platforms and vendors have started to play well with others.

But most financial institutions aren't able to easily combine the risk signals coming from on-chain and off-chain data sources. 

We need to think globally.

Crypto is default global. 

The Crypto industry shares information under the "travel rule," which FATF sets. The travel rule says exchanges and centralized wallets must exchange sender and recipient information for transactions above a threshold (e.g., $1,000) to ensure neither side of the transaction is laundering money. They do this using a standard like IVMS101*

*The non-profit I co-founded, Global Digital Finance, was a founding member in creating this standard.

Now put this together.

More fine-grained data, more sharing, and default global.

That's a hard problem because GDPR and privacy are giant issues in every jurisdiction. We'll solve pieces of this locally. But ultimately, we should be having a standards conversation at the global level.

The nature of the Crypto industry is to reject anything centralized.

The nature of governments is to try and centralize everything in their jurisdiction.

The way out of this is grinding through the complexity of standards.

Privacy and user data ownership are critical.

Privacy-assured risk data sharing helps us prevent child exploitation and sanctions violations.

We can have both.

But it's gonna be a ton of work.

Pour one out for the fraud and compliance operators out there 🍸

ST.

4 Fintech Companies 💸

1. Noble - Credit Workflow Orchestration 

• Noble users can create, edit and manage credit programs via its API and no-code solution. Users can build BNPL, credit cards, charge cards, cash advances, or more complex credit products. To do this requires multiple data sources to create workflows. It becomes a no-code workflow tool for all credit processes.

• 🤔 Innovation in credit comes from getting more data and building better workflows. The more credit fits the context of a user journey, the higher it converts. Noble provides the type of tool builders need to construct those experiences (although somewhere, a lender still needs to approve that product, I'm guessing). 

2. Atmos - Neobank for the Carbon Conscious

• Atmos provides a debit card, a 2.4% savings rate, and 5% cashback on sustainable businesses. It also has a community and detailed insights on how deposits are used to back non-profits and projects.

• 🤔 Why hasn't a large bank launched a similar product as a credit card? It has all the hallmarks of an affinity brand. There are a few "Neobanks for the climate-conscious," but none are setting the world on fire (in a good way, lol). Perhaps "the climate card" is a feature, not a business? Increasingly, I believe ESG goals are best met through a great product design that makes changes that impact nature effortlessly instead of identity politics. 

3. Keep - Brex for Canada

• Keep is the corporate card for entrepreneurs and growth companies that doesn't impact the personal credit score. It offers up to 4% cashback and 10 to 20x higher limits than consumer credit cards. It also has many now standard Fintech company features in this category (digital onboarding, instant virtual cards, expenses dashboard, and finance automation). 

• 🤔 Keep is a proven model, but I'm curious if being home-grown is a competitive moat vs. established competitors from the US. With a very different banking market and set of payment rails, Canadian market entry isn't as simple as many might hope.

4. AiPrise - KYC Orchestration Platform

• AiPrise brings tools like Middesk, Comply Advantage, and data providers like Sentilink to help teams in LatAm onboard customers with less fraud. Teams can use templates or build custom workflows for their onboarding and A/B test different approaches. 

• 🤔 Onboarding is critical in detecting and preventing scams, hacks, fraud, or crime. If you never let the bad guys in, they can't do bad things. The tension is between creating a frictionless experience for good customers and doing the endlessly complex detective work in the background to catch the bad guys. It's good to see a pure play orchestration approach, although it applies at every key customer touch point. 

Things to know 👀

1. US Banks plan a wallet to compete with Apple & PayPal

Users can select a new service at e-commerce checkout from the consortium of banks (EWS) that also built Zelle. The bank-owned utility EWS said the new wallet would likely be separate from Zelle and will roll out in H2 this year. The banks expect to enable 150m debit cards shortly after the launch. 

🤔 I get why they want this; PayPal and Apple are positioned to steal consumer mindshare and turn banks into "dumb pipes." Fintech and tech companies are also encroaching on the core business with the Apple card and PayPal increasingly lending to merchants. The banks need a play here that's more than just accepting defeat.

🤔 There are reasons to be skeptical. Competing with Apple on UX is a big ask. Consumer wallets are hard to build and drive adoption with, especially from the checkout (unless there's some benefit like BNPL). History is littered with stories of banks trying to launch e-commerce wallets and failing (remember ISIS?), 

🤔 But everyone was skeptical of Zelle too. Maybe the market needs Apple Pay for your parents? There are customers loyal to their bank or credit card, either for their rewards or because they trust it more for online use. There is a gap in the market if the banks can execute, and EWS is 2 for 2 (it's fraud data sharing and its payments network). 

