The challenging economic environment, intense regulatory pressure and ever-present threat of fraud are creating a perfect storm that’s sweeping across the global payments landscape. For many banks, neobanks and non-financial businesses coming up against new risks and obstacles to growth, there is a golden opportunity right in front of them. Instead of seeing compliance as a painful obligation, it’s time to see it as a springboard for innovation, expansion and collaboration.
Compliance has an image problem — it’s seen as boring, complicated and only relevant to legal experts steeped in industry jargon like KYC, AML and PCI DSS. But compliance is the building block for future-proof growth. Compliance is how companies can easily onboard new customers and grow faster, as well as navigate through red tape to get into new markets with ready-to-go products and services.
Today’s world has shown us how geopolitical issues, outbreaks of conflict, terrorism and large-scale organized crime (including cybercrime) are becoming increasingly entwined with fraud, compliance and risk management. It’s no longer large traditional financial institutions that need to tackle money laundering and have the ability to identify and block sanctioned individuals or entities from deploying ill-gotten gains into the global financial system. Any business that handles customer funds, including fintechs and non-financial companies, is now required to play its part and make compliance a core driver of operational fitness.
The Ever-Present Challenges of Compliance
We’re all living in a very different world from the days when financial services were only offered by large banks. Rapid consumer adoption of new payment technologies and ecommerce, accelerated by the pandemic, led to demand for seamless and secure payment flows through every channel. At the same time, businesses across many sectors pivoted toward offering their own payment solutions for employees and customers alike.
Advertisement
Today, established banks, neobanks and non-financial businesses are increasingly integrating an array of embedded payment services, banking-as-a-service and cards-as-a-service into their offerings to improve customer acquisition, retention and monetization to bolster revenue streams. But when every company can potentially become a fintech company, that requires us to reimagine the way we view compliance.
Right now, regulators in many countries are updating existing legislation to incorporate the massive changes that have happened in payments over the last few years. The European Commission is reportedly planning to release proposed revisions to a raft of payment-related regulation in mid-2023, including the Payment Services Directive and Open Finance framework, among others. It’s likely that new compliance obligations will be unveiled that fintechs and non-financial businesses will need to prioritize.
When it comes to sharing customer data, for example, banks are heavily regulated whereas non-bank digital wallet providers like Apple Pay are not. Traditional financial institutions are well-versed in what they need to do to stay compliant, whereas non-finance businesses may not have the in-house expertise to guide them through what they need to do in a timely manner.
An example of how falling foul of compliance can incur painful costs for non-financial businesses came in May 2023, when Irish data regulators slapped Meta with a record €1.2 billion fine for breaching GDPR by illegally transferring data on its European users to the U.S., while also banning it from making similar transfers in future. And that may impede Meta’s long-held ambitions to move into payments.
While businesses with big pockets can afford to pay financial penalties, smaller businesses have fewer financial resources to buffer them from regulatory penalties, and reputational damage can be much harder to rectify. It’s likely that the ban on transfers in particular will have wider implications for the payments industry, especially entities involved in open banking, which after all depends on the availability and sharing of customer data. Obtaining customer consent will become even more critical, especially for multinational payments businesses operating in different jurisdictions.
Compliance is Multi-Faceted and Takes Many Forms
For businesses that interact with all of these different ecosystem players, knowing who is compliant and when they themselves need to be compliant can be a minefield to navigate. Startups and non-financial entities navigating these issues for the first time as they look to offer payment services may not be equipped to answer them or may lack the internal resources needed to ensure correct and timely implementation.
Compliance is much more multi-faceted than being up to date on which regulations are in effect in different markets. It involves writing lines of code and integrating APIs, knowing how regulations and industry mandates intersect across services and countries, how to craft great CX, how to distribute solutions and customer service to end users and how to handle fraud management.
For most financial businesses — and non-finance firms looking to launch embedded payments — fraud prevention remains their top-of-mind priority. The news that card ID theft rose by a staggering 97% in the UK last year shows how the familiar foes — card skimming, card theft and data breaches — are now being joined by a frightening range of new scams that many businesses are unprepared for. Whether it’s customers unwittingly sharing card data with fraudsters, fake merchants and subscription traps, or being hoodwinked by romance or investment scams, there are no depths fraudsters won’t sink to in order to steal money.
But the need for security means that cardholders still have to contend with some level of friction in their payment journeys. While advances in AI are driving next-level fraud detection, machines can’t do it all, and they can’t identify the nuances that leave cardholders vulnerable to scams. Although modern card fraud is mostly performed using advanced technology, behind every fraud and scam there are real people with complex thinking and motives. It’s becoming clear that the most successful fraud detection approach needs to combine next-generation technology with human nuance and insight. Only then can compliance shake hands with a smooth payment experience.
Compliance Needn’t Cost the Earth – and it Can be Every Company’s USP
Instead of seeing compliance as a painful obligation or as a check-box exercise, there is a huge opportunity here to reposition compliance as a way to gain dynamic competitive advantages. The fact is that many fintechs and non-finance businesses simply don’t want the hassle of doing compliance by themselves. While they understand the importance of compliance, they also understandably want to focus on building exceptional products and services for their customers and will be grateful to offload compliance processes to trusted partners.
When using modular platforms, these processes become even easier to manage and can enable core operations to continue running unimpeded while enhanced compliance processes are woven into the back end. That contributes to creating great customer experiences at the front end, leading to more customer stickiness and stronger revenues. When companies get compliance correct as soon as possible, adding in new payment services like cards or digital wallets becomes so much quicker and easier.
We know from experience that when companies get compliance right at the very start, they’ll find their growth journeys so much smoother, quicker and cost-effective. By investing in compliance now, businesses everywhere will be assured of sustainable success in the future.
Monika Liikamaa and Denise Johansson are the Co-founders and Co-CEOs of cloud-based payment processing solution Enfuce. From the company’s inception in 2016, Enfuce has ensured the ability to provide 360-degree compliance and acted as a trusted partner for governments, major banks, neobanks and non-financial businesses. Johansson has almost 20 years of experience in the payment industry and is widely respected for her strategic commercial acumen. She has established a reputation for delivering incisive and illuminating insights that benefit everyone in the fintech ecosystem, and is also committed to encouraging more women into fintech. With close to 25 years of experience in banking and payments, Liikamaa’s compelling strategic foresight has taken Enfuce through successful funding raises and service expansion to become one of Europe’s leading cloud-powered fintechs, securing key cross-vertical partnerships to expand the opportunities for embedded payments, digital finance and scalable SaaS solutions.