3 Fintech News Stories
#1: Zero-Standing Privilege
What happened?
SGNL, a startup focused on identity management and cybersecurity, raised a $30M Series A:
A startup called SGNL has built a new approach that it believes is better at securing how identities are used to access apps and more — it is based on the emerging concept of zero-standing privilege, where user access is conditional rather than “standing”
So what?
The idea here is fascinating.
Companies provide access for third parties to their services and networks for a variety of valid reasons, but once that access is granted, companies aren’t always vigilant in monitoring and revoking it. This creates vulnerabilities for malicious actors to exploit. Remember the Target hack of 2013? That vulnerability came from an HVAC company that had been given external network access.
SGNL is built on a standards-based approach to continuous access evaluation that was invented by Google in 2019 and has become widely adopted by identity standards organizations and private companies in the last six years. Using this protocol, SGNL continuously evaluates whether someone should have access to a particular system or dataset, looking at all the relevant data on that individual and cross-referencing it against the company’s access policies and pre-set conditions.
It’s not hard to see the value of this approach in financial services.
Banks used to be castles. They had very high walls and only one (well-guarded) way in. Everything from customer acquisition to vendor procurement was built around control and risk management, which was a boon for cybersecurity.
Today, banks look less like castles and more like bustling towns. Lots of roads (i.e., APIs) in and out and a culture that promotes the free flow of goods and information. This transformation (which is still in its early stages) has been great for innovation, but it has put a serious strain on banks’ cybersecurity folks. This is especially true in BaaS, where small and comparatively unsophisticated banks are working with a large number of fast-moving third parties who are always asking for access to their systems and data.
It’s an environment that is BEGGING for a more dynamic approach to access management.
#2: Stop Building SaaS for SaaS!
What happened?
Comulate, a fintech company focused on the insurance industry, raised a $20M Series B:
Comulate, which builds tools to help insurers manage billing and revenue operations, has closed a $20 million Series B round that it will use to expand its tech stack to cover more functions and scale operations.
Bond and Workday — the back-office giant — are co-leading the round. The funding comes after a barnstorming year (in the good sense) for Comulate.
So what?
My favorite detail from this TechCrunch story is how Comulate ended up focusing on the insurance industry:
CEO Jordan Katz, who co-founded the company with CTO Michael Mattheakis, said in an interview that they did not set out to build a startup targeting the insurance industry.
Initially, they wanted to build tools for people like themselves. “SaaS for SaaS,” said Katz. There was a small problem, however.
“There’s a lot of software out there that does very similar things, built by other software professionals who know how to build good software for problems they’ve experienced,” he said. “We just felt Silicon Valley didn’t need more software for itself.”
So they changed focus to insurance, he said, an area they knew very little about.
It was a lucky hunch. Insurance is one of the many industries that seem tech-adjacent (it’s often coupled with financial services), but in truth, it has been largely ignored when it comes to new technology, particularly vertical-specific solutions.
“Silicon Valley didn’t need more software for itself.”
They need to tattoo that quote on everyone who gets into Y Combinator.
And the thing is, neither Katz nor Mattheakis had any prior experience in insurance! They just thought, “Hey, I wonder if insurance companies might need a more automated approach to billing and rev ops?”
Turns out, the answer was a resounding yes:
In 2024, the startup tripled revenues and was getting so much inbound business from large firms that — for what it’s worth — it said it skipped raising a Series A and went directly to Series B. The company didn’t disclose any numbers except to say that its revenue is in the tens of millions.
#3: Limited Understanding
What happened?
Limited, a global crypto-native neobank (I guess?), raised a $3M pre-seed round:
Limited, a next-generation fintech startup offering stablecoin-based premium global banking services, today announced it has raised a $3 million pre-seed funding round led by Third Prime, with participation from The House Fund and Arche Capital. The company, founded by Hussein Ahmed, aims to transform how businesses and consumers worldwide interact with money by merging the best of crypto technology with the familiarity of traditional banking—minus the institutional vulnerabilities seen in failing banks or centralized exchanges.
So what?
I’m already on the record as wary of startups that pitch their products as being “stablecoin-based.” Let’s see if we can get a better understanding of what Limited actually does:
Limited harnesses this trend [the growth of stablecoins] by offering U.S. bank accounts to global users, where incoming ACH, Fedwire, and international wire payments are instantly converted into stablecoins such as USDC, USDT, and EURC. By placing assets in self-custody wallets, Limited users retain complete control of their funds—safeguarding them from the risks of bank collapses or platform failures.
OK … so it’s a U.S. bank account for global users that can accept ACH, Fedwire, and international wires, and then it automatically converts those funds into stablecoins that the users manage in self-custody wallets?
A couple questions:
- Which U.S. bank is accepting the funds before they are converted into stablecoins? Limited doesn’t name any specific bank partners in the disclosures on its website. The reason I’m curious about this is that Limited has an article on its blog bragging about how much easier it makes it for companies operating outside the U.S. to open a U.S. bank account compared to traditional banks. This value prop sounds very Evolve-y to me, but Evolve isn’t taking on new fintech programs these days, so I’m guessing it’s someone else.
- Why do all the funds get converted into a self-custody wallet? Limited says this protects users from the risk of bank collapses or platform failures, but … like … the risks of those happening in the U.S. are vanishingly small. My dad loses his car keys roughly 1,000,000,000 times for every one bank failure in the U.S. … and that’s without anyone trying to steal or scam my dad’s keys away from him. Plus, users are almost always made whole when their bank fails. When you lose your private key in crypto, you’re fucked.
Does Limited do anything else?
Why yes! They also claim to offer Visa and Mastercard payment cards for businesses, consumers, and parents/teens, as well as an option for partners to launch co-branded versions of the cards:
Inspired in part by the American Express model, Limited offers premium Visa and MasterCard options worldwide— their own, spanning White, Silver, and Gold tiers—and also enables co-branded card programs for brands seeking a global footprint. This approach lets partners easily design, launch, and fully manage customized cards that significantly boost customer engagement and loyalty—unlike typical co-branded offerings that are restricted to local or regional deployments. Uniquely also, Limited caters to high-end users. The Limited Gold Card comes with 24/7 global concierge services, exclusive perks like complimentary breakfasts at luxury hotels (including the Ritz-Carlton and Mandarin Oriental), free rental days at Hertz, and top-tier travel experiences that rival the best in the market. Simultaneously, the company supports instant, near-zero-fee cross-border payments in over 140 countries, using more than 300 local payment methods (such as WeChat, Pix, SPEI, GrabPay, and others) across 80 currencies.
OK, no. Sorry. I just can’t accept this. There’s no way that these guys have built fully-featured card products (debit? charge? credit? … they don’t say!) for affluent consumers, corporations, and parents/teens, with the ability to support co-brand partnerships, globally, along with the global banking/cross-border payments product we discussed above.
I’m unsure if this is just early-stage startup bluster (We do everything! For everyone! Even though we just raised a pre-seed round!) or something more concerning, but regardless, BEWARE OF STABLECOIN PROMISES THAT MAKE NO SENSE!
2 Fintech Content Recommendations
#1: No, The CFPB’s Not Dead. It’s Not Even Close to Dead. (by Adam Levitin, Credit Slips) 📚
I thought it would be useful to share a few other perspectives on the CFPB drama since I have been writing about it nonstop for the past few weeks (building on the reporting of the ever-vigilant Evan Weinberger).
This first post is a bit outdated, but Adam called exactly what was going to happen (a mass layoff that quickly ran into legal challenges), and he describes why the CFPB will be much harder to delete than Elon Musk might assume.
#2: Delete the CFPB? Be Careful What You Wish For (by David Silberman, Open Banker) 📚
This second post, from the former Associated Director for Research, Markets, and Regulations at the CFPB, outlines what the consequences of deleting the CFPB (if successful) would be and why even those who think they want that outcome might want to reconsider.
1 Question to Ponder
What are some examples of fintech harnessing the powers of gamification and behavioral science for good rather than evil?
I’ve been spending a lot of time looking at Robinhood and Coinbase lately, and I’m getting depressed. Please cheer me up by sharing examples from the light side of the Force.
