India Financial Services – Disrupt or Be Disrupted

Matrix India recently hosted two firebrands of the financial services world, Mr Sanjay Agarwal, founder AU Small Finance Bank and Mr Sharad Sharma, founder iSPIRT Foundation, Volunteer at India Stack, for a no holds barred discussion at the Matrix Rooftop in Bangalore. Here is an excerpt from the evening and some of our learnings for fin-tech entrepreneurs.

Part 1 of the two-part series features the untold story of AU Bank, in the words of Sanjay Agarwal himself, as below:

Sanjay Agarwal – on his background and early days before starting AU:

“In my early Chartered Accountancy days, I started out by doing audit work, taxation, and managing clients. I had studied hard and was naïve and enthusiastic at that time hoping, to solve the world’s problems. This pushed me to work harder and I had a desire to do something more.

I believe that we are the choices we make. While evaluating various choices, I eliminated all the options that I didn’t want to pursue e.g. to work for a fee or commission and then I started digging deeper on what really interests me – that was when the concept of AU Financiers was formed.

In 1996, as 26 years old, I began approaching HNIs to raise capital, as back then, there were no VCs. I was fortunate to raise INR 10 cr at a 12% hurdle rate and I had to secure the funding with a personal guarantee. But what is the guarantee of the guarantor? No one questioned this at that time. So, I technically became one of the first P2P lenders, and structured a product that didn’t exist– short term, secured and at a 30% rate of interest. That was the start of the AU journey.”

The Early Days of AU:

“I started off AU as a one-man army. I was everything from the treasurer to the collector. Slowly we built our team and rotated the 10 cr of capital to disburse 100 cr of loans – not a single rupee was lost. There were several challenges at that time for e.g., there was no CIBIL score, financial discipline was lacking, people were still learning how to take a loan and repay it and customer ids didn’t even have a photograph. But somehow, we managed.

The period from 1996 to 2002 taught me everything I needed to learn – how to lend, how to collect, how to manage people, read people’s body language, and most importantly how to manage yourself in different situations. I follow all of that until today, and my team also benefits or suffers from those learnings of mine even today. In those 7 years, we would have dealt with 2000 customers out of which 500 defaulted. That was the ratio of defaulters – 25%. But we managed and there were actually no NPL’s.”

Partnering with HDFC Bank

“In 2002, retail credit was beginning to take off, but our HNIs started pulling their money out, as they wanted a higher return. However, at that time, the most premium bank in the country, HDFC Bank, appointed us as their channel partner. The model we followed was very simple – AU was responsible for sourcing the customer, KYC processing and doing on the ground diligence while loans were booked on HDFC’s balance sheet. HDFC is perceived to be a conservative bank, and it is – however, they gave me Rs 400 cr, on a net worth of only Rs 5 cr! They made an exception in our case due to our strong track record, through execution, sound knowledge of the market, and most importantly our integrity.

By 2008, our net worth had increased to Rs 10 crore through internal accruals. At that time, HDFC told us that we can’t give you any more capital, as we were overleveraged, and that we now needed to bring in equity capital if we wanted to grow.”

Growing the balance sheet and partnering right

“I had two choices at that point, I could continue in Jaipur, keep my ambition under control and live comfortably or figure out what else is possible. I chose the latter and this marked the beginning of my partnership with Motilal Oswal. Its easier to raise equity now, back in the day shareholder agreements used to look like loan agreements with min IRR requirements, etc. As luck would have it, a few months after we raised equity, the Lehman Brothers crisis broke out and most banks stopped funding. We were supported once again by HDFC – they were our saviour and I will cherish my relationship with them always. Once the market settled down, having survived this negative environment, there was no looking back.

Our next major investor was IFC. For the entrepreneurs here, I want to say that you have to be selective about your investors, who will help with not just capital – there should be added value they bring to the table apart from money. IFC was giving me 20% lower valuation, but I knew that I didn’t have any lineage to fall back on. As a first-generation entrepreneur, I had to raise money on the strength of my balance sheet and not basis my family name. I knew that partnering with IFC would shift the perception of AU within the industry, especially for PSU banks. After their investment, we grew from one bank relationship with HDFC to 40 bank partnerships. One thing led to another and Warburg Pincus, ChrysCapital, and Kedaara Capital all came on board after that.”

Consistent performance

“From 2008 onwards, we started diversifying from vehicle lending and got into other forms of secured lending like a loan against property, home loans etc. We never tried unsecured lending and never ventured into microfinance or gold finance. Those were very popular products at that time but focusing on what we were good at resulted in a consistently strong performance. We never had a bad year. In the world of finance, the margin of error is very less. If you have a bad year you can almost never come back. Good companies survive regardless of the market condition, you can never blame the market for your company’s poor performance. In 2015-16, we were a successful NBFC, our RoA was close to 3% with an asset base of close to 8,000 crores, with a RoE of 27-28% and everyone was chasing us – the question at that time before us was, what next?”

How we became a bank

“As an NBFC, it is very hard to manage a book of Rs 50,000 cr with the same efficiency and effectiveness as it’s a people dependent business, there are limits to the kind of products you can do and you can’t keep raising capital. Hence, we became a bank because we wanted to be there for the next 100 years and that perpetual platform can only be created through a bank. That is the biggest platform and it is not available at a price. It’s available through your integrity, business plan and execution. Today, we receive Rs 100 cr of money every single day. This is the same person who was struggling to raise Rs 10 cr in 1996, and is now getting money at the speed of Rs 100 cr every day – it feels amazing but there is a lot of responsibility!”

Part 2 of the two-part series features insights from Sharad Sharma:

Recognizing the Athletic Gavaskar moment in Indian Financial Services

“Indian financial services industry is going through its equivalent of the Athletic Gavaskar project of Indian cricket. The motive behind this project was to instil the importance of being athletic to successfully compete in the modern game. A new team was created with the rule that if you are not athletic, you cannot be a part of the team, regardless of other skills that you bring to the table. Virat Kohli eventually became the captain of this team and the results are for everyone to see. Similar yet contrasting stories played out in hockey and wrestling. In hockey, we lost for 20 years because we refused to adapt to the introduction of astroturf. However, in wrestling, the Akhadas in Haryana embraced the move from mud to mat with rigour, and Indian wrestling is already punching above its weight class and hopefully will do even better over time. The idea of sharing this is that similar to sports, sometimes an industry goes through a radical shift. Take the telecom space, for example, if Graham Bell came alive in 1995, he would recognize the telephone system, 20 years later he wouldn’t recognize it at all. The banking industry is going to go through a hockey/wrestling or communications type disruption and a lot of us are working hard to make it happen.”

Infrastructure changes lead to New Playgrounds

“All the banks and NBFCs put together are not serving the real India today. We have 10 million+ businesses that have GST id’s, out of which 8 million+ are big enough to pay GST on a monthly basis, but only 1.2 million have access to NBFC or bank finance. This is a gap that needs to be addressed and it cannot be solved through incremental innovations.

Entrepreneurs and incumbents should learn from what happened in the TV industry when new infrastructure became available. When India went from state-run TV towers in 34 cities to cable and satellite TV in pretty much every town, there was a massive new market that was unlocked that did not want to watch the same Ramayan or Hum Log TV serials. What transpired was an explosion of entertainment products because of the high demand stemming from the new markets and the TV channel players that reinvented their content is thriving today while others that did not, are barely surviving or have shut down.

So where does this leave the bankers? I think it is the biggest opportunity for the right banker who understands this problem, wants to serve this section of the market and is willing to reinvent the way they do their business and take advantage of the new infrastructure that will be available.”

Dual-immersed entrepreneurs have the biggest advantage

“Entrepreneurs who are immersed in the messiness of both the new infrastructure and the old problem are “dual immersed entrepreneurs”. They are the ones that succeed when a market shift is underway. Today this is not happening. Some of our city-bred entrepreneurs are more comfortable with California rather than Bharat. And some of our sales-oriented entrepreneurs are intimidated by the messiness of the new technology infrastructure.”

New Playgrounds need new Gameplay

“In a world where eKYC exists, and we can transfer money through UPI from a phone, and sign documents digitally – we are ready to deliver financial products on the phone and this is the disruption that is required. Access to credit drives the economy and with this new infrastructure, it is now possible to lend to the real India. However, it’s easy to give money, but the ability to get it back and keeping defaults at a minimum is the real trick. Even there we are moving towards seeing a radical improvement. Debt providers now have powers they never had and defaulters are being brought to book. Customers are now incentivized to build their own credit history to get better and lower interest rates over time. A new Public Credit Registry is coming to enable this at scale. But the biggest innovation is related to the dramatic shortening of the tenor. One can structure a one-year loan into 12 monthly loans or 52 weekly loans. This rewards positive customer behaviour and brings about the behaviour change that is needed.

There is no secret sauce here, it requires gumption – like that shown by Reed Hastings, founder of Netflix. He disrupted the TV and home video industry by first having the wisdom to go from ground to cloud and then again when they started developing original content. In both cases, he had little support from the board or investors. If you can reinvent yourself before it becomes necessary, you’re a winner but this is harder to do for a successful company. The legacy of success provides resisters with the clout to block change. The real beneficiary of Aadhaar based eKYC in the telecom world was not the incumbents but Jio – eKYC allowed Jio to acquire customers at an unprecedented scale and they saved INR 5000 crores on KYC costs as well.”

About iSPIRT

iSPIRT is a non-profit think tank that builds public goods for Indian product startup to thrive and grow. iSPIRT aims to do for Indian startups what DARPA or Stanford did in Silicon Valley. iSPIRT builds four types of public goods – technology building blocks (aka India stack), startup-friendly policies, market access programs like M&A Connect and Playbooks that codify scarce tacit knowledge for product entrepreneurs of India.

About AU Small Finance Bank:

AU Small Finance Bank Limited (AU Bank) started in 1996 as a vehicle financing NBFC, AU Financiers and scaled to touch over a million underbanked and unbanked customers across 11 states of North, West and Central India, prior to becoming a bank in April 2017. During this time, AU attracted equity investments from marquee investors such as IFC, Warburg Pincus, Chrys Capital, Kedaara Capital and recently went public when its IPO was oversubscribed ~54 times. Over the years, AU Bank, led by its founder Sanjay Agarwal, has created significant shareholder value with its equity value growing from ~$120 million in 2012 to current market capitalization of ~$3 billion.

