Podcast

🎧BaaS and Compliance, a Conversation with Synctera CEO Peter Hazlehurst and Wolf & Company's Matt MacDonald

Welcome back to our weekly fintech podcast!

This week, I had the chance to sit down with Peter Hazlehurst, Co-Founder and CEO of Synctera, and Matt MacDonald Financial Technology Service Leader & IT Assurance Senior Manager at Wolf & Company.

The conversation was wide-ranging, starting with Wolf & Synctera's partnership to build a compliant bank-fintech partnership model that Synctera has scaled for their customers. We spent a lot of time talking about compliance and regulation not as a restraint, but as a strategy, and as a driver of growth. In light of the last couple years, in which the BaaS model has come under stress, we also spent some time talking about the future of the bank-fintech partnership model, and what changes Matt and Peter wish that startup founders would make.

Any fintech builders and founders will find the conversation interesting – I easily could have gone over the hour!

Before getting into it, here is a little more background on Wolf & Co. and Synctera themselves.

Wolf & Company P.C. is a national CPA and business consulting firm with a regional feel offering clients a wide range of services custom-tailored to suit their industry's unique needs. Since 1911, Wolf has provided clients with industry-leading assurance, tax, risk management, business consulting, and WolfPAC Integrated Risk Management services. They pride themselves on delivering customized solutions with deep involvement by their team of dedicated professionals and leaders.

Synctera’s platform gives companies of all sizes the technology infrastructure, sponsor bank connection, and compliance framework they need to launch FinTech or embedded banking products. With a single set of powerful APIs, companies are able to quickly launch and scale products such as debit cards, bank accounts, charge cards, lines of credit, and money movement. Whether you are a FinTech company or an established business wanting to embed banking into your existing product set, Synctera can help you bring your vision to life.

Check out the full conversation below, and enjoy!

TWIF Wolf Synctera Podcast Final Edit

0:00

/2986.5969

💡

This is a sponsored interview.

Conversation Summary

Introduction

Nik Milanovic introduces the podcast and guests: Matt MacDonald from Wolf & Company and Peter Hazlehurst from Synctera.
Matt provides background on Wolf and Company, highlighting their services in assurance, tax, risk management, and business consulting.
Peter explains Synctera's platform, which provides technology infrastructure, sponsor bank connections, and compliance frameworks for FinTech and embedded banking products.

Peter Hazelhurst's Background and Experience

Peter shares his extensive background in banking, starting in 1993 with a core banking system built on Windows.
Peter discusses his time at Yodlee, pioneering account verification and aggregation, and his role at Google in launching Google Wallet and tap and pay.
Peter mentions his tenure at Uber, where he built a digital bank for the driver community, and his subsequent founding of Synctera.
Peter highlights the importance of building a digital bank for FinTechs without the need for extensive infrastructure.

Matt McDonald's Role at Wolf and Company

Matt talks about Wolf and Company's long history in banking and his personal journey with the firm.
Matt emphasizes the importance of developing an innovation mindset and fostering strong relationships with FinTech partners.
Matt explains Wolf's role in helping banks innovate and comply with regulations, and their unique position in understanding both the banking and FinTech industries.
Matt highlights the importance of embedding compliance and risk management practices early in a company's growth.

Wolf and Synctera's Partnership

Nik discusses Wolf and Company's long-standing partnership with Synctera and their collaboration on FinTech events and content.
Peter recounts the early days of Synctera's partnership with Wolf, starting with model validation for a fraud business model in Europe.
Peter explains how Wolf's documentation and compliance expertise helped Synctera build trust with banks and regulators.

Challenges and Best Practices in Compliance

Nik and guests discuss the significant compliance requirements in FinTech and the challenges founders face.
Peter emphasizes the importance of empathy and trust in building a healthy compliance culture.
Matt highlights the need for a top-down approach to compliance and risk management, involving all parts of the organization.

AI and Compliance in FinTech

Peter shares Synctera's approach to using AI to accelerate human processes in compliance and risk management.
Peter explains how AI is used to create operator scripts that automate KYC and KYB evaluations, reducing the time required for research.
Matt discusses the importance of balancing the right two out of three factors: good, fast, or cheap, when building a compliance program.

Future Developments and Exciting Projects

Nik asks about any exciting developments or projects from Synctera and Wolf.
Peter mentions upcoming customer launches, including a digital gaming platform and new credit card offerings.
Matt discusses Wolf's work on providing compliance dashboards and fractional compliance services to support scaling companies.

Enjoy the show.

Episode Sponsors

Capchase is reimagining B2B payments and contract financing. We're on a mission to empower high-growth companies to unlock their full potential by providing tools that enable faster, more predictable access to revenue. What if you could let your customers choose payment terms that work for them—without sacrificing your upfront revenue? That’s exactly what Capchase delivers. Capchase’s flexible payment solution means you close your software and hardware deals faster by offering payment options while still receiving full contract value immediately - even on multi-year deals. No more endless price negotiations, steep discounts, or chasing payments. Join thousands of forward-thinking B2B companies increasing their conversions and deal sizes while securing predictable cash flow with Capchase. Ready to turn payment friction into your competitive edge? Visit capchase.com and discover how Capchase can power your growth today.

Wolf & Co is a national accounting & advisory firm with over 100 years of experience working with financial institutions and decades scaling tech companies from startup to IPO. They take a risk-based approach to everything they do, focusing on what matters most at each stage of your growth journey. From assurance, advisory, and tax services to cybersecurity and data management, Wolf helps you scale smart and stay secure. They’re deeply involved in fintech, crypto and blockchain, and they’re trusted by banks throughout the country. Plus, they’re PCAOB registered – so when it’s time to navigate high-growth milestones, they’ve got you covered. If you’re ready to grow with confidence, check out Wolf & Company at wolfandco.com.

