Lionel Messi-Backed NFT Sports Site Lacks Basic AML Controls
Lionel Messi-Backed NFT Sports Site Lacks Basic AML Controls
Varo Already Spent The $50M It Raised In April, With Nothing To Show For It
Hey all, Jason here.
After a whirlwind two weeks in the US for Money2020, a visit to family in Chicago, and capping it off with the FedFis Roundup in Texas, I’m finally home!
As always, these events were a fantastic opportunity to catch up with folks from across industry and finally meet people face-to-face. I have extreme admiration for the people that work tirelessly to put together these events — thank you!
Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:
Get Tickets Now For Fintech’s New Big Event
Sponsored content: Fintech Meetup (March 3-6) is the new BIG event with “the highest ROI” for attendees & sponsors. Ticket prices go up Friday 11/10 at midnight. Don’t Miss Out!
NFT Fantasy Sports Site Sorare Touts Investors Like VCs SoftBank, Accel & Benchmark and Celebs Lionel Messi, Serena Williams. But It Lacks Basic AML Controls.
Sorare’s Crypto Wallet Allows Withdrawals To OFAC-Sanctioned Addresses, Including A North Korean Hacking Group And A Sinaloa Drug Cartel
If you haven’t heard of French fantasy sports site Sorare, you’re probably not alone.
The company, founded in 2018, offers an NFT-based fantasy sports service, initially focused on European soccer leagues.
In early 2021, as NFT mania began to take off, the company announced a $50 million Series A, led by bluechip VC firm Benchmark, with participation from Accel and well-known angels like Alexis Ohanian and Gary Vaynerchuck.
At the time, Sorare cofounder and CEO Nicloas Julia wrote (emphasis added):
“15 years ago, buying a virtual sword in a game felt crazy. Today, collecting digital cards feels excitingly avant-garde. The growing convergence between our lives offline and online has resulted in a frenzy of excitement around digital collectibles. NFT collectibles encapsulate culture, status and sentiment and are a reflection of the times we live in.
Blockchain technology gives Sorare cards superpowers. We are building more than collectibles. Our digital cards have a utility that can be used in our global fantasy football games and myriads of games. The potential is limitless and we can’t wait to see the amazing football projects that are built around Sorare cards!”
Later that year, capitalizing on the NFT fad, the company raised an astounding $680 million, led by SoftBank, valuing the company at a staggering $4.3 billion.
The company also signed on high-profile sports stars as investors, board advisors, and brand ambassadors, including tennis superstar Serena Williams, iconic soccer player Lionel Messi, and Shakira’s ex-husband Gerard Piqué.
Sorare used the cash haul to power an expansion from Europe, where it focuses on soccer, to the US, signing deals with Major League Baseball and the National Basketball Association in 2022.
The NBA even took an equity stake in the company as part of the licensing deal.
But with the NFT craze peaking in 2022 and quickly fading, Sorare sought to eliminate “barriers to entry” for using the service by adding options to use fiat currencies on the platform.
In mid-2023, the company partnered with EU-licensed wallet provider Mangopay to enable users to pay in and hold US dollars, Pounds, and Euros. Once users fund their wallet, they can use it to buy, sell, and trade NFT cards.
Sorare users can also directly purchase NFTs with a debit or credit card for some listings, thanks to a partnership with payment processor Stripe.
Sorare CEO Nicolas Julia even appeared on stage with Stripe cofounder John Collison at a Stripe event in Paris earlier this year.
Sorare’s primary source of revenue is derived from the original sale of NFTs for its NBA, MLB, and soccer leagues and a 5% fee on the trading or re-sale of NFTs on its platform.
This economic structure gives Sorare an incentive not only to facilitate active trading of NFT assets on its platform, but to adopt policies and tactics that could encourage higher prices for those assets, as Sorare’s cut is a percent of the value traded.
Sorare & Mangopay Aren’t Licensed as US Money Transmitters Nor Registered as MSBs, Despite Providing Covered Services to US Customers
Sorare has spent plenty time and money chasing high-profile licensing deals and marketing partnerships.
It appears the company has paid less attention to the legal, regulatory, and compliance side of its business.
In its initial incarnation, Sorare enabled users to fund a crypto wallet by buying cryptocurrency ether through crypto “on ramps” Moonpay and Ramp.
By bolting on fiat capabilities through its use of Mangopay and Stripe, Sorare introduced significantly more complexity, as users can functionally leverage Sorare as an exchange to move funds back and forth between USD/GBP/EUR and ether through the trading of its NFT cards.
While the relationship with Stripe seems fairly straightforward, the other options to transfer funds into Sorare’s ecosystems may have pose some legal and regulatory risks.
For users adding fiat funds, including US nationals residing in the United States, Sorare instructs users to wire funds to a Mangopay account held at Barclays Bank in the UK.
Mangopay’s site indicates it is “authorized to process payments” in numerous countries, including the United States.
