Jo Ann Barefoot, CEO of Barefoot Innovation Group

Jo Ann Barefoot, CEO of Barefoot Innovation Group

Enjoying the podcast? Don’t miss out on future episodes! Please hit that subscribe button on Apple, Spotify, or your favorite podcast platform to stay updated with our latest content. Thank you for your support!

On the Lend Academy Podcast I rarely focus on regulation and compliance. But the reality is there is some innovative work happening in that area as well, particularly in the UK. And our next guest is someone who has deep experience in this area and is at the forefront of innovation when it comes to regulation.

Jo Ann Barefoot is the CEO of Barefoot Innovation Group and she is also the publisher of the excellent Barefoot Innovation Podcast which has been at the top of my list of favorite podcasts for many years now. This was a fascinating conversation where we touched on so many topics and Jo Ann’s enthusiasm for regulatory innovation is infectious.

In this podcast you will learn:

  • Jo Ann’s background and why it has led her to a focus on regulation innovation.
  • Her recent work at Harvard that focused on consumer financial health.
  • The work she does today at Barefoot Innovation Group.
  • Why the underbanked are the riskiest segment to lend to from a regulatory perspective.
  • What Jo Ann means by “digitally native compliance”.
  • How the regulatory and compliance framework is going to be moving to digital tools.
  • The example of the FCA in the UK and how they are working on digitally native regulations.
  • How can we build new models on top of the current regulatory structures in the US.
  • The two huge problems that community banks have and how technology can solve them.
  • Why regulators do such a bad job in catching financial criminals.
  • What Jo Ann’s new startup, Hummingbird Regtech, is doing to try and change this.
  • Why Jo Ann is optimistic about the future of financial regulation.
  • Why regulators don’t have an option any more to sit still in this fast changing world.

This episode of the Lend Academy Podcast is sponsored by LendIt Fintech Europe 2018, Europe’s leading event for innovation in financial services.

Please read a transcription of our conversation below.


Welcome to the Lend Academy podcast, Episode No. 155. This is your host, Peter Renton, Founder of Lend Academy and Co-Founder of LendIt Fintech.


Today’s show is sponsored by LendIt Fintech Europe 2018, Europe’s leading event for innovation in financial services. It’s coming up on the 19th and 20th of November in London at the Business Design Centre. We’ve recently opened registration as well as speaker applications. You can find out more by going to

Peter Renton: We have a special guest for you on the show today. I’m delighted to welcome Jo Ann Barefoot, she is the CEO and Founder of Barefoot Innovation Group as well as the Co-Founder of Hummingbird RegTech. She’s also been a regulator, she’s been in a consulting practice for many years, she’s had a long career in and around financial services regulation.

So I wanted to get her on the show to talk about where we’re at with regulation, what we need to do to improve and how we can get there and Jo Ann gives some concrete examples here about what regulators can do to really bring themselves into this rapidly changing world of fintech and really make their regulations a lot more flexible and a lot more easier to comply with. It was a fascinating interview, hope you enjoy the show.

Welcome to the podcast, Jo Ann.

Jo Ann Barefoot: I am delighted to be here, Peter, thank you.

Peter: Okay, it’s nice to have you and I’m a big fan of your show and it’s one of the ones I always listen to. It’s nice to have you on the other end of the microphone now.

Jo Ann: Thank you, I am happy to be on the other end of the mic and I’m a huge fan of your show and also, of course, of LendIt so it’s really fun to be able to talk.

Peter: Okay, so let’s get started. You’ve had a fascinating career, if you go and look at your LinkedIn page you’ve done some very interesting things, worked for some interesting organizations. Why don’t you give us a little bit of background about what you’ve done in your career to date.

Jo Ann: Sure, so I have worked for decades in and around financial regulation, mostly focused on consumer protection and financial inclusion, although not entirely, and not going all the way back, but my background includes work for the Senate Banking Committee and I was Deputy Comptroller of the Currency. I actually set up the first consumer protection function at the OCC long ago. I was a Partner at KPMG, I was Co-Chairman of Treliant Risk Advisors.

I’ve started my own company several times, including one now that I know we’re going to talk about, our regtech company, Hummingbird RegTech, and then along the way, I began to immerse in technology, five/six years ago and came to the view that technology had the potential to solve a lot of problems that consumers have in their financial lives and small businesses as well that we’ve been trying to solve with regulation without much luck so I have shifted increasingly to what I call regulation innovation, how to regulate financial innovation and fintech to optimize it, both to let the good things happen and deal with the emerging risks and then also how to bring regtech innovation into regulation and compliance to make the whole system work better and more efficiently.

Peter: We want to get into some of that in some depth shortly, but I want to also talk about…you recently did a stint at Harvard fairly recently, what were you doing there, and what was sort of the focus?

Jo Ann: Yeah, I’m glad you asked. I was a Senior Fellow for two years in the Harvard Center for Business & Government in the Kennedy School, it’s a fantastic program and gave me the opportunity to spend two years really stepping back and thinking hard and doing research on these issues of consumer. You know that I…I think you know I Chair the Board of the CFSI, the Center For Financial Services Innovation and we’ve done so much research there framing these consumer finance issues in terms of consumer financial health.

So at Harvard, I took a hard look at how we have been…so I’ve been working on a book and it looks at how we currently try to promote consumer financial health from a policy standpoint, a clear-eyed assessment of how we’re doing and the answer is not well, very poorly and then really exploring how fintech could be transformational, if we regulate it right.

The niche I’ve carved out for myself in this whole cluster of work has been focusing on the challenge of getting the regulatory response optimized as technology changes finance, digitizes finance and then also in the book I look at regtech and emerging risks and recommendations. So I haven’t finished the book, but I am putting out a series of papers that we’re in the process of having reviewed now that’ll be an interim product which I hope people will find really interesting.

Peter: It does sound interesting. So then what do you do….what does Barefoot Innovation Group do? Do you do sort of private consulting work, is that what you’re doing there?

Jo Ann: Yeah, we do selective consulting if it’s well aligned with the mission that I am describing, but most of our work is…it’s all clustered around these same subjects and so we do have the podcast show which has a fantastic listenership around the world I must say, fantastic guests, as does your show. So we have that, we do convening, round tables where we really work at gathering people together on a small scale, not like LendIt, but conversational sessions around key issues and then I do a lot of writing and speaking; I speak all over the world.

We have a US focus, but as you well know these issues are global issues and in many ways other parts of the world are further advanced than the United States in both the fintech innovation and the regulation, largely because they all went to cell phone-based financial services more rapidly than we did and so they’ve had to figure that out.

So I’m involved with everything from the World Bank and the United Nations, the Omidyar Network sponsors some of my work. I don’t know if your listeners know that Pierre Omidyar was the Founder of eBay.

Peter: Yep.

Jo Ann: They are committed to financial inclusion and have focused on a lot of these same issues and yeah, a certain amount of consulting.

And I work with regulators all over the world and in the US as they’re trying to fashion their innovation strategies and figure out, you know, build new models. Something I’ve realized, Peter, we’re not going to restructure what we have, at least not from the top down, we’re going to have a certain industry structure and a certain regulatory structure and we’re going to have to create some new models that can enable these old often entrenched organizations to come together in new ways, collaborate, figure things out together so I do a lot of work at those, at the themes between all that.

Peter: And I want to dig into some of those new models in a little bit, but I want to firstly, I was listening to your session at LendIt just a few weeks ago and it was really…one of the things you said which just really struck me is that, you said that we’ve made the underbanked the riskiest segment to lend money to, from a regulatory perspective, not talking about credit risk, you were talking about regulatory. So what did you mean by that and do you think that’s going to change anytime soon?

Jo Ann: I’m so glad you asked. So the first thing I’ll say is this is not anybody’s fault. I sometimes find…I’m always talking about regulatory change and I’m not critical of very much of what has been done in the past, but the thing we need to think about is whether we used to do this right or wrong, the point today is we can do better. And that really applies to this question of lending to people who have been underserved and in a high risk category partly because particularly in the United States we scrutinize these lending patterns for fair lending, disparate impact which is, you know, are statistical patterns of outcomes that may show disparities between how different classes of customers have been treated and the standards for doing that are not clear.

Again, I don’t think that’s anybody’s fault, but it’s a suggestive judgment as to whether there’s a good business justification for say a higher price, high risk loans being more highly correlated with a certain ethnic or racial group, for example. So the lender doesn’t know how to defend patterns in that block and the same with issues among Unfair and Deceptive Acts and Practices, UDAP.

