Finance & Investing

Navigating the Shifting Seas of Global Government Oversight

Why a Stanford-trained entrepreneur sees gold in all that red tape.

March 08, 2018

| by Martin J. Smith



John Byrne | Photo by Manuel Vazquez

Banks and other financial institutions have been confronted by an intimidating stack of new regulations in the years since the global economic meltdown of 2008. “If those new regulations were on paper, they’d be as high as the Eiffel Tower,” says John Byrne, a 2007 graduate of a year-long Executive Education program for entrepreneurs at Stanford Graduate School of Business.

But somewhere in the landslide of 54,000 regulatory documents (published by 130 different agencies in G-20 countries), John Byrne found a business opportunity. He’s now CEO of Corlytics Ltd., a global company, headquartered in Dublin, that calls itself “the world leader in regulatory risk impact intelligence.” Byrne started the company in 2013 and focused on it full time after selling his securities software company, Information Mosaic, in 2015.

Corlytics uses analytics to understand the real meaning of each piece of regulation. Its software combs through a database of more than 7,000 cases that have been read and interpreted by the company’s lawyers, risk analysts, and data scientists.

Corlytics’ original staff of nine has grown to 38, and the company now has offices in Dublin, London, the U.S., and Australia. Last January, it finished a new round of investor funding that brought its total to more than $5.3 million.

You’ve said the biggest risk for the world’s top 20 banks today is regulatory risk. Does that represent a major change?

It’s a huge change. Last year there were about $100 billion in fines levied on banks for not complying with regulations. In 2008, before the big financial crisis, that was less than $1 billion. Back in 2008, compliance was a nuisance function that you kept in the back office. Its importance wasn’t fully appreciated, and there’d been a complete lack of investment in it. Fifteen years ago, banks may have paid attention to the regulators, but they didn’t worry about them the way they do today.

What role did that 2008 crash play in your decision to start Corlytics?

I was at a financial services conference in Vienna in 2008 when Lehman Brothers filed for bankruptcy. There were 9,000 bankers there from all over the world, and what was immediately on their minds was that no major banks had failed since the previous crash in the late 1920s. Suddenly, one of the top 10 investment banks was gone, and it created a problem that no one had ever seen before. No bank was able to measure the type of exposure its clients had because of the Lehman failure. So that week started with people being bullish about banking and the markets, and it ended with people questioning everything. It was a watershed moment. That’s when the G-20 states decided to globally regulate banks, to make sure they don’t take on too much risk.

You were CEO of Information Mosaic, a securities software company, at the time. Was there a connection?


Last year there were about $100 billion in fines levied on banks for not complying with regulations. In 2008, before the big financial crisis, that was less than $1 billion. Back in 2008, compliance was a nuisance function that you kept in the back office.
John Byrne

We grew between 2008 and 2012, but I could see that the real growth was in the regulatory side. I founded Corlytics in 2013 because I could see my clients were shifting their spending toward regulatory and compliance systems. The risks of not doing so were becoming obvious. For example, in 2014 Bank of America Merrill Lynch paid more than $16 billion in fines because of mortgage-backed securities issues, and last year Deutsche Bank had to settle with the U.S. Department of Justice for $7.2 billion because of compliance violations. Those are big impacts. Since the crash, there have been 39 incidents of banks paying more than $1 billion in fines. About $250 billion was wiped off the balance sheets of the top 20 banks in the world, mostly in the U.S.

Why are you still in Ireland?

We now have 38 staffers globally, with offices in both Boston and New York. We may eventually have some people based in Washington, because that’s where the regulators are. But we see ourselves as a global company. We already have a presence in Australia and plan to grow our Asian presence. The company will probably shift in 2018 and become more U.S. focused.

Any specific developments that convinced you to focus your energy on Corlytics instead of Information Mosaic?

In December 2012 I met with three clients who were discussing their budgets for the following year. They said they were allocating most of their IT budgets to get ready for new regs coming into force in 2013-14. For some, it was a third of their entire IT budget. I then asked two very large banks how they measure the risk of getting fined. After three months, they still couldn’t tell me how many fines they’d have globally. They didn’t know the value of that to their own organizations. So, I started looking into the feasibility of the regulatory risk business.

How big is the market for so-called regtech?

If you look at the world of credit risk assessment, which is dominated by Moody’s and Standard & Poor’s, that’s about a $10 billion market. We estimate our market at about $1.5 billion.

Any unusual startup challenges?

We’re trying to convert legal documents into scientific data. We use a unique combination of lawyers, data scientists, and mathematicians to look at legal events, and use modern analytics to measure the risks of a new piece of regulation.

Are most clients seeking your services to fully comply, or are they looking for ways to determine whether it might be cheaper just to pay the fines?

Noncompliance isn’t an option anymore, and banks are now factoring compliance into the cost of doing business. Some are even using our information to craft an exit strategy. If a bank doesn’t have the expertise to put in the controls that a regulator expects, that might be a reason to get out of the business.

Corlytics was operating in the red at the end of 2015, but you predicted the company would be profitable by 2020. Are you on track?

We’re basically in line with where we said we’d be. Our goal is to be a leader in the field, and we’re in a period of strong revenue growth for what’s going to be a very big market.

Any particular books that influenced you or your career?

One was Hard Facts, Dangerous Half-Truths, and Total Nonsense: Profiting from Evidence-Based Management, by Jeffrey Pfeffer and Robert I. Sutton. That was a huge inspiration for the logic behind this company. I believe people should make data-based decisions, and what I saw were bankers relying on lawyers’ opinions rather than facts. There’s no reason to bet the future of a bank on someone’s opinion.

For media inquiries, visit the Newsroom.

Explore More