Please Note: The blog was first published and authored by Matrix India Team and you can read the original post here: matrixpartners.in/blog

iSPIRT Final Comments on India’s Personal Data Protection Bill

Below represents iSPIRT’s comments and recommendations on the draft Personal Data Protection Bill.  iSPIRT’s overall data privacy and data empowerment philosophy is covered here.  

Table of Contents

Major Comments
1. Include Consent Dashboards
2. Financial Understanding and Informed Consent for all Indians
3. Data Fiduciary Trust Scores Similar to App Store Ratings
4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data
5. Warn of Potential Credit and Reputation Hazards
6. A Right to View and Edit Inferred Personal Data
7. Sharing and Processing of Health Data

Suggestions and Questions

  • Fund Data Rights Education
  • Limit Impact Assessment Requirement
  • Passwords should be treated differently than other Sensitive Personal Data.
  • Does the Bill intend to ban automatic person-tagging in photos and image search of people?
  • Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.
  • Need for an Authority appeal process when data principal rights conflict
  • Do not outlaw private fraud detection
  • Limit record keeping use and disclosure to the Authority and the company itself.
  • Fillings may be performed digitally
  • Request for Definition Clarifications
  • Author Comments
  • Links
  • Appendix – Sample User Interface Screens

Major Comments

1. Include Consent Dashboards

We support the idea of a Consent Dashboard as suggested in the Data Protection Committee Report (page 38) and recommend it to be incorporated in the Bill in Section 26 – Right to Data Portability and Section 30 (2) Transparency.  

We envision all of a user’s personal and inferred data that is known by data fiduciaries (i.e. companies) being exposed on a consent dashboard, provided by a third party consent collector or account aggregator (to use the RBI’s parlance). Below is an example user interface:

This mandate would enable users to have one place – their consent collector-provided dashboard – to discover, view and edit all data about them. It would also allow users to see any pending, approved and denied data requests.

Furthermore, in the event of data breaches, especially when a user’s password and identifier (mobile, email, etc) have been compromised, the breach and recommended action steps could be made clear on the consent dashboard.

Given the scope of this suggestion, we recommend an iterative or domain specific approach, wherein financial data is first listed in a dashboard limited to financial data and for its scope to grow with time.

2. Financial Understanding and Informed Consent for all Indians

We applaud the Bill’s Right to Confirmation and Access (Chapter IV, Section 24):

The data fiduciary shall provide the information as required under this section to the data principal in a clear and concise manner that is easily comprehensible to a reasonable person.

That said, we’ve found in practice that it’s difficult to appreciate the implications of digital policies on users until real user interfaces are presented to end users and then tested for their usability and understanding. Hence, we’ve put together a set of sample interfaces (see Appendix) that incorporate many of the proposed bill’s provisions and our recommendations. That said, much more work is needed before we can confidently assert that most Indians understand these interfaces and what they are truly consenting to share.

The concepts behind this bill are complicated and yet important. Most people do not understand concepts such as “revocable data access rights” and other rather jargon-filled phrases often present in the discussion of data privacy rights. Hence, we believe the best practices from interface design must be employed to help all Indians – even those who are illiterate and may only speak one of our many non-dominant languages – understand how to control their data.

For example, multi-language interfaces with audio assistance and help videos could be created to aid understanding and create informed consent.  Toll-free voice hotlines could be available for users to ask questions. Importantly, we recognize that the interfaces of informed consent and privacy control need rigorous study and will need to evolve in the years ahead.

In particular, we recommend user interface research in the following areas:

  • Interfaces for low-education and traditionally marginalized communities
  • Voice-only and augmented interfaces
  • Smart and “candy-bar” phone interfaces
  • Both self-serving and assisted interfaces (such that a user can consensually and legally delegate consent, as tax-payers do to accountants).

After user interface research has been completed and one can confidently assert that certain interface patterns can be understood by most Indian adults, we can imagine that templated designs representing best practices are recommended for the industry, much like the design guidelines for credit card products published by US Consumer Financial Protection Bureau or nutritional labelling.

3. Data Fiduciary Trust Scores Similar to App Store Ratings

We support the government’s effort to improve the trust environment and believe users should have appropriate, easy and fast ways to give informed consent & ensure bad actors can’t do well. Conversely, we believe that the best actors should benefit from a seamless UI and rise to the top.

The courts and data auditors can’t be the only way to highlight good, mediocre and bad players. From experience, we know that there will be a continuum of good to bad experiences provided by data fiduciaries, with only the worst and often most egregious actions being illegal.

People should be able to see the experiences of other users – both good and bad – to make more meaningful and informed choices. For example, a lender that also cross-sells other products to loan recipients and shares their mobile numbers may not be engaging in an illegal activity but users may find it simply annoying.

Hence, we recommend that data fiduciary trust scores are informed with user-created negatives reviews (aka complaints) and positive reviews.

In addition to Data Auditors (as the Bill envisions), user created, public ratings will create additional data points and business incentives for data fiduciaries to remain in full compliance with this law, without a company’s data protection assessment being the sole domain of its paid data auditors.

We would note that crowd sourced rating systems are an ever-evolving tech problem in their own right (and subject to gaming, spam, etc) and hence, trust rating and score maintenance may be best provided by multiple market actors and tech platforms.

4. Comments & Complaints on Data Fiduciaries are Public, Aggregatable Data

…so 3rd party actors and civil society can act on behalf of users.

A privacy framework will not change the power dynamics of our society overnight. Desperate people in need of money will often sign over almost anything, especially abstract rights. Additionally, individual citizens will rarely to be able to see larger patterns in the behaviour of lenders or other data fiduciaries and are ill-equipped to fight for small rewards on behalf of their community.  Hence, we believe that user ratings and complaint data about data fiduciaries must be made available in machine-readable forms to not only to the State but to third-parties, civic society and researchers so that they may identify patterns of good and bad behaviour, acting as additional data rights watchdogs on behalf all of us.

5. Warn of Potential Credit and Reputation Hazards

We are concerned about the rise of digital and mobile loans in other countries in recent years. Kenya – a country with high mobile payment penetration and hence like India one that has become data rich before becoming economically rich – has seen more than 10% of the adult population on credit blacklists in 2017; three percent of all digital loans were reportedly used for gambling. These new loan products were largely made possible by digital money systems and the ability of lenders to create automated risk profiles based on personal data; they clearly have the potential to cause societal harm and must be considered carefully.

Potential remedies to widespread and multiple loans are being proposed (e.g. real-time credit reporting services), but the fact that a user’s reputation and credit score will be affected by an action (such as taking out a loan), most also be known and understood by users. E.g. Users need to know that an offered loan will be reported to other banks and if they don’t pay they will be reported and unable to get other loans.

Furthermore, shared usage-based patterns – such as whether a customer pays their bills on time or buys certain types of products – must be available for review by end users.

6. A Right to View and Edit Inferred Personal Data

The Machine Learning and AI community have made incredible strides in computers’ ability to predict or infer almost anything. For example, in 2017, a babajob.com researcher showed the company could predict whether a job seeker earned more or less than Rs 12000 / month with more than 80% accuracy, using just their photo.  She did this using 3000 job seeker photos, 10 lines of code and Google’s TensorFlow for Poets sample code.  Note the project was never deployed or made publicly available.

As these techniques become ever more commonplace in the years to come, it’s reasonable to assume that public facing camera and sensor systems will be able to accurately infer most of the personal data of their subjects – e.g. their gender, emotional state, health, caste, religion, income – and then connect this data to other personally identifiable data such as a photo of their credit card and purchase history. Doing so will improve training data so that systems become even more accurate. In time, these systems – especially ones with large databases of labelled photos – like the governments’, popular social networks’ or a mall’s point of sale + video surveillance system – truly will be able to precisely identify individuals and their most marketable traits from any video feed.

Europe’s GDPR has enshrined the right for people to view data inferred about them, but in conjunction with the idea of a third party consent dashboard or Account Aggregator (in the RBI’s case), we believe we can do better.

In particular, any entity that collects or infers data about an individual that’s associated with an identifier such as an email address, mobile, credit card, or Aadhaar number should make that data viewable and editable to end users via their consent dashboard.  For example, if a payment gateway provider analyses your purchase history and infers you are diabetic and sells this information as a categorization parameter to medical advertisers, that payment gateway must notify you that it believes you are diabetic and enable you to view and remove this data. Google, for example, lists these inferences as Interests and allows users to edit them:

Using the Consent Dashboard mentioned in Major Comment 1, we believe users should have one place where they can discover, view and correct all personal and inferred data relevant to them.

Finally, more clarity is needed regarding how data gathered or inferred from secondary sources should be regulated and what consent may be required. For example, many mobile apps ask for a user’s consent to read their SMS Inbox and then read their bank confirmation SMSs to create a credit score. From our view, the inferred credit score should be viewable by the end user before it’s shared, given its personal data that deeply affects the user’s ability to gain usage of a service (in this case, often a loan at a given interest rate).

7. Sharing and Processing of Health Data

The Bill requires capturing the purpose for data sharing:

Chapter II, point 5:

“Purpose limitation.— (1) Personal data shall be processed only for purposes that are clear, specific and lawful. (2) Personal data shall be processed only for purposes specified or for any other incidental purpose that the data principal would reasonably expect the personal data to be used for, having regard to the specified purposes, and the context and circumstances in which the personal data was collected.”

In the healthcare domain, collecting the purpose for which the data is being shared might itself be quite revealing. For example, if data is being shared for a potential cancer biopsy or HIV testing, the purpose might be enough to make inferences and private determinations about the patient and say deny insurance coverage. On the other hand, stating high-level, blanket purposes might not be enough for future audits. A regulation must be in place to ensure the confidentiality of the stated purpose.  

The Bill has a provision for processing sensitive personal data for prompt action:

Chapter IV, point 21:

“Processing of certain categories of sensitive personal data for prompt action. — Passwords, financial data, health data, official identifiers, genetic data, and biometric data may be processed where such processing is strictly necessary— (a) to respond to any medical emergency involving a threat to the life or a severe threat to the health of the data principal; (b) to undertake any measure to provide medical treatment or health services to any individual during an epidemic, outbreak of disease or any other threat to public health; or (c) to undertake any measure to ensure safety of, or provide assistance or services to, any individual during any disaster or any breakdown of public order.”

While this is indeed a necessity, we believe that a middle ground could be achieved by providing an option for users to appoint consent nominees, in a similar manner to granting power of attorney. In cases of emergency, consent nominees such as family members could grant consent on behalf of the user. Processing without consent could happen only in cases where a consent nominee is unavailable or has not been appointed. This creates an additional layer of protection against misuse of health data of the user.