Transcript

Nik Milanovic 00:00

Matt, thank you everyone for coming back to another episode of This Week in Fintech Podcast. I'm joined here today by Matt MacDonald from Wolf & Company and Peter Hazlehurst from Synctera.

Thank you both so much for joining us today. Hey. Nice to see you. For our listeners who might not be familiar with Wolf and sotera, I wanted to give a little bit of a background first before turning it over to our great guests today for their backgrounds, Wolf and company is a national CPA and business consulting firm with a regional field that offers clients a wide range of services custom tailored to suit their industry's unique needs. So since 1911 wolf has provided clients with assurance, tax risk management, business consulting and Integrated Risk Management services, including customized solutions with deep involvement by their team of professionals. And they do a lot of work in FinTech. Which brings us to synterra sinctera platform gives companies of all sizes the technology infrastructure, sponsor, bank connection and compliance framework that they need to launch FinTech and embedded banking products. So with a single set of powerful APIs, companies are able to quickly launch and scale products such as debit cards, bank accounts, charge cards, lines of credit and money movement. Whether you're a FinTech company or established business that wants to embed banking into your existing product set, secretaria can help you bring up vision of life.

And lastly, pivoting to our guests today, I have Matt McDonald, who is a financial technology service leader and it assurance Senior Manager at Wolf, and has been at Wolf for almost 11 years now, and Peter Hazelhurst, who after a long stint in FinTech for almost five years ago, co founded sintera, the banking is a service company that he's now the CEO of today. Thank you both so much for joining us, and I'd love to hand it over to both of you to get a little bit more of your background. Peter, maybe we can start with you.

Peter Hazlehurst 03:05

Thanks a bunch for inviting me on the show. I'm obviously. We've known each other forever, and it's kind of cool to see these things come full circle. It's really fun, I guess. You know, by way of background, I've been doing this banking stuff since 93 so I came to the US to do my first startup, way back in the dawn of the internet and windows, 3.1 had just come out, suffered Unix, and there was this strange movement away from hosted data center driven banking to enterprise banking. And we built a core banking system that ran on a pizza box and ran on Windows, which was brand new, and everyone's brains exploded. And the paradox was, mainframes, centralized data systems suck. Go build it yourself and run it yourself, and now, sort of 30 years later, it's back to the future, and we're back to the cloud, which is basically IBM's vision from the 70s, and we're all using shared computing resources. So it's back to the future for me. But anyway, so I built a core banking system ages ago, did a bunch of other sorts of things, then spent a bunch of time at a company called yodly, where we kind of pioneered everything to do with account verification, account aggregation, card link offers, you, name it, anything you could possibly do, which started with the sort of scrape the web type of approach. And then, because we had most of the big banks as customers, we had direct data feeds to B of A and Chase and Wells and everybody else. And that gave us a bit of an edge in being able to have high quality account verification for PayPal and others. Did that for a while. Then I went to Google, worked on Google Wallet and launching tap and pay and pay with your phone, and lots of cool funds things on the consumer side. Incidentally, that's where I got to know Anil and Jonathan, the founder of a company called TX via that we bought at Google. They had a side hustle called Money 2020, and we said, oh, you can keep that. That sounds good. And obviously they've gone on to resounding success in the show game, part of the world of meetings and conferences and so forth. Last and not least, I ran payments at Uber for the sort of two or three years before starting sintera. And the general theme there was, how do you build a digital bank for the driver community, and then what do you need to do to support that at Uber, we had. A huge payments team. So it was actually more of a diversion of do less of one other project and invest in the digital bank. Singer was the outcrop of that, which is not everyone has hundreds of engineers working on payments. How do you build the same sort of capabilities for your FinTech without having all the infrastructure? So that's the last four years of my life. Lots of banking stuff. Over to you, Matt, thanks

Matt MacDonald 05:20

for having us on the podcast. And Peter, it'll be great to talk a little bit about Wolf and company's relationship with syntero over the last few years, and how we've supported really nurturing and fostering the banking as a service ecosystem. Wolf and company we've been in banking for, feels like over 100 years. I may be one of the unique people of my age cohort, where I've spent my entire career with Wolf and company in a lot of different capacities. And it really started as just a staff person working in banking, and over the last five, six years, developing the innovation mindset for the organic growth that wolf has really founded itself upon, and particularly with the banking relationships that we have, broadening and deepening those relationships and understanding like what is going on in the marketplace for banks, and especially for community banks, and in this marketplace, where there's a lot of consolidation, I think banks are Looking for new ways to innovate themselves, and what we're seeing in a lot of those cases, developing and fostering strong relationships with FinTech partners, and how do they do that in a meaningful and also a realistic and practical way? And I think that's where Wolfen company comes in, because we understand the banking industry, the regulations, the needs that are required for compliance. On the banking side, we have a unique position with FinTech companies that kind of puts ourselves in both worlds, where we know exactly what it takes for a FinTech company to be more effective in their sales and their prospecting process and to foster these relationships with banks, and on the other side, for banks to have these practical approaches to these companies that are rapidly scaling, rapidly creating new services and allowing them to embed themselves into these banking marketplaces in an effective manner. So we've been really excited over the last, you know, 1520, years to develop, not only a very robust FinTech practice, but also expanding our reach into the into the banking world, so that there's a harmony and there's a marriage that can be sustainable for years to come.

