Exploring regtech and IDV fundings, mergers & acquisitions in 2023 – part 1, the why

'Sticks in a bundle can't be broken, but sticks taken singly can be easily broken.'

Aesop's timeless fable echoes a truth that extends beyond folklore—it embodies the strength found in unity; a principle as relevant to businesses as it is to people.

In the world of technology vendors specialising in fraud detection, prevention, and compliance, the power of unity is realised through funding, mergers, and acquisitions, plus public and private initiatives and projects. It's a strategic manoeuvre where individual capabilities are merged to create more complex and effective products. Just as the fable's lesson emphasises, there's strength in collaboration, particularly in the realms of regtech and identity verification.

At The Paypers, our yearly analysis delves into the dynamic landscape of regtech and IDV funding and M&A activities. While our aim is to cover an extensive array of identity verification and compliance technology companies within the banking, fintech, and payment sectors, our insights might be influenced by varying levels of accessibility to comprehensive information. Yet, amidst these challenges, our commitment remains steadfast—to provide an in-depth understanding of the industry's evolution and the collaborative efforts driving innovation in the fight against fraudsters and cyber threats that impact businesses and consumers alike.

• Overall, there's a declining trend in the average funding deal, mirroring a pattern observed towards the end of 2022.

• While the Europe-UK region sees the most prolific number of deals, the US stands out for pouring larger sums into IDV and regtech.

• Within the Europe-UK region, the UK attracted substantial funds in cybersecurity (Netcraft with USD 100 million) and regtech (Quantexa with USD 129 million).

Fintech Global's insights shed light on specific figures: European regtech companies in Q1-Q3 2023 anticipated a combined USD 49 million from seed deals, marking a marginal 2% drop from 2022. The UK emerged as the most active regtech country, securing nine seed deals.

Globally, Q3 2023 witnessed a surge with 20 AML & fincrime deals, indicating an 18% increase from Q3 2022. These deals amassed a total investment of USD 244 million. The US notably led the pack, engaging in 11 AML & fincrime deals.

1. Mass layoffs have continued to take their toll across industries in 2023. The tech industry has seen more than 240,000 jobs lost in 2023. Mass workforce reductions were driven by the biggest names in tech like Google, Amazon, Microsoft, Yahoo, Meta, and Zoom. While tech layoffs slowed down in the summer and fall, it appears that cuts are ramping up yet again. Among some of the regtechs/companies that help with compliance and fraud reduction, we noticed layoffs announced by Chainalysis, Sophos; for banks, fintechs, and payment companies we found announcements coming from PayPal, Affirm, Jumia, Rapid, and Citigroup considering at least 10% job cuts in major businesses. More shockingly is also the fact that VCs are conducting layoffs – London-based Stride, a five-year-old VC set up by former Accel partner Fred Destin, has stopped fundraising and laid off staff.

2. The ongoing wars across the globe (we refer mostly to Israel - Hamas, Russia-Ukraine) determine a rise in sanctions screening and cause a decline in economies, thus making populations in those regions not only more vulnerable to being victims of financial fraud and human trafficking but also the initiators of different types of fraud.

3. The uncertain economy, including rising interest rates and expectations of a possible recession, has driven much of what’s been happening in the industry this year. Not to repeat ourselves, but this aspect is closely related to layoffs and people who are seeking means of living by conducting fraudulent activities (e.g. friendly fraud, social engineering, investment scams, etc.)

4. The development of AI, and technology in general - the biggest news story this year (so far) has been how the late 2022 release of an open-source product called ChatGPT has provided fraud perpetrators with new and easy tools to automate and spread attacks and spurred many FIs to re-think their technology strategy and generated a wave of AI-focused innovation.

5. The rising number of fraud statistics/types/cyberattacks

US lenders report that 75% of all fraud losses are related to consumer phishing, according to SEON’s ‘Global Banking Fraud Index 2023’. The report highlights that 84% of companies with revenues of USD 1 bln or more have had more than 100 payment accounts targeted by fraud in the past year.

In other regions, UK Finance’s Annual Fraud Report reveals that over GBP 1.2 bln was stolen by criminals through authorised and unauthorised fraud in 2022, equivalent to over GBP 2,300 every minute. The main types of fraud remain credit card fraud, scams, remote purchase fraud (where a criminal uses stolen card details to buy something online, over the phone or through mail order), ID theft (where a criminal opens or takes over a card account in someone else’s name), Authorised push payment (APP), business email compromise fraud, etc.

Over the last year and more, cyber-attacks have become increasingly challenging and time-consuming for organisations to manage. In September 2023, Akamai thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank. Cybersecurity researchers discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. ‘The attackers employed deceptive tactics such as creating a fake LinkedIn profile to appear credible and customised command-and-control (C2) centres for each target, exploiting legitimate services for illicit activities’ Hacker News cited Checkmarx.