Suggestions and Questions

Fund Data Rights Education

We believe a larger, public education program may be necessary to educate the public on their data rights.

Limit Impact Assessment Requirement

Section 33 – Data Protection Impact Assessment —

  • Where the data fiduciary intends to undertake any processing involving new technologies or large scale profiling or use of sensitive personal data such as genetic data or biometric data, or any other processing which carries a risk of significant harm to data principals, such processing shall not be commenced unless the data fiduciary has undertaken a data protection impact assessment in accordance with the provisions of this section. …
  • On receipt of the assessment, if the Authority has reason to believe that the processing is likely to cause harm to the data principals, the Authority may direct the data fiduciary to cease such processing or direct that such processing shall be subject to such conditions as may be issued by the Authority.

We believe that the public must be protected from egregious data profiling but this provision does not strike an appropriate balance with respect to innovation. It mandates that companies and other researchers must ask government permission to innovate around large scale data processing before any work, public deployments or evidence of harm takes place. We believe this provision will be a large hinderance to experimentation and cause significant AI research to simply leave India. A more appropriate balance might be to ask data fiduciaries to privately create such an impact assessment but only submit to the Authority for approval once small scale testing has been completed (with potential harms better understood) and large scale deployments are imminent.

Passwords should be treated differently than other sensitive personal data.

Chapter IV – Section 18. Sensitive Personal Data. Passwords are different than other types of Sensitive Personal Data, given that they are a data security artifact, rather than a piece of data that is pertinent to a person’s being. We believe that data protection should be over-ridden in extraordinary circumstances without forcing companies to provide a backdoor to reveal passwords. We fully acknowledge that it is useful and sometimes necessary to provide backdoors to personal data – e.g. one’s medical history in the event of a medical emergency – but to require such a backdoor for passwords would likely introduce large potential security breaches throughout the entire personal data ecosystem.  

Does the Bill intend to ban automatic person-tagging in photos and image search of people?

Chapter I.3.8 – Biometric Data – The Bill defines Biometric Data to be:

“facial images, fingerprints, iris scans, or any other similar personal data resulting from measurements or technical processing operations carried out on physical, physiological, or behavioural characteristics of a data principal, which allow or confirm the unique identification of that natural person;”

The Bill includes Biometric Data in its definition of Sensitive Personal Data (section 3.35) which may only be processed with explicit consent:

Section 18. Processing of sensitive personal data based on explicit consent. — (1) Sensitive personal data may be processed on the basis of explicit consent

From our reading, we can see a variety of features available today around image search and person tagging being disallowed based on these provisions. E.g. Google’s image search contains many facial images which have been processed to enable identification of natural persons. Facebook’s “friend auto-suggestion” feature on photos employs similar techniques. Does the Bill intend for these features and others like them to be banned in India? It can certainly be argued that non-public people have a right to explicitly consent before they are publicly identified in a photo but we feel the Bill’s authors should clarify this position. Furthermore, does the purpose of unique identification processing matter with respect to its legality?  For example, we can imagine mobile phone-based, machine learning algorithms automatically identifying a user’s friends to make a photo easier to share with those friends; would such an algorithm require explicit consent from those friends before it may suggest them to the user?

Notifications about updates to personal data should be handled by a Consent Dashboard, not every data fiduciary.

Chapter IV – Section 25.4 – Right to correction, etc

Where the data fiduciary corrects, completes, or updates personal data in accordance with sub-section (1), the data fiduciary shall also take reasonable steps to notify all relevant entities or individuals to whom such personal data may have been disclosed regarding the relevant correction, completion or updating, particularly where such action would have an impact on the rights and interests of the data principal or on decisions made regarding them.

We believe the mandate on a data fiduciary to notify all relevant entities of a personal data change is too great a burden and is better performed by a consent dashboard, who maintains which other entities have a valid, up-to-date consent request to a user’s data. Hence, upon a data change, the data fiduciary would update the consent dashboard of the change and then the consent dashboard would then notify all other relevant entities.

It may be useful to keep the user in this loop – so that this sharing is done with their knowledge and approval.

Need for an Authority appeal process when data principal rights conflict

Section 28.5 – General conditions for the exercise of rights in this Chapter. —  

The data fiduciary is not obliged to comply with any request made under this Chapter where such compliance would harm the rights of any other data principal under this Act.

This portion of the law enables a data fiduciary to deny a user’s data change request if it believes doing so would harm another data principal. We believe it should not be up to the sole discretion of the data fiduciary to determine which data principal rights are more important and hence would like to see an appeal process to the Data Protection Authority made available if a request is refused for this reason.

Do not outlaw private fraud detection

Section 43.1 Prevention, detection, investigation and prosecution of contraventions of law

(1) Processing of personal data in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of law shall not be permitted unless it is authorised by a law made by Parliament and State Legislature and is necessary for, and proportionate to, such interests being achieved.

We worry the above clause would effectively outlaw fraud detection research, development and services by private companies in India. For instance, if a payment processor wishes to implement a fraud detection mechanism, they should be able to do so, without leaving that task to the State.  These innovations have a long track record of protecting users and businesses and reducing transaction costs. We recommend a clarification of this section and/or its restrictions to be applied to the State.

Limit record keeping use and disclosure to the Authority and the company itself.

Section 34.1.a. Record – Keeping –

The data fiduciary shall maintain accurate and up-to-date records of the following

(a) important operations in the data life-cycle including collection, transfers, and erasure of personal data to demonstrate compliance as required under section 11;

We expect sensitive meta-data and identifiers will need to be maintained for the purposes of Record Keeping; we suggest that this Record Keeping information be allowed but its sharing limited only to this use and shared only with the company, its Record Keeping contractors (if any) and the Authority.

Fillings may be performed digitally

Section 27.4 – Right to be Forgotten

The right under sub-section (1) shall be exercised by filing an application in such form and manner as may be prescribed.

The Bill contains many references to filing an application;  we’d suggest a definition that is broad and includes digital filings.

This also applies to sections which include “in writing” – which must include digital communications which can be stored (for instance, email).

Request for Definition Clarifications

What is “publicly available personal data”?

  • Section 17.2.g – We believe greater clarity is needed around the term “publicly available personal data.“ There questionably obtained databases for sale that list the mobile numbers and addresses of millions of Indians – would there thus be included as a publicly available personal data?
  • We’d recommend that DPA defines rules around what is publicly available personal data so that it is taken out of the ambit of the bill.  
  • The same can be said for data where there is no reasonable expectation of privacy (with the exception that systematic data collection on one subject cannot be considered to be such a situation)

Clarity of “Privacy by Design”

Section 29 – Privacy by Design

Privacy by Design is an established set of principles (see here and in GDPR) and we would like to see the Bill reference those patterns explicitly or use a different name if it wishes to employ another definition.

Define “prevent continuing disclosure”

Section 27.1 – Right to be Forgotten

The data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary…

We request further clarification on the meaning of  “prevent continuing disclosure” and an example use case of harm.

Define “standard contractual clauses” for Cross-Border Transfers

Section 41.3.5 – Conditions for Cross-Border Transfer of Personal Data

(5) The Authority may only approve standard contractual clauses or intra-group schemes under clause (a) of sub-section (1) where such clauses or schemes effectively protect the rights of data principals under this Act, including in relation with further transfers from the transferees of personal data under this subsection to any other person or entity.

We would like to standard contractual clauses clearly defined.

Define “trade secret”

Section 26.2 C – Right to be Forgotten

compliance with the request in sub-section (1) would reveal a trade secret of any data fiduciary or would not be technically feasible.

We request further clarification on the meaning of  “trade secret” and an example of the same.

Author Comments

Compiled by iSPIRT Volunteers:

Links

Comments and feedback are appreciated. Please mail us at com[email protected].

Appendix – Sample User Interface Screens

Link: https://docs.google.com/presentation/d/1Eyszb3Xyy5deaaKf-jjnu0ahbNDxl7HOicImNVjSpFY/edit?usp=sharing

******

AI/ML is not Sexy

One would think that the new sexy in the startup capital of the world is self-driving cars, AI/ML… I got news for you! AI/ML (esp. Machine Learning) is not listed in Gartner’s hype cycle for 2018.

Source: https://commons.wikimedia.org/wiki/File:Hype-Cycle-General.png

This was corroborated on my recent trip to the valley and the US east coast, where I met several investors, founders, corp dev and other partners of the startup community. It was evident that the AI/ML hype which peaked in 2016 & 2017 is no longer considered a buzzword. It is assumed to be table stakes. What you do with AI/ML is something everyone is willing to listen to. Using AI/ML to solve a high-value B2B SaaS problem is Sexy! (Gartner trends for 2018).

As the hype with AI/ML settles down, B2B startups across the globe are discovering the realities of working the AI/ML shifts for SaaS. Many AI tools & frameworks in the tech stack are still evolving and early pioneers are discovering constraints in the stack and creatively building workarounds as they build their products.

Many entrepreneurs are watching from the sidelines the unfolding of the AI/ML hype, wondering on many valid questions like these (and more):

Q: Do I have to stop what we are building and jump onto the AI bandwagon? No.
Q: Are the AI/ML resources mature & stable to build better value products? No, they are still evolving.
Q: Do I need expensive investments in constrained resources? No, not until you have a high-value problem to solve.

B2B SaaS startups go through 2 key struggles. How to find market-fit and survive? And how to stay relevant and grow. And if you don’t evolve or reinvent as the market factors change, there are high chances for an upstart to come by and disrupt you. The iSPIRT entrepreneur playbooks look to help entrepreneurs get clarity on such queries and more. Our goal is to help our startups navigate such market shifts, stay relevant and grow. Our mini roundtables Playing with AI/ML are focused on WhyAI for SaaS discussions in multiple cities. If you or a startup you know may benefit do register

The MiniRT Agenda

Seeding & creating an active discussion on Why AI/ML? What is the higher order value being created? How to identify the value & opportunities to leverage AI? How to get started with an AI playground (if not already running)? How to think of data needs for AI/ML investments, How to address the impact on Product & Business… Insights from these sessions are meant to help refine our approach & readiness to leverage AI/ML for building higher order value products. And in doing so building a vibrant community focused around navigating this shift.