Nik Milanovic 07:33

Well, it's great to have you both on the show as a little bit of background for our listeners. Wolf and company has actually been a partner of ours for a couple years, and we've collaborated on FinTech focus, events and content in a variety of different ways. So Matt, it's really nice to finally get to talk to in a little bit more of a structured setting here. And as Peter mentioned, he and I've known each other for what feels like years and years. Peter is modest, but he's leaving out that he was also the COO at Postmates and one of the founding association members at Libra association was Facebook was launching their stable coin. And so it's hard to fit all of this FinTech experience in kind of one pithy summary, but I wanted to get the audience an even better perspective on kind of how well rounded your FinTech experience has been. Peter also hired, I think a lot of the best people from our Google Pay team to work with him in Santera at the early days. So in a previous life, I was at Google Pay, and then I saw my best and brightest colleagues go over to work for Peter at sinter. And I thought, Okay, this is actually pretty interesting. But I'm curious, you know, I know how I met both of you. I'm curious how Wolf and sintera first got connected, and what that relationship has been like.

Peter Hazlehurst 08:39

So it's kind of an interesting Gambit. I went to the source of truth, aka Docusign. I found the first alleged contract we've signed together, which was sort of in early 22 or late 21 and what we were doing at syntero was starting to build up this franchise of technology stack, which is on one side of the marketplace. And we had a number of partners involved in that technology stack like secure for KYC, mid desk for KYB and so forth. And one of our partners in the fraud space had been very successful in building a fraud business model for Europe, but was coming to the US, we had to go through this thing called model validation, which is about as painful as you can imagine. It's basically sort of saying, okay. So in this tool, I set up a rule that said, if a transaction is more than $100 stop the transaction. And model validation says, I'll try sending $101 $110 $95 and the rule either fires or doesn't fire based on that. And so imagine thinking about that, and then thinking about, well, what's the implication of machine learning. So what if the rule says pay 100 but we declined the transaction at $85 what was the reason for that? And so wolf team were really helpful in building the documentation required to make a bank feel like we were making reasonable judgment decisions on fraud and also money laundering or AML detection. Yeah. As nerds in the space, I've often commented that people coming into this space think it's just about the code, and there's some spec, and you code to it, and you're done. The reality is, the complexity of everything that we do is having other people validate that what you did was correct and that you didn't leave money on the table, you didn't treat people indiscriminately badly or poorly, and the wolf team was really helpful in that first engagement, working with us on proving that that was true, and then subsequently, we've expanded the relationship to lots of other different ways of thinking about, how can we make synterra comfortable for all parties that we know kind of what we're doing and that there's a third party that can say, I've looked they can do math, they can calculate interest, they can do statements and all of that sort of

Matt MacDonald 10:43

thing. Yeah, and if I could add to that, I think it was great to know that model validation kind of being our tip of the spear working with SYNC Terra. But at the same time, we found that you being an early adopter to the compliance practices that are helping to support scaling sintera, and a lot of the breadth of services that you're providing is is hopefully bearing fruit and showing our relationship as well too. Because not only are we performing that, but it's support with Ach, its support with your sophomore practices, support with fractional compliance services too. So I think it's really great to see that a forward thinking company and yourself as well too, Peter to understand that embedding compliance and risk management practices as part of a company that is ever growing and has intentions for expansion, wherever that may be, I think, is something that you want to start on early, and you don't want to necessarily be a last mile practice, if you Will. So at that moment of need you're trying to figure out, how am I going to get this x, y, z, compliance or risk management practice into space? And I know Nick

Peter Hazlehurst 11:48

this will probably sort of bleed into some of the questions we were thinking about, but I think structurally, one of the things that we've tried to do at sintera, which is different from other folks, is we are not the compliance team of the bank, and we've we play this weird sort of player coach role of helping the bank think about how they should do compliance, working with folks like Wolf and others to help them set their policies and procedures and how they should think about it. And we work with the fintechs to say, Okay, if the bank is overseeing you and using our tooling to do the oversight, what do you need to do on your side, and there's scaling up for policies and procedures on their side. There's fractional support from the folks like at Wolf and others that help build out that capability, until the FinTech knows what they're doing, at some point, they may never know, and that might be fine, and there's a permanent role. What I found oftentimes works best with working in payments and banking is have one sort of specific scenario, which for us was this model validation work, because it's sort of, it's a relatively low risk trust dynamic builder between us and wool. And it was clear the team dynamics was really good that then when we needed to do the next project, the SOC audits, when we needed to do ACH model validation and all these other sorts of services, it became the natural partner, and by having that partnership, it made it easier to exchange and build relationships between FinTech, banks and us. But always with the recent rationalization of we sync Terra. We'll help both sides do what they're supposed to do. We'll give them as many tools as we can, but we're not taking a risk of saying, I think that's a bad transaction. That's somebody else's job. I

Nik Milanovic 13:20

think for a lot of founders, many of them, you know, listen to this show, and come from outside of the FinTech space, it's a little bit shocking at first, how significant compliance requirements are when you start building a FinTech product, probably similar for a lot of regulated industries. In healthcare, you're dealing with sensitive personal information and insurance. Obviously you've got money movement and policies to deal with, but in financial services, the risk is greatest. You're managing people's money, whether the stocks or the flows there, and so the requirements are significant. I remember when we were building pedal, I won't you know, put our sponsor bank on blast here, but their requirement when we were an 11 person company was that we hire 17 compliance people to do manual review of credit card applications that cannot be automatically approved online. And it was just so shocking that the recommended number of people to do manual review would be 17 for an 11 person startup, and something that I think we're kind of continuing to relearn and refine as we try to build more responsive, well priced financial services products in a digital first context, but really kind of bringing a compliance model with us that was originally designed for banking. And so this is all lead into one of the questions that we have been talking about before jumping on today. But I'm curious, you know, based on your experience both building synterra And now serving a range of different FinTech companies, what do you feel like a healthy compliance culture looks like in today's FinTech ecosystem?

