The most common organisational principle in risk management is called the ‘three lines of defences’. It is especially followed by banking and financial institutions to strengthen their business processes.
The first line of defence is the management or primary owners of the day-to-day operations while the second line of defence is control functions such as compliance and risk.
The third line of defence is the internal audit function, which assures that the efforts of the first and second line of defence are consistent.
What would you get if you wanted to add a fourth line of defence? The answer is Fourthline.
Fourth line of defence
As a payment institution licensed by the Dutch Central Bank, Safened was approached by its customers to use its advanced onboarding functionalities.
This led to unprecedented growth for its Know Your Customer (KYC) activities and having performed digital identity checks on millions of customers for banks and fintechs like N26, Safened rebranded the service to Fourthline in 2019.
With McKinsey expecting digital identity verification to be a $20B digital market, Fourthline sees itself as the gatekeeper for every financial institution combating fraud and money laundering.
In other words, the startup aims to become the fourth line of defence for an advanced digital financial services industry facing malicious actors deploying new techniques to crack into their valuable systems.
“In the last 20 years, compliance in general and specific KYC/AML has become the centre of financial institutions,” says Gunning, who is also the CEO of the company..
“Nowadays, all banks have significant staff working in compliance,” says Van Straeten, Chief Risk Officer of Fourthline.
For financial institutions, the cost of compliance has become significant with heightened regulations around the world.
Fourthline wants to help these financial institutions get control of their cost of compliance while maintaining the highest standard possible for KYC and Anti Money Laundering (AML).
GDPR meets compliance
There is no denying that compliance is a challenge for financial institutions of all sizes but also one that these organisations need to tackle responsibly.
The challenge only becomes more complex when you move from one jurisdiction to another as regulations change based on the region.
Gunning says the EU is the front runner on regulations and is followed by the US.
However, he sees other countries have a long way to go to reach the same standards.
Despite all the criticism surrounding GDPR, Fourthline is not one of the organisations that seems irked by the general data protection regulation.
Fleur de Roos, General Counsel at Fourthline, says, “We like to look at data protection from a positive angle.”
She adds that it is extremely important to treat each individual’s personal data with the necessary care and sees data protection necessary to deliver on compliance in the fintech industry.
But that doesn’t mean Fourthline doesn’t face any challenge. Even though GDPR is mostly discussed by lawyers, De Roos says tech businesses are only focusing on technical implications of GDPR, especially in the areas of IT security and data governance.
“This requires the necessary attention and resources from all parts of the business,” she quips.
AWS to support infrastructure and AI-fication
Like many other European fintech startups, Fourthline also relies on Amazon Web Services (AWS) for cloud infrastructure needs.
CTO Post says they chose AWS for their cloud platform since it provides the infrastructure, services, and support necessary for companies to scale efficiently and securely.
He adds, “Its elastic and managed services and global reach make it the right choice for a company like Fourthline.”
In addition to the scalable infrastructure, Fourthline sees AWS playing a key role in helping the Dutch startup meet its AI goals.
While the potential of AI is subject to debate, its impact can be profound in the fintech industry where a number of human errors and repetitive actions can be handled by artificial intelligence.
As a leader in compliance, Fourthline is uniquely positioned to take advantage of AI and has built a suite of AI products using its own data, which has been stored on the AWS cloud platform from the beginning.
Since AWS offers managed database services that can scale horizontally and vertically to accommodate growing data needs, Post says it ensures Fourthline’s data infrastructure “can grow alongside our diverse applications and needs.”
While a number of tech CEOs and CTOs speak about the elastic and scalable nature of AWS, Post also finds analytics tools and services offered by the service useful to gain insights from “your data, make data-driven decisions, and optimise your operations as you scale.”
For Post and Fourthline, AWS helps them stay ahead of the curve by using the best-in-class data analytics as the industry adopts AI to enhance their products and services.
While AI is bringing profound changes for tech companies, it also raises ethical concerns surrounding data and regulations that will need to keep up with changing technical landscape.
De Roos is unequivocal in her belief that the force of AI regulation will be a big game changer not only for fintech but also tech companies in general.
She says, “We will see companies that are quicker in implementing the necessary measures having a competitive edge over those who are not able to do so.”
She believes every company is obligated to consider what type of AI they are producing and its impact on society at large.
While studying the impact of different AI products and services depends on a capable regulator being able to act and enforce right regulation, she sees AI regulation as the key thing to watch as the technology develops.
Focus on compliance
Since its launch, Fourthline has seen significant growth with operations in the EU and counts financial institutions, fintech like neobanks and even traditional banks as its clients.
German neobank N26 and broker Trade Republic rely on Fourthline for compliance while Italian BNPL provider Scalapay and French neobank Shine also work with Fourthline.
Van Straeten recounts that the road to get here hasn’t been easy. He says getting their licence to operate as a payment institution was one of the biggest challenges.
He adds that developing its KYC platform from scratch and hiring the right people was another big challenge.
Since its inception, Fourthline has scaled itself from 5 full-time employees to over 250 in a couple of years and is currently hiring for multiple commercial roles.
The startup raised €50M in an all-equity round in April, bringing its total raised to €70M. While the valuation is not disclosed, the funding shows that Fourthline has been able to grow on its own.
Its success is rooted in the belief to focus on its strengths, which is services like KYC, AML, and ID verification.
Gunning told Techcrunch in April that, for the moment, Fourthline doesn’t plan to build services beyond compliance or expand its ID verification service to the non-financial sector.
This focus on offering a top of the line service designed for the financial sector sets up Fourthline to grow throughout Europe.
“We aim to become the main player in Europe to start with, for which we are on the right path,” says Gunning.