Hacker News new | past | comments | ask | show | jobs | submit login
“Banclist.com is probably the most lucrative direct messaging platform” (twitter.com)
210 points by evilsimon 3 months ago | hide | past | web | favorite | 70 comments

It actually was a little difficult to figure out what this business is about from their website, but their LinkedIn is comprehensive enough:


Non-publicly held banks are facing increasing risks when they maintain a private list of their shareholders. Sharing unpublished information about the bank’s stock with a few shareholders exposes the bank, its management and directors to potentially serious liability. Simply answering one shareholder’s question without notifying every shareholder with the same information puts the bank at risk. The threat and penalty of litigation can affect the bank’s reputation and financial performance. In some cases banks can face civil and criminal penalties.

One of the fastest growing bank services companies today, BancList (BL) provides privately held financial institutions and their shareholders (and other authorized users) with an easy-to-use web-based posting service that replaces the list. BL lets shareholders post notices of their intent to buy or sell their bank stock and keeps the bank out of the negotiation process – the way transactions are supposed to occur.

Not only does BL provide a risk mitigation service for banks by replacing the list, it helps banks enhance shareholder value and provides banks with even more information about what is happening with their shares. BL bank clients receive automatic email alerts every time someone posts a notice, which keeps them aware of active negotiations.

BL is not a broker dealer and does not ask for a list of your shareholders. BL never interferes with the relationship between bank clients and their shareholders. BL does not collect broker fees for its services. BL clients pay an annual subscription fee based on the asset size of the financial institution.”

Very cool something of this scope operates with only a handful of employees.


To me the scope seems rather narrow, and the technical requirements about on par with a mailing list.

Their sole innovation over that is that they realized neutrality and being a third party is valuable because of regulation. Haha, this is pretty clever.

Similarly, there is a business computing custom indices that a bank uses in products. The bank is perfectly capable of computing the index itself, but it needs to be handled by a third party that is paid handsomely to just re-calculate what the bank already calculated.

One example of that is Markit Group, which had revenue of $1.5bn/yr when it merged with IHS in 2016 at an implied valuation of roughly $5.5bn. Best London startup of the last 25 years, including DeepMind, not close.


Being a trusted third party is frequently an amazing business, if you can earn or negotiate your way there.

For this to work, don't they have to be the exclusive means of getting stock information for a bank? So everyone who owns bank stock in a bank that uses banclist must agree to use it to get all shareholder disclosure information?

Probably the opposite. Bank signs deal with banclist, notifies shareholders official information disclosures will only be done through banclist.

Why banks specifically? Doesn't every private company with multiple shareholders have the same problem? Or is the legal situation for a bank different?

The BancList about page explains that they serve privately held companies as well. "BancList (www.banclist.com) helps shareholders of privately held financial institutions as well as other privately held companies and organizations communicate with each other via a 24/7 online platform..."


> Thus BancList (spelling absolutely intentional, because even the K is regulated and I am absolutely not joking about that fact).

No, he's not joking. Even the font size is regulated. I ran into that as an employee of a commodities trader. I'm not sure if the choice of font is regulated but it wouldn't be surprising.

A bit of a tangent, but in Canada "financial advisers" are regulated and required to act in the customers interests. So naturally banks will connect you to "financial advisors" (unregulated) to buy products.


Putting aside the real issue of advisors not acting in their clients' best interest, the distinction between 'advisers' and 'advisors' seems to be a myth based on an assumption by the Small Investors Protection Association that the spelling of the word in a certain law is somehow decisive, which would make no sense in the context of consumer protection.


FYI financial advisers having a fiduciary duty to their clients is standard in most of the western world EXCEPT America.

That seems like it ought to be illegal. It's an obvious skirting of the law. I doubt this is true, and if it is I can't even begin to imagine the number of things this "loophole" would affect.

I'm guessing font size regs are to prevent "RISK FREE INVESTMENT, (investment not risk free)" type things? That seems sensible. I can see there being rules for italics etc for similar reasons.

Wouldn't it be much less game-able to forbid LYING in a document, as understood by the elusive man-in-the-street?

Seriously: to judge a contract in case of a conflict, pick 12 people from the street and ask them to summarize it. Go with what they wrote. Going to "experts" when deciding language is what created the current mess, sticking to them is not going to solve it.

Most of time it isn't about lying, its about small print hidden in the document.

Legal text is often opaque to laymen because it has specific legal meaning, plain commonly understood language doesn't have specific meanings so you get into situations where even the lawyers aren't sure how it should be interpreted.

To use a tech analogy, the lawyerese is the source code, if you want the ultimate truth, go there, you should be pairing it with adequate documentation though.

