Break Down #7: FrankieOne: Building One Identity API To Rule Them All
FrankieOne is building the ultimate identity orchestration layer, and this week they announced a $16m Series A to fuel their growth. Let's dive in.
Hi FR Fam, I hope you’re doing well!
This week’s issue of FR is a departure from the usual programming. Instead of the regular news roundup, I’m doing a deep dive into a company I invested in back in 2019, FrankieOne.
As you might be guessing, the reason I’m dropping the piece this week is that FrankieOne just announced their $16m Series A round of funding. The round was co-led by AirTree Ventures and Greycroft with participation from, amongst others, The Chainsmokers’ VC fund, Mantis, and also some truly amazing operators like Robinhood founder and CEO Vlad Tenev and Monzo founder Tom Blomfield.
Instead of simply dropping a ‘deal memo’ style piece, I thought I’d write a broader post on the under-discussed yet critical KYC/AML segment of regtech.
I hope you enjoy it and as always, feel free to let me know what you think by clicking on the feedback links below.
Ps. Thanks for being a subscriber to Fintech Radar! If you enjoy what I’m doing here, please forward it to a friend or colleague. I’d appreciate it!
The Hidden Impact of Regulation
What makes building a consumer fintech startup so hard? If you ask most people around fintech, they’re quick to respond with ‘regulation’. On the face of it, this feels like the main differentiator between building, say, a challenger bank and a dog walking app. After all, Findo the dog walking marketplace isn’t going to need to interface with a financial regulator who has the power to shut your business down with no notice or worse yet, bring legal proceedings against you.
It’s easy to jump to licensing when the ‘R’ word comes up in conversation. It makes logical sense; after all, no one wants to end up in the big house sitting in a jail cell next to Buba for providing financial products without being licensed.
However, something interesting in the fintech industry has happened over the last couple of years. The issue of direct licensing has started to fade away. The rise of banking-as-a-service (BaaS) has meant that fintech startups can lean on someone else’s license. It’s not uncommon to see a consumer fintech startup begin its life as a product fully built on a BaaS provider’s platform — and all without the need to go through the process of obtaining the relevant license in the market themselves. Moreover, they’re able to build their product on a modern infrastructure stack calling endpoints that do all the heavy lifting. Almost magically, the problem of ‘regulation has been abstracted away for the average fintech startup.
Amazing! Regulation is no longer (as much of ) an issue when building a consumer-facing fintech startup.
The interesting thing is that the issue of regulation in fintech manifests itself in ways that go well beyond licensing — and I’d argue for the most part licensing (although a gruelling process) is not the most significant issue when it comes to regulation. The real and often hidden killer of fintech startups is what being regulated actually does to your customer experience and the cascading effect it has on your product.
The Onboarding Dilemma
The best example of how regulation manifests in the product experience is during onboarding.
If you’ve used any fintech product, you’ll know what I mean. The first time you open that new-fangled fintech app, you’re immediately greeted with what can feel like a myriad of questions, a litany of ID photo requests and top it all off, you need to prove you’re human with a ‘liveness’ test — that’s the bit where you hold your phone’s camera up to your face and move your head around like you’re looking for a rouge bit of dinner that’s ended up on your face.
Consumer-facing fintech startups are required to collect all this information as part of the know-your-customer (KYC) process in each market they operate in. Beyond this, they also need to identify their customers to ensure that they’re not letting people interact with the financial system that have explicitly been banned from using it (i.e. people on PEPs lists etc.) or sending money to countries on sanctions lists. Then from a business perspective, a startup will also want to ensure the customers coming on to the platform are not fraudsters who are up to no good. Once a customer has got through all those hurdles ( 😫 ), the fintech will need to monitor their transactions to ensure they aren’t getting up to any shenanigans — which they’ll need to report to the local financial crime authority if they do.
To do all these checks the startup will need to pull together a bunch of different services on the backend, usually from different vendors. This can be 10+ different integrations (especially when you start to factor in redundancies). It’s a spaghetti of KYC/AML providers, transaction monitoring services, sanctions, PEPS and SIP screening services and case management software.
As you might guess, from an engineering perspective, compliance is usually its own multiheaded beast, with whole teams solely devoted to managing all these critical integrations and their maintenance. On top of this, they’re also usually tasked with tunning the onboarding process. In many ways, this team is the virtual bouncer standing at the front of the stadium making sure everyone is frisked on the way in.
All this is manageable. You have no choice but to manage it, but where the real issues can manifest from being a complex set of integrations to a company killer is on the customer experience side.
Every B2C fintech startup is continuously towing a fine line between meeting their regulatory requirements while at the same time not making the onboarding process so cumbersome that their new users give up midway through the onboarding process or are denned access when they shouldn’t be.
It’s under-discussed, but this can be a silent (or, in some cases, very loud) killer of fintech startups.
I met Simon and Aaron back in 2018 when they were still toiling away building a challenger bank called Frankie Financial. The challenger banking segment was beginning to gain momentum in Australia, but the pair quickly realised that building a challenger bank in a market where interchange is capped was going to be… well ‘challenging’.
While building Frankie (the neobank), they ran into the same onboarding issues that every fintech startup runs into. They got tangled in the integration nightmare of building out a robust onboarding process. That’s when the idea of a pivot began to brew.
