Dymon Asia Ventures recently held our 4th Annual LP Day, which brought together a panel of thought leaders in the Finhealth and investment space to share their views on navigating volatility in emerging markets, open banking in the region, the emergence of corporate venture capitals in Southeast Asia and the size of the digital healthcare opportunity in the region. A common theme that threaded across these thought-provoking sessions was the role of regulations and its impact on how we should continue investing in the region. Below are some reflections based on insights given by the panel.
1. Shiru Café
The day started with a story about Shiru Café, a café that provides free coffee to students in exchange for data that they collect on students from basic information like names, date of birth, phone numbers and email addresses to deeper details like majors and professional interests. Shiru Café then sells this information to recruiters and corporates. An interesting business model that is in fact not new, but places a monetary value on the data we give up – the price of free coffee. The café started in Japan and has expanded to India and US, opening on the campuses of Brown University, Amherst College and Yale University.
Such a business is likely to get regulated sooner or later in the US. And we are starting to see presidential nominees such as Elizabeth Warren calling for the regulation of consumer data, even if the consumers consented to giving it up in return for some sort of utility – be it better search results, access to social media or maybe even free coffee. She has also gone to the extent of proposing criminalisation for CEOs of companies that violate data protection or privacy laws.
Perhaps this is the reason why Shiru Café pulled out of the US in Oct 2019, despite reports that it had an estimated 76 percent of the Brown student body registered as cafe members and expected up to 25 corporate sponsors by the end of 2019.
Here in Southeast Asia, there has been a wave of start-ups and large corporates giving out discount coupons and cash in exchange for customer data. With all these personal data sitting in the hands of organisations, we expect regulators to tighten data breach laws which will create opportunities for cybersecurity and data protection services.
2. EU Regulations – The New Exports
EU’s core export over the next five years is likely to be regulations. Data and financial services policies had the most impact on this part of the world – from Fintech Sandboxes to Markets in Financial Instruments Directive to the Payment Services Directive to the General Data Protection Regulation. Financial services firms and fintechs in Southeast Asia have begun taking cue from these directives, despite not being directly regulated by it.
What has been more interesting in this region is how markets here have taken EU regulations and adapted it to suit their own needs and peculiarities. Take for instance, UK’s Open Banking regulation, which was UK’s version of EU’s PSDII that forced large banks in the UK to release their data in a secure, standardised, digital form, so that it can be easily shared between authorised organisations. We are starting to see Southeast Asia importing many aspects of this framework but in a bottom-up driven approach.
Banks in the region are embracing the core principle of open banking – customers own their data which is a key source of their identity. Unlike UK or the EU, the 100 million underbanked and 198 million unbanked adults in Southeast Asia allows for a different spin on open banking. Here, a consumer’s bank credentials, one that has undergone know-your-customer checks, becomes the proxy for his or her identity. Given the lack of credit bureau in the region, one’s financial transactions becomes the single source of truth in providing credit scoring. Banks and financial institutions have the opportunity to transition into custodians of identities, partnering with fintechs to solve specific pain points, allowing customers to access banking products outside of formal banking channels.
Keeping tabs on EU legislation will become increasingly important. It will be worth watching how regional regulators take heed of the EU’s legislation on payment interchange fees. Over the years, the EU has lowered interchange fees for payment networks like Visa and MasterCard to a maximum of 30 basis points for physical transactions and 150 basis points for e-commerce transactions. In Southeast Asia, a new wave of alternative payment method such as e-wallets have entered to compete away this margin. However, interchange fees in Southeast Asia remain high and well above that in EU. When the discount wars stop, will regulators eventually decide to weigh in on these rates, or will they let the market decide in return for innovation in this space?
3. US Labour Tightening – Dislocation of Tech Talent
Tightening immigration policies have made it harder for tech companies to bring highly skilled workers to the US. While this means that more US tech jobs will head overseas, it has also led to opportunities for this part of the world. Across our deal flows in the past years, we have seen an increasing wave of tech talent and founders who were educated in or have previously worked in the US move to Southeast Asia to either start a new wave of tech companies or help locally grown champions scale. We see this trend within our portfolio companies as well – talents from US moving to the region join Impact Credit Solutions, Brankas and Fundnel, just to name a few. Talent attracts talent, and as a result, highly skilled entrepreneurs from other parts of the world who previously considered US are also shifting their focus towards Southeast Asia.
4. US Decentralised Data vs China’s Centralised Data
With increasing pressure for data protection and against data sharing in the US, consumer data is increasingly siloed within corporations, with merging of datasets increasingly being blocked. This leaves US with 300 million individual’s data that you cannot aggregate or amalgamate. As a result, artificial intelligence-based solutions will have to be trained on disparate datasets which means that results aren’t going to be as great or accurate. China, on the other hand, is aggregating consumer data at an unprecedented scale aided by both big tech and the government. This gives Chinese AI solutions a huge leg up. The best AI algorithms, or the fastest machine learning processors cannot outcompete a larger and more comprehensive dataset. This leads to major implications for fields that require huge datasets and demands high accuracy – genomics, AI-based diagnostics, predictive care and medical triage to name a few.
It is worth monitoring how regional data regulations evolve, given its impact on the growth trajectory of these AI based digital health companies, especially due to the phenotypical differences in the region.
5. Demand for Regulation
The digital economy has created significant regulatory uncertainty such that banks and tech companies are now demanding to be regulated. They need clarity on the kind of security systems required, the data protection policies to have in place, the ability to use AI in its processes and the ability to use black-box solutions. It’s not just the banks or large tech firms. Every party in the ecosystem – from vendors to distributors – needs to know what it is that they need to do to stay within the law. Without such regulatory certainty, corporations will stop moving. For instance, financial institutions in Singapore stayed on the side lines and waited for absolute clarity from the Monetary Authority before implementing cloud solutions. The regulator had to come out to clarify, saying: “There used to be a view within some quarters that MAS does not like the cloud. Let me reiterate: MAS has no objections to financial institutions using the cloud.” Another case in point is the blockchain and cryptocurrency industry which had stagnated over the past two years due to regulatory uncertainty in most jurisdictions.
As the region moves towards open banking, regulatory certainty around liability is also of utmost concern. Banks are historically protective of their data, and rightly so. They are worried that if the data they share enters the wrong hands, they will be the one who will bear the brunt of the regulatory backlash. CVCs can play a role here, helping corporates keep abreast of innovations and shaping conversations with regulators around new technologies.
Going forward, we are likely to see margin compression across the board in the US and EU resulting from regulatory expenditures. The key lesson for the region is to pre-empt these concerns instead of trying to back solve for regulatory issues down the road. Sandboxes in highly regulated industries such as financial services and healthcare have been helpful in addressing these issues, and we expect to see greater adoption of regulatory sandboxes across the region.