Upcoming PlaybookRTs on AI/ML

6-Oct (Chennai) 10 am – 1 pm – MiniRoundTable on WhyAI for B2B SaaS – Shrikanth Jagannathan, PipeCandy Inc
18-Oct (Bangalore) 6 pm – 8 pm MiniRoundTable with Dr Viral Shah on AI/ML Tools & discuss your ML/DeepLearning challenges
27-Oct (Delhi/Gurgaon) 2 pm – 6 pmMiniRoundTable on WhyAI for B2B SaaS, Adarsh Natarajan, CEO & Founder – Aindra Systems
TBD (Bangalore)MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest)
TBD (Mumbai)MiniRoundTable on WhyAI for B2B SaaS, (based on registered interest)

The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold, on a reasonable level playing field.

Click to Register for the AI/ML Playbooks Track.

Please note: All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely and to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

Image source: https://commons.wikimedia.org/wiki/File:Hype-Cycle-General.png

Interesting Reads

The slow, light touch of AI in Indian Saas

Why the SC ruling on ‘Private Players’ use of Aadhaar doesn’t say what you think it does

On behalf of iSPIRT, Sanjay Jain recently published an opinion piece regarding the recent supreme court judgement on the validity of Aadhaar. In there, we stated that section 57 had been struck down, but that should still allow some usage of Aadhaar by the private sector. iSPIRT received feedback that this reading may have been incorrect and that private sector usage would not be allowed, even on a voluntary basis. So, we dug deeper, and analyzed the judgement once again, this time trying to disprove Sanjay’s earlier statement. So, here is an update:

Section 57 of the Aadhaar act has NOT been struck down!

Given the length of the judgement, our first reading – much like everyone else’s was driven by the judge’s statement and confirmed by quickly parsing the lengthy judgement. But in this careful reanalysis, we reread the majority judgement at leisure and drilled down into the language of the operative parts around Section 57. Where ambiguities still remain, we relied on the discussions leading up to the operative conclusions. Further, to recheck our conclusions, we look at some of the other operative clauses not related to Section 57. We tested our inference against everything else that has been said and we looked for inconsistencies in our reasoning.

Having done this, we are confident in our assertion that the judges did not mean to completely blockade the use of Aadhaar by private parties, but merely enforce better guardrails for the protection of user privacy. Let’s begin!

Revisiting Section 57

Here is the original text of section 57 of the Aadhaar Act

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Now, let us simply read through the operating part of the order with reference to Section 57, ie. on page 560. This is a part of paragraph 447 (4) (h). The judges broke this into 3 sections, and mandated changes:

  1. ‘for any purpose’ to be read down to a purpose backed by law.
  2. ‘any contract’ is not permissible.
  3. ‘any body corporate or person’ – this part is struck down.

Applying these changes to the section, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Cleaning this up, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual pursuant to any law, for the time being in force:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

It is our opinion that this judgement does not completely invalidate the use of Aadhaar by private players, but rather, specifically strikes down the use for “any purpose [..] by any body corporate or person [..] (under force of) any contract”. That is, it requires the use of Aadhaar be purpose-limited, legally-backed (to give user rights & protections over their data) and privacy-protecting.

As an exercise, we took the most conservative interpretation – “all private use is struck down in any form whatsoever” – and reread the entire judgement to look for clues that support this conservative view.

Instead, we found that such an extreme view is inconsistent with multiple other statements made by the judges. As an example, earlier discussions of Section 57 in the order (paragraphs 355 to 367). The conclusion there – paragraph 367 states:

The respondents may be right in their explanation that it is only an enabling provision which entitles Aadhaar number holder to take the help of Aadhaar for the purpose of establishing his/her identity. If such a person voluntary wants to offer Aadhaar card as a proof of his/her identity, there may not be a problem.

Some pointed out that this is simply a discussion and not an operative clause of the judgement. But even in the operative clauses where the linking of Aadhaar numbers with bank accounts and telecom companies is discussed, no reference was made to Section 57 and the use of Aadhaar by private banks and telcos.

The court could have simply struck down the linking specifically because most banks and telcos are private companies. Instead, they applied their mind to the orders which directed the linking as mandatory. This further points to the idea that the court does not rule out the use of Aadhaar by private players, it simply provides stricter specifications on when and how to use it.

What private players should do today

In our previous post, we had advised private companies to relook at their use of Aadhaar, and ensure that they provide choice to all users, so that they can use an appropriate identity, and also build in better exception handling procedures for all kinds of failures (including biometric failures).

Now, in addition to our previous advice, we would like to expand the advice to ask that each company look at how their specific use case draws from the respective acts, rules, regulations and procedural guidelines to ensure that these meet the tests used by this judgement. That is, they contain adequate justification and sufficient protections for the privacy of their users.

For instance, banks have been using Aadhaar eKyc to open a bank account, Aadhaar authentication to allow operation of the bank accounts, and using the Aadhaar number as a payment address to receive DBT benefits. Each of these will have to be looked at how they derive from the RBI Act and the regulations that enable these use cases.

These reviews will benefit from the following paragraphs in the judgement.

The judgement confirmed that the data collected by Aadhaar is minimal and is required to establish one’s identity.

Paragraph 193 (and repeated in other paras):

Demographic information, both mandatory and optional, and photographs does not raise a reasonable expectation of privacy under Article 21 unless under special circumstances such as juveniles in conflict of law or a rape victim’s identity. Today, all global ID cards contain photographs for identification alongwith address, date of birth, gender etc. The demographic information is readily provided by individuals globally for disclosing identity while relating with others and while seeking benefits whether provided by government or by private entities, be it registration for citizenship, elections, passports, marriage or enrolment in educational institutions …

The judgement has a lot to say in terms of what the privacy tests should be, but we would like to highlight two of those paragraphs here.

Paragraph 260:

Before we proceed to analyse the respective submissions, it has also to be kept in mind that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21…

Paragraph 289:

‘Reasonable Expectation’ involves two aspects. First, the individual or individuals claiming a right to privacy must establish that their claim involves a concern about some harm likely to be inflicted upon them on account of the alleged act. This concern ‘should be real and not imaginary or speculative’. Secondly, ‘the concern should not be flimsy or trivial’. It should be a reasonable concern…

Hence, the privacy risk in these use cases must be evaluated in terms of the data in the use case itself, as well as in relation to biometrics, and the Aadhaar number in the context of the user’s expectations, and real risks. Businesses must evaluate their products, and services – particularly those which use Aadhaar for privacy risks. It is helpful that the UIDAI has provided multiple means of mitigating risks, in the form of Registered Devices, Virtual Ids, Tokenization, QR Codes on eAadhaar, etc. which must be used for this purpose.

What private players should do tomorrow

In the future, the data protection bill will require a data protection impact assessment before deploying large scale systems. It is useful for businesses to bring in privacy and data protection assessments early in their development processes since it will help them better protect their users, and reduce potential liability.

This is a useful model, and we would hope that, in light of the Supreme Court judgement, the Government will introduce a similar privacy impact review, and provide a mechanism to regulate the use of Aadhaar for those use cases, where there are adequate controls to protect the privacy of the users and to prevent privacy harms. Use cases, and an audit/enforcement mechanism matter more than whether the entity is the state, a public sector organization, or a private sector organization.

Note: This is in continuation of Sanjay Jain’s previous op-ed in the Economic Times which is available here and same version on the iSPIRT blog here.

The writer is currently Partner, Bharat Innovation Fund, and Chief Innovation Officer at the Centre for Innovation, Incubation and Entrepreneurship, IIM Ahmedabad. As a volunteer at iSPIRT, he helped define many of the APIs of the India Stack.  He was the Chief Product Manager of UIDAI till 2012

(Disclaimer: This is not legal advice)

Make It ID Of Choice For Your Users

Wednesday’s Supreme Court judgment has upheld not just the constitutionality of Aadhaar but also our right to identity. It also recognises Aadhaar as a tool that fulfils that right. While the founding principles of Aadhaar — privacy and inclusion —were upheld, a few provisions of the Aadhaar Act, including Section 57, were struck down.

Section 57 was an enabling provision for Aadhaar’s use in many contexts. The portion of the section that enables “body corporates and individuals to seek authentication under force of contract” has been declared unconstitutional.

I’d like to open an account with my Aadhaar

As a result, some quarters are concerned that the use of Aadhaar by private firms has been completely prohibited. These concerns are largely unfounded.

The striking down of Section 57 must not be read in isolation. The majority judgment recognises the purposes of identification in other contexts. Section 2(u), when read with Section 8, provides a clear path for Aadhaar authentication and eKYC (know your customer) by regulated private entities. Para 367 explicitly states that a citizen may voluntarily offer her Aadhaar card to anyone as proof of identity.

To put it simply: private entities can request for Aadhaar authentication from an individual on a voluntary basis when backed by law.

Furthermore, Government of India (GoI) has confirmed this view that the use of Aadhaar authentication by private entities, when ‘backed by law’, will be permitted and, if required, ‘corrective measures’ will be taken to ensure the same. Given the permissive provisions of the judgment and GoI’s progressive stance, the IndiaStack ecosystem should continue to thrive with Aadhaar and the upcoming Data Protection Bill as strong foundations.

This is important as the private sector spans every industry and accounts for over six crore jobs. Many of these sectors require ID verification by law, and, of late, have used Aadhaar eKYC to dramatically reduce the cost of onboarding and servicing customers — thus enabling them to serve the previously underserved.

This is Aadhaar’s inclusiveness potential at work in the private sector.

So, where does the industry go from here? Many regulated use cases will find that they are backed by laws like the Prevention of Money Laundering Act (PMLA), the Securities and Exchange Board of India (SEBI) Act, and the Information Technology Act.

But the regulators must review the regulations, and ensure they contain adequate justifications so that they can pass the proportionality test.

The judgment has placed the individual at the centre. India Inc will have to pay special attention to getting informed consent. This will strengthen the trust between them and users. Industry must review their products — giving people more ways to prove their identity. They must also improve their protocols to handle authentication failures and other exceptions. These measures will allow the industry to conform to the judgment while improving products and services.

The laws and regulations pertaining to Aadhaar and data protection are new and subject to constant evolution.

The development of rules and regulations for this ecosystem must comply with the Supreme Court judgment, protect user privacy, and reduce the cost of serving the customer. These rules of the game will let companies know how to behave, and users know what to expect. This can only happen through new institutions.

Twenty-first-century technology platforms can’t be built with the support of old-school trade body structures. It needs a new kind of industry body, one built by new-age players, and is responsible and nimble enough to facilitate the twin goals of regulatory compliance and constant innovation. It is time the new-age technology platforms that are at the forefront of India Stack adoption take on this mantle and build an ecosystem that unlocks the full potential of our economy while respecting the law of the land, and protecting the rights of every Indian.