Peter Hazlehurst 14:52

I think there's sort of different layers to it. One is and most importantly, it's other people's money. It's a real consumer on some on the other side. Of this transaction that needs to pay their mortgage or car loan or buy groceries or whatever, or it's a real company offering spa services to consumers that walk in their door. And if you ground yourself on the empathy that you yourself want your money to be looked after correctly and safely, then everything else sort of falls into play when you get the sort of the alternative hypothesis of it's just software creates this weird dynamic of lack of thinking about what matters to a consumer. What matters to a consumer is, if they put their money in, they can get their money out. And it's it's not much more complicated than that. And when you saw synapse blow up, they clearly put their money in and then they weren't able to get their money out, which is the most fundamental building block of trust in the whole game. Everything else above beyond that is bullshit and layers. But if I give you 20 bucks and you say, I'll hold it and I'll give it whenever you need it, and when you go to the ATM and the 20 bucks isn't there anymore, or you just there's some fraud reason, and you're not allowed access to it, that fundamental trust blows up everything. So a healthy compliance organization and relationship to FinTech and banks is one that starts with this belief that the consumer is the end point, and then what would everything else is around creating safety and security for those transactions to keep operating. Yeah, and

Matt MacDonald 16:16

I think Nick, going back to your story about pedal, it's not unusual story, even from the days of today, where we have a lot of partners and banks that are being asked to rapidly scale their compliance team. Sometimes, where it's 5x right? You might have a team of 10 people, and all of a sudden you need 50 people to monitor, manage transactions, customer disputes and things of that nature. So that can be a really difficult proposition if it's not cared for, kind of in a very slow and methodical way. And that's not always necessarily the way that FinTech companies are built upon. Right Is this slow and methodical approach to their scale of operations? I think when, when we look at it, we see two things that a lot of FinTech companies who are successful do, right? They build an incredible product that can reach a lot of people, and they can sell that product really well. But in between those two things, there's a whole myriad of how do you ensure that there's the safety and soundness, as the regulators like to put it of bringing that to your customer base and how you weave that in out your process, and have a culture of compliance and culture of risk management that everyone feels like they're a part of. And it's not just being reserved to a legal team or an operations team of compliance folks, is something that I think needs to be embedded early, and that ultimately is a top down approach, right? Is, if that's kind of in the foundation of what people are building, I think that's where success can be made.

Peter Hazlehurst 17:51

It's definitely not the case that compliance is an adversary of growth or whatever. It's an enabler of growth, but the growth that you want rather than the random growth that you get. And it's really easy to grow a fintech. You just make a promise 12% yield, and you'll get all manner of crazies putting their deposits with you. Then the real question is, can you yield? Can you actually give 12% and then then you realize, well, no, actually you can't do that. But don't worry, I've got my users. And then the bank under the cover says, But hang on, you said 12% you're only paying 1% that's a big gap. Don't worry about it. It's just paperwork that that premise that you can just sort of wing it in front of customers doesn't work anymore. And there was a really interesting fact pattern that happened last week on a on a panel I was sitting on where the the premise that the CFPB and the FDIC and others are losing bunch of regulatory oversight team members and so on, and everyone thinking it's the gold rush, seems to forget that you have state regulators that are just filling the gap. I think successful programs build on trust. I think successful programs are built on sustainable growth. Whether it's slow or fast, it's the sustainability of the growth that's the critical factor. Because you can be a really big bank and grow really quickly. The problem is, when you're a really small bank and you grow really quickly and everything else breaks along the way.

Matt MacDonald 19:05

Yeah, and if I could just jump on that really quick too, Peter, I loved your perspective about the state regulators and what their focus is on. And irregardless of where you stand on if there's going to be regulation that gets cut or regulation that's pulled back the state regulators are always going to be focused on protecting their customers or protecting their constituents in their own states. I think that's really, ultimately where a lot of these enforcement actions are coming into play. Is over the last two years, essentially the enforcement actions and the consent orders, and it's focused entirely on, is trans are transactions safe? Are people's information safe? And what are we doing to have a practical approach to ensuring those two things? And I think that's something that banks and fintechs alike are going to be needing to focus on, certainly for today and for tomorrow. You

Nik Milanovic 19:56

know, it's interesting, especially bringing up what the fall. That was from synapse and the difficult job of reconciling customer deposits, this was creating a real pain point, probably the most salient pain point that we witnessed in FinTech in the last couple of years, really the most customer facing Fallout since the FTX debacle in crypto three or four years ago, and I was talking with Alex Johnson, who, I think everybody here knows. He writes a great newsletter FinTech takes and saying, you know, people need to be a little bit more discerning when choosing their banks. You know, the FDIC can't give unlimited protection, because that creates moral hazard. And he pushed back on that, I think was right to say, you know, ultimately there, you shouldn't be worrying about moral hazard for FinTech customers, because the job of underwriting FinTech, banking, financial service providers, should never be the customer's job. It shouldn't be, you know, your requirement to go through and check that their compliance standards are being met, or that their policies and procedures actually match what's happening on the ground. That's the requirement of companies, and you really need to prioritize that trust first and foremost over anything else. Peter, this is what you were talking about. Is that good growth as good growth comes from building that trust first. And so I'm curious, you know, what best practices have you found that help you create that top down culture that you were talking about, and help you get your team all focused in one direction, focused on growth, but at the same time prioritizing that healthy growth and compliance.

