The music stopped in the game of musical chairs.
The Synapse / Evolve saga is the steam roller scene in Austin Powers; slow moving and inevitable only because participants refused to change course. For every Synapse program claiming in bankruptcy court that they never could have predicted this, I can only say “how could you not predict this?” We went from a slow boil to frenzied over the last week with the news of a Russian based ransomware attack on Evolve Bank and Trust.
My phone, WhatsApp, Slack exploded with the same question: is fintech dead? I’m glad I’m not Jason Mikula who is reporting on this multiple time zones away to keep us at the forefront of these events.
The repercussions of this week will be far-reaching, but not for the reasons anyone would have predicted.
Fintech as we know it is dead.
Fintech is blowing up. Ironically, not because of the “move fast and break things” attitude of startups (although given enough time I think that would have bitten the industry in the butt). Fintech is blowing up because of a bank. The supposedly safe, regulated, regularly examined bank. Doubly ironically, it isn’t even the Banking as a Service part of Evolve Bank and Trust that is causing the most serious damage; it is their fundamental base business that is causing ripple effects that will reshape the entire industry.
There are two issues at hand, read Jason Mikula / Alex Johnson and others breakdown for details that don’t need to be restated here.
The Synapse collapse. So many times this could have been averted. But here we are.
The ransomware attack that stole all of Evolve’s records.
It is the second part that is about to have an outsized impact. As the PII and transaction details of the programs they supported were also exposed from Affirm, to Mercury, to Uber, this will have far reaching implications.
Perhaps the biggest implication: it is time for us to quit this arbitrary distinction of “fintech.” All of banking should be considered fintech. All companies that touch customers and money, whether to hold it, move it, or lend it, are part of the Financial Service ecosystem. Kiah and I can argue about regulatory purview but the reality is if banks are going to act as a proxy, both banks and regulators need to acknowledge and manage it that way. The Lineage and Thread Bank consent orders are a step in the right direction.
It is going to be ugly.
First, expect a flood of fraud into the system. It was already running rampant but now enough KYC/KYB information, including photos of drivers licenses and passports, are going to gum up the system.
Second, regulators, already jumpy in a post-SVB world, will go into discovery mode, also known as ask as many questions as possible hoping to uncover something or at least be able to show in retrospect that the question was asked.
Anti-fintech and anti-partnership factions in banks will use this as an excuse to say no to anything new.
There will be a winnowing in startup land. Overfunding of undifferentiated products that raised too much at too high of a price will go searching for a soft landing. Hint – the soft landing doesn’t exist unless you have PMF as told by revenue growth.
Already sensitive investors that don’t have depth in the space or have experience only during ZIRP are going to zig and zag exasperating the problem. They’ll likely “pivot” to AI.
The road ahead.
We are going to see more consent orders. Those are guardrails, not death sentences, and are frankly good. We can’t wait for an Evolve level of infraction. Jonah Crane's excellent scorecard basically shows they waited till it was all wrong till they acted. Minor course corrections are easier for the system to absorb.
The desire to eliminate all risk – often from frenetic “what abouts” from examiners led to trying to solve everything. The risk-based approach sounds good, but many risk departments still try to do it all at the expense of the major risks. I’ve been saying for 10 years – the major risk of a FBO account for BaaS is reconciliation. Whelp. Guess what big risk was ignored. Data is the new gold and cybersecurity isn’t an expense to be managed. Whelp. Here we are.
The music will start again.
The future of fintech, ironically, will be driven by banks. The reincarnation will do away with the artificial delineation where we said “fintech” but really meant startups operating out of the system. For BaaS to work, the lines between organizations will need to blur.
Banks that already do partnerships best, BaaS or otherwise, show us the path forward. They are true partners rather than vendors to the programs they support. They invested in people, processes, and technology to be resilient for when the unexpected happens. They were thoughtful in what programs they took and how quickly they and the partner scale. They take measured risk. They are excellent at scoping to minimize risk at the outset and only begin to loosen up their tolerance as risk is taken out.
There is much we need to overhaul, but that’s a longer series of posts.
Comments