As the global regtech industry matures, some cosmopolitan cities are battling for the top spot in terms of deal activity. Among those, we find London, New York, San Francisco, Palo Alto, Tel Aviv, Boston, Seattle, etc. As we can notice, the cities coming from the US dominate the charts. This is unsurprising given the strong fintech innovation hubs established in San Francisco and New York.
Reducing fraud and AML with better data is something that fintechs and regulated entities are looking at to boost confidence when accepting payments/transactions while mitigating risk and staying compliant. Another major issue on the US financial industry’s agenda is preventing and fighting cybercrime with companies like JP Morgan Chase investing USD 600 million per year to strengthen their cyber defences. On top of these challenges, the pandemic has increased the activity of fraudsters trying to take advantage of compromised systems. Overall, with financial service providers being entrusted with personally identifiable information and the rise in the use of digital channels, the demand for fraud prevention providers will continue to grow.
Investments in fintech and regtech have also been spurred by the evolution of technology and the financial risk related to the new ways of transacting via crypto, NFTs, stablecoins, plus the increased activity of US regulators to modernise AML/CFT regulations and guidance, and crypto assets.
Next, we will be delving into some regulatory updates happening in the US and Canada that financial institutions need to consider, boosting investments and partnerships around risk and compliance management. Plus, we will highlight some crypto initiatives in the US, that are spurring blockchain analytics companies’ activity around tracing crypto transactions, to conclude with the most important players that made the headlines in terms of funding and partnerships in 2021.
While many of the regulatory efforts may be in the preliminary stages, North American watchdogs are poised to make significant changes to the AML/CFT, the Ultimate Beneficial Owner (UBO), sanctions, and crypto-assets regime.
Continuing the work on the Anti-Money Laundering Act of 2020 (AML Act) - in June 2021, FinCEN issued a government-wide list of AML/CFT priorities intended to help financial institutions better marshal their limited compliance resources to fight threats such as corruption, cybercrime, domestic and international terrorist financing.
Ultimate Beneficial Owner (UBO) is gaining momentum – with the Corporate Transparency Act becoming law on January 1, 2021, steps have been taken to implement the beneficial ownership amendments of the act. As a result, the agency issued a notice which offers more details around who must file reports with FinCEN that provide beneficial ownership information, when to file those reports, and what information is required. Also, in December 2021, FinCEN issued a Request for Information (RFI), seeking input on ways to modernise the country’s AML/CFT approach and identify outdated or redundant provisions that do not align with international standards or a proper risk-based approach.
The US published a sanctions review in October 2021 that reiterated the importance of sanctions to the advancement of national security interests and identified challenges and risks associated with new payment systems, the use of digital assets, cybercriminals, and the need to ensure a flow of legitimate humanitarian need. OFAC also published new sanctions compliance guidance for the virtual currency industry that offers an overview of the requirements, procedures, and best practices crypto firms should follow. This includes an emphasis on cybersecurity, the need to monitor IP addresses using geolocation tools, screening against sanctions lists, and carrying out ongoing transaction monitoring.
Furthermore, the evolving situation between Russia and Ukraine and existing sanctions on China demand businesses to adjust their risks operating globally and respond with agility as new requirements become clear.
In Canada, significant changes made to Canada’s AML/CFT framework on June 1, 2021, as laid out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), are wide-reaching. The areas covered include beneficial ownership due diligence and transparency, virtual currency transaction reporting, new travel rule requirements and obligations for foreign money services businesses and concerning prepaid cards. Moreover, there were amendments to the 24-hour rule and updates to customer screening, ongoing monitoring, recordkeeping, employee training, CDD/KYC requirements, and PEP onboarding requirements.
Stablecoins and maybe CBDCs could be a vector by which the US will implement regulations on cryptocurrencies directly. The current regulatory framework in place does not address the potential risks posed by stablecoins, hence last year’s President’s Working Group report on stablecoins recommended that Congress pass a law specifically addressing stablecoin regulation. The key question for lawmakers may well boil down to just how they define stablecoins for legislation. ‘A key question that the FDIC has been carefully exploring’ is whether a stablecoin or its reserves qualify as ‘deposits’ that could be protected by the Federal Deposit Insurance Corporation (FDIC). Regarding the development of CBDCs, at the beginning of March 2022, President Biden signed a long-awaited crypto executive order on ‘Ensuring Responsible Innovation in Digital Assets (Order)’. The Order places ‘urgency’ on the research and development of a CBDC and it focuses on the growth of the crypto economy and the need for US technological leadership. Furthermore, the Order directs interagency and international coordination to combat illicit finance and national security risks and it focuses on financial inclusion.
In January 2021, the Office of the Comptroller of the Currency (OCC) published a letter clarifying national banks’ and federal savings associations’ authority to participate in independent node verification networks (INVN) and use stablecoins to conduct payment activities and other bank-permissible functions. Many of these tokens are offered and sold as securities, which means that these products are subject to the securities laws and must work within US’ securities regime.