Peter Hazlehurst 21:33

So I would say like healthy growth is always relative to the size of the parties involved. So like, when we were at Google, we were working with Bancorp at the time for launching Google Wallet, the bank said, Hey, we need to review every marketing message. And we're like, I get it. I totally do. But we're Googlers, and we actually use machine learning. We change the message on the marketing messages, we tweak them dynamically, and then they're like, Well, I don't know. We're a little worried about that. So then what we did is we published the variance and the possibilities of how the change could happen, and we got the bank comfortable with that, and we got the bank realizing, if they tried to interview, intercept, every ad tweak that we had made dynamically, there'd be no growth at all. We might as well give up, and it's a variation on that. And then there's transaction monitoring so you can have no fraud. It's really easy. You just don't have any transactions like we can just stop the funnel. No one can swipe their cards. Nothing goes wrong. The problem is, there will always be fraud, and what we have to do collectively is balance how much the velocity of fraud slows down growth combined with is this sort of a systemic risk that's created by this, this fraudulent situation. The hard part is judgment driven, where you're basically saying, okay, team, we care about every transaction. First and foremost, we also care about access to being able to have a transaction. So if we cut off usage of the debit cards at all ATMs, that's probably not the solution. And then the question is, what technology can we use that stops the need for humans to do the work. And this is where the growth stuff always gets in broken. So when you were told you needed 17 people, the presumption was the model for how you do fraud reviews and KYC and stuff like that was human. And you're like, well, there, if we're growing at 1000 people, we need 10 people that can do 100 cases per day. Blah, blah, blah, blah, blah. Someone did some math, crude math as such as it was, the cool thing about FinTech, and what's evolving now is technology is coming to make every person more efficient and more leveraged. And you know, in our in our org, I basically put a stop to hiring anybody in payment ops or in compliance ops, and said, Look, get leverage from Ai. Let's figure it out and do it smart, and so then we actually are sort of dogfooding our own premises of how this should be run.

Nik Milanovic 23:46

Do you see it on the ground, the usage of the UCI tools, AI tools making people more effective.

Peter Hazlehurst 23:53

Dozens and dozens of proposals for ways to do that with AI. Let's put it that way. At the moment, we're taking a relatively straightforward approach, which is we have a standard set of operating procedures to evaluate someone good for KYC or KYB or whatever, and we have 26 steps that somebody goes through and looks at some dashboard here and looks at some transaction velocity there. All of those steps. We're basically creating operator style script that do all of that activity. And then, in the case notes, it basically produces a checklist. I tried these 26 steps that you told me to based on this. They all passed. I'm pretty sure it's clean. You can have your final eyeball. We're not letting the AI make the final judgment. We're taking it all the way up to the finish line. And by doing that, we actually eliminate 90% of the time required to do the research, which is fundamentally the gate for scaling for us. So I've seen a lot of folks think that they can sort of outsmart KYC scoring and all this sort of stuff. And I don't know that AI is ready for that yet. I don't know if I would trust it with the sourcing to be able to do that, but for accelerating human processes, I think it's going really well.

Nik Milanovic 24:59

We're. Going to take a quick break with a note from our partners at Wolfen company looking for a partner who really gets fintech. Wolf and company is the national accounting and advisory firm with over 100 years of experience working with financial institutions and decades scaling tech companies from startup to IPO, they take a risk based approach to everything they do, focusing on what matters most at each stage of your growth journey, from assurance, advisory and tax services to cybersecurity and data management, Wolf helps you scale smart and stay secure. They're deeply involved in FinTech, crypto and blockchain, and they're trusted by banks throughout the country, plus they're PC AOB registered, so when it's time to navigate high growth milestones, they've got you covered. If you're ready to grow with confidence, check out Wolf and company@wolfenco.com that's W, o, l, F, A, N, D, C, o.com, yeah, it's interesting. You know, you're talking about probably the most sensitive area of a company's operations, compliance, regulatory, management, application of policies and procedures, legal. Obviously, that's where you need human in the loop if you're implementing these systems. And so giving AI the opportunity to be an accelerant for your team, rather than replacing the team, feels like a good way to serve more customers or cut down on the needed head count to service growth. I'm sure that this has come up in this in terra and wealth relationship, as well Peter as your own development of your relationship with your customers. What are some of the biggest sources of friction that you see in forming successful baas partnerships, or what are some common misunderstandings that you see time and time again that FinTech founders bring to you when they're looking for a banking as a service provider. I mean,

Peter Hazlehurst 26:44

the most obvious one is, I heard from someone, I can launch a program in two weeks. Why can't you do it in two weeks? And there is probably somebody somewhere, somehow, that launched in two weeks time, a program. We were hoping a program somewhere somehow, yeah, but grounding people in durational time is hard, especially when you've got a hard charging founder that said, Oh, I already built everything else in my company, and it took me three months. Why does just launching a debit card cost three months or six months or whatever? And the problem is the lack of understanding of what it takes to do the work is so high, broadly amongst the founders in our space that they don't perceive the effort involved as reasonable. They just think, oh, I can just work around that. Why do we need compliance? Why do we do this, all that sort of stuff. So I would say time boxing launches and setting realistic expectations that most people launch in three to six months is actually the first step. The second step is a classic sort of, I think everything should be free mode. And people sort of saying, Well, I don't, I don't need anybody's advice. And then we're like, well, you should really meet these guys at Wolf they're going to tell you all the things you think you don't that you think you know. You don't actually know anything. And sort of being able to do that in a conversation in a non threatening way of like, here's an opportunity for you to learn something new. These guys are experts in their space. They'll help you, I think, has been really important as a gap filler, because a lot of founders think, well, I launched a shopping website. What else? What else is there? It can't be that hard. And relatively speaking, Stripe and E commerce, payments. It's like this small sort of one inch out of, you know, six feet of work required for a banking relationship? Yeah,

