Napier AI, the London-based financial crime compliance RegTech, is pleased to announce that it has received a significant investment from Crestline Investors, Inc., a US-based, credit-focused institutional alternative asset manager, to further accelerate its growth trajectory, highlighting the transformational time in the industry for know your customer (KYC) and anti-money laundering (AML) solutions.

Napier AI, headquartered in London, UK, and founded in 2015, is a provider of AI-enhanced financial crime and regulation technology compliance software providing AML solutions across the banking, payments, and wealth & asset management industries. Napier AI’s solutions are used by customers to screen, monitor and identify, criminal or suspicious activities, with the added functionality of regulatory reporting. Without these solutions, customers may be exposed to greater financial, reputational, and regulatory risk or large operational overheads.

Napier AI operates in a large industry with strong tailwinds driven by increasing regulatory and compliance requirements. Napier AI has historically driven strong topline growth without a traditional private equity sponsor or significant institutional capital. Since 2021, top-line revenue has grown at 30%+ year on year, as Napier AI has invested in its go-to-market organization and bolstered its product line via dedicated R&D.

Crestline’s investment will help to further business expansion in the coming years, enabling Napier AI to continue developing and serving financial institutions with NextGen screening and monitoring solutions, powered by explainable AI that delivers true value.

“We are pleased to deliver strong, continuous growth in a challenging market. Financial crime compliance operations and regulatory pressure continue to be large overheads for financial institutions, so there is a need to invest in NextGen AI-enhanced solutions with the benefit of trusted technology and delivery,” noted Greg Watson, CEO at Napier AI.

“We are excited to work with the Napier AI team and believe their market-leading, AI-powered technology platform is well-positioned to help financial institutions and other regulated companies excel in an environment with rapidly expanding transaction volumes and increasing regulatory requirements,” said Will Palmer, Managing Director at Crestline.

Cybersecurity is a well-known concern for all organizations, and database security is a critical subset. Successive major news stories have emphasized the damage that data breaches can cause for any company. 

The financial cost of paying data ransom is only the tip of the iceberg. Organizations can also expect to face fines and penalties for non-compliance with data privacy regulations, and higher financial losses from class-action lawsuits brought by users whose data was compromised. On top of that, the concomitant loss of trust and brand reputation can scare away customers, partners, and revenue for a long time to come. 

Database security should already be high on the list of fintech IT leadership priorities, but the rapidly evolving landscape should push it up even further. Constantly-growing data volumes, complex distributed networks that make it more challenging to maintain visibility and perimeter defenses, increasingly strict data privacy regulations, and the ongoing shortage of skilled cybersecurity personnel, all make databases more susceptible to threats. 

Database security is particularly crucial for fintechs and other financial organizations. Financial records are among the most sensitive, exceeded only by healthcare, as breaches can be especially consequential for customers. Financial services consumers have much lower tolerance for a data breach and are likely to take flight far more quickly than those of another vertical. 

Yet database security is still alarmingly weak even in fintechs, where one might expect there to be a higher degree of awareness around the vulnerabilities of databases, servers, and data access. 

Common security provisions are, alarmingly, still not a matter of course for many fintechs. These measures might include automatic lockdown and expiry for default user accounts, regular patching, military-grade encryption, credential rotation and multi-factor authentication (MFA), real-time monitoring, web app and database firewalls, frequent pen testing, and blocking public network access to data servers. 

If every fintech company did these things, a number of data breaches could have been prevented, or at least limited in their fallout. Here’s a closer look at a few serious data incidents from 2023 and the gaps in fintech database security that made them possible. 

Direct Trading Technologies

Direct Trading Technologies is an international fintech company that offers trading platforms for stocks, foreign exchange, cryptocurrencies, indices, Contracts for Difference (CFDs), and many other securities, as well as white-label services for other fintech solutions. 