🤔 E-Commerce is a huge fraud risk, and the banks often absorb those losses even if the payment type is another wallet like PayPal. If a significant customer base used this new wallet instead of those services, the banks could more closely manage those fraud risks. That's a big if, though. 

2. Crypto Banks borrow billions to plug shortfalls.

Silvergate borrowed $10bn, and Signature borrowed $3.6bn from Federal Home loan banks, a system designed to support the mortgage industry in the 1930s. The borrowing comes as both banks serve Crypto clients whose deposits have been withdrawn or made unavailable in the wake of FTX and 3AC. 

🤔 The headline is about Crypto, but the reality is that lower deposits causing banks to borrow affects the entire banking industry. Why store your money at a bank when treasuries offer a higher yield? 

🤔 Small banks (sub $3bn assets) are struggling broadly. They have fallen from 13% of total assets to 6% in the past 9 months. This isn't just partner banks or Crypto banks but small banks. In fact, the partner banks are better insulated in many cases.

🤔 There is the lingering question of what systemic risk pilling massive Fintech companies on tiny banks create. The power dynamic between a Fintech company with millions of customers and billions of deposits vs. a small bank is backward. The bank bears the ultimate regulatory responsibility but doesn't have commercial leverage.

Good Reads 📚

1. On Chain FX and Cross Border Payments

This whitepaper by Uniswap estimates FX and cross-border payments fees can be reduced by 80% when traded on-chain. Uniswap believes this is due to the low cost of Stablecoins and the efficiency of automated market makers (AMMs). This is because AMMs "solve" settlement risk (that money won't arrive) owing to the complexity and lack of transparency inherent in the existing correspondent banking system. 

This risk is estimated to lock up to $2.1 trillion of liquidity. Uniswap believes the BIS project Mariana is investigating AMMs for precisely this reason. For a market in its infancy, EUR to GBP trading on Uniswap is already within basis points of at-scale wholesale FX trading rates, suggesting it can be highly efficient. It uses PvP (Payment vs. Payment) trading, meaning that one leg of the transaction cannot settle until the other can provide it is ready to do so. That sounds simple, but it's not how payments work today. 

🤔 The real opportunity here is competition with the correspondent banking system. AMMs are 24/7, which means any company or Fintech trying to move money cross-border can do so instantly. There are ways to do that today, but there's always a catch. It relies on local payment systems or your receiving bank being able to keep up. A bank or payment system creates a delay somewhere in the link from one country to another. The only way to make that "feel" instant is with someone stepping in to take the risk that the payment will arrive, and that risk creates cost. 

🤔 Short term, I'm less sold on the remittance use case outside specific corridors because on and off-ramping fees muddy the picture. The 80% cheaper is possible if network fees are low and both the sender and recipient have a near zero on or off-ramping fee. That's a big if. Although, I do believe those fees will come down in time and take the average remittance from ~6% to ~2%. Moving money cross-border will become similar to moving money domestically. 

🤔 Companies like Wise and Remitly are probably cheaper for most major corridors in the short term. The smaller or more complex corridors could benefit most from Stablecoins and on-chain FX. Longer term, I suspect these remittance wallets would adopt on-chain FX rather than be displaced by them if it proves more efficient than their netting operations today. 

🤔 The hardest part is solving local compliance and edge cases. Governments like Nigeria and India have "banned" Crypto, so it's unlikely large institutions and corporates will use it within their borders. Much of the cost in the existing system comes from the compliance of both the sending and receiving countries. A transaction to send money from the US to Argentina must comply with both countries' laws and regulations. Solving that while Crypto has a reputation issue is an almighty challenge.

🗣 Honorable mention: This is the best overview of interchange I've seen. It has taken the crown from Unit's blog as the default first thing to read to learn about interchange.

Tweets of the week 🕊

That's all, folks. 👋

Remember, if you're enjoying this content, please do tell all your fintech friends to check it out and hit the subscribe button :)

Disclosures: (1) All content and views expressed here are the authors' personal opinions and do not reflect the views of any of their employers or employees. (2) All companies or assets mentioned by the author in which the author has a personal and/or financial interest are denoted with a * (3) Any companies mentioned in Rants are top of mind and used for illustrative purposes only.