The critical insight the team made while figuring out the onboard process was that the actual ‘bare metal’ layer of identity is well covered by the likes of Equifax, Comply Advantage, Onfido, Experian et al. However, what was missing was the middleware layer to orchestrate all the integrations a consumer-facing financial services company inevitably needs. Beyond this, that layer could also operate in a way that would not only make the integration seamless but could also unlock better ways to run an onboarding process.
That’s when they set off to build one identity API to rule them all — or more preciously, a middleware solution that brought together all the KYC/AML providers you could ever want to integrate with — and all accessible through one unified API.
Fast forward to 2021, and FrankieOne is integrated with over 350 identity providers and 90+ FIs, including AfterPay, Aussie challenger bank Volt, Australian big four bank Westpac and crypto exchange Zipmex are using their product. In fact, they’ve quickly established themselves in the Australian market as the default AML/KYC choice for fintech startups — they really are the ‘IYKYK’ platform for identity. Along with this, they’re growing quickly and expanding overseas at a rapid pace, with over 50% of their revenue already coming from markets outside of Australia.
Cheaper, Faster, But Most Importantly Smarter
Middleware, or what is more commonly referred to by the cool kids of fintech as the ‘orchestration layer’, is hot in B2B fintech at the moment. In part, it’s because it allows fintech startups:
to move faster by providing a single integration for them to work with;
to run a compliance engineering function more cost-effectively — given you push all the individual integration maintenance to the middleware provider, it means less time ensuring all the integrations haven’t broken; and
most importantly, if done correctly, it allows them to add a bunch of smarts to their platform that they probably wouldn’t have been able to implement themselves.
Traditionally, in the onboarding process, a fintech would rely on a single data point for their KYC process (i.e. they’ll use a single service like Onfido for KYC). However, by incorporating a middleware provider like FrankieOne, they can run cascading checks across several providers to ensure they’re not getting false negatives on their checks. Not only does this improve the integrity of the check, but it can also provide a significant uplift in match rates — for example, FrankieOne customers see, on average, an 11% uplift in match rates.
In an industry where CAC can run into hundreds of dollars, ensuring you’re able to get a customer through the front door REALLY matters, and every optimisation can have a profound impact on whether a fintech thrives or is relegated to the dust bin of fintech folklore.
“Who’s On Our Platform?”
FIs have always had to be vigilant when it comes to KYC — the law requires it. More importantly, the impact of being lackadaisical when it comes to identity checks and ongoing customer monitoring can have some serious social implications. As much as it may seem like some FIs don’t care, no one in the industry wants their product to be a conduit for illicit money movement.
However, with the rise of embedded finance and the financialisation of more corners of the internet (👋 Web3), the need to perform identity checks is only on the rise — and it’s not only impacting FIs. For example, think about the gaming sector and how huge MMOs are starting to feel like their own financial universe. The same goes for social networks who are also being scrutinised for allowing bot armies to spread misinformation on their platforms.
In both cases, it feels inevitable that they, either voluntarily or by changes to the law, will be required to take identifying their customers more seriously. In many ways, this is a tailwind for the whole identity sector. Still, it’ll likely favour the middleware players as gaming studios, NFT platforms et al. won’t want to work with multiple point solutions. Instead, they’ll prefer a full-stack solution that ‘out of the box’ solve all their problems.
It’s The Orchestration Layer, Stupid
Compliance and fraud prevention are core to a fintech startup. If you don’t do it well, good luck making friends with Buba or paying off those fines (maybe you can use a BNPL provider — I’m sure there’s one out there that covers this space). Along with the legal burden that comes with having to meet your KYC/AML requirements, there’s also the very real cost of managing it in a way that ensures you’re not losing customers in the process.
In the same way companies like Segment figured out that aggregating data into one orchestration layer made it more beneficial to the end customer, companies like FrankieOne are doing the same in the identity space. Although it feels natural that this is the approach that most will take, it’s still only early days for companies in the KYC/AML orchestration space. In many ways, the shift to more holistic solutions in the segment is only just starting as fintech startups and incumbents alike are figuring out that they don’t need to do all the heavy lifting with multiple integrations.
What makes the KYC/AML orchestration layer even more interesting as an insertion point into a customer’s technical stack is that it’s so intimately related to nearly every operation in a financial service company’s business — payments, credit, lending. In fact, it feels like the ultimate point to ‘land and expand from’ for a fintech infrastructure player.
FrankieOne is not the only one playing in the space. We recently saw Alloy raise $100m in a round that propelled them to Unicron status, and a range of the incumbents in the identity space are making their bets on this layer of the identity stack. The secret (which has always been in plain sight) is out about this segment, and I’m sure there will be more competitors entering soon. I’ve made my bet, and I can’t wait to see what the FrankieOne team do next!
❤️ Show Some Love For FR
📈 You can check out Radar, an open database of Australia's fintech ecosystem. You can find it here → 📡 SideFund Radar
📧 Feel free to reach out if you want to connect. I'm firstname.lastname@example.org and @alantsen on the Twitters.
Ps. If you like what I'm doing with FR, please feel free to share it on your social disinformation network of choice. I'd also appreciate it if you forwarded this newsletter to a friend you think might enjoy it.