You can imagine the outcry when DTT announced that it had been leaking sensitive and trading activity data over the course of six years, a cumulative data breach that put over 300,000 DTT users at serious risk of an account takeover. The breach was due to a misconfigured web server that held multiple database backups, each containing a significant amount of sensitive information about the company's users and partners. 

It’s another example of the impact that simple human error can have. Although mistakes can happen, stronger pen testing may well have revealed this error long before it was discovered and exploited by hackers. 

Revolut 

In 2023, the story broke that Revolut had experienced losses of over $20 million over the course of several months in 2022, when hackers exploited a software vulnerability in Revolut’s payment systems. 

The vulnerability affected communication between Revolut’s European and US payment systems, with the result that Revolut used money from the bank’s own funds to refund declined transactions, rather than from the user’s account. Malicious actors were able to use this loophole to steal millions from Revolut, most of which can’t be reclaimed. 

Even though the sting continued for many months, Revolut’s security teams didn’t notice the vulnerability. It was only discovered when one of Revolut’s US-based partner banks noticed that its funds were lower than expected and alerted the company. Only then was the vulnerability spotted and closed. It’s highly likely that real-time monitoring could have detected and resolved the incident much earlier, before losses grew so high. 

Latitude Financial 

In March 2023, Australian fintech Latitude Financial notified users of an extremely serious data breach, in which hackers accessed 100,000 identification documents from one service provider and over 225,000 customer records from another. Latitude had to take its entire organization offline and stop serving customers in order to clean up its systems and restore security. 

The data breach resulted from an attack on one of its vendors which exposed the security credentials from two Latitude employees. Hackers were then able to use those credentials to log onto other service providers used for identity verification, which then gave them access to sensitive Personal Identifying Information (PII). 

Latitude could have prevented this data breach if it had encrypted PII data in storage. Using MFA instead of passwords, and restricting third-party access to sensitive data by applying stronger assessment processes, could also have avoided the incident, or at least limited its scope. 

Fiserv 

Payment processing giant Fiserv was among thousands of organizations affected by an enormous exploit of zero-day vulnerability in MOVEit file transfer technology, which is used by many fintechs and financial institutions. 

Fiserv found itself in the highly unwelcome position of having to notify its client, Michigan-headquartered Flagstar Bank, about the security incident. Flagstar, in turn, discovered that sensitive data from more than 800,000 customers had been exposed to hackers and malicious actors. 

It’s worth noting that Fiserv and Flagstar are far from being the only victims. The list exceeds 2600 organizations across numerous verticals, with data from more than 77 million people exposed as a result of the attack. If those companies had employed vulnerability scanning, they might have spotted the vulnerability before it was discovered and exploited by the ransomware group Clop, preventing such a large-scale data breach.

Database security provisions can be a matter of business life and death

As the saying goes, hindsight is 20/20. It’s easy to look back and point out the mistakes and deficiencies that led to specific data breaches. That said, when fintechs can suffer such serious ramifications from any data breach, there is no excuse not to implement every possible protection against hacking, data leaking, and unauthorized access. We hope that 2024 sees fintechs place a much brighter spotlight on database security.

BankiFi and Praetura, the Manchester-based fintech and alternative lending companies, have launched a new lending-as-a-service solution that will boost SMEs’ access to growth funding.

The first-of-its-kind platform is designed to help small businesses access capital when they may otherwise not meet the criteria for traditional high street banks. Praetura, backed by BankiFi’s tech platform, will deliver asset and invoice finance to SMEs on behalf of banks unable to support those businesses.

Many banks don't provide asset or invoice finance solutions, and those that do typically focus on larger businesses that are more likely to meet their lending criteria.

According to the Bank of England, all net growth in UK SME lending since 2017 has come from smaller banks or alternative lenders rather than traditional high street banks. Meanwhile, Praetura’s ‘Fund the Gap’ report, which surveyed more than 400 UK SMEs in 2023, revealed that almost three-fifths (59%) of UK businesses say access to capital has decreased in the last five years, with 43% reporting that it is one of the biggest challenges they face.