6. Regulation across the globe

Anti-money laundering (AML) measures are essential for financial institutions, including banks, insurers, and gaming establishments, to detect and prevent unlawful activities related to money laundering and terrorist financing. Besides the generic AML/KYC regulations that are in place, in August 2023 the US Federal Financial Institutions Examination Council (FFIEC) updated sections and examination procedures in the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual. These updates apply to all FDIC-supervised financial institutions and primarily focus on various aspects of BSA regulatory requirements, including due diligence programs, correspondent accounts for foreign financial institutions, records related to foreign banks, reporting obligations, private banking accounts, and information-sharing procedures.

The UK adopted on June 27, 2023, the Money Laundering and Terrorist Financing High-Risk Countries Amendment which aims to replace the existing list of high-risk third countries outlined in Schedule 3ZA of the MLRs with a new list. In October, the Economic Crime and Corporate Transparency Act received Royal Assent that offers Companies House enhanced abilities to verify the identities of company directors, remove fraudulent organisations from the company register, and share information with criminal investigation agencies.

In November 2023, the EU established the framework for the EU Digital Identity Wallet, under the eIDAS 2.0 regulation. This digital ID offers broad uses in public and private domains, aligning with the EU's 2030 digital services targets. Under this regulation, European citizens can access banking, payment services, and store personal documents like mobile licenses or certifications. A crucial facet is the mandate for major online platforms to accept the EU Digital ID Wallet for user logins.

In Asia, China’s central bank released a set of draft administrative measures on data security management in July 2023 for public consultation, signalling the watchdog’s enhanced emphasis on data processing securities.

7. The availability of a variety of payment methods – A2A payments, instant payments, and many developments of CBDC

Present AML systems are designed around existing payment systems, such as cards; however, the rise of instant payments, A2A payments powered by Open Banking, digital wallets, mobile money transactions, and even CBDCs threatens to overwhelm existing AML and other financial crime prevention systems. As such, in 2024 AML and identity verification vendors will focus on developing more advanced AI-powered systems to keep pace with the rate of change in the payments mix.

8. AML and KYC compliance grows beyond banking

The AML regulation law covers not only financial institutions but many regulated entities that deal with payments and onboard new customers, such as igaming, online gambling, web applications developers, etc. Case in point, Shufti Pro has been selected by European P2P (peer-to-peer) platform Iuvo to tackle financial crime; Jumio is supplying facial authentication and other integrated technologies for customer onboarding as a strategic partner to developer platform Modyo; and Veriff streamlines the identity verification process for gamers while also establishing age-appropriate content rules. Because they play a crucial role in facilitating communication and financial transactions, telcos also have a big job on their hands when it comes to maintaining regulatory compliance. For instance, in the US, the Bank Secrecy Act (BSA) and the USA PATRIOT Act require telecommunications companies to implement AML and KYC programs. In the UK, the Money Laundering, Terrorist Financing, and Transfer of Funds Regulations require telecommunications companies to carry out KYC checks on their customers.

9. FIs, regulators, and governments interest in fintech and regtech

The usage of regtech gathers increased attention from regulators and governments, as revealed by a survey from Thomson Reuters Regulatory Intelligence (TRRI). The survey outlines diverse reasons for the financial industry's use of regtech, including cyber resilience, compliance monitoring, financial crime prevention, and onboarding. However, Elizabeth McCaul, a member of the European Central Bank's Supervisory Board, emphasises the necessity for a strong foundation supporting any technological solution. She underlines the importance of an appropriate regulatory framework, robust supervisory oversight, and a comprehensive understanding of both the potential and limitations of new technologies.

10. The need for digital identity solutions

The evolution of digital identity has seen considerable growth, notably prompted by the pandemic-driven digital shift between 2020 and 2021. This surge has notably propelled significant investment and mergers and acquisitions in the sector. Key factors guiding these M&A decisions involve identifying solutions addressing genuine needs, ensuring clear paths to commercialisation, and prioritising user-centric features like security and seamless experiences. According to Liminal, trends such as heightened discussions about the use and importance of verifiable credentials, the adoption of digital wallets, and the development of passwordless solutions are revolutionising the security space and shaping the investment sector.

The current landscape of regtech and M&A depicts a dynamic interplay of economic, geopolitical, technological, and regulatory factors. Economic uncertainties, evident in mass layoffs and the anticipation of a possible recession, have propelled industries to reevaluate their strategies. Simultaneously, global conflicts have led to increased sanctions screening and economic declines, demanding greater vigilance in fraud prevention and financial crime detection. Amid these challenges, the burgeoning sophistication of cyber-attacks underscores the critical need for robust AI-based platforms for threat identification and response. The surge in digital identity systems, driven by regulatory standards and advanced technology, has transformed how businesses engage with their consumers. This era not only ushers in unparalleled advancements but also underscores the imperative need for reliable solutions that ensure digital safety and compliance.

In the upcoming instalment, we will be delving into the most prominent deals that have taken place since the beginning of 2023.

About Mirela Ciobanu

Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.