Please note: The article was first published on The Economic Times (https://blogs.economictimes.indiatimes.com/et-commentary/make-it-id-of-choice-for-your-users/)

How To Empower 1.3 Billion Citizens With Their Data

2018 has been a significant year in our relationship with Data. Globally, the Cambridge Analytica incident made people realise that democracy itself can be vulnerable to data.  Closer to home, we got a first glimpse at the draft bill for Privacy by the Justice Sri Krishna Committee.

The writing on the wall is obvious. We cannot continue the way we have. This is a problem at every level – Individuals need to be more careful with whom they share their data and data controllers need to show more transparency and responsibility in handling user data. But one cannot expect that we will just organically shift to a more responsible, transparent, privacy-protecting regime without the intervention of the state. The draft bill, if it becomes law, will be a great win as it finally prescribes meaningful penalties for transgressions by controllers.

But we must not forget that the flip side of the coin is that data can also help empower people. India has much more socio-economic diversity than other countries where a data protection law has been enacted. Our concerns are more than just limiting the exploitation of user data by data controllers. We must look at data as an opportunity and ask how can we help users generate wealth out of their own data. Thus we propose, that we should design an India-specific Data Protection & Empowerment Architecture (DEPA). Empowerment & Protection are neither opposite nor orthogonal but co-dependent activities. We must think of them together else we will miss the forest for the trees.

In my talk linked below which took place at IDFC Dialogues Goa, I expand more on these ideas. I also talk about the exciting new technology tools that actually help us realise a future where Data can empower.

I hope you take away something of value from the talk. The larger message though, is that it is still early days for the internet. We can participate in shaping its culture, maybe even lead the way, instead of being passive observers. The Indian approach is finding deep resonance globally, and many countries, developing as well as developed, are looking to us for inspiration on how to deal with their own data problem. But it is going to take a lot more collaboration and co-creation before we get there. I hope you will join us on this mission to create a Data Democracy.

Volunteer Hero: Nikhil Kumar

iSPIRT volunteers are strivers. We seek the good for our nation and our ecosystem. We brainstorm, ideate, experiment, build, and evangelize to fulfill our mission of making India a Product Nation. Every volunteer draws us into an ever-enlarging realm of intellectual possibilities and purposeful engagements.

Take Nikhil Kumar for instance. He stepped up almost two years ago to evangelize UPI and handhold its early adopters. He set out to create winning implementations that would put traditional payment systems to shame. Needless to say, this wasn’t an easy thing to do. There was no template to follow. And, most didn’t believe in the potential of this new breakthrough payment system. But this didn’t faze Nikhil. He had chosen his adventure inside iSPIRT and nothing could hold him back.

Today, UPI is a success story. However, that’s not the full story.

Nikhil showed us how to stay cool under fire, to foster affinity, and skillfully navigate diverse opinions amongst many stakeholders. His all-hands-on-deck work ethic came with an ability to take decisive action when the situation demanded it. He showed that a young volunteer can be a visionary with big plans and the capacity to bring them to life. He has set an example for all of us on how to pay-forward and serve a cause bigger than all of us. All this makes him an iSPIRT Volunteer Hero.

iSPIRT Volunteer Heroes – Vivek Raghavan, Rohith Veerjappa, Nikhil Kumar

From tomorrow, Nikhil is shifting gears. He is stepping away from being a volunteer-in-residence. He is taking a few months break. After that, he plans to create a startup. This is great news for iSPIRT. While our India Stack and other technology public platforms create possibilities, it is the products and services that create value. We need all elements of a healthy society – sarkar, samaj, bazaar – to come together to solve population scale problems sustainably. So, we wish him all the very best in this new pursuit of excellence.

All shifts require an adjustment. While Nikhil will remain a part-time iSPIRT volunteer working on WANI, he will no longer be the iSPIRT voice on payments for media, policymakers, startups and financial institutions.

Nikhil’s lasting legacy is that he opened up iSPIRT volunteering for talented youngsters under-30s. Today we have more than a dozen young power volunteers. He has helped all of us see the particular gifts that these young volunteers bring to the cause. His spirit will live on!

By Sharad Sharma, Pramod Varma and Sanjay Khan Nagra for Volunteer Fellow Council

It takes time to build something successful!

Since SaaSx second edition, I have never missed a single edition of SaaSx. The 5th edition – SaaSx was recently held on the 7th of July, and the learnings and experiences were much different from the previous three that I had attended.

One primary topic this year was bootstrapping, and none other than Sridhar Vembu, the CEO and Founder of Zoho, was presenting. The session was extremely relevant and impactful, more so for us because we too are a bootstrapped organisation. Every two months of our 4.5 year-long bootstrapped journey, we have questioned ourselves on whether we have even got it right! If we should go ahead and raise funds. Sridhar’s session genuinely helped us know and understand our answers.

However, as I delved deeper, I realised that the bigger picture that Sridhar was making us aware of was the entrepreneurial journey of self-discovery. His session was an earnest attempt to promote deep thinking and self-reflection amongst all of us. He questioned basic assumptions and systematically dismantled the traditional notions around entrepreneurship. Using Zoho as an example, he showed how thinking from first principles helped them become successful as a global SaaS leader.


What is it that drives an entrepreneur? Is it the pursuit of materialistic goals or the passion to achieve a bigger purpose? The first step is to have this clarity in mind, as this can be critical in defining the direction your business would take. Through these questions, Sridhar showed that business decisions are not just driven by external factors but by internal as well.

For example, why should you chase high growth numbers? As per him, the first step to bootstrapping is survival. The top 5 goals for any startup should be Survive, Survive, Survive, Survive, Survive. Survival is enough. Keep your costs low and make sure all your bills are paid on time.  Cut your burn rate to the lowest. Zoho created 3 lines of business. The current SaaS software is their 3rd. They created these lines during their journey of survival and making ends meet.


Why go after a hot segment (with immense competition) instead of a niche one?  If it’s hot, avoid it i.e. if a market segment is hot or expected to be hot, it will be heavily funded. It will most likely be difficult to compete as a bootstrapped organisation and is henceforth avoidable. Zoho released Zoho docs in 2007, but soon as he realized that Google and Microsoft had entered the space, he reoriented the vision of Zoho to stay focused on business productivity applications. Zoho docs continues to add value to Zoho One, but the prime focus is on Applications from HR, Finance, Support, Sales & Marketing and Project Management.  Bootstrapping works best if you find a niche, but not so small that it hardly exists. You will hardly have cut throat competition in the niche market and will be able to compete even without heavy funding.

Most SaaS companies raise funds for customer acquisition. Even as a bootstrapped company customer acquisition is important. As you don’t have the money, you will need to optimise your marketing spend. Try and find a cheaper channel first and use these as your primary channel of acquisition. Once you have revenue from the these channels, you can start investing in the more expensive one. By this time you will also have data on your life time value and will be able to take better decisions.

Similarly, why base yourself out of a tier 1 city instead of tier 2 cities (with talent abound)? You don’t need to be in a Bangalore, Pune, or a Mumbai to build a successful product. According to Sridhar, if he wanted to start again, he would go to a smaller city like Raipur. Being in an expensive location will ends up burning your ‘meager monies’ faster. This doesn’t mean that being in the top IT cities of India is bad for your business, but if your team is located in one of the smaller cities, do not worry. You can still make it your competitive advantage.

Self-discipline is of utmost importance for a bootstrapped company. In fact, to bootstrap successfully, you need to ensure self-discipline in spends, team management, customer follow-ups, etc. While bootstrapping can demand frugality and self-discipline, the supply of money from your VC has the potential to destroy the most staunchly disciplined entrepreneurs as well. Watch out!

And last but not the least – It takes time to build something successful. It took Zoho 20 years to make it look like an overnight success.

This blog is authored by Ankit Dudhwewala, Founder – CallHippo, AppItSimple Infotek, Software Suggest. Thanks to Anukriti Chaudhari and Ritika Singh from iSPIRT to craft the article.

The Second 20 Confirmed Batch at #SaaSx5

2 days to go for #SaaSx5 and we are reaching our limits for this year. I had missed a few folks in the first batch of 50 announced, so including them along with  the next 20+ (in no particular order).

  1. 99Tests
  2. Appmaker
  3. Auzmor
  4. Botminds Inc
  5. CallHippo
  6. CIAR Software Solutions
  7. Cogknit Semantics
  8. CustomerSuccessBox
  9. Deck app technologies
  10. GreytHR
  11. Happay
  12. HotelLogix
  13. Indusface
  14. inFeedo
  15. Infurnia
  16. LogiNext
  17. Makesto
  18. Mindship.io
  19. Pepipost
  20. PregBuddy
  21. Recruiterbox
  22. ReferralYogi
  23. Swym

There will be one last list sent out tomorrow of confirmed participants. Really excited about the sessions which are shaping up at #SaaSx5

The First 50 Confirmed Companies at #SaaSx5

We are almost there. Only 3 days for #SaaSx5.

For people who are have attended earlier SaaSx I don’t need to tell this, but for all those who are attending the event for the first time – SaaSx is an informal event for knowledge sharing by SaaSprenuers for SaaSprenuers. This is why we have it on the beach for the last 3 years. 🙂

If you don’t know what this is about, SaaSx5, iSPIRT Foundation flagship event for software entrepreneurs of India, is being held in Chennai on 7, July 2018 (Saturday). SaaSx has been instrumental in shaping Global Software from India in the last 3 years. This year the theme is to help SaaS entrepreneurs setup for growth over the next 1-2 years.

So the first 50 confirmed list #SaaSx5 companies is here. It has been a slog for us going through all the applications we received, especially the initial drive to set extremely fair criteria and process. Listening to feedback from earlier SaaSx this year we decided to allow Founder and +1 (from their leadership team). Having a tag team we believe is extremely helpful to the founders in learning, assimilating and taking it back to their teams. This also meant that given the small limited space we had to be strict in our curation to ensure most SaaS product startups had an opportunity.

By the time this post goes live many other invites will have been sent and confirmed. We will continue to announce the companies finalized as we go along, so they can start preparing for the amazing sessions.

There are still spots, so if you have not registered or confirmed your invite (check your email), please do it quickly.

saasx5

In no particular order, here are the first 50 (based on their confirmations).