BankiFi and Praetura’s solution empowers traditional lenders to meet the diverse financing needs of the UK’s small businesses, with Praetura adopting the risk of the initial investment. Banks are then positioned as the go-to finance provider, with businesses referred back to the bank once they’ve grown into the eligibility criteria.

Mark Hartley, CEO and founder at BankiFi, said: “We’ve built great relationships with high street banks due to our bank-friendly distribution model and our ability to leverage the benefits of open banking. Our partnership with Praetura is the natural evolution of our existing SME payment solutions, which have focused on reducing the time SMEs spend collecting money and helping them to manage cash flow, growth and now access finance.

“The first place many businesses go to for lending is their bank. The problem is that they often don’t meet the eligibility criteria set out by the bank. In these cases, if they can't secure a loan, they often fall through the cracks and remain unserved. What we’re able to offer through our partnership with Praetura is a solution that both banks and businesses need.”

Peadar O’Reilly, CEO at Praetura Lending, added: “Praetura's initial investment in BankiFi was driven by the shared vision of addressing market gaps for SMEs. There isn't anyone in the UK that has the combined senior funding lines, specialist lending expertise and technology capability to help fund this gap for SMEs in the market. This unique partnership signals a new era for SME lending, demonstrating a commitment to innovation, collaboration and meeting the diverse needs of businesses.”

BankiFi, which has been backed by Praetura Ventures since September 2021, specialises in payment processing and financial administration services for SMEs. It has been at the forefront of reinvigorating banks' relationships with SMEs, emphasising the importance of putting banks at the heart of business. This renewed partnership further solidifies BankiFi’s commitment to closing the loop and providing a solution that aligns with demand from SMEs.

Nuvei Corporation, the Canadian fintech company, announces today that it has launched direct local acquiring capabilities in Colombia, further expanding its presence in Latin America (LATAM) and strengthening its overall footprint in the region.

Nuvei is the first global payments company to offer direct local acquiring in Colombia, enabling local and international partners to accept card payments from their customers in the country without relying on intermediaries or third-party payment processors. Simplifying payment relationships in Colombia enables eCommerce businesses to maintain greater control over transaction flow management, as well as develop a more localized payment experience for customers.

This announcement is the latest from Nuvei as it continues to expand its global reach and enable its partners to engage with their customers more deeply through payments, wherever they are and however they want to pay. In addition to unifying international operations via a single processing platform, businesses operating in Colombia are benefitting from enhanced reporting capabilities through the consolidation of all global transaction data, making data easier to analyze and inform decision-making.

Colombian businesses looking to scale rapidly, including through quick and efficient international expansion, are also able to leverage Nuvei’s global reach to enter new markets with ease.

Other benefits of direct local acquiring to eCommerce businesses selling to customers in Colombia through their global integration with the Nuvei platform include card authorization rate uplift, reduced settlement times from days to potentially less than 24 hours, and optimized processing resource commitments.

Latin America is one of the world’s fastest-growing regions, making it an increasingly attractive region for international eCommerce businesses. Within LATAM, Colombia is the third-largest eCommerce market, reaching US$42.3 billion in volume in 2023. Annual volume in Colombia is forecasted to reach US$87 billion in 2026 at a projected compound annual growth rate (CAGR) of 27%.

Philip Fayer, Nuvei Chair and CEO commented on the announcement: “Launching our direct local acquiring capabilities in Colombia augments our presence in LATAM and reinforces our commitment to growth in the region. We are already active in more than eleven markets in LATAM through direct integration into local acquirers and networks, and adding direct local acquiring capabilities in Colombia strengthens our ability to provide best-in-class services to our customers across the region.”

With local acquiring capabilities in 50 markets and connectivity to 680 local APMs, Nuvei is elevating payments to a hyper-localized level in a global setting, and supporting businesses to expand internationally while still optimizing their payments function.

