is a peer to peer savings and loan service. We enable groups of trusted friends to create and manage ongoing monthly savings clubs that ensure saving through shared social commitment. • We think of it as ‘weightwatchers for savings’ • We aim to build Savemates into a large, defendable consumer ﬁnance brand - the consumer champion at the heart of the P2P ﬁnance revolution. 3 • Users pay in a pre-agreed monthly amount to their Savemates club. Once everyone has paid in at the start of the month, one member of the club gets the total balance paid out to them. This is repeated until everyone has had a payout. • Payouts can be transferred to your bank account, or used to take advantage of one of our P2P Savings deals, typically earning 5% interest. WHAT IS SAVEMATES? HOW DOES IT WORK?
The consumer ﬁnance market in the UK is completely broken. Relationship between the big banks and their customers is characterized by mistrust and hatred. Customers are routinely mis-sold overly complex products that get them into further ﬁnancial trouble - while bosses and bankers get ever bigger bonuses and public bailouts. 4 TOTAL PPI MIS-SELLING COMPENSATION PAYOUTS TO JANUARY 2013 (FURTHER £4BN EARMARKED SO FAR) Source - FSA £8.9BN OF CUSTOMERS DON’T TRUST BANKERS TO ACT IN THEIR INTEREST Source - Which? consumer survey 2012 89% £2.8BN TOTAL FINES PAID BY HSBC IN 2012 FOR MIS-SELLING, MONEY LAUNDERING AND TERRORIST FINANCING Source - BBC HSBC MOST VALUABLE BANKING BRAND Source - WPP Brandz survey 2012
To combat fear and uncertainty saving is on the rise . . . and P2P lending ﬁrms are growing off the back of it 5 AVERAGE MONTHLY INCOME SAVED Q4 2102 (HIGHEST ON RECORD) Source - NS&I 2013 survey 8.09% TOTAL HOUSEHOLD SAVINGS 2012 Source - NS&I 2013 survey £80Bn 2012 GROWTH IN UK DEPOSITS Source - Mintel 5% 0 300 600 900 2006 2007 2008 2009 2010 2011 2012 TOTAL P2P LOANS FROM U.S STARTUPS ‘LENDING CLUB’ AND ‘PROSPER’ Source - Techcrunch £12.3Bn PREDICTED SIZE OF BUSINESS P2P LENDING MARKET Source - NESTA report, 2013 AVERAGE MONTHLY SAVINGS AMOUNT Source - NS&I 2013 SURVEY £111 TYPICAL RETURN FOR ZOPA LENDERS Source - Zopa 5%
ROSCAS BACKGROUND TO SAVINGS CLUBS • Savemates is based on an existing concept called a Rotating Savings and Credit Association (ROSCA). • ROSCAs are used all over the world, generally by poorer communities to build savings and ﬁnancial independence. They have a huge variety of names - See box • Indeed, ROSCAs are generally the ﬁrst step that money based societies take towards to banking. After ROSCAs comes Credit Unions (essentially ROSCAs with asymmetric payouts and interest on loans) 6 “Tontine, Tibissiligbi, Pari, Song-taaba, Chilemba, Stockfair, Kutu, Kootu, Kongsi, Tontine, Hui, Main, Kut Kutunderrera, Throw a box, Boxi money, Syndicate, Tanda, Chit Funds, Cheetu, Khatta, Sanduk, Sandook Box, Savemates”
TO SAVE? SAVING IS HARD. SAVEMATES IS EASY. The temptation is always to skip a payment or use debt to bridge income gaps. Savemates helps overcome this through a shared commitment, and everything is automagic. 9 SAVING IS BORING. SAVEMATES IS FUN. Compared to spending, saving is dull as ditchwater. Savemates helps overcome this by providing fun and engaging social savings models including vote, shufﬂe and bid. SAVING IS POOR VALUE. SAVEMATES MAKES YOU MONEY. Current UK short term savings accounts will earn you around 1% interest - and that’s if you managed to actually save something. Our Savemates P2P savings deals can earn you 5%+ on your pay-out. 1 2 3
10 ‘TURN’. GREAT FOR FAMILIES The simplest Savemates group. Payouts are ordered by the group creator. Fee: 1% on payouts ‘VOTE’. GREAT FOR COMMUNITY GROUPS A fun voting mechanic lets members pitch each other why they should get the payout this month Fee: 1% on payouts ‘SHUFFLE’. GREAT FOR WORK COLLEAGUES Payout order is random, creating a fun shared event on pay day - but eventually everyone wins. Fee: 1% on payouts ‘BID’. GREAT FOR SMALL BUSINESSES A more complex product. Members bid (high or low) in a monthly auction to determine payout order. Fee: 20% on rollover 1 2 4 3 ? ? ? ?