Matt MacDonald 28:21

and I would agree, I think that the time boxing perspective is the challenge, right? That last mile situation, if you have this really major prospect, notices a couple of things wrong in your compliance or risk management schema, and then you're trying to fix something in like less than 30 days or 60 days, right? I mean, we see it all the time with clients who come to us and said, Hey, we tried to fix this problem. We called our uncle's golf buddy, who said that he had this great, you know, all gap filler, and that obviously did not work out the way that we planned. So we're going to hear be here for round two. So I think that's something that we try to evangelize, I guess, if you will, with starting early, trying to find those small opportunities to build that relationship. Because building relationships takes a lot of time and developing that trust. I think earlier in this podcast, Peter, you said that you gave us that small, low risk shot. I think that's a really great indicator to say, let's see how this relationship works, and if the partnership is in the right, you know, mutual benefit for for everyone is this working with our culture? And I think that's, that's the best way to approach it. I think, kind of like in, you know, manufacturing, business or like home building, they say that you can have three different things. You can have something done good. You can have something done fast. You can have something done cheap. Pick two of them. When you're building a compliance program, you're probably going to want to pick the right two out of those three. Companies

Peter Hazlehurst 29:48

tend to have legal support. Usually it starts with a contracts person or something like that. If the company gets to like Series B or C, maybe they get a general counsel as good as a GC can be. Fee. They are not payments lawyers. Payments lawyers are very specific skill set. And going to random law firm X and say, Hey, man, can you review this payments contract for me will result in Bad, bad, bad transactions getting put together so outside counsel specialists in payments law is required, and getting the founders to acknowledge that not there's not just a time expense, but there's a legal understanding expense that they won't have, is really important unless, of course, your GC was the payments lawyer at eBay or something like that, and then it's somewhat special case. And if I

Matt MacDonald 30:37

could actually ask a question to that point, is when you look at kind of the breadth of your law team, or the study of experience with your law team, you know, is it really deep? But you know, single focus in terms of the types of people that you're contracting from your laws you're from your lawyer teams, or how do you find the right relationship, even for that angle. So

Peter Hazlehurst 31:01

for, like all startups here in Silicon Valley, you end up picking one of the big, sort of four or five general counsel type of lawyers we should chose, Cooley, I've worked with Wilson Sonsini people use Gundersen. There's, there's an a number of different firms that represent general corporate law. We hired our own in house contracts lawyer, because we just have tons of contracts, and paying outside counsel gazillion dollars to do one word tweaks in contract negotiations seems really ineffective. We don't have a GC at singera, and maybe we'll get there with our series B. What we do have is we have amazing outside counsel with Heidi wicker at Stinson. And Heidi has been someone that I've used since 2012 when I was at Google and and you tend to sort of have specialist lawyers in that respect. Coolly, has mofo internally, which is the sort of payments compliance lawyers that we we use on occasion, many of our clients, our fintechs and banks use Nelson's Mullins Riley in Atlanta, and these are just long standing folks that have been doing banking and payments law for ages and ages, and understand the nuances of it at sintera, because we actually help advise on counsel for what the policy should be. Our head of policy, she also happens to be a lawyer and a payments lawyer, which helps. But we're also very clear that we think this is our expertise. You, whether you're a bank or a FinTech, need to get your own judgment and decision made by outside counsel that represents you, not we seem terror can't represent you in any of this stuff. Yeah.

Matt MacDonald 32:34

And Nick, I think kind of, when you you asked the question about, like, what sort of friction could come into play in the different types of relationships too, or talking a little bit about lawyers and contracts, which could be even less sexy than than compliance management, but at the same time, it's such a critical aspect of understanding who's responsible for the various roles between these relationships and getting your SLAs Right, getting the contract language right and monitoring it effectively, I think, is such a critical aspect that gets a lot of of fintechs and banks in trouble, because when that relationship becomes mutual, but you're not really sure who's responsible for the type of KYC, for the type of transaction monitoring, what is the threshold for various types of transaction monitoring, the dispute resolution. This is what's bubbling up in the enforcement actions and the consent orders that you're seeing is, oh, it was just pointing fingers of Oh, I thought they were taking care of this. Oh, I thought they were taking care of this. And it seems kind of obvious, but you know, sometimes the boring things can become the most important aspect of managing a relationship. Yeah, and there's

Peter Hazlehurst 33:43

an incremental layer here, which are the quasi regulators, aka Visa and MasterCard, and discover who have a set of rules. They don't have regulatory controls. The regulatory controls still exist with the banking systems and ecosystems, but they feel like regulators in terms of working with them, and you can actually make lots of really good progress with the FDIC or the Fed, and then come back and still have to solve international use cases with Visa or MasterCard, which have lots of layers of complexity as well.

Nik Milanovic 34:11

You know, when we first started having regulatory oversight pressure from the FDIC, from the OCC who were increasing the severity of their exams, not just with banking as a service companies, but with FinTech companies over the past couple of years, there is this crop of vendors that sprung up to help give partner and sponsored banks better oversight of their vendors and their underlying portfolios. So look through visibility into the customers of all the FinTech companies that they're working with. And you know, in my mind, that's role that banking as a service providers like sing Terra can really help with, is in creating a little bit better visibility and then oversight. But I'm curious, you know, what can be. Banks do on their end to be better partners and stewards to FinTech companies, because we have this kind of odd superposition in the US where FinTech companies themselves can't register to be banks or financial services providers, and so their de facto regulator ends up being the bank which is implementing regulatory policy on behalf of their own Prudential regulators. And so how can banks be better enablers of FinTech growth, rather than constrainers?

