Aaron Harris, a partner at Y Combinator, has had a long history working within both finance and technology: He started his career on Wall Street, moved to a hedge fund, and then founded a startup called Tutorspree that built a market for tutoring. Now, through his work with fintech-focused startups in YC batches, he has a first-row seat to the challenges and opportunities associated with building in fintech.
Recently, the co-founder and CEO of Plaid, Zach Perret, sat down for a two-part interview with Aaron on the state of the industry. The following interview has been edited for clarity and brevity.
ZP: Lots of people talk about full-stack startups. It seems like building a full-stack financial services startup is impossible. You have to rely on too many third-parties, like banks. Given that fintech companies pretty much have to interact with banks, what are your favorite ways that you’ve seen them make it work?
AH: I’m not sure there are any really great interaction models in fintech.
ZP: Well, there are companies like Motif, which did a big distribution partnership with Chase. That seemed to work well, in that both Chase and Motif benefitted from it.
AH: I think you guys have done a really great job of this. You started out as a way for people to access their information in the banks. Maybe the banks weren’t sure that they wanted that functionality to exist at first, but over time you built a stronger and stronger, closer and closer relationship with the banks themselves to the point where you were serving the banks. But by serving the banks you’re actually serving consumers and businesses better that want to access bank information.
ZP: Those are kind words, but outside of Plaid, are there companies that you’ve seen interacting well with institutions?
AH: Stripe has interacted very, very well with its banks to do all the settlement and use bank lines. Seed, which is an early-stage company of ours that’s building a new business bank, is working with banks to make sure they have the full infrastructure necessary to actually be a bank and not just a simple interface.
We’ve seen quite a few companies interacting in a variety of ways. I think the thing that doesn’t work is needing to rely on banks just to get the business going.
ZP: You mean, banks as a source of revenue?
AH: Yeah, either as a revenue source or as the gatekeeper to getting revenue. If you are just starting out as a startup and your argument is that you’ll start making money as soon as the bank gives you the OK, then I think you’re kind of dead in the water. You have to be able to build something that either interacts with customers or demonstrates your value before you have to deal with the big financial service companies. I think there are a bunch of different ways to do that.
You said it’s impossible to build a full-stack fintech company in the United States. I actually don’t think that’s true. We have a company in this batch that’s building a brand new financial exchange, a completely different way of thinking about the way that buyers and sellers are matched. And that is very, very, very full-stack. They need to get regulatory clearance from the government, and then they just need counterparties.
ZP: Is it institutional counterparties that they need?
AH: They need hedge funds and trading desks. They don’t need a deal with Bank of America. They’ll need prime brokerage, but those are things that are very commercial. Those are commercial licenses that are not easy to get, but once you demonstrate that you’re a quality player, you can get those things.
ZP: So, your advice is to build a company that might interact with banks, but does not require their cooperation for you to exist.
AH: Yeah, right. I think the challenge that a lot of people who are building fintech startups face is the belief that just because you are building a really cool and interesting startup that can change the world, a bank or large financial institution is going to want to work with you.
But you have to think about it from the other side. This has to be one of several things for the bank to want to do it. First of all, the bank isn’t going to do anything that could put it at risk, right? At least a not at catastrophic risk.
And they don’t necessarily care that you’re a young, cool startup that has buzz. That’s not the thing that’s driving them. What’s going to drive them is either that you can have a material impact on their bottom line, or you can solve an internally identified strategic issue that either impacts the bottom line, creates a new business unit, or secures them against risk.
So if you’re a security company working for financial services, you have to identify what security risk you’re really targeting and understand the problem pretty deeply.
ZP: Financial services is highly regulated, and as a startup it’s often hard to find the time to look up every relevant regulation and ensure you comply. What have you found to be the best ways to interact with regulators?
AH: I think it’s a sliding scale. The advice that I tend to give startups that are just starting at YC about regulation is to understand your risk. Understand the risk profile of the decisions that you’re making when you’re choosing whether or not to engage with regulators right now. Because there are regulations that, if you violate them, will kill your company, and others that are more like guidelines, and some that will just result in a “Hey, can you please correct this.”
One of our companies did something kind of awesome, where they needed registration with the SEC. I don’t remember exactly what the categorization was, but they were told that it was a six-month process. So the founder talked to the regulator and asked for an expedited process. They said they don’t have an expedited process, and he said, “Yeah, but can you do it?” And the guy said OK and approved them in something like 25 days.
AH: Yeah. I don’t think that this normally happens. But I think one of the things that people assume is that the regulatory picture is completely fixed and that they have to do it exactly the way other people did it. But if you ask the right questions of the right people, you will often find that there are actually faster ways through the process, or that you are doing things that are actually not identical to this other company that you thought you were just like, that will let you move through regulation in a better and faster way.
That said, if you’re going to run a trading operation, or you’re going to hold deposits or something, you really, really have to make sure that you’re doing things properly. Otherwise, that’s company-ending if you mess that stuff up.
ZP: One of the early things we found out is that regulators are willing to listen. I’ve heard a lot of entrepreneurs equate regulators to the IRS. If the IRS says that you owe them some money, there’s really not much room to negotiate without lots of lawyers. But in reality you can - and should - talk to regulators, ask them questions, and learn what they’re interested in.
AH: Exactly. They’re people, and you can talk to them. You can also hire ex-regulators or ex-compliance people who understand it and know all the loopholes.
ZP: Not loopholes—faster ways to move things.
AH: Faster ways to move things, perfect. That’s right.
ZP: What about security and compliance? Let’s say you’re building the next great fintech application. Security and compliance matters. You can’t really “build fast and break things”.
AH: I think the mode of “build fast and break things” breaks down when you’re talking about financial services, because you have very, very sensitive customer information at risk. I think that the security piece is important right from the start. If you are handling sensitive information, you really need to be sure that you’re doing it right.
How you handle things like PCI compliance is tricky. If you’re storing customer information, you have to use best practices when it comes to your risk. The truth is that when you’re small, no one’s going to notice you or really try to hack you; you can probably get away with things. But I think that if you have the right DNA to build a product that serves customers who trust you with their financial information, making good decisions around security is going to be baked into how you think about them, right? Because you’re trying to help customers, and exposing their information is bad.
ZP: How does the US financial technology market differ from other parts of the world?
AH: Things happen in other parts of the world that look different, because the underlying infrastructure of financial services in those places is different.
I read a blog post recently that if you look at the way that payments happened in different countries, mPesa could not have happened in the United States, because the banks were too powerful here, and no one would have let basically a cell carrier create an entire alternative banking infrastructure just on top of cell phones. But it’s probably the most successful mobile money system in the world.
In India right now, what you’re starting to see is people saying, “Well, we need to pay people, but we don’t have credit cards.” But credit cards are imperfect. Credit cards simply exist at this point because of inertia—it’s just what happens to be there because it’s been there for 60 years. What if you knew—and indeed you know this—that more people have mobile phones than are ever going to have credit cards?
ZP: The mobile phone could be a bank account.
AH: And if your mobile phone is your actual primary point of transaction, what does a payment system look like? It’s not a plastic card, right? It doesn’t need 15 intermediaries to play all the different parts that now exist in the credit card chain. You could actually potentially do it with one or two counterparties.