The American public is buying, selling, and lending crypto on trading, lending, and DeFi platforms, and there are significant gaps in investor protection, the OCC continued. Under US laws, securities on these trading platforms must register with the Commission unless they meet an exemption. If a lending platform is offering securities, it also falls into SEC jurisdiction.
So, while crypto is regulated from many angles, no single framework governs all of it and we might expect things to happen in 2022, influencing fraud prevention, KYC, and identity checks providers to intensify their activity on these markets.
This leaves us to Jumio’s CEO, Robert Prigge, remark: ‘I think the big thing is that the foundation of the internet is identity, not anonymity. It’s been a big shift over the last couple of years. People wanted to originally hide behind anonymity, but now identity is the keystone. Whether it’s online banking or social networks, you need to be able to establish trust remotely’.
All in all, regulatory efforts and initiatives around AML/CFT, the Ultimate Beneficial Owner (UBO), sanctions, and the crypto-assets regime, not to mention some of the fraud happening in financial services (covered in our first instalment) push further investment in regtechs and IDV providers. Now let’s see who the knights are that are protecting our identities and the online space in North America.
The biggest deal so far in the identification and background checks sector was completed by Socure, which raised USD 450 million. Next in line came Canada’s unicorn, Trulioo, which got USD 394 million to build trust online so that businesses and consumers can transact safely and securely.
Socure has earned the highest valuation for any private company in the identity verification space, at a USD 4.5 billion valuation, from several of the world’s best growth equity and public market investors. The company achieved this valuation just seven months after its USD 1.3 billion Series D, on the back of 500% year-over-year bookings growth and nearly USD 1 billion of investment demand. Moreover, 2021 results show that the company achieved five consecutive quarters of growth, 159% bookings growth year-over-year, tripled customer count, and had a best-in-class customer retention rate of 174%.
Also, the company plans to accelerate its investments in product innovation to address identity verification challenges across the entire digital consumer journey, penetrate new markets including the public sector, as well as continue to attract and retain the best product, data science, and engineering teams in the world. Among Socure’s fully-automated ID+ platform users, the company is trusted by large banks and credit card issuers, Buy Now, Pay Later (BNPL) providers, investment management firms, crypto exchanges, and the majority of large fintechs.
Using API integration, Trulioo provides real-time verification of 5 billion consumers and 330 million business entities worldwide. In our previous Regtech M&As and investments under the microscope, we saw Trulioo joining Canada’s rapidly growing elite ranks of ‘unicorns’. What has the company done lately? It has added several payments providers, global customers in the remittance sector, and crypto enablers to its client roster. Also, it received approval from German authorities to verify users' age and enhanced its identity verification services in Ireland through Trulioo GlobalGateway, a network of identity data and services.
In March 2021, Jumio, a provider of AI-powered identity verification and eKYC solutions, secured a USD 150 million investment from Great Hill Partners. The funding was used to automate its identity verification solutions, expand the breadth of Jumio’s KYX Platform, and grow its suite of AML compliance services. After the announcement, Jumio partnered with Idemia and Microsoft for the rollout of its Azure Active Directory verifiable credentials, with iProov to roll out Liveness Assurance and Genuine Presence Assurance to enterprises, with UK-based Veridium to create a Trusted Digital Identity for user access to business-critical data, applications, and systems. So it ended 2021 by acquiring identity verification company 4Stop while planning to redefine the end-to-end identity industry. Overall, Jumio is notable among the group of companies providing ID verification tools both for being one of the bigger and older players. It’s also distinctive for having developed a platform approach, where it offers a range of different kinds of tools.
In 2021, ID.me became another identity unicorn with a USD 1.5 billion valuation and an additional USD 100 million in financing from Fortress Investment Group. This came on the heels of the company solidifying new partnerships across 6 federal agencies and 27 states to improve civilian identity. ID.me is steadily growing traction in both federal and private sector applications and across both B2B and B2C use cases. Therefore, we expect to see ID.me continue improving what many consider to be the largest Personal Identity Ecosystem (‘PIE’) in the US. Still, the company has made the headlines over its agreement with the US Internal Revenue Service to be the sole provider of identity authentication for online access to key tax services via biometric selfie signup. According to Biometric Update ‘ID.me’s privacy policy reveals that it could potentially create an ‘inferred citizenship’ status for users’, causing a group of Senate Republicans to raise their concerns and ask a series of questions about how the partnership with ID.me will affect civil liberties. But the company explained it is not creating a database based on citizenship or nationality; plus, it also pushed back on allegations that it seems willing to share this data with other government agencies. Yet it remains to be seen if the company proves its reliability.
In September 2021, US-based identity platform Acuant partnered with Atala PRISM to eliminate bad actors and strengthen security by integrating fraud prevention and AML technology. Two months later, the UK-based fraud prevention company GBG announced plans to buy Acuant for USD 736 million to expand into the US. The acquisition accelerates the rollout of GBG's identity and fraud solutions globally.