  1. 3Five8 Technologies
  2. 930 Technologies Pvt. Ltd.
  3. AceBot
  4. ADDA
  5. Airim
  6. Almabase
  7. Appointy
  8. Artifacia
  9. Artoo
  10. Asteor Software
  11. BlogVault Inc
  12. Bonzai digital
  13. CogniSight
  14. DevSys Embedded Technologies Pvt Ltd.
  15. FactorDaily
  16. FlytBase
  17. FormGet
  18. Fourth Dimension Software Systems India Pvt Ltd.
  19. Fyle
  20. Gaglers Inc
  21. Godb Tech Private Limited
  22. inFeedo
  23. Infilect Technologies Private Limited
  24. InMobi
  25. Inscripts
  26. JKL Technologies
  27. Leadworx
  28. LiveHealth
  29. Lucep
  30. Mindship Technologies
  31. Netcore Solutions
  32. Olivo Inc
  33. Omnify Inc
  34. Playlyfe
  35. Plivo
  36. PushEngage
  37. QueryHome Media Solutions Ind Pvt Ltd.
  38. ReportGarden
  39. Rocketium
  40. ShieldSquare
  41. Siftery
  42. SlickAccount
  43. Stealth
  44. Strings.ai
  45. Syscon Solutions Pvt. Ltd.
  46. Tagalys
  47. United Translogix Pvt Ltd
  48. Vernacular.ai
  49. Waffor Retail Solutions Pvt Ltd.
  50. webMOBI

[Update: Next 20+ also announced]

All confirmed participants will receive further information in their mailboxes.

Looking forward to an amazing #SaaSx5!

Thanks to our many behind the scenes volunteers who have been tirelessly working on getting us this far and continuing on. Thanks to Chirantan & team from Software Suggest for crafting this post.

Data Privacy and Empowerment in Healthcare

Technology has been a boon to healthcare. Minimally-invasive procedures have significantly increased safety and recovery time of surgeries. Global collaboration between doctors has improved diagnosis and treatment. Rise in awareness of patients has increased the demand for good quality healthcare services. These improvements, coupled with the growing penetration of IT infrastructure, are generating huge volumes of digital health data in the country.

However, healthcare in India is diverse and fragmented. During an entire life cycle, an individual is served by numerous healthcare providers, of different sizes, geographies, and constitutions. The IT systems of different providers are often developed independently of each other, without adherence to common standards. This fragmentation has the undesirable consequence of the systems communicating poorly, fostering redundant data collection across systems, inadequate patient identification, and, in many cases, privacy violations.

We believe that this can be addressed through two major steps. Firstly, open standards have to be established for health data collection, storage, sharing and aggregation in a safe and standardised manner to keep the privacy of patients intact. Secondly, patients should be given complete control over their data. This places them at the centre of their healthcare and empowers them to use their data for value-based services of their choice. As the next wave of services is built atop digital health data, data protection and empowerment will be key to transforming healthcare.

Numerous primary health care services are already shifting to smartphones and other electronic devices. There are apps and websites for diagnosing various common illnesses. This not only increases coverage but also takes the burden away from existing infrastructures which can then cater to secondary and tertiary services. Data shared from devices that track steps, measure heartbeats, count calories or analyse sleeping patterns can be used to monitor behavioural and lifestyle changes – a key enabler for digital therapeutic services. Moreover, this data can not only be used for monitoring but also for predicting the onset of diseases! For example, an irregular heartbeat pattern can be flagged by such a device, prompting immediate corrective measures. Thus, we see that as more and more people generate digital health data, control it and utilise it for their own care, we will gradually transition to a better, broader and preventive healthcare delivery system.

In this context, we welcome the proposed DISHA Act that seeks to Protect and Empower individuals in regards to their electronic health data. We have provided our feedback on the DISHA Act and have also proposed technological approaches in our response. This blog post lays out a broad overview of our response.

As our previous blog post articulates the principles underlying our Data Empowerment and Protection Architecture, we have framed our response keeping these core principles in mind. We believe that individuals should have complete control of their data and should be able to use it for their empowerment. This requires laying out clear definitions for use of data, strict laws to ensure accountability and agile regulators; thus, enabling a framework that addresses privacy, security and confidentiality while simultaneously improving transparency and interoperability.

While the proposed DISHA Act aligns broadly with our core principles, we have offered recommendations to expand certain aspects of the proposal. These include a comprehensive definition of consent (open standards, revocable, granular, auditable, notifiable, secure), distinction between different forms of health data (anonymization, deidentification, pseudonymous), commercial use of data (allowed for benefit but restricted for harm) and types and penalties in cases of breach (evaluation based on extent of compliance).

Additionally, we have outlined the technological aspects for implementation of the Act. We have used learnings from the Digital Locker Framework and Electronic Consent Framework (adopted by RBI’s Account Aggregator), previously published by MeitY. This involves the role of Data Fiduciaries – entities that not only manage consent but also ensure that it aligns with the interests of the user (and not with those of the data consumer or data provider). Data Fiduciaries only act as messengers of encrypted data without having access to the data – thus their prime task remains managing the Electronic Data Consent. Furthermore, we have highlighted the need to use open and set standards for accessing and maintaining health records (open APIs), consented sharing (consent framework) and maintaining accountability and traceability through digitally verified documents. We have also underscored the need for standardisation of data through health data dictionaries, which will open up the data for further use cases. Lastly, we have alluded to the need to create aggregated anonymised datasets to enable advanced analytics which would drive data-driven policy making.

We look forward to the announcement and implementation of the DISHA Act. As we move towards a future with an exponential rise in digital health data, it is critical that we build the right set of protections and empowerments for users, thus enabling them to become engaged participants and better managers of their health care.

We have submitted our response. You can find the detailed document of our response to DISHA Act below

Building for Bharat – A Bharat Inclusion Initiative

Bharat Inclusion Initiative seeks to equip entrepreneurs with the right knowledge, skills and tools they need to solve some of the toughest problems of India in a scalable manner using technology. While Bharat Inclusion Research Fellows are working on some of the most interesting studies, another important source of knowledge is thought leaders and domain experts who have been there and done that. In this three-part video series, we have Dr Pramod Varma, the Chief Architect of Aadhaar, providing his perspective on how entrepreneurs can go about building solutions for Bharat.

Part 1: The Key Construct

What are Bharat’s unique attributes? Its needs and aspirations? With data becoming one of Bharat’s key assets, how can entrepreneurs leverage it to provide solutions that matter? Watch the video to know some answers to these questions and much more.

Part 2: The Journey So Far

How to leverage the opportunity made available through Data empowerment? Know how Aadhaar, India’s biometric ID, has fundamentally changed the economics of reaching the poor. Understand how the Aadhaar platform has aided in building further platforms of IndiaStack such as eSign and Digilocker which have further reduced cost and increased trust at scale. The video rounds off with another uniquely Indian platform — Unified Payment Interface (UPI).

Part 3: Exciting Times Ahead

Reimagine solutions. With the newer domain, specific stacks being built, learn how even seemingly unrelated domains can use these platforms to offer innovative solutions. With GST and BBPS already in place, and more being built around transport (ETC), National Health Stack, Diksha and Drone Stack it has been never this good for entrepreneurs crafting solutions for Bharat. Watch the video to understand how.

____________________

What is Bharat Inclusion Initiative?

Bharat Inclusion Initiative (BII) is an incubator platform at CIIE that provides entrepreneurs with the domain knowledge, training, financial support, mentorship, and market access they need to bring inclusive, for-profit-business to life. BII’s core design is to promote technology-driven entrepreneurship towards the delivery of affordable services to the Bharat Segment- the poorest 200 million households in India who survive on less than $5 per person a day through programs, fellowships, and funding where possible.

The program focuses on solutions leveraging technology, especially the India Stack. It integrates financial inclusion research with entrepreneurship and training to transform these solutions into scalable, viable and high impact businesses.  Keen on partnering with entrepreneurs who are driven by building next-generation digital services for India. Reach out to us at bharatin[email protected] or ask your questions in the comments section below.

Please note: The above information was first published by Bharat Inclusion Fellows here: https://medium.com/bharatinclusion/building-for-bharat-df8b12867271

SaaSy bear SaaSy bear what do you see?

Shifts for SaaS - SaaSy Bear

I see 3 shifts critical for me!

Taking a line from the popular Brown Bear children’s book, I believe that our SaaS startups have a real opportunity to leverage some leading shifts in the global SaaS evolution. While there are many areas of change – and none less worthy than the other – I am highlighting 3 shifts for SaaS (tl;dr) which our entrepreneurs can actually work with and help change their orbit:

  • Market shifts with AI/ML for SaaS to build meaningful product & business differentiation,
  • Platform Products shift to transform into a multi-product success strategy,
  • Leveraging Partnerships for strategic growth and value co-creation.

Some background

I joined iSPIRT with a goal to help our community build great global products. I believed (and still do) that many entrepreneurs struggle with the basics of identifying a strong value proposition and build a well thought out product. They need strong support from the community to develop a solid product mindset & culture. My intent was to activate a product thinkers community and program leveraging our lean forward playbooks model.

I had several conversations with community members & mavens on playbooks outcomes and iterating our playbook roundtables for better product thinking. I realized that driving basic product thinking principles required very frequent and deeper engagement with startups. But our playbooks approach model – working in a distributed volunteer/maven driven model – is not set up to activate such an outcome. Through our playbooks model, our mavens had helped startups assimilate best practices on topics like Desk Sales & Marketing, something that was not well understood some years back. This was not a basic topic. The power of our playbook RTs was in bringing the spotlight on gaps & challenges that were underserved but yet highly impactful.

As a product person, I played with how to position our playbooks for our entrepreneur program. I believe our playbooks have always been graduate-level programs and our entrepreneurs are students with an active interest to go deep with these playbooks, build on their basic undergraduate entrepreneurship knowledge, and reach higher levels of growth.

The product thinking and other entrepreneurial skills are still extremely relevant, and I am comforted by the fact that there are many community partners from accelerators like Upekkha to conclaves like NPC and event-workshop formats like ProductGeeks which are investing efforts to build solid product thinking & growth skills.

As the SaaS eco-system evolves, and as previous graduate topics like desk sales & marketing are better understood, we need to build new graduate-level programs which address critical & impactful market gaps but are underserved. We need to help startups with meaningful & rapid orbit shifts over the next 2-3 years.

Discovering 3 Shifts for SaaS

Having come to this understanding I began to explore where our playbooks could continue to be a vibrant graduate-level program and replicate our success from the earlier playbooks. Similar to an entrepreneur’s journey, these three shifts became transparent through the many interactions and explorations of SaaS entrepreneurs.