>...the lawyerese is the source code...

Inasmuch as that's even possible, yes. The problem is that even this "language" is open to interpretation by courts.

Would you mind going into more detail? What about the K is regulated? By whom?

"...in the United States, the commerce departments of state governments generally prohibit or restrict the use of certain words in the names of corporations unless those corporations are legitimate chartered banks. For example, words prohibited by the state of Louisiana include bank, banker, banking, savings, safe deposit, trust, trustee, and credit union" [1].

[1]: https://en.wikipedia.org/wiki/Banq_(term)

Thanks for the info! Seems like a bit of a silly regulation given that major banks themselves are able to circumvent it in order to shed liability.

But at least unregistered banks can’t name their company “Trust Bank” or something.

This is worth stressing: such regulations often exist to prevent fraud from outright scammers. If such a regulation did not exist, I am confident there would be institutions that called themselves a "bank" but met none of the basic consumer protections we expect from a bank.

Generally, it's a good idea to force labeling of businesses and products to match their potential customers' expectations of what they mean. It's one of those places where fostering a well-functioning free market (by decreasing information asymmetry, to put it succinctly, even if we're not talking outright scammers) is at odds with some strict notions of liberty (to call your business or product whatever you please).

There are similar requirements in some jurisdictions for lawyers. For instance if you work for a law firm, but are NOT a lawyer, you’re business card must indicate that.

Given the crisis of 2008, I would say that this failed utterly, wouldn't you? It's just another few millions lost in regulation compliance to add to the billions lost to the "outright scammers" that are the regulated banks.

When I worked on a site for mutual funds years ago, we couldn't use green-color text because it could be considered as implying that the person reading it would make money.

Commodity trading platforms are forced by the CFTC(commodity trading regulating body) to represent bids with a blue color, for exactly the same reason. If the bids are green, someone might make the argument that you would profit from bidding more than selling.

> In "Goodness that is a great, great software business", I present http://banclist.com , which is probably the most lucrative direct messaging platform in the world on a per user basis. (I'm exempting e.g. Bloomberg which does a lot more than DMs.)

That's some hyperbole from Patrick. The website is not a direct messaging platform by any stretch. It's a listing website with a very specific audience. Lots of that stuff happen over email, regular DM, phone calls or regular in-persons meetups.

> BancList.com does not participate in any way in the execution of trades. Any trades that may occur must take place offline independent of BancList.com or any of its affiliates.

They only risk getting their data compromised but no money is at risk. Trades happen discretely and they might not be aware of them or not care.

> Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 mod_python/3.5.0- Python/2.7.5

Eek! I wouldn't trust them with my data if I was a bank. They haven't updated their server since 2013. All of the versions listed in that header have major vulns. This is a disaster waiting to happen.

Most, if not all, of those versions are the latest provided by CentOS 7. They backport security patches, see https://access.redhat.com/security/updates/backporting

They really have no clue what they are doing... No security headers and their SSL is insecure. Someone needs to tell them to shut their servers down right now.

Directly from their website:

"Patrick Brown - Chief Technology Officer. Mr. Brown is the co-founder of Eye Candy Creative, a highly successful technology and marketing company."

So their CTO is a marketing guy. No wonder they suck.

Yikes, Qualys SSL Labs gives them a grade of C. They may be vulnerable to a POODLE attack. They probably should disable SSL 3 support to protect their customers.


It doesn't sound like they hold any really sensitive data though, at least not any customer data.

It seems dir listing is not properly disabled https://banclist.com/app/webroot/img/

It it now, by the look of it.

Not an expert but I don't think it's considered good practice to expose your directory structure like that. It should have been 404 or redirection to /home.

> I imagine there was very little knocking on doors; founding team just called up everyone in their Rolodex, and after that point it's viral since the population of people who want to buy or sell one of 100 local banks definitely are interested in the 101st.

Ah, another company I could never ever have founded because its success explicitly depends on who you know.

Seems like we're missing a "StocList" for buying/selling shares in private companies. There are some "secondary market" services. But (IIRC) they all take a hefty cut from both parties, have zero transparency, act as an intermediary, have high minimum transactions, etc.

Seems like accredited investors and private company stock owners should be able to make deals directly. Someone get on it!

> There are some "secondary market" services. But (IIRC) they all take a hefty cut from both parties, have zero transparency, act as an intermediary, have high minimum transactions, etc.

Does anyone know of any such services that are reputable and worth using? Even if it's expensive. Kind of to be expected in that field.


There is also https://carta.com/ which eventually thrives to become a private market: https://techcrunch.com/2019/05/06/carta-was-just-valued-at-1....