Peter Hazlehurst 35:27

I have a couple of things. I think the banks that we work with and the banks that are in this space should assert and require that everything they need to do their job is available from whomever they're partnering with, and they don't. They can add extra things, built and suspenders, but the basics are, can I find every customer? Can I see every transaction? Can I reconcile every payment? And all of that entire workflow should be in one place we've seen time and time again, where the regulator will sit side by side with the employee of the bank and say, Tell me about this customer. And then the employees like, well, in this system, it says this. In this system, it says that, and, and actually forgotten how to log into the third system, but I'm sure it's fine. And, and the regulator just freaks out and says, Well, if you looked at your core banking system, you could see everything in one place. And they'd be like, Yeah, that's true. And so what we think is really critical is it should be a centralized place where everything is there. And we've done a lot of work to make sure that you can suck in all the other relative information around external KYC or account verification, whatever. So there's one consolidated dashboard. It's not perfect, but that's the starting point. The second thing I think that the banks need to do is really think about how do they want their processes to be with their fintechs, and what they want to get out of them every day? Because there's a bunch of stuff that happens every 30 days or 60 days, due diligence, rechecking balances. Is the company liquid? All that sort of stuff. And they tend to then sort of again, stick it in post it notes, or in Salesforce or somewhere else, and that becomes a challenge. Then they get seduced by somebody coming in and say, well, your other system over here doesn't really do everything you need. Come use our system. We'll be provide the oversight of this system. And that just becomes this daisy chaining of pain that seems attractive in the short term, but actually doesn't get you very far. So fundamentally, what I think is missing from many of the banks that have got like one or two programs, is the sense of, what does this really look like at scale? What is the team that I'm going to put in place to manage this, and what do we want it to be, rather than just letting it sort of build itself, which is always going to be recipe for disaster. I think

Matt MacDonald 37:41

with with Wolf, especially, we being in the unique position working for so long with the banks, and also understanding the unique needs that banks have from fintechs, the third party management process is something we really focus pretty heavily on. I think we've all heard and known for a long time that a lot of banks that utilize this checkbox approach for managing fintechs or other technology service providers or other relationships in general, and that is just not it's not a great approach when you're trying to have a unique relationship for every single partner that you are looking to to have in your either your tech stack or in your product strategy. So we work with banks in particular to try to have them understand what is the risk based approach that you would need that's going to have you be most successful in number one suiting FinTech companies. Because if FinTech companies are just going to have this burden of of compliance and third party risk management that just doesn't suit them, then they're going to go to greener pastures. And on the other side, a FinTech companies to understand what are the unique questions that are going to be specific to their business proposition, or specific to their relationship with a bank or with another service provider, that's going to allow them to say, these are things that we need to focus on. Do we need a pen test because it's important to us? Do we need that SOC one or SOC two, that's ironclad because it's important to us? Or can we go down chain and utilize a different, you know, lower cost provider, or or anything that's kind of in between those, you know, various areas. I think when when wolf tries to work in both corners of that and try to help allow FinTech and banks together to meet in that middle, I think that's where we see a lot of success and a lot of growth, because they understand where the vendors are going to be successfully implementing compliance and control, but the same time, they're not overdoing it, and the fintechs are just getting sucked up with money and resources trying to check that box that may ultimately not even be necessary. I think

Nik Milanovic 39:55

you're right that a lot of FinTech founders, especially first time FinTech founders, do not realize that they. Are also in the compliance game, and they're also effectively building compliance business when they're building a FinTech company. We've talked a little bit about how FinTech founders have adjusted and need to adjust to be more compliance for we talked a little bit about partner banks. But I'm curious what changes, if any, have you seen from regulators over the past couple years? You know, FinTech has really become a little bit more of a household name and a household word. The US Prudential regulators are paying more attention to financial technology. Have you seen them change their positioning at all?

Matt MacDonald 40:27

Yeah, I think that what we're seeing more is that, because there's more precedent for the issues that are being found across various companies, they're starting to hone in a lot more and be a lot more educated on what are the various companies and what are they doing with customer information, with bank relationships, and what are the types of compliance programs that should be in place. So particularly in those high regulatory environment areas like New York, like Connecticut, like California, they're very strict and and they're basically no holds barred for for these sorts of exams, I guess, if you want to call them. And I also think that they understand the specific types of products that are being integrated into these systems a lot better than even five years ago. So I think that's what really makes the compliance game, Nick that you know your words think that much more important, so that these companies know that they should be exam ready at all times, or what we like to call enterprise ready, so being able to answer that phone call and be able to put all the information in front it doesn't feel like you're trying to grasp at things in various share files and, you know, various drop boxes, you know, trying to cobble together this plan last minute and know exactly what is going to be needed from you upon that moment of need. I think that's really what we're noticing from the regulars. Most of all is that if you show that you have all your stuff together in this great dossier, and you're ready to rock when the regulators come in, I think those flashlights just don't feel as bright. I

Peter Hazlehurst 42:10

think one thing that's really interesting is, while we are yet to create a formal compliance standard check box checklist from the regulators, that if you just met this, whatever it was, you'd be considered gold standard, and everything's okay. What we are now starting to see is, as our banks go through their second and third reviews and exams and stuff like that, there's actually starting to be a consistency in the questions. So there's almost, I wouldn't say it's perfect, but there's almost like a here are the 35 questions we expect all of our fintechs and bank partnerships are going to get from their regulators, and we're getting to the point at sintera, but actually, literally, a compliance dashboard that is like the real time answer to those standard set of questions that are always going to come so that if the person is sitting right here, the first step they do is they go to their compliance dashboard and say, Here it is. Here are the people that are subject to review. X here's the quality controls and stuff like that. And where, where I think the industry will go and win is if we can create that actual formal certification, whatever you want to call it, that then says this partner, this player, is trustworthy and is okay, then we can go from there, and that'll make life even better for everybody. I mean, it makes

Nik Milanovic 43:24

complete sense you effectively have a dashboard through a provider like Salesforce or a CRM to monitor all of your customer growth and inbound and sales activity. Why would, as you have a similar business unit dashboard that you can use, that third parties can use that your bank sponsor can use that regulators can use to monitor your compliance, adherence and standards, especially if you can use that to generate flags, to generate alerts around any lapses that you can then remediate before it actually becomes a problem.