The regulators worry that the people in this underserved grouping are more vulnerable and the bank regulators sometimes protect them out of access. They err on the side of making sure that the protection is strong so they’re going to be tough on any lender that might be doing something that could be perceived as unfair or discriminatory, even if it’s accidental and then the punishment will be severe. And so the industry minimizes lending in that space except for the specialists that are in it like the payday lenders and they, of course, charge a lot for serving it.

Peter: Right, right. So I want to move to compliance which is something that I’ve heard you talk about a lot and you used this term recently, “digitally native” compliance. I thought that was a fascinating term and I wanted you to sort of tell the listeners what you mean there and what is so significant about it.

Jo Ann: Yeah, so working in the innovation space as we do, I think the thing we all learned is that it’s hard to innovate on top of old roots and old systems and it is often easier to start fresh. I’m not a digital native myself, I’m not in the age bracket for that and so it’s harder for me to learn technologies, even though I am a big technophile, than it is for somebody who grew up taking for granted that your life is about digital technology. I think the big thing that’s going on here and it’s sort of obvious and yet people don’t think about it is we’re in the process of digitizing finance and when you digitize anything, you know, think of your mobile phone, for example, three things always happen.

You make the thing better, you make it faster and you make it cheaper. That’s not to say that new problems may not come up, but nevertheless, those three things pretty much always happen when you move a system from an analog design that was originally created on paper and then maybe later it was automated. When you put that aside and start with the data, start with data analytics and machine learning that is building from the data, then everything starts to be better and even less appreciated than that is that we’re also digitizing regulation too.

We’re in a very early stage of it, it’s not obvious to people who are not deep in this space, but the whole regulatory framework and compliance framework is going to be moving to digital tools. So we’re going to move towards having complete data sets, real-time data, sophisticated data analytics.

To give a concrete example, the SEC, for instance, is running artificial intelligence on both reported data and external big data to scrutinize the securities markets for potential misconduct or insider trading, not to prove anything, but to target their resources towards anomalous behavior patterns that are starting to emerge. The whole compliance and regulatory machinery is going to move to that type of thinking and it’s going to be driven by data and the best of it will be digitally native rather than, again, automating old processes. They’re going to get the power out of that.

Peter: Right, right. Could you also just share, I heard you talk about an example at the FCA in the UK that they have sort of started to really implement, I guess, some of these digitally native regulations. Can you tell us a little bit about what they’ve done there and the significance?

Jo Ann: Yeah, I’d be happy to. So the FCA, the Financial Conduct Authority in the UK has been the most bold and innovative financial regulator in the world. I feel very confident in saying that.  Although there are some other countries doing really amazing things too…and they’re famous for their regulatory sandbox where they have been looking at fintech innovation in a controlled, experimental environment.

But maybe to me even more exciting is that on the heels of that they’ve developed a team working on regtech and one of the things they have been doing is running tech sprints which is actually a hackathon. They are regulators so they’ll tell you that they don’t like the word “hack,” but they call it a sprint and they bring people in with regulatory expertise, they bring in the banks and the tech companies and so on and people who are actually able to write computer code and they begin to problem solve together in a highly collaborative environment in these sprints.

They ran an experiment last fall that I think is the most revolutionary thing that I’ve ever heard of in my lifetime in regulation and that is a test of whether you could issue some regulation in the form of computer code. They call it machine executable regulation and there is more drama if we had more time I could sort of tell the full narrative of this, but it was a very ambitious undertaking, a 2 week effort by a big team of people who by the end of it were exhausted and worried that it wasn’t going to work.

They succeeded in taking a block of dummy data and running a regulatory reporting requirement against it and then changing the requirement as if they had issued a change in the regulation and sending that against the data as a block of code and getting a correct report back and it took ten seconds to do it. The video online of this…everybody erupted in cheering in the room and I’ve been saying, when was the last time you saw bankers and regulators cheering together, you know, it’s like unheard of.