If there is such a thing, I would absolutely love to find out about it. Even if only open to accredited investors.

Are there any effective strategies for searching out profitable parasitic niches like this? Looking around the corners of big heavily regulated industries? Healthcare, real estate, finance?

Immersion. Work in the industry at a position where you're likely to encounter inefficiencies. In healthcare, for example, you can't spit without hitting an optimization opportunity. Working midlevel can mean you get to see low-level workers hacking around bureaucracy and management wringing their hands about money and budgets and such.

Taking a job in an industry to get access to its seedy underbelly isn't super appealing to most founders, but for some ossified industries there's really no other way to find those golden opportunities.

Oh, and be patient. Practice being a mouthless set of ears.

I am not in this space, but my guess would be this sort of company was started by people with an intimate knowledge of the specific space & what they can & can't do, so as a strategy, you're probably best off working in said industry and finding that niche that needs a solution.

Yes. Become and expert in the field by spending many years working in it in many different roles.

From the outside? Probably not.

> ... profitable _symbiotic_ niches ...

Fixed it for you.

How would one even know this? Do they run billing through stripe, and if so did he see the numbers? How would you know how lucrative this is?

This hyperbolic introduction is like saying Ford sells the most expensive tires on the planet.

I would say that SWIFT international financial messaging platform most likely beats it, in terms of lucrativeness, and - amusingly - it is also in the same industrial sector.

That website looks like an affiliate marketing cash grab site from the early 2000s. I know that I should probably do some proper research but it was so off-putting that I'm just going to give up right away and call it a waste of time and/or a scam.

> That website looks like an affiliate marketing cash grab site from the early 2000s

it also doesn't matter when a user engagement ponzi scheme isn't how you plan to cash out of your company

new law: "sufficiently niche markets are indistinguishable from affiliate cash grabs and vice-versa"

well what happens is this site gets recommended between banks by word of mouth. When Joe Little Bank calls up Mary Tiny Union and tells her about this new website, "which looks janky but trust me, it's legit", she'll probably go sign up regardless.

This is an example of what happens when a field is over-regulated.

You have these obtuse solutions working around a problem that is only hard because of lawyers and 500 regulations to "protect investors".

People were able to hack together exchanges for crypto-coins. The only thing that stands in the way of doing this for private stock/tiny companies is excessive regulation. I'm not saying we want the whole crypto experience of exchanges blowing up overnight, but what we have now is clearly not right either.

Many people would argue that the financial industry is not regulated enough.

People were able to hack together exchanges for crypto-coins. The only thing that stands in the way of doing this for private stock/tiny companies is excessive regulation.

Crypto exchanges are examples of how to create a financial system that lacks security (both the technical and financial kinds) and trust. It's an example of how NOT to do things. Crypto exchanges act as broker, exchange, clearinghouse, depository and trustee. And do none of these very well.

In the regulated world, exchanges do not hold your assets. There is nothing "on deposit". Your broker (who holds your cash assets instead) is insured. Brokers don't even typically hold your securities, they just track your positions. The security assets themselves are held at depository institutions. Etc, etc. This system is not by accident. It was developed through a long history of trial and error to minimize the impact of fraud, abuse, bankruptcies, etc.

I'll be the first to recognize that most financial regulators have been very slow to adopt to the crypto world. That's because so many crypto tokens are either not securities or quasi securities and thus defy easy classification. Thus some old rules don't really apply well. They're also paranoid about money laundering, which doesn't help.

The software aspects of setting up exchanges are challenging but ultimately not the hard part. I guess my point is that just because something is easy to do doesn't mean it should be done.

What about BancList indicates that the field is over-regulated

The fact that it's called "BancList"?

That just indicates that it's regulated. Where's the "over" part?

Personally, it sounds like a rather good idea to have regulation over who's allowed to use the word "bank", given the assumptions that the general public will make about anything with "bank" in the name.

What stops the general public from making the same assumptions about anything with "banc" in the name?

Probably the same thing that stops them from assuming that anything with "spank" in the name is a reputable financial institution.

In one system, thousands of people are scammed out of millions of dollars every year.

In the other system, a company that is not a bank was forced to avoid the word "bank" in their name.

This sounds like two reasons the second system is better, to me at least?

Can't see much of an issue with random businesses not being able to call themselves "Bank" personally.

Would you also agree that any random company should be able to label themselves a hospital, pharmacy or university? If not, then there's your answer.

> People were able to hack together exchanges for crypto-coins

Come on now, crypto exchanges are absolutely now a good example to use here - how many millions has been lost through exchanges getting hacked?!

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact