#103: Challenges and Opportunities for the Data Market with Open Finance and AI
W FINTECHS NEWSLETTER #103: 15/04-21/04
👀 Portuguese Version 👉 here
This edition is sponsored by
Iniciador enables Regulated Institutions and Fintechs in Open Finance, with a white-label SaaS technology platform that reduces their technological and regulatory burden:
Real-time Financial Data
Payment Initiation
Issuer Authorization Server (Compliance Phase 3)
We are a Top 5 Payment Initiator (ITP) in Brazil in terms of transaction volume.
💡Bring your company to the W Fintechs Newsletter
Reach a niche audience of founders, investors, and regulators who read an in-depth analysis of the financial innovation market every Monday. Click 👉here
👉 W Fintechs is a newsletter focused on financial innovation. Every Monday, at 8:21 a.m. (BrasÃlia time), you will receive an in-depth analysis in your email.
The data market has gained a new chapter of challenges and opportunities with the advancements of Open Finance and artificial intelligence. Several countries around the world are implementing regulated data sharing infrastructures via APIs, whether they are banking or financial data. In the region, advancements are at different stages, with Brazil having the most advanced implementation — with 40 million active consents and over 800 registered institutions.
In addition to all the complexity that these regulations bring in terms of regulatory and technological compliance, in an ecosystem that relies on user consent as its main pillar, it will be necessary to offer direct and clear benefits to customers so that they renew their authorization to access their data. Competition will be even greater, and the trend is that, in the medium and long term, this will also result in more informed and demanding consumers.
Artificial intelligence will come into play at this moment, helping to create new personalized use cases from these new data sets. Although artificial intelligence, with machine learning for example, has been used for years in the financial system, today, with generative artificial intelligence, a sea of opportunities opens up, especially for VerticalAI players, who are developing specific technologies for specific problems.
But we have several challenges to progress in this direction, with the main one being the underutilization of data by companies, meaning they do not fully leverage the potential of the data. This occurs for a series of factors, such as the difficulty in locating internal data, either because it has not yet been collected or because it is scattered across different databases; the lack of specialized teams in data analysis; and also due to issues such as (i) lack of integration between different data sources, (ii) absence of adequate tools for data analysis and interpretation, and (iii) concerns about customer data privacy and security.
When the stars start to align
This has created an interesting space in the data market, and some players are taking advantage of these blank spaces to innovate. The privacy market, for example, has gained significant momentum in recent years, but still faces challenges regarding compliance and oversight, especially in Brazil.
Shortly after the LGPD (General Data Protection Law) came into effect in 2020, various consent management platform (CMP) and compliance players emerged in the country. The new data protection law has 10 legal bases, such as legitimate interest, credit protection, and consent. In other words, consent is not necessary for certain services. Thus, many of these players that had consent as their main pillar shifted their focus to other paths, such as incident management platforms, data request services, legal consultancy for compliance, etc.
As international standards increasingly incorporate privacy as an essential part of design, this market has been expanding and proposing different solutions.
In Brazil, a player that has stood out in the privacy market is PrivacyTools, which offers a comprehensive privacy management platform, allowing companies to react quickly and provide the necessary notifications. I've been following PrivacyTools' trajectory since 2020; the solution has evolved significantly since then, expanding to cover ESG and GRC products and addressing various compliance aspects. In addition to serving small, medium, and large companies, the platform also caters to public entities that need to comply with the law.
When I first started observing this market, it was common for solutions to revolve around consent management, whether for cookies or marketing campaigns. In this sense, the Brazilian company Adopt dominated the cookie pop-up market, serving large news portals and retailers. I also remember the emergence of the Argentine company illow, which, upon securing its first round of investment, aimed to be the OneTrust of the Latin American market — OneTrust being a global reference in privacy and compliance. In my opinion, the company that came closest to OneTrust was PrivacyTools, which managed to expand its platform to other niches and services.
OneTrust offers a comprehensive compliance solution that goes beyond privacy. In the Brazilian market, the company has managed to serve large enterprises. PrivacyTools followed a similar path of diversification; however, it does not encompass cybersecurity solutions. On the other hand, illow and Adopt focused more on being a consent management platform.
Illow, in particular, stands out for its comprehensive approach to virtually all laws. Many legislations share similarities as they were inspired by the GDPR (General Data Protection Regulation), the European law that also influenced Brazil. The major challenge lies in responding to notifications from regulatory bodies in each country, where there are standards and norms to be followed. Dealing with different legislations can sometimes be challenging in this regard. Having a set of legislations — from 1 to 4 laws — can be less challenging in this sense, and platforms usually cover the legislation of the target country and countries with a large technological base and cloud providers, such as the United States and Europe.
Regarding the fundraising of these companies, Osano has completed a Series A round, while OneTrust has already surpassed the $100 million mark in fundraising. OneTrust's revenue is also impressive. It has a global presence and counts 80% of the Fortune 100 companies among its 14,000 clients.
It is expected that the privacy management software market will reach $15.2 billion by 2028, and as regulations become stricter, these software solutions will be even more in demand. However, my personal view here is that it is a market that has already concentrated, and in countries where there is not as much regulatory oversight, due to internal challenges of these institutions, there may be challenges of growth and maturation in the companies providing this technology.
In regulated markets, many compliance companies face this situation because the lack of strength from the regulator or supervisor can significantly affect the need for their products in the medium and long term. In the context of the Open Finance regulatory market, for example, this scenario is even more evident, with several players specializing in compliance due to the clear penalty rules established by the Central Bank of Brazil, the entity responsible for overseeing the system.
In the case of LGPD (General Data Protection Law), there is the ANPD (The National Data Protection Authority), the responsible authority. However, even after 5 years since its approval in 2018, many experts point out the lack of transparency and cooperation among different public and private entities to ensure compliance with data protection laws 1. This implies acting transparently, communicating security incidents, and collaborating with the competent authority to ensure compliance with the current legislation.
Web3 + Privacy = autonomy
The advancements of Web3 and decentralized technologies can also usher in a new chapter for privacy. The major evolution here lies in platform identification and user control over their data.
In Web1, governance was diffuse, with few controlling scattered data. In Web2, Big Techs came to dominate, introducing Federated Identity and further centralizing data control. Now, in Web3 with Self-Sovereign Identity, the promise is for governance to be decentralized, allowing for more user control over their data.
In the previous edition (link 👉 here), I addressed the evolution of digital identities, mainly driven by centralized models and administered by governments. It is clear that at some point, both centralized and decentralized approaches will coexist. As user-centric architectures gain more prominence, propelled by various advantages of decentralized identity, we may see an increasingly enhanced user experience, greater control over data, more privacy, and increased security.
As users gain autonomy over their data, we are likely to see an increase in the data rewards market, with companies like Drumwave, which offers dWallet, a digital wallet for data monetization, gaining even more prominence. dWallet aims to be a data savings account, enabling users to manage the value of their data and decide when and how it will be used.
Finding and Understanding Data
A standout market within the compliance context that manages to go further is the data catalog market. Over the past seven months, I've been talking to professionals working in privacy and data analysis to validate some hypotheses I had about the data market, and it became clear that, with new technologies, both the privacy area, usually legal/compliance teams, and the data area, typically technology teams depending on the company size, face many demands and uncertainties about the future of this market.
There are two things that concern them: with artificial intelligence, many employees have been depositing data (for free!!!) on platforms that often do not clearly clarify, in the terms of use, how this information will be used. This can expose confidential company information. Additionally, the emergence of stricter data regulations demands that the compliance team be constantly vigilant of these changes and compliance with these laws.
On the other hand, in data teams, the concern is that with more data being collected, whether through Open Finance or scraping tools, the challenge will be to use these new data to create more predictive models and benefits for customers. Here also arises a challenge: many data are duplicated, lost, or the data quality is not so good — companies spend $12.9 million annually due to low-quality data.
This scenario has thus created a fertile ground for the data catalog and governance market.
Data catalog platforms are essential for companies seeking to optimize their data management. They collect and organize metadata, crucial for ensuring proper governance and facilitating data search and comprehension by users. Additionally, these platforms play an important role in building an efficient data stack — the infrastructure and set of tools used to collect, store, process, analyze, and visualize data effectively — providing a comprehensive view of the company's data environment and promoting more informed and strategic decision-making, in compliance with regulations and internal security and privacy policies.
Although privacy management platforms also have data mapping capabilities, in data catalog platforms, the goal is to identify and categorize data within a company to facilitate its governance and management. While data mapping in a privacy management platform focuses on identifying and tracking personal data to ensure compliance with privacy regulations.
Typically, players in this market adhere to data security standards such as SOC 2 Type II (comprehensive security audit), SOC 2 (security-focused audit report in service organizations), and HIPAA (legislation protecting health information). Platforms also comply with major data protection laws. However, the cheaper the platform, the fewer features and coverage of standards and regulations it will address.
The data catalog market could expand even further. According to IBM data, companies spend 70% of their time searching for data and only 30% on its effective use. Estimates suggest that the global data catalog market could generate revenue of around $1.8 billion by the end of 2027. Data catalogs play a fundamental role in eliminating repetitive tasks and integrating work done in silos, providing a centralized source of data.
More Data, More Analysis
Here, I believe lies the connection of everything we've discussed so far, where the company can extract the maximum value from data, and when combined with the last two aspects mentioned (privacy and data governance), it can be further enhanced: the data collection and analysis market.
In the financial ecosystem, there are many players that collect and provide data to fintechs and banks. Among them are the Iniciador, a platform that facilitates payment initiation and data for Open Finance, relieving fintechs and banks of regulatory and technological concerns; Finansystech, which provides comprehensive Open Finance solutions for regulated and non-regulated companies, addressing payments, financial, and insurance data; Palenca, which simplifies income and employment validation for financial institutions; among others.
In data analytics, we also have many players, including Semantix, which offers a comprehensive data analytics platform; Demyst, which assists financial institutions in efficiently accessing external data; and InvestPlay, which allows users to generate highly personalized and contextualized offers from Open Finance data.
At the intersection, there are those who have managed to combine data collection and data analysis, such as Pluggy, which offers an Open Finance API for personalized customer experiences and insights via regulated and non-regulated Open Finance data; Klavi, which provides data intelligence for engagement and personalized financial products; and Belvo, which offers Open Finance solutions for accessing and understanding financial data.
For example, Palenca offers a simple and straightforward solution. With benchmarking against the American company Pinwheel, which also provides secure and reliable access to consumer income data, Palenca has been growing in the Latin American market, especially in Mexico and Brazil — and is poised to grow even more in Brazil after its partnership with Serasa Experian. The founders previously attempted to create a fintech to provide credit for the Gig Economy, but due to the income volatility of this audience, they created Palenca, which simplifies income and employment validation for financial institutions, especially for Gig Economy clients.
In data analytics, Demyst's platform allows data teams to efficiently manage external data, offering a variety of features including external data configuration, detailed metadata, custom pipelines, among other functionalities. This enables data teams to acquire more data and confidence with less effort, driving return on investment (ROI) from data.
In extracting intelligence from Open Finance data, InvestPlay's platform enables the generation of dashboards and insights for financial institutions from this data, enabling the creation of highly personalized offers for the customer and allowing the generation of insights for customized offers. This results in better performance with increased profitability from personalized offers, and ensures positioning and differentiation from competing institutions.
Vertical AI, GenAI and banking
Artificial intelligence has also been gaining momentum not only in data analysis but also in automating tasks within institutions. There are many interesting projects that make use of APIs for AI systems, but those that have actually developed their own models based on open-source LLMs are scarce. This approach, while more practical, poses few obstacles for new entrants, suggesting that we are still in the early stages of competition in AI, which benefits those who want to develop more advanced solutions.
In banking, what could further elevate the game are vertical AI applications, both B2B and B2C, that are focused on specific functions, serving as assistants in certain tasks or fully automating others. There are many cases, such as Hyperplane, which integrates banking data for product personalization, or Themis, which has developed AI algorithms for automation and monitoring of banking workflows.
In the race for this competition, fintechs are often focusing on customer-centric products, while banks have directed their initial efforts in AI towards optimizing internal processes, reducing costs, automating manual tasks, and enhancing regulatory compliance.
Financial institutions have some advantages, such as much larger scale and access to more data, often, but high compliance costs and challenges in making agile decisions can pose challenges.
For the future, more hyper-personalized products
Open Finance and artificial intelligence are raising the competition. I believe that the big winners in this race of generative AI and Open Finance will be those who can provide more information (data) and benefit more from the results (operational efficiency). Those who can understand and create hyper-personalized products for their customers will have a competitive advantage in this new landscape.
Until the next!
Walter Pereira
Disclaimer: The opinions expressed here are solely the responsibility of the author, Walter Pereira, and do not necessarily reflect the views of the sponsors, partners, or clients of W Fintechs.
https://www.migalhas.com.br/quentes/396341/advogada-analisa-sancoes-da-anpd-a-orgaos-publicos-por-violar-lgpd