Market Shift with AI/ML for SaaS

There is no doubt that AI is a tectonic shift. The convergence of big data availability, maturity of algorithms, and affordable cloud AI/ML platforms, has made it easy for SaaS startups to leverage AI/ML. During a chance roundtable learning session on Julia with Dr. Viral Shah & Prof Alan Edelman, it was clear that many entrepreneurs – head down into their growth challenges – were not aware of the realities behind the AI hype. Some thought AI/ML should be explored by their tech team, others felt it required a lot of effort & resources. The real challenge, however, is to discover & develop a significantly higher order AI-enabled value to customers than was feasible 2 years ago. While AI is a technology-driven shift, the implications for finding the right product value and business model are even greater.

As I explored the AI trend I saw a pattern of “gold rush” – build a small feature with rudimentary AI, market your product as an AI product… – making early claims with small changes which do not move the needle. It became clear that a step-by-step pragmatic thinking by our SaaS startups was required to build an AI-based leapfrog value proposition. This could help bring our startups to be at “par” and potentially even leap ahead of our global brethren. Here was an opportunity to create a level playing field, to compete with global players and incumbents alike.

To validate my observations, I did quick small research on SaaS companies outside of India on their approach with AI. I found quite a few startups where AI was already being leveraged intrinsically and others who were still trying to make sense. Investments varied from blogging about the AI trend, branding one as a thought leader, to actually building and delivering a strongly differentiated product proposition. E.g.:

There are no successes, yet! Our startups like Eka, Wingify, FreshWorks, WebEngage… have all been experimenting with AI/ML, stumbling and picking themselves up to build & deliver a higher level of value. Some others are setting up an internal playground to explore & experiment. And many others are waiting on the shore unsure of how to board the AI ship.

How do we enable our companies to create new AI playgrounds to analyze, surface, validate and develop higher order customer values & efficiencies? To chart a fruitful journey with AI/ML there are many challenges that need to be solved. And doing it as a group running together has a better chance of success.

The AI+SaaS game has just begun and it is the right time for our hungry entrepreneurs to Aspire for the Gold on a reasonable level playing field.

Shift to Platform Products

As market needs change, the product needs a transform. As new target segments get added different/new product assumptions come into play. In both these scenarios existing products begin to age rapidly and it becomes important for startups to re-invent their product offerings. To deal with such changes startups must experiment and iterate with agility. They require support from a base “internal” platform to allow them to transform from a single product success strategy to scaling with multiple products strategy.

This “internal” base platform – an infrastructure & layout of technology components to interconnect data & horizontal functional layers – would help to build & support multiple business specific problem-solution products (vertical logics). The products created on such a platform provide both independent as well as a combined value proposition for the customers.

Many startups (Zendesk, Freshdesk, Eka, WebEngage…) have undertaken the painful approach of factoring an internal platform to transform their strategy & opportunity. Zoho has been constantly reinventing itself and launching new products on a common platform, some of which are upending incumbent rivals in a very short period of time. WebEngage transformed itself from a “tool” into an open platform product.

“As the dependency on our software grew, customers needed more flexibility to be able to use their data to solve a wide range of business problems…significant difference in the way we build products now. We have unlocked a lot of value by converting ourselves into an open platform and enabling customer data to flow seamlessly across many products.” – Avlesh Singh, WebEngage

The effort to build an internal platform appropriately architected to support growing business needs (many yet unknown) is non-trivial and requires a platform thinking mindset for increased business development. It must be architected to allow rapid co-creation of new & unique product values in collaboration with external or market platforms. This can help the startup be a formidable player in the growing “platform economy”.

Leveraging Potential Strategic Partnerships

A strategic partner offers 2 benefits for startups. First is the obvious ability to supercharge the startup’s GTM strategy with effective distribution & scale. How does one make a strategic partnership? Pitching to a strategic partner is very different from pitching to a customer or investor. PSPs look for something that is working and where they can insert themselves and make the unit economics even better. 

“I thought I knew my pitch and had the details at my fingertips. But then I started getting really valuable, thought-out feedback…I had to focus on pitching to partners, not customers.” – Pallav Nadhani, FusionCharts

The second leverage with a partner is the ability to innovate in the overlap of the partner’s products & offerings and the startup’s product values. A good partner is always looking for startups which can co-create a unique value proposition and impact an extremely large customer base.

“…we still have only three four percent market share when it comes to customers. So if we have to participate we have to recognize that we are not gonna be able to do it alone we’re going to have to have a strategy to reach out to the entire marketplace and have a proposition for the entire marketplace…you need to (do it) through partnerships.” – Shikha Sharma, MD Axis Bank

Both these partnership intents if nurtured well can bring deep meaningful relationship which can further transcend scale into a more permanent model (investment, M&A…).

Working with the 3 Shifts of SaaS

While each shift is independent in its own importance, they are also inter-related. E.g. an internal platform can allow a startup to co-create with a partner more effectively. Partners are always interested in differentiated leading-edge values such as what is possible with leveraging AI/ML. Magic is created when a startup leverages an internal platform, to co-create a strong AI-enabled value, in the overlap & gap with potential strategic partners.

And that’s what I see

I see a vibrant eco-system of SaaS startups in India working on creating leading global products. Vibrancy built on top of the basic product thinking skills and catapulted into a new orbit by navigating the 3 shifts.

“Reading market shifts isn’t easy. Neither is making mindset shifts. Startups are made or unmade on their bets on market/mindset shifts. Like stock market bubbles, shifts are fully clear only in hindsight. At iSPIRT, we are working to help entrepreneurs navigate the many overlapping yet critical shifts.” – Sharad Sharma, iSPIRT

Through our roundtables, we have selected six startups as the first running group cohort for our AI/ML for SaaS playbooks (Acebot, Artoo, FusionCharts, InstaSafe, LegalDesk & SignEasy).

If you are hungry and ready to explore these uncharted shifts, we are bringing these new playbooks tracks for you.

Please let us know your interest by filling out this form.

Also, if you are interested in volunteering for our playbook tracks, we can really use your support! There is a lot to be done to structure and build the playbook tracks and the upcoming SaaSx5 for these shifts for SaaS. Please use the same form to indicate your support.

Ending this note with a sense of beginning, I believe that our startups have a real opportunity to lead instead of fast-follow, create originals instead of clones. They need help to do this as a running group instead of a solo contestant. It is with this mission – bring our startups at par on the global arena – that I am excited to support the ProductNation.

I would like to acknowledge critical insights from Avlesh Singh (WebEngage), Manav Garg (Eka), Shekhar Kirani (Accel Partners), Sharad Sharma (iSPIRT). Also am thankful for the support from our mavens, volunteers & founders who helped with my research, set up the roundtables, and draft my perspective with active conversations on this topic: Ankit Singh (Wibmo/MyPoolin), Anukriti Chaudhari (iSPIRT), Arvi Krishnaswamy (GetCloudCherry), Ganesh Suryanarayanan (Tata GTIO), Deepa Bachu (Pensaar), Deepak Vincchi (JuliaComputing), Karthik KS (iSPIRT), Manish Singhal (Pi Ventures), Nishith Rastogi (Locus.sh), Pallav Nadhani (FusionCharts), Praveen Hari (iSPIRT), Rakesh Mondal (RakeshMondal.in), Ravindra Krishnappa (Acebot.ai), Sandeep Todi (Remitr), Shrikanth Jangannathan (PipeCandy), Sunil Rao (Lightspeed), Tathagat Varma (ChinaSoft), Titash Neogi (Seivelogic), and many other volunteers & founders.

All images are credited to Rakesh Mondal 

Understanding iSPIRT’s Entrepreneur Connect

There is confusion about how iSPIRT engages with entrepreneurs. This post explains to our engagement model so that the expectations are clear. iSPIRT’s mission is to make India into a Product Nation. iSPIRT believes that startups are a critical catalyst in this mission. In-line with the mission, we help entrepreneurs navigate market and mindset shifts so that some of them can become trailblazers and category leaders.

Market Shifts

Some years back global mid-market business applications, delivered as SaaS, had to deal with the ubiquity of mobile. This shift upended the SaaS industry. Now, another such market shift is underway in global SaaS – with AI/ML being one factor in this evolution.

Similar shifts are happening in the India market too. UPI is shaking up the old payments market. JIO’s cheap bandwidth is shifting the digital entertainment landscape. And, India Stack is opening up Bharat (India-2) to digital financial products.

At iSPIRT, we try to help market players navigate these shifts through Bootcamps, Teardowns, Roundtables, and Cohorts (BTRC).

We know that reading market shifts isn’t easy. Like stock market bubbles, market shifts are fully clear only in hindsight. In the middle, there is an open question whether this is a valid market shift or not (similar to whether the stock market is in a bubble or not). There are strong opinions on both sides till the singularity moment happens. The singularity moment is usually someone going bust by failing to see the shift (e.g. Chillr going bust due to UPI) or becoming a trailblazer by leveraging the shift (e.g. PhonePe’s meteoric rise).

Startups are made or unmade on their bets on market shifts. Bill Gates’ epiphany that browser was a big market shift saved Microsoft. Netflix is what it is today on account of its proactive shift from ground to cloud. Closer home, Zoho has constantly reinvented itself.

Founders have a responsibility to catch the shifts. At iSPIRT, we have a strong opinion on some market shifts and work with the founders who embrace these shifts.

Creating Trailblazers through Winning Implementations

We are now tieing our BTRC work to specific market-shifts and mindset-shifts. We will only work with those startups that have a conviction about these market/mindset-shifts (i.e., they are not on the fence), are hungry (and are willing to exploit the shift to get ahead) and can apply what they have learned from iSPIRT Mavens to make better products.

Another change is that we will work with young or old, big or small startups. In the past, we worked with only startups in the “happy-confused” stage.

We are making these changes to improve outcomes. Over the last four years, our BTRC engagements have generated very high NPS (Net Promoter Scores) but many of our startups continue to struggle with their growth ceilings, be it an ARR threshold of $1M, $5M, $10M… or whether it is a scalable yet repeatable product-market fit.

What hasn’t changed is our bias for working with a few startups instead of many. Right from the beginning, iSPIRT’s Playbooks Pillar has been about making a deep impact on a few startups rather than a shallow impact on many. For instance, our first PNGrowth had 186 startups. They had been selected from 600+ that applied. In the end, we concluded that we needed even better curation. So, our PNGrowth#2 had only 50 startups.

The other thing that hasn’t changed is we remain blind to whether the startup is VC funded or bootstrapped. All we are looking for are startups that have the conviction about the market/mindset-shift, the hunger to make a difference and the inner capacity to apply what you learn. We want them to be trailblazers in the ecosystem.