So they put out a report in February asking for input on where to go from here with this idea, but just in regulatory reporting alone, it has the potential for massive, massive savings to both the government and the industry and part of the vision of it is it would be adopted voluntarily. This is something I’ve been advocating through my Harvard work that we shouldn’t necessarily force change on the whole system and these experimental areas. We should put out sort of a second channel of regulation and let the industry opt-in to it voluntarily if they want to, and maybe over time the old system will wither away.

But the idea is to potentially bring reporting increasingly into this kind of directly connected capability and then both the regulator and the bank or the financial company would be looking at real-time data, complete data. You know, we still send bank examiners into banks today pulling samples of files to look at, you know, forty files, to see if there are any problems in them and then they pull some more and we do it that way because in the old days that was the only way to do it. You know, there wasn’t data, there wasn’t computing power to look at big sets of data and really understand what they’re telling us, but now there is. Maybe if we had a system like this we could have caught the subprime mortgage risk early.

Peter: Right, quite possibly. I mean, if you’ve got all the data that’s involved in all of those mortgages, you can probably see…everyone could have seen what Michael Burry saw a couple of years before the financial crisis.

Jo Ann: Yeah.

Peter: So I want to move on to a theoretical exercise. So I just want you to imagine Congress has commissioned you to come up with a report to say, right, let’s start from scratch, let’s throw out all the financial regulators, FDIC, SEC (Jo Ann laugh), the whole lot, the whole lot and just say what should we…if we were to start this today from scratch, if we were to say the world has changed dramatically and a lot of these regulations were written in the 30’s or 40’s, even earlier in some cases that we’re still adhering to, what should we do? Could you just sort of paint and obviously it doesn’t have to be a completely detailed picture, but just paint some sort of picture for the listeners about what an ideal regulatory regime in this country would look like?

Jo Ann: Yes, a digitally native regulatory regime, that’s a great question. Okay, so I won’t say everything should go under the OCC even though I am an OCC alum as former Deputy Comptroller (Peter laughs) and I’ll also say that I don’t spend a lot of time thinking about the ideal regulatory structure because I’ve been in Washington off and on for so long that it’s clear to me we can’t restructure them.

So I’m more interested not in what the agency structure should be, although we should certainly have fewer agencies, than in how can we build new models on top of them. I’ve been thinking about a lot about this lately, we can’t restructure much of what’s there. Any one of these things that you try to restructure is going to take years to do it and we don’t even know in this environment exactly where we’re trying to get to. Nobody has all the answers, we’re figuring it out as we go, but what these agencies, if I were doing this for Congress…what I would say is these agencies, number one, need to adopt and emphasize their technology and innovation agendas.

They all are moving forward on this now. All of our US federal agencies and many of the states do have innovation initiatives in various forms, those should be beefed up, they should be top priority for the heads of these agencies and the senior staff. The skill sets should be changed, these agencies need data scientists and engineers, consumer product design engineers should come in and take a look at these processes. Sometimes when I make my speeches, I show a picture of Congressman Barney Frank, former congressman, and Steve Jobs on the same side and that’s two brilliant minds, a legal mind and a tech mind, but if you gave them the same problem they wouldn’t solve it the same way.

We need to be thinking about how can we use technology from scratch to redesign these things. And then I would have all these agencies…I wouldn’t just have them do another regulatory review, looking for updates and redundancies I mean, that’s all great, I think people should do it. But what you would do instead would be to pick some priority areas and say, we’re going to design in one area and then another and another new regulatory approaches from scratch with these digitized tools and let them grow up next to the old system and let people opt-in to them and let us learn from doing it.

Meanwhile, also, we’re going to adopt regtech ourselves and bring the best of technology into our own processes and encourage the industry to do the same. In the United States, as you know, we’ve got 6,000 banks, for example, and people worry about the future of the community bank in this high tech world. Community banks have two huge problems. One is how to keep up with the technology and the other is how to not drown in the regulatory work. Technology can solve both of those.

We could bring the cost of compliance drastically down if we can allow the adoption of new kinds of digital tools for compliance. The regulators need to get comfortable with that, they need to develop the expertise to be able to do that well and they need to collaborate with each other. They need to not have separate turfs and domains that have walls around them, but close working groups, robust collaboration among themselves and with the industry and with the tech world and engage in rapid learning.

The speed of the learning is half the problem. These regulators are not designed to change this fast. Again, I’m really sympathetic to it, they have the hardest jobs it seems to me, they’re supposed to walk the nice edge, you know, let all of the good things happen and let none of the bad things happen which is impossible and they can’t do that unless they have room to experiment, room for testing, sandboxes or reg labs where they can get hands on and learn to regulate through a different kind of experience.

Peter: Okay, so I want to switch gears to Hummingbird RegTech. I know you guys do…you’ve got a new approach to anti-money laundering, but maybe before we talk about that specifically, why…I mean, I hear these stats all the time, something like 1% or 2% of all the laundered money in the world is caught. We have all of these complex systems in place for AML compliance and it seems like we’re doing a really bad job, why is that?

Jo Ann: Yeah, it’s because the technology is analog era and also is locked up in silos. So those numbers are from the United Nations, they’ve estimated as of about two or three years ago that the global annual financial crime is about $1.6 trillion or more and that we’re catching less than 1% of it currently. We estimate that in the United States the price tag for that is probably about $50 billion a year. So we’re not failing for lack of resources, at least on the financial industry side, but we’re using these old tools. Again, this isn’t anybody’s fault, but we have to change it.

So the system is, as everyone knows I think, that the financial company or bank has to do so called Know Your Customer screening, verify the identity of customers and then monitor their activities for suspicious patterns and if there is a suspicious situation they have to report that. At every step of that we have old technology, high false positives, we’re drowning…if you talk with law enforcement agencies they are drowning in low value information that they have no tools to wade through. There are exceptions in the highest priority areas, but the system is just putting out a tremendous amount of information that’s not useful to anyone, and therefore, law enforcement will tell you that they can’t find the biggest crimes.

The criminals are getting more and more sophisticated and they are networked. You know, they steal our identities and sell them on the dark web, but then we’re still upset that a bank is missing a field as they fill in the identity information, but the identity information isn’t identifying us anymore. You need different data to really prove who the person is. Criminals are more likely than the real people to correctly enter the identity information on the form because they’re doing it with a script instead of actually typing with their fingers.

Peter: Right, and obviously they’re using the latest technology. They’re unencumbered, they can pay for extremely advanced technology with the best data scientist who are willing to work for a criminal of course, they’re not hamstrung. So then what is Hummingbird doing to try and change this?

Jo Ann: So Hummingbird is starting with the investigation part of this process although we’ll be doing other things over time and we’ll be expanding beyond money laundering over time, anti-money laundering as well, but what Hummingbird does is it comes into the bankrupt financial company and takes the alerts that have been generated that indicate possible money laundering. It takes all those feeds of information which are typically very complicated and the financial company can be 20 streams of information internally and externally, for example, puts it all into a single tool, puts all the data together, auto populates the basics of the form and then runs instant analysis to find the patterns of connections.

Are different accounts connected, are they showing patterns and typologies that suggest illegal activity, whether it’s funneling or spoofing or whatever it may be. Find those patterns through this robust collection of data and also create data visualization so that a human being can look at a picture of these patterns. Most people are doing this work even in the big companies today in Excel spreadsheets. They’re taking information from other sources and copying and pasting it into Excel and then moving it in a spreadsheet.

Hummingbird will take all of that, put it into a picture that will show you…that’s interactive, that you can play with and look at different timelines and different focuses. It’ll show you a picture that, again, the human eye can instantly tell whether the pattern is online gambling or it might be human trafficking or whatever and then also put it on a map instantly. People are looking up Google Maps now and taking screenshots to demonstrate what they did. But this just automatically maps it with dynamic mapping so you can home in on different areas, you can put more data into it and find more patterns.

At the end of that, either file the suspicious activity report if it is merited or archived at all, the system auto audits everything that’s been done so that compliance is automatic, the analyst can show all of the stuff that they took, all of the things that they looked at and checked and then over time as more data comes into it, it gets smarter and smarter, it learns from the human analyst what does money laundering look like in your organization. And then we can use that to begin to analyze the alerts themselves over time and reduce the false positives.

Most of the alert systems today are rules-based rather than machine learning based so you want to be able to have a tool that starts to suggest to you here’s what the pattern looks like, starts to draft the narrative of the report. It’s typically…this process per case industry averages somewhere around four hours for a normal case and this tool can get that down to 15 minutes or even less if it’s a routine case and then free up resources instead of doing all of this clerical work for actually finding that…you know, the other 99% of the money laundering that we’re talking about.

Peter: Right, it would be good to do a better job there, that’s for sure. It’s staggering that we spend all of that money for such a small return on investment when it comes to catching these people.

Jo Ann: The other thing that we always try to emphasize is the importance of getting this right because it’s not just the [inaudible] task that we’re talking about, You’re talking about the funding mechanism for illegal drugs, the opioid epidemic, terrorism, human trafficking, illegal wildlife trafficking all the way down the line. There’s so little risk to these criminals, including the sophisticated international network, so little risk of getting caught which is what makes this so lucrative. If you talk to the law enforcement people working with these tools they are so eager. I’ve seen with my own eyes the situations where they’re sitting around tables…with yellow highlighters trying to find patterns and, you know, we really have to do better than that.

Peter: Yeah, I mean, that’s exactly what technology is designed to do, is to find patterns where humans find it difficult so that does sound promising. We’re almost out of time, but one thing I wanted to ask before you go is that when I hear you speak on your podcast and other times, you always seem optimistic about the future for financial regulation, for compliance and I’d love to share your optimism, but I sometimes feel the opposite to that. We’ve got 50 states, with all different priorities, we’ve got all different regulatory agencies with different priorities so I guess last question is why are you optimistic about the future?

Jo Ann: That’s such a great question. I am very, very optimistic, I don’t underestimate the difficulty. I worked for the United States Senate, I’m not naive about things changing, but I’m absolutely sure we’re going to go in the right direction. One reason is I see the policy makers and regulators changing every day, there is more openness, more innovation, more eagerness to learn and think differently in regulators in the United States and around the world. They’re beginning to lead.

And secondly, they don’t have the choice not to. I think it’s becoming increasingly clear to both the regulators and to compliance people that as technology changes the world, you don’t have the option of holding still until it becomes more clear to you what to do, it’s not going to get clear.

Peter: Right.

Jo Ann: We’re going to be in permanent uncertainty and the delta between the linear systems that we’ve been using and the exponential curve of the technology change is just widening constantly so that the risk increasingly is in not changing instead of clinging to your comfort zone of what you used to do and I think regulators can see that. We’re going to have failures in banks and in regulators for not adopting these different tools, the tools are just better.

And here’s the last thing I’ll say, we think of regulation as a binary choice because it always has been. You either have to spend a lot of money to get a good outcome or you try to spend less money and you’re compromising on results. This technology breaks that dynamic and everybody can have what they want, we can have less expensive and better regulation and compliance at the same time if we adopt these changes. Once people realize that, they want to make it happen.

The UK Financial Conduct Authority regtech group has seven people in it and they have hundreds of people helping them build new tools because people can see…it’s a growing community of people who can see that we can do this better if we work together. Totally optimistic.

Peter: Well I hope you’re right, I do and I really appreciate you coming on the show today, Jo Ann. There’s much more to talk about, but we’ll have to leave it there.

Jo Ann: Thank you for having me and I’m inviting you back on to my show as well and I’ll look forward to another conversation there.

Peter: Okay, that sounds like fun.

Jo Ann: It’s really been fun.

Peter: Thanks, Jo Ann, see you.

Peter: You know on this show I tend to focus on the commercial side of finance and fintech. I don’t spend a whole lot of time on the regulatory piece, but it’s such an important piece. That’s one of the reasons why I wanted to get Jo Ann on today and it really strikes me that we’re always pushing the envelope with technology when it comes to whether it’s data science, whether it’s mobile technology, you know, whether it’s just bringing in the latest and fastest hardware.

All of this is available to regulators as well and I loved the example she gave about the UK where you can really have machines really manage the compliance process and the regulatory process. So I think we are a long way away from having that be a reality in this country in a widespread way, but it clearly points to where the future will go and I think where it has to go. As Jo Ann says, we really don’t have a choice anymore because the world is changing so fast and regulators have to try as best they can to change with it.

Anyway on that note, I will sign off. I very much appreciate you listening and I’ll catch you next time. Bye.

Today’s show was sponsored by LendIt Fintech Europe 2018, Europe’s leading event for innovation in financial services. It’s happening November 19th and 20th at the Business Design Centre in London. Registration is now open as well as speaker applications.