Aaron Holmes, Founder and CEO of Kani Payments, comments: “Kani Payments is unique because it is a truly scalable SaaS fintech company. It also makes us a perfect match for Pismo, which shares our geographical expansion capabilities. Pismo’s cloud-based platform empowers teams to build fast and companies to launch rapidly, and as such, it shares many of our values and a core aim of helping businesses drive efficiency. As a global business, Pismo is the perfect partner to help us realise the next phase of our growth strategy, and we’re looking forward to making our solution available to a much wider market.”

Vishal Dalal, CEO (North America, EMEA and APAC) at Pismo, adds: “Having Kani Payments join our partners' network will help financial institutions to turbocharge report generations and submissions. It will unlock useful insights to help them make better, more informed decisions, shaping a new era for banking and payments.”

FinTech Wales, the independent membership association and champion of the Fintech and Financial Services industry in Wales, has today announced that Sarah Kocianski has been appointed as its new CEO.

A fintech and insurtech strategist with over a decade of industry experience, Sarah has worked with global organisations, scaleups, and startups from across the financial services industry and beyond, including major banks and insurers, health techs, and retailers.

Sarah also has experience working with several fintech membership groups, including Qorus, and sits on the committee at WVC: E, where she works with the VC industry to improve equality in the investment ecosystem, benefitting investors and founders alike.

Prior to this, Sarah led Strategic Insights at Founders Factory where she supported financial services partners including Aviva with their fintech investment strategies. She was also the Head of Competitor Strategy at 11:FS, a challenger consultancy that delivers benchmarking, research, and consultancy for banks, insurers, governments, regulators, and startups across the world.

On her appointment, Sarah said: “I’m absolutely over the moon to take on the CEO role at FinTech Wales and will be using my experience to help support the wider fintech ecosystem in Wales. Having worked with fintechs in countries all over the world, I know firsthand the harsh realities of founding and scaling a fintech business, particularly when it comes to funding and investment strategies. 

“Wales has such an amazing reputation as a fintech hub – which is thanks to the innovation and talent we have here. I can’t wait to continue the significant work that the FinTech Wales team does to support these businesses, and champion what Welsh fintechs have to offer on local, national and global stages. This is a great time for fintech and with a lot of resources already at our fingertips in Wales, as well as our inherent drive and passion, I’m confident we can do even more to make Wales an influential fintech hub on a global level.”

Outgoing CEO and new FinTech Wales Chair, Sarah Williams-Gardener, commented: “During the search for a new CEO, our aim was to find a leader with extensive experience to support and foster the growth of fintechs in Wales. Sarah epitomises this ideal, boasting invaluable knowledge in the industry. Her expertise and unwavering dedication to support fintechs underscore her alignment with FinTech Wales' mission. I am confidently handing the baton over as we embark on the next stage of evolution to ensure sustainability allowing us to continue to nurture and grow the Welsh fintech ecosystem. Sarah is joining a brilliant team and I am delighted to support her having been elected as chair.”

Launched in April 2019, FinTech Wales offers help and support to its network of members, and uses the power of the collective voice to be heard by politicians, governments, and influencers in the financial services space. As well as nurturing and supporting those businesses already in Wales, it aims to develop an ecosystem that will encourage and attract new fintech companies to start or scale in the region.

Ultimately, FinTech Wales’ mission is to make Wales a globally recognised hub of fintech excellence. It is currently in the third year of its four-year strategy to support fintech in Wales, in which the organisation has focused on four key pillars, including skills and talent, ecosystem and community, funding and investment, and the promotion of Wales as a place for fintech and financial organisations to thrive.

A five-year, £1.6 million investment in FinTech Wales was announced by Cardiff Capital Region (CCR) in June 2022, with the two organisations working closely together in partnership to deliver on CCR’s commitment to establishing Wales as a leading fintech sector in the UK.