Airlines – Which One Will Fail This Autumn?

How and when do Airlines fail?

Airlines fail each year. Fact. Many more are likely to fail in these troublesome times too. Most airlines fail in the autumn, so it is worth trying to understand why this is the case. We all know that airlines tend to be seasonal because most of us want to use airlines during the summer; so unless the airline is for business travel only; they will:

a) Take payments throughout the year,
b) Take more payments from February to June,
c) ‘Deliver’ the flights in the summer months,

This makes airlines awash with cash in the period up-to the summer, after which they lose the cashflow as the bills start to come in; and when they have to continue to pay staff costs, for airport slots, fuel, and (the big one) their quarterly airline leasing payments.

Airline creditors then need to enforce any defaulting debt, which is generally after the end of September ‘quarter date’; after which the failing airlines file for bankruptcy, liquidation or receivership.

So, we can expect to see the weakest airlines fail from this month and next. Covid-19 further exasperates these issues and impacts those operators that are less robust. Cashflow difficulties in ‘normal years’ can often be ‘limped-through’ at this time by such airlines as they start to take winter booking and bookings ‘for next summer’; but will this be so clear-cut this year?

The pandemic has highlighted airline industry challenges in protecting customer money, along with cashflow within the airlines and wider payments stakeholders, e.g. acquirers and card schemes, which work to safeguard customer funds.

Good news though for airlines (maybe), is that this may have come at the right time of year:

  • Some of the cashflow ‘came-in’ during February and March; at the same time as Covid
  • This gave airlines time to ground planes, cut costs and renegotiate with airports, staff (furlough schemes), and leasing renegotiation / delayed payments;
  • With the public accepting ‘vouchers’ from the airlines for the cancelled flights, this also equated to a new funding method for the airlines through this difficult time.

Who normally loses, and who will lose this time?

When any business fails, it is the creditors that lose. For airlines, the biggest ‘creditor’ is the large numbers of customers who have paid for, but not yet taken their flights; they in the main, then recover the money from insurance policies or from their card company, who in turn recover the money from the card acquirer that processed the transactions for the airline.

The leasing companies recover their planes, whilst unpaid fuel suppliers and airports and staff lose out too. But let’s focus on the card payments part……

Each customer that recovers their card payments does so at the expense of the merchant acquirer; i.e. the bank (typically a bank but increasingly other types of licensed payment institutions) that has been contracted to provide the card processing for the airlines. In the last few years such acquirers have taken more of the risks and shared more of the risks across multiple acquirers.

This means that the airlines have leveraged multiple card processors, that have effectively advanced funds to an airline where the airline CFO negotiations have taken advantage of naïve acquirers. These acquirers have participated in such transactions to greedily seek the processing volumes and revenues with little to no understanding of the potential liabilities that they are covering: i.e. they are then funding the airline cashflow, for their fee, but also accepting that if the airline fails: the loss will be theirs!

So again, some of these less-aware ‘banks’ and newer acquirers that decided to blindly fund these airlines will also lose out. With each airline that fails, we may well see the collapse of some of the acquirers that effectively funded and guaranteed the payments to the airline. If the acquirers do not then fail, they may otherwise suffer significant financial and operational strain. Where the acquirers do not have the capital to survive (or if they have not stored the pre-payments as reserves) then Visa, Mastercard and other card companies will need to step-in to cover the losses. And as we can see from airline annual accounts these customer pre-payments can be tens of millions for very small airlines and £billions for the larger ones.

How will this change in the future – protecting customer money?

Sadly, this infrastructure will no longer function once the ‘music stops’ and we see the next tranche of airline and acquirer failures. Visa, Mastercard, and acquirers will rightly no longer have an appetite for funding airline cashflow and look for alternative ways to funds these arrangements. They should have lost this appetite years ago, but had not really in most cases understood the real extent of the problem!

When you and I pay money into a bank, into a financial instrument of any sort, financial regulators across the EU and around the globe ‘guarantee’ such payments and require financial institutions to have very specific and comprehensive ‘safeguarding’ of customer funds. i.e. our cash is not available to the financial institutions (in the main) for funding the financial institutions’ own cashflow, its losses and/or mis-management. If they fail, in general, your money is safe, or at least up to specific limits.