Digital identity command centre Alloy secured USD 100 million in its Series C funding round, bringing its valuation to USD 1.35 billion. The company hopes to expand its product offerings to help more fintech companies and banks improve their protections against fraud.
San Francisco-based Incode Technologies raised a USD 220 million Series B funding round, giving the company a USD 1.25 billion valuation—less than seven months after its USD 25 million Series A round. This was led by General Atlantic and SoftBank, with additional investment from JP Morgan, Capital One, Coinbase, and others. Incode is one of several companies trying to eliminate the hassles of real-life verification for things like online banking and ecommerce. The company’s AI-based digital identity platform uses biometrics and automated document verification to help facilitate the verification of customers.
Another US player that aims to fight fincrime using AI, Feedzai announced that it ended its fiscal year with +40% year-over-year growth. Last year the company received a USD 200 million Series D investment that gave it ‘unicorn company’ status and allowed it to acquire Revelock, a behavioural and biometrics platform, later in the year. In 2021 the company defined RiskOps as a new approach to risk management. Feedzai's technology now reaches over 900 million consumers worldwide, up from 800 million a year ago. This equates to about 19 billion transactions tracked during the year and over 1.7 trillion dollars protected for some of the world's largest banks, fintechs, and merchants.
US-based private equity firm K1 Investment Management invested USD 120 million in New York-based Compliance Science (ComplySci). ComplySci is a developer of regulatory and employee compliance software for wealth management firms and other financial services enterprises, serving broker-dealers, registered investment advisers, hedge funds, private equity firms, investment advisers, venture capital firms, etc. The K1 investment will support Comply-Sci to build out its platform. This includes processes to verify political contributions, compliance program management, and recently launched products to track employee activities to identify potential conflicts of interest and market abuse.
In finance, we always have to ‘Know your Customer’, which means that a person has to reveal their legal, government-issued identity to interact with the world of financial services. This is the primary way the industry prevents, detects, and reports any fraud happening. Reducing fraud and AML at the source with better data is something the fraud and compliance platform for fintechs Sardine aims to achieve. In February 2022, the company announced USD 19.5 million in Series A funding from Andreessen Horowitz, NYCA, and Experian Ventures to enable companies to protect customers from financial fraud. Additionally, the company extended its industry-leading fraud prevention platform to enable instant bank ACH transfers for crypto on-ramps.
The addition of digital currency products over the last few years has increased the demand for blockchain analytics companies. As a result, Chainalysis, one of the largest US cryptocurrency investigation firms building software to untangle messy blockchain transaction histories, raised USD 100 million. Government agencies use its products to bust Bitcoin-linked crime rings while exchanges turn to it for help vetting and sometimes freezing stolen crypto. The company’s client base includes government investigators, crypto exchanges, and even financial institutions. According to records reviewed by CoinDesk the FBI, Internal Revenue Service (IRS), Department of Homeland Security (DHS), and other federal offices spent over USD 10 million on Chainalysis in 2020. But the company is also pursuing international deals, especially in Asia, where CEO Michael Gronager plans to resurrect a pre-pandemic expansion playbook by investing in its Tokyo and Singapore outposts. Amid the current surge of crypto, DeFi, and NFTs usage and scams, the company’s annual recurring revenue has more than doubled year-over-year. Capitalising on the growing market for crypto intelligence is also a security company that tracks crypto crimes: CipherTrace. The company closed a USD 27.1 million Series B round of funding led by Dan Loeb’s Third Point Ventures, according to CoinDesk, and later was acquired by Mastercard.
CipherTrace sells compliance solutions to crypto exchanges, government investigators, and banks. It compiles intelligence on wallets to help organisations track transactions but doesn't share data on individuals. ‘It's a good time to be in our space’, CipherTrace CEO Dave Jevans told CoinDesk in an interview. Hence, the company plans to double its 100-person operation by June 2022.
To sum up, three big things make US cities dominate the top spot in terms of M&As and funding. The first is the rise in digital channels that has increased the activity of fraudsters trying to take advantage of compromised systems. The second is the evolution of technology and the financial risk related to the new ways of transacting via crypto, NFTs, stablecoins. And third, the increased activity of US regulators to modernise AML/CFT and crypto-assets regulations and guidance, with lots of initiatives around sanctions screening, especially in the light of the Ukrainian war. As a result, financial institutions in this region are advised to pay close attention to the AML/CFT, the Ultimate Beneficial Owner (UBO), and sanctions legislation, but also to devise strategies to implement any changes quickly and efficiently.
Given these highlights, we forecast increased demand for:
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Mirela Ciobanu
Mirela Ciobanu is a Senior Editor at The Paypers and has been actively involved in drafting industry reports, carrying out interviews, and writing about innovation in payments and fintech. She is passionate about finding the latest news on AI, crypto, blockchain, DeFi and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor’s degree in English language and holds a master’s degree in Marketing. She can be reached at mirelac@thepaypers.com or via LinkedIn.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now