PERSONAL FINANCE • At the heart of the Savemates business lies a simple but powerful mission - to make money a positive force in our customers lives. • Savemates customers save together with people they trust and love who help them reach their goals • By building their savings can take control of their ﬁnancial lives, and reduce their reliance on debt. • If they choose to make money from their savings through our P2P savings offers they’re then lending to real people and small businesses, 11 • We will build the next great internet personal ﬁnance brand. • Savemates will be the consumer brand of choice at the heart of the P2P ﬁnance revolution, putting individuals and the people they love in control of their ﬁnancial lives. • Again, ‘weightwatchers for savings’ is a valuable touchpoint - most the weight loss industry is characterized as dodgy and suspect claims. In contrast weightwatchers is a true community, with a proven weight loss method - and its fun! OUR BRAND
segments • Families • Colleagues Secondary segments • Existing cash ROSCA operators • Community groups Channels • Direct PR • Content marketing via Savemates brand • Digital advertising - Google Adwords and Facebook • Partner marketing - working with trusted partners 12 • Savemates marketing will mainly be done by our primary users asking their friends and families to join the groups they have created. • We will therefore focus our direct marketing efforts on inﬂuencing these primary users, who we believe to be inﬂuencers themselves. • We will also develop the Savemates brand as the voice of the consumer in the P2P ﬁnance landscape - offering content and support for savers and people looking to get back in control of their money.
Option: Save into a standard saving account Option: Unsecured personal loan Option: Join an existing ROSCAs Players Big Finance - HSBC, Lloyds, HBOS, Barclays etc Big Finance - HSBC, Lloyds, HBOS, Barclays etc Direct lenders - Credit card co’s - First Capital, Virgin, Barclaycard etc Various - community level initiatives Strengths Trusted brands (debatable!) Convenient for existing customers Brand (debatable!) Ease of access Get your money tomorrow Already established Weaknesses No motivation to ensure saving Complex product portfolios Very poor interest rates General consumer hatred High interest rates Complex product portfolios General consumer hatred Organisational and business models not equipped for scale Cash systems unattractive to busy people Our advantage Get money quicker (for most users) Results - you will save + its fun Better rates if P2P saving offer taken up Non-Toxic Brand Low interest rates - essentially free Non-Toxic Brand Scale Brand Technology / Security
LEWANDOWSKI Stef is a Director of Savemates Ltd. and our CTO. Stef is an experienced software engineer and technical architect. He was previously co-founder and CTO of Aframe.com, a VC backed professional video startup. Prior to this he founded and ran a digital agency. NICK MARSH Nick is a Director of Savemates Ltd. and our CEO and CCO. Nick is an experienced digital product designer and entrepreneur. He was previously Managing Director of Sidekick Studios, a London based innovation agency, and has designed products and services for Aviva and Barclays. DANIEL MC ALEESE Daniel is Savemates Skilled Person and Compliance Advisor. He supports Nick with Savemate’s Compliance monitoring and AML and Fraud prevention activity. Daniel is an ex-regulator, and now supports several ﬁnancial services companies with compliance issues through his company Robinson Mack Ltd. MARTIN CAMPBELL Martin is Savemates marketing advisor. Previously he was head of media at Zopa Ltd. Before that he designed ﬁnancial products for Virgin Direct and Aviva. SIMON DEANE-JOHNS Simon is Savemates general counsel. Previously he was chief legal advisor to Zopa Ltd and now advises several UK based ﬁnancial services startups including Savemates. PAUL BIRCH Paul is a Director of Savemates Ltd. and our angel investor. Paul is an active angel investor based in London and sits on the boards of several high growth technology businesses. He was previously co-founder of Bebo.com which sold to AOL in 2008 for $850M.