But while Mangopay does collect basic identity information, including name, date of birth, SSN, and an identity document, neither Mangopay nor Sorare hold money transmission licenses (MTLs) in the US nor are they registered as money services businesses (MSBs) with FinCEN.
While there are loopholes that exempt merchant payment processors and bill payment activities from being considered “money transmitters” that must be licensed and registered as money services businesses, Sorare and Mangopay’s activities do not appear to fit neatly within those exemptions.
According to 31 CFR §1010.100 “[t]he term ‘money transmission services’ means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”
Given Sorare doesn’t just allow users to buy NFTs, but enables users to trade them, peer-to-peer, move between fiat, NFTs, and crypto, and that it operates a crypto wallet that can withdraw ether to any other wallet, it arguably meets the definition of “money transmitter” and should be licensed as such and registered as an MSB.
Being based in France and working with EU-licensed Mangopay doesn’t exempt either company from these requirements.
Regarding foreign MSBs obligations, FinCEN clarified in 2012 that (emphasis added) “[t]o qualify as an MSB, a person, wherever located, must do business, wholly or in substantial part within the United States, in one or more of the capacities listed in 31 CFR 1010.100(ff). Relevant factors include whether the foreign-located person, whether or not on a regular basis or as an organized or licensed business concern, is providing services to customers located in the United States.”
Given Sorare’s licensing deals with the MLB and NBA, Sorare clearly intends to serve customers located in the United States, both directly and through its relationship with Mangopay.
Sorare’s business model — selling digital assets, operating a “skill game,” and functionally enabling cryptocurrency trading — appears to be incompatible with Mangopay’s own terms and conditions.
Mangopay’s terms and conditions prohibit “[a]ny type of crypto-related activities, businesses or transactions, unless the platform is both licensed and regulated in the EU or equivalent jurisdictions,” as well as betting, gaming, and skill games and auctions, with some narrow exceptions.
Sorare’s own site describes the service as a “skill-based game [that] rewards your sports knowledge and lineup strategy,” and it enables users to sell NFTs through auctions.
Use of Mangopay to process sales of “electronic, virtual or immaterial assets” is allowed only with the “formal approval” of Mangopay.
For users that want to use Sorare with ether, they can either connect an existing external crypto wallet, like Metamask, or purchase crypto directly via card payment or bank transfer. Sorare offers two crypto “on ramps,” Ramp and Moonpay.
Moonpay holds MTLs in most states (though not California) and is registered as an MSB. Ramp, through registered as an MSB, appears to only hold MTLs in Alabama and Maryland, per NMLS.
Sorare’s Crypto Wallet Appears To Lack Basic AML Controls, Allows Withdrawals To OFAC-Sanctioned Addresses
While there may be issues with how Sorare allows funds to be paid in to the platform, via Moonpay, Ramp, Mangopay, and Stripe, the bigger issue may be what users can do with funds once they’re on the platform.
Although Sorare doesn’t directly operate a crypto exchange, it does enable users to pay in funds in either fiat or ether, buy and sell NFTs with fiat or ether, and then withdraw funds as fiat or ether — functionally allowing someone to pay in fiat currency, launder it through an NFT, and withdraw it as crypto (or vice versa.)
The fact that the NFTs sold and traded through Sorare aren’t a liquid market with generally accepted prices make them more vulnerable to price manipulation, fraud, and money laundering.
While Sorare leverages Mangopay, which is EU-licensed, for its fiat wallet, it appears to operate its own crypto wallet.
In the European Union, following passage of the Markets in Crypto Assets (MiCA) legislation, operating many kinds of crypto businesses requires licensing as a crypto asset service provider (CASP.)
In Sorare’s home country of France, which uses the terminology digital asset service provider or DASP, a firm can be considered a DASP if it engages in one or more of the following activities:
custody of digital assets on behalf of a client;
the service of buying or selling digital assets for legal tender;
trading of digital assets against other digital assets ;
the reception and transmission of orders for digital assets, meaning the act of receiving and transmitting buy or sell orders for digital assets on behalf of a client;
the operation of a trading platform for digital assets;
Registration is mandatory if a platform is engaged in any of the following:
digital asset custody; and/or
buying or selling digital assets in a currency that is legal tender; and/or
trading of digital assets against other digital assets; and/or
operation of a trading platform for digital assets;
And while Sorare appears to meet more than one of these criteria, the company is not currently licensed as a digital asset service provider.
The lack of attention to regulatory requirements may help explain another significant failure: allowing transactions to sanctioned crypto wallets.
According to sources familiar with the company and test transactions conducted by Fintech Business Weekly, Sorare allows crypto funds to be withdrawn from its platform to sanctioned wallet addresses that appear on OFAC’s Specially Designated Nationals and Blocked Persons list (SDN list.)
A test transaction from Sorare to a wallet controlled by North Korean hackers Lazarus Group — most well known for the $650 million heist from play-to-earn game Axie Infinity’s “Ronin Bridge” — was processed without issue, despite that address appearing on OFAC’s SDN list.
Likewise, a sanctioned wallet address affiliated with Mario Alberto Jimenez Castro, who is alleged to have laundered proceeds through crypto from the sale of fentanyl in the US on behalf of the Sinaloa cartel, had no issue receiving a withdrawal from Sorare:
Unclear If, And To What Extent, Bad Actors May Be Exploiting Compliance Gaps
Several crypto analysts who spoke to Fintech Business Weekly indicated there was no evidence of widespread use of Sorare to transfer funds to explicitly sanctioned wallets.
Still, only a tiny minority of crypto wallets associated with “bad actors” appear on sanctions lists — and tens of millions of dollars worth of crypto and NFTs have flowed through Sorare (and this excludes fiat currency transactions on the platform.)
Sophisticated actors have means of obscuring the origin, path, and destination of their crypto funds.
Even if there hasn’t been widespread abuse of the serious control gap on Sorare’s platform, the company faces potentially significant legal and regulatory exposure from its cavalier approach to licensing requirements and compliance with money transmission laws and regulations.
Representatives for Sorare did not have an official response to an extensive list of questions nor comment by the time of publication.
💡Learn what BaaS experts are hearing from regulators about the state of compliance
Sponsored content: In the aftermath of high-profile BaaS turbulence, the regulatory spotlight on compliance has intensified, signaling a new era of enforcement and a sense that regulators are just getting warmed up. Compliance teams must brace for impact as this trend shows no signs of abating.
Join Cable’s upcoming live webinar to hear firsthand from leading compliance experts at Grasshopper Bank, Midland States Bank, MainStreet Bank, and Klaros Group on how they’re successfully navigating regulatory waters. Don’t miss your chance to learn what the top BaaS experts are doing today!
Varo Already Spent The $50M It Raised In April, With Nothing To Show For It
Earlier this year, struggling neobank Varo quietly raised an additional $50 million of equity capital at a significantly reduced valuation, as first reported by Fintech Business Weekly.
That investment closed in April, according to management commentary included in Varo’s Q2 2023 call report.
Less than six months later, those funds have been spent — with little to show for it.
Varo’s equity capital at the end of Q3 stood at just over $125 million — only slightly above where the bank was at the end of Q1 2023, prior to the $50 million capital raise.
Despite the additional runway, Varo’s business performance hasn’t meaningfully improved in the time that it bought.
Since the end of Q1, Varo’s deposits have declined by about 12.5% to just over $346 million. Assets have shrunk by about 7.5% to $520 million.
Varo has been closing out inactive accounts, causing its reported number of users to drop from over 5 million at the end of Q1 to about 4.4 million at the end of Q3.
But despite closing out inactive accounts, Varo’s average deposit per account has barely budged, and average revenue per account has only increased by $1 per quarter.
Varo has grown its loan book, with secured card balances hitting nearly $27 million and small-dollar loans reaching about $17.5 million.
But despite growth on the lending side, rising interest income thanks to higher rates (even as deposits shrink), and slashing headcount from 580 employees at the end of Q1 to 458 at the end of Q3, Varo hasn’t meaningfully improved its bottom line.
Net losses at the end of Q1 were just shy of $29 million vs. $26.4 million for Q3.
The management commentary included in the most recent call report tried to strike an upbeat tone, saying:
“Q3 saw Varo rescale customer acquisition at lower cost with continued investment in product differentiation and growth, including the launch of Varo to Anyone. Operating and staffing efficiencies were gained by closing inactive accounts and automating and outsourcing servicing functions while retaining strong customer NPS. Lower deposits and spend in Q3 reflect a consistent seasonal pattern. Lending activity expanded and performed strongly in Q3 while lending-related charge-offs remain at low levels. Capital levels remain strong with declining operating losses.”
With shrinking deposits and assets, and little progress on its “path to profitability,” the outlook for Varo isn’t good.
The most graceful exit would be an acquisition or merger.
Teaming up with a fintech lender serving a similar customer segment would be the most logical combination — a company like Oportun, which unsuccessfully sought its own charter, for example.
But with little appetite at the OCC for approving such an acquisition, Varo’s exit possibilities may be limited.
To be clear, Varo is a good option for lower income consumers who would face overdraft, minimum balance, and NSF fees at the major moneycenter banks.
But if the business model isn’t sustainable, customers who have come to depend on Varo and the products it offers, with the fee structures it offers, are likely to be in for a rude awakening.
Other Good Reads
Consumer Compliance Outlook — Second/Third Issue 2023 (Federal Reserve System)
Commercial Lending: Venture Loans to Companies in an Early, Expansion, or Late Stage of Corporate Development (OCC Bulletin)
Working Through a Backlog of Interesting Fintech News (Fintech Takes)
A Bank Failure In Iowa (Bank Reg Blog)
Crypto Land Celebrates as Sam Bankman-Fried Is Found Guilty (Wired)
About Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
News tip or story suggestion — reach me on Signal at +1-316-512-1571
Vendor, partner & investment opportunity advice and due diligence
Fintech advising & consulting
Sponsoring this newsletter