Peter Hazlehurst 43:54

And we're adding to that, like the new feature that we're adding is a quality dashboard, so we're basically building so what's supposed to happen is the banks, every 100th transaction or every 1,000th customer, they're supposed to double check and go in and say, did everyone do KYC correctly? Did we follow our policies on these transactions and so on? We're actually now building that as a workflow in our platform, so that you've got the QA team that sits at the bank sitting to make sure the FinTech did what they were supposed to do, and so on and so forth. Yeah, visibility

Matt MacDonald 44:21

and access have become so important, and I think that it just makes the whoever's reviewing your work, regulators, examiners, etc, just a lot more comfortable. I love the dashboard approach. I think it just allows them to feel more comfortable when they're looking at things, and regulators when they find issues, they're just going to keep digging and digging and digging and it, yeah, it just becomes this, this rat's nest of of escalation. And if you can try to avoid that, I think, you know, Peter with your, you know, laundry list of things you want to show them, I think that's the sort of things that just kind. Gives them a little bit more comfort and just makes them feel like things are more mature. You know, I'll ask

Nik Milanovic 45:04

on behalf of the founders who are listening to this episode. Obviously FinTech, massive product category, you know, different verticals like credit issuance, banking, savings, payments, will all have different relevant metrics to pay attention to. But I'm curious, what are some of the most useful metrics for managing risk that you've seen that people should be paying attention to, really, from the beginning, the

Peter Hazlehurst 45:30

easiest stuff is the KYC and KYB funnel. So what's the percentage of people that are going through no touch versus the people that need high touch? And if you need high touch, something's broken upstream, either you're the wrong people are coming through the very front door, or you're not asking the right discriminatory questions to filter them out. So that's the starting process. I think, sort of benchmarking stuff. You know, fraud as a percentage of GMV is sort of a very easy index parameter, and it should not be zero. It should be something and and and then you've got the sort of charge back slash R 10 type of model. So after the fraud is analyzed, how many people actually complaining about it, and those as percentages of each other, should find a mean, should find a standardization point for each FinTech program. Finding that mean is actually the hard part of like, how tightly do dial the notches so that the easy transactions don't get false positive and so on, but those things, basically, if you've got money coming into the ecosystem and money going out of the ecosystem, money comes in through payroll or other sorts of sources and goes out through spend, that's GMV flowing through the ecosystem, and fraud as A percentage of that is just the fundamental building block of everything.

Nik Milanovic 46:43

Yeah, not to spend too much time giving space and attention to other newsletters besides mine, but Patrick McKenzie, who writes the great bits about money newsletter, who was on the show a couple weeks ago, had a great comment a while ago that the optimal amount of fraud in the system is not zero. The system needs to sustain some fraud, Peter, as you were saying earlier, in order to actually be able to provide a service. And it's only by monitoring fraud effectively that you understand how you can build better defenses around it. And so it's not zero, it's not 100 it's somewhere in the middle there. I know we have only a couple minutes left in this interview, but I'd be curious looking down the timeline. Is there anything exciting coming from Santeria, or anything that we can look out for, that you're able to talk about

Peter Hazlehurst 47:25

publicly? So I mean, the most fun stuff is big customer launches with Ryan at Bolton, we have a our first digital gaming platform. So think of a rewards program inside video games on your phone and stuff like that. So we're excited about pivoting, not pivoting, adding to our customer base consumer friendly programs, which is actually a reflection of the fact that Fintech is getting back into consumer which had sort of bypassed for the last couple of years because it was too risky and so on. We're also seeing a ton of demand for credit cards. So watch this space soon for something fun in that respect. Great.

Nik Milanovic 47:58

Well, that's exciting, just a little bit of a taste. But we'll, we'll pay attention to sing Tara and see what comes out next. And Matt, I'm curious, on your side, anything you're working on at Wolf at the moment that people should be paying attention to? Yeah,

Matt MacDonald 48:09

and I don't know if Peter knew this or not, but we, we've been working on a opportunity for providing those dashboards for compliance management systems as well. Too. On our side, we find that it's going to be a huge benefit for that exam cycle and for the visibility, not only for banks, but also for FinTech, as they're continuing to expand the types of compliance tools that they're building. So we're really excited to be rolling that out to a lot of our providers, hopefully in the next few months. I also think we're just continuing to ingrain ourselves with the fractional Compliance Services. We find that it's so great for scale. As things are continuing to become really robust with transaction monitoring, with dispute resolution and with other KYC situations, I think we are really eager to help companies just manage the full time employee accounts that they have in an effective way. We do it with AI. We do it with great expansion. So as you are expanding and contracting those needs, we're able to support you with that as well. Sounds good.

The Front Page of Fintech

The Front Page of Fintech

🎧BaaS and Compliance, a Conversation with Synctera CEO Peter Hazlehurst and Wolf & Company's Matt MacDonald