Supported Market/Mindset Shifts

Presently we support 10 market/mindset-shifts. These are:

  1. AI/ML Shift in SaaS – Adapt AI into your SaaS products and business models to create meaningful differentiation and compete on a global level playing field.

  2. Shift to Platform Products – Develop and leverage internal platforms to power a product bouquet. Building enterprise-grade products on a common base at fractional cost allows for a defensible strategy against market shifts or expanding market segments.

  3. Engaging Potential Strategic Partners (PSP) – PSPs are critical for scale and pitching to them is very different from pitching to customers and investors. Additionally, PSPs also offer an opportunity to co-create a growth path to future products & investments.

  4. Flow-based lending – Going after the untapped “largest lending opportunity in the world”.

  5. Bill payments – What credit and corporate cards were to West, bill payments will be to India due to Bharat Bill Pay System (BBPS).

  6. UPI 2.0 – Mass-market payments and new-age collections.

  7. Mutual Fund democratization – Build products and platforms that bring informal savings into the formal sector.

  8. From License Raj to Permissions Artefact for Drones – Platform approach to provisioning airspace from the government.

  9. Microinsurance for Bharat – Build products and platforms that reimagine Agri insurance on the back of India Stack and upcoming Digital Sky drone policy.

  10. Data Empowerment and Protection Architecture (DEPA) – with usage in financial, healthcare and telecom sectors.

This is a fluid list. There will be additions and deletions over time.

Keep in mind that we are trying to replicate for all these market/mindset-shifts what we managed to do for Desk Marketing and Selling (DMS). We focussed on DMS in early 2014 thanks to Mavens like Suresh Sambandam (KissFlow), Girish Mathrubootham (Freshworks), and Krish Subramaniam (Chargebee). Now DMS has gone mainstream and many sources of help are available to the founders.

Seeking Wave#2 Partners

The DMS success has been important for iSPIRT. It has given us the confidence that our BTRC work can meaningfully help startups navigate the market/mindset-shifts. We have also learned that the market/mindset-shift happens in two waves. Wave#1 touches a few early adopters. If one or more of them create winning implementations to become trailblazers, then the rest of the ecosystem jumps in. This is Wave#2. Majority of our startups embrace the market-shift in Wave#2.

iSPIRT’s model is geared to help only Wave#1 players. We falter when it comes to supporting Wave#2 folks. Our volunteer model works best with cutting-edge stuff and small cohorts.

Accelerators and commercial players are better positioned to serve the hundreds of startups embracing the market/mindset-shift in Wave#2. Together, Wave#1 and Wave#2, can produce great outcomes like the thriving AI ecosystem in Toronto.

To ensure that Wave#2 goes well, we have decided to include potential Wave#2 helpers (e.g., Accelerators, VCs, boutique advisory firms and other ecosystem builders) in our Wave#1 work (on a, needless to say, free basis). Some of these BTRC Scale Partners have been identified. If you see yourself as a Wave#2 helper who would like to get involved in our Wave#1 work, please reach out to us.

Best Adopters

As many of you know, iSPIRT isn’t an accelerator (like TLabs), a community (like Headstart), a coworking space (like THub) or a trade body. We are a think-and-do-tank that builds playbooks, societal platforms, policies, and markets. Market players like startups use these public goods to offer best solutions to the market.

If we are missing out on helping you, please let us know by filling out this form. You can also reach out to one of our volunteers here:

Chintan Mehta: AI shift in SaaS, Shift to Platform Products, Engaging PSPs

Praveen Hari: Flow-based lending

Jaishankar AL: Bill payments

Tanuj Bhojwani: Permissions Artefact for Drones

Nikhil Kumar: UPI2.0, MF democratization, Microinsurance for Bharat

Siddharth Shetty: Data Empowerment and Protection Architecture (DEPA)

Meghana Reddyreddy: Wave#2 Partners

We are always looking for high-quality volunteers. In case you’re interested in volunteering, please reach out to one of the existing volunteers or write to us at [email protected]

First AI/ML Playbook Roundtable – Playing With the New Electricity

This is a Guest post by Krupesh Bhat (LegalDesk) and Ujjwal Trivedi (Artoo).

AI is seen as the new electricity that will power the future. How do we make the best of the opportunity that advancements in AI technology brings about? With this thought in mind iSPIRT conducted a symposium roundtable at the Accel Partners premises in Bengaluru on March 10th. Accel’s Sattva room was a comfortable space for 20+ participants from 11 startups. There were deep discussions and a lot of learning happened through subject matter experts as well as peers discussion. Here’s a quick collection of some pearls, that some of us could pick, from the ocean of the deep discussions that happened there.

Products that do not use AI will die soon. Products that use AI without natural intelligence (read common sense) will die sooner.

– Manish Singhal, Pi Ventures

Starting with that pretext, it isn’t hard to gather that AI is not just a promising technology, it is going to be an integral part of our lives in near future. So, what does it mean for existing products? Should everyone start focusing on how they can use AI? Are you an AI-first company? If not, do you need to be one? After all, it does not make sense to build the tech just because it appears to be the next cool thing to do. If you are building AI, can you tell your value proposition without mentioning the word AI or ML? have you figured out your data strategy? Is the need driven by the market or the product?

Before we seek answers we must clarify that there are two types of products/startups in the AI world:

First, an AI-first startup – a startup which cannot exist without AI. Their solution and business model is completely dependent on use of Artificial intelligence (or Machine Learning at least). Some examples of such startups in local ecosystem are Artifacia and Locus.sh.

Second, AI-enabled startup – startups with existing products or new products which can leverage AI to enhance their offering by a significant amount (5x/10x anyone?). Manish has a very nifty way of showing the AI maturity of such companies.

The session was facilitated by several AI experts including Manish Singhal of pi Ventures, Nishith Rastogi of Locus.sh, Shrikanth Jagannathan of PipeCandy, Deepak Vincchi of Julia Computing.

Maturity Levels of AI Startups

After a brief introduction by Chintan to set the direction and general agenda for the afternoon, Manish took over and talked about the various stages of AI based companies. Based on his interactions with many startups in the space, he said there are roughly four growth stages where different companies fall into:

Level 1No Data, No AI: An entity that solves a business problem and is yet to collect sufficient data to build a sustainable AI business. The AI idea will die down if the company fails to move to state 2 quickly. Business may be capturing data but not storing it.
Level 2Dark data, No AI: The company holds data but is yet to build solid AI/ML capabilities to become an AI company. There is a huge upside for such companies but the data strategy needs to be developed and AI capabilities are not mature enough to be considered as an AI/ML company.
Level 3Higher automation driven by data and AI: These are the companies that have built AI to make sense out of data and provide valuable insights into the data using AI/ML, possibly with some kind of human assistance.
Level 4Fully autonomous AI companies: These are the companies at the matured stage where they possess AI products that can run autonomously with no human intervention.

Manish also noted that most companies they meet as a VC are in level 1 and 2, while the ideal level would be 3 and 4. He noted that AI comprises of three important components: Data, Algorithm & the Rest of the System that includes UI, API & other software to support the entire system. While it is important to work on all three components, oftentimes, the data part doesn’t get enough importance.

Do You Really Need Artificial Intelligence?

A whole bunch of solutions are smart because they are able to provide additional value based on past data. These are not AI solutions. They are merely rule based insights. Nishith from Locus added that there is nothing really wrong with rule based systems and in a lot of cases AI is actually an overkill. However, there are two cases where it seems apt for startups to look at AI for their predicament:

  1. Data is incomplete: An example of this is Locus who gets limited mapping for gps coordinates and addresses.
  2. Data is changing constantly: A typical case was of ShieldSquare where bots are continuously evolving and improving and the system deployed to identify them also needs to learn new patterns and evolve with them.

It is important to have clarity on your AI model especially when you communicate with your internal teams. Figure out what is the core component of your product – AI, ML, Deep Learning or Computer Vision.

What’s Driving Your AI Approach?

There are two major driving forces that can help one in deciding whether to AI or not to AI.

  1. PUSH: The internal force when decision can largely be taken if your business is sitting on a lot of useful data, may be as a side effect of your key proposition.
  2. PULL: The external market driven force where clients expect or ask for it e.g chatbots. We are already observing that AI can be a great pricing mechanism.

However, take great caution when using Customer data or Derived data, it depends on legal agreement with clients and can get you into legal troubles if it violates any terms.

Is Your Data Acquisition Strategy in Place?

Anyone interested in AI should have a data acquisition strategy in place. Here are a few points that can help you get one in place:

    • What data do you collect, How do you validate it, Clean it and store it for further analysis?
    • Surveys and chatbots can provide a steady stream of data if built correctly
    • Think of data as a separate entity (has its own lifecycle), it may help to think of it as a currency and plan how you would earn, store and utilise it
    • Capturing location, user interaction data can be insightful. This may include the interactions user has committed and the ones they have not committed (deleted/skipped/hidden)
    • It makes sense to invest time, resources and people to gather data properly
    • Have a unified warehouse (can start with economical options like Google Analytics and AWS)

It is also important to give some thoughts on how you are using aggregate data across the platform. In case, if your AI model uses a combination of customer specific data and the sanitised aggregate data available in the platform (“Derived Work”), then you should make sure that you have the permission to use such data. Without such clarity, you may run into legal issues.

Deepak Vincchi explained how Julia Computing is emerging as the programming language of choice for data scientists. The platform can process 1.3 million threads in parallel and is used by large organizations to crunch data problems.

In all this was an extremely engaging 3 hours without break. Guiding the session with real examples by Nishith, Shrikanth and also shared learnings from Navneet and others really helped bring to life Why AI and How AI. This symposium is part of an AI playbooks track was aimed at kickstarting cohorts of startups ready to jump with AI and help them get traction with AI, more will emerge on this shortly.

10 startups attended this mini-roundtable session – Acebot, Artifacia, Artoo, FusionCharts, InstaSafe, Klove, LegalDesk, Rocketium, Rubique, ShieldSquare.

Thanks to volunteers Rinka Singh and Adam Walker for their notes from the session and Ankit Singh (Mypoolin/Wibmo) for helping coordinate the blog post & note

* All iSPIRT playbooks are pro-bono, closed room, founder-level, invite-only sessions. The only thing we require is a strong commitment to attend all sessions completely, to come prepared, to be open to learning & unlearning, and to share your context within a trusted environment. All key learnings are public goods & the sessions are governed by the Chatham House Rule.

Featured photo by Matan Segev from Pexels https://www.pexels.com/photo/action-android-device-electronics-595804/