MONEY • There are four revenue streams in the Savemates business. • Fees. We charge 1% on all payouts for our simple products. • Partner fees. We earn commission for referring customers to savings products and other deals when they collect their payout. • Data sales. We have unique data about our customers, including who they trust to advise them about money, when they have money to spend etc. 15 • Average group saves £1000 per month • 20% monthly growth rate in group numbers (softening after ﬁrst year) • 5% of payouts convert to partner product, earning 10% commission. • Data sales income not included ASSUMPTIONS USED TO BUILD OUR PROJECTIONS
Company Structure 2. Governance - Important processes 3. User Experience Flow 4. User Experience - Handling Defaults 5. Anti-Money Laundering and Fraud Prevention Strategies 6. Risk management and Compliance 7. Security and Technology System Overview 8. Technical Architecture Overview 9. Pay-in Process / Payment Flow 10.Pay-out Process / Payment Flow
Board of Directors Nicholas Marsh, Stef Lewandowski, Paul Birch Chief Compliance Ofﬁcer Nicholas Marsh Chief Technology Ofﬁcer Stef Lewandowski Developers Chief Executive Ofﬁcer Nicholas Marsh Advisory Committee Martin Campbell, Simon Deane- Johns Marketers Skilled Person / Compliance Advisor Daniel Mc Aleese
PROCESSES 19 Software development processes. Savemates is a digital business, and our customers access our service exclusively through our website. That’s why we take our software development processes very seriously. We use a mixture of best practice Agile and Scrum project management methods. The team has daily standup meetings to raise issues, and every two weeks we review progress as a whole group (‘sprint review) and decide on which features to develop next (sprint planning). We version our software using Git, so all commits are fully auditable and connected to individual developers GitHub accounts. No developers have access to production data, and all changes to the transaction manager must be personally authorized by the CTO and CCO. More information: http://en.wikipedia.org/wiki/Agile_software_development http://en.wikipedia.org/wiki/Scrum_(development) http://en.wikipedia.org/wiki/Git_(software) OTHER DOCUMENTS For more details on our internal processes and governance model please refer to the following documents: • Savemates HR manual • Savemates Compliance Manual • Savemates software development internal wiki Hiring and HR processes. Our entire engineering team is based in the UK. We request personal information from all our permanent staff and contractors and conduct background checks and request references before they join our team. We have clear disciplinary procedures in pace in the event of misconduct which are outlined in our HR manual, which is required reading for all Savemates developers and employees. Compliance processes. Alongside our software development processes, which involve our CCO, we also have the following compliance processes in place: • Daily payments reconciliation and review • A monthly compliance meeting with all senior marketing and engineering staff and our skilled person • All permanent staff are given Anti-Money-Laundering training • Any changes to the transaction manager authorized by CCO and CTO. Much more additional information can be found in our Compliance Manual, which is required reading for all Savemates developers and employees.
OVERVIEW 20 Joining as a ﬁrst user and creating a group • First time users join Savemates by clicking the ‘create group’ button on savemates.com. • They are then prompted to enter account information (name, email, proﬁle photo, password) which creates a user account and allows them to create a group. • They then choose the type of group (turn based or shufﬂe) • They then specify the pay-in amount for the group and the number of members • They then add the people they want to join the group by providing a name, email and proﬁle photo • They then customize the invite for the people they want to join the group • Finally, to create the group and send their invite they add their debit card details for the pay-in, their bank account details for the pay-out and their address. • At this point the Savemates risk management application checks their details, and if they have a low risk score their group is created and invitations sent Paying-in • When the pay-in date is reached the Group Manager Application asks the Transaction Manager Application to debit the cards of all group members with the correct amounts • This is then passed on to our payment gateway Stripe, who process the transaction and deposit the funds into our client money account • If the transaction is successful the user gets an email notiﬁcation. • If it is unsuccessful our default process begins (see page 23) Paying out • When the pay-out date is reached the user receiving the pay-out gets an email notiﬁcation with a link to the pay-out page • On the page they click a button that says ‘get pay-out’ • We will then manually transfer the funds from our client money account to their bank account within 24 hours MORE DETAIL Please see the following slides for more detail, or review the process yourself at savemates.com • Visual description of UX - page 22 • How we handle defaults - page 23 / 24‘ • Our AML process - page 24 • Technical process for pay- in - page 30/31 • Technical process for pay- out - page 32/33 Joining as an invited user • Invited users get an email with a link to the group page • On the page they can then see the amounts and who else has been invited • They click join, and then add their debit card details for the pay-in, their bank account details for the pay-out and their address. • At this point the Savemates risk management application checks their details, and if they have a low risk score they join the group Activating a group • When enough approved users have joined the group the ﬁrst user receives an email asking them to activate the group • On the page they can click ‘activate’ • This then sends emails to all group members and begins the ﬁrst pay-in process.
FLOW 21 Create account - name, email, address, debit card, bank details Invite friends Get invite Create account - name, email, address, debit card, bank details Activate group Pay-in via Debit card or Direct Debit Pay-out via bank transfer or Direct Debit Email Notiﬁcation Email Notiﬁcation Email Notiﬁcation Visit page to get payout Create group Email Notiﬁcation Create group and join Activate Pay-in Pay-out Group Admin Standard User System AML / Fraud check AML / Fraud check ID request (in some cases) Get pay-out Internal check - Risk Score External check - Credit check, Sanctions list
HANDLING DEFAULTS 22 We expect the default rate to be very low for several reasons: • Trust between group members. Customers cannot join groups with people they don’t know, and equally they cannot invite members they don’t know. This means that all group members should know what they are getting into, and our messaging will be very clear that they should not join groups they cannot afford. • Social pressure. The whole Savemates concept relies on social pressure from people you know and love to ensure that saving is prioritised! • Forgiveness. However, because group members know each other, if there is a legitimate reason for the default (say, loosing a job) the group members will forgive the default, as they understand the personal circumstances. When a user does default we will ﬁrst notify the user, and try and re-debit the account after 72 hours. If this second attempt fails we will notify the group of the late payment. After 72 hours we will try and debit again. If this fails, we will eject the user, blacklist their account and send the remaining group members a message with their options (see box). Once a user has been ejected from a group and their account blacklisted Savemates simply reduces the number of members in the group by one, and the pay-out amount goes down by the value of one users pay-in. At this point we send each member of the group an email with a message outlining their options. • If the defaulting user has not had a payout and the user we are emailing has not had a payout. We send a message that explains how much their pay-out amount will be reduced by. • If the defaulting user has had not a payout and the user we are emailing has had a payout. We send a message that explains how much they should pay back to the defaulting user if they so wish. • If the defaulting user has had a payout and the user we are emailing has not had a payout. We send a message that explains how much their pay-out amount will be reduced by, and how much they should request from the defaulting user if they so wish. • If the defaulting user has had a payout and the user we are emailing has had a payout. We send a message that explains how much everyone elses pay- out amount will be reduced by. DEFAULT MESSAGING / OPTIONS
- DEFAULTS 23 User contacted via email Group contacted via email Debit fails Debit attempted Debit attempted Debit fails Debit attempted Debit fails User removed from group and blacklisted 72 hours 72 hours Individual members sent email with options User System Group pay- out reduced
FRAUD PREVENTION STRATEGIES 24 To prevent Savemates being used for fraudulent activity we have the following controls in place: • Automatic checking of all accounts against HM Treasury sanctions list • Separate Risk Management Application reviews each new user and new group and monitors activity for non-standard behavior using a proprietary algorithm which assigns a risk score to each user and group. Example factors we monitor include users joining multiple groups with the same debit card, new groups with high pay-in and pay-out amounts, groups with suspicious social proﬁle data, etc. This algorithm is continually reﬁned, and actively developed by our engineers and CCO. • In the event of an edge case being detected by the Risk Management Application we request a scan of UK passport which is reviewed manually before before we payout • Pay-in limited to £250 per month per user per group • Groups limited to 10 members, thus limiting monthly payout to £2500 maximum • Average 30 days delay from pay-in to pay-out (funds held in Client Monies Account) • Users cannot sign up without a UK debit card and its registered UK address • Users can only receive pay-outs into UK bank accounts • We keep complete, encrypted records of every user interaction and transaction with the system • Our CCO works closely with our CTO to actively update our AML and fraud prevention strategies
COMPLIANCE 25 Risk: Loss/change of clearing bank • Response: Our service oriented architecture makes it easy for us to change providers Risk: Loss of top clients • Response: While Savemates may lose some important clients at any time, it is Savemates strategy to gather a large number of clients so that its revenue generation is evenly spread out, whereby it will not be materially reliant on a small number of clients for the majority of its income and thus being adversely affected should it lose some clients. Risk: Managing Client Risk • Response: As we will not be giving clients any investment advice, the clients will need to effectively manage their own risk. Risk: Counter-Party Risk • Response: There is no transactional counter-party risk as Savemates is just providing the online faclity. Risk: Credit Risk • Response:There is no credit risk as no credit or ﬁnancing will be offered by Savemates. All clients will need to have cleared funds on deposit. Risk: Liquidity risk • Response: With minimum overheads, the ﬁrm will have little liquidity risk should revenues decrease substantially Risk: Operational Risk • Response: As all services are provided online and bank accounts are held separately, there is minimum operational risk save for I.T problems (see disaster recovery plan) Risk: Key Person Risk • Response: As Savemates will be providing online services only, clients can continue to trade should anything happen to key individuals at Savemates. Savemates will endeavour to replace any key staff as quickly as possible. Risk: Systems Risk/Disaster Recovery Plan • Response: The business can operate from any location providing there is secure internet access and access to printing facilities. Savemates has produced a disaster recovery plan. Risk: Compliance Risk • Response: Savemates will ensure full compliance with the rules and regulations of the appropriate regulatory authorities. Savemates has retained the services of Robinson Mack Ltd; regulatory consultants, to advise on all regulatory issues and provide training on an ongoing basis. Risk: Conﬂict of Interest • Response: Savemates does not envisage any potential conﬂicts with its clients. Employees of Savemates may open a Savemates account but no conﬂict arise that may disadvantage other clients in any way. Notwithstanding the above, Savemates has an independence policy of disclosing any material conﬂicts of interest to clients and any other third party.
SYSTEM OVERVIEW - 3RD PARTY SERVICES 26 Heroku.com Savemates applications are hosted on the Heroku web platform. Heroku is a cloud application platform owned by salesforce.com The Heroku platform inherently protects customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption. Stripe.com Savemates uses Stripe.com to process debit card transactions. Stripe uses a form of tokenized encryption and embedded forms that means Savemates never stores or handles actual debit card data. Stripe is a certiﬁed PCI Level 1 service provider with US and UK operations. FURTHER READING For more information on AWS security please visit: https://aws.amazon.com/security For more information on Heroku security please visit: https://policy.heroku.com/security For more information on Stripe security please visit: https://stripe.com/help/security Amazon Web Services Heroku is built on Amazon Web Services (AWS) EU based infrastructure. AWS data centre operations have been accredited under: • ISO 27001 • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) • PCI Level 1 • ISMA Moderate DISASTER RECOVERY PROCEDURE We use the above web-scale services for a reason. The Platform as a Service architectures used by AWS and Heroku means that we cannot experience an unrecoverable disaster, with the exception of a simultaneous total physical attack on both availability zones of AWS EU data centers, which are in two different locations within Europe. With that exception excluded, we will always have complete records in our databases of every transaction and group stored on the AWS / Heroku infrastructure, and we keep a full version history of every commit/ change to the application on Github.com (a $100M backed version control system) which also runs on AWS infrastructure.
SYSTEM OVERVIEW 27 The Savemates system architecture pattern conforms to industry best practice of Service Oriented Architecture and clear separation of concerns and data. See the following slide for a technical architecture diagram. Our system has the following characteristics: • We conform to PCI design principles • We use only a small number of well managed 3rd party services (see previous slide) • We conduct regular penetration testing of our application by third party services • We operate a need to know information policy, with only our CTO and CCO having access to production data via SSH keys provided by Heroku and admin interfaces via secure passwords and white listed IPs • All data is securely transmitted over SSL • All data in transaction manager database encrypted with AES 256Bit encryption • We keep full, encrypted records of every transaction, including full transaction history, and logs of all actions during admin user session against admin accounts for ﬁve years. • We only use simulation data on staging and development services and there is no developer access to production database
28 Group Manager Application Transaction Manager Application Sales website • Groups and payment schedules • Basic user info/ID, group membership • Stripe Tokens • Pay-out bank account details • Audit-able transaction history of all pay-ins and pay-outs Token auth. over SSL Encrypted Version 1 - First 6-12 months User bank account Savemates Client Monies Account Savemates online banking £ SSL SSL Admin App User debit card Stripe £ Pay-in Pay-out Token auth. over SSL Token auth. over SSL Manual Risk App SSL
29 Version 2 - 6 months + (requires bank API access) User bank account Savemates Client Monies Account Bank API / Direct Debits Unknown? £ Group Manager Application Transaction Manager Application Sales website • Groups and payment schedules • Basic user info/ID, group membership • Stripe Tokens • Pay-out bank account details • Audit-able transaction history of all pay-ins and pay-outs Token auth. over SSL Encrypted SSL SSL Risk App SSL
/ PAYMENT FLOW 30 User debit card Savemates Client Monies Account Savemates user IDs + amounts Group Manager Application Transaction Manager Application Stripe £ Transaction status Version 1 - First 6-12 months Debit card charge Stripe user tokens + amounts Transaction status Token auth. over SSL Token auth. over SSL
/ PAYMENT FLOW 31 User bank account Savemates Client Monies Account Group Manager Application Transaction Manager Application Bank API £ Charge Direct Debit Charge Version 2 - 6 months + (requires bank API access) Savemates user IDs + amounts Transaction status Transaction status Token auth. over SSL Unknown auth?
Savemates Client Monies Account PAY OUT PROCESS / PAYMENT FLOW 32 User bank account Group Manager Application Transaction Manager Application £ Admin App Version 1 - First 6-12 months Savemates user IDs + amounts Transaction status Token auth. over SSL Barclays data services Token auth. over SSL Account number, sort code + amount Manual process over SLL / bank website
/ PAYMENT FLOW 33 User bank account Savemates Client Monies Account Group Manager Application Transaction Manager Application Bank API £ Charge Direct Debit Charge Transaction Status Version 2 - 6 months + (requires bank API access) Savemates user IDs + amounts Token auth. over SSL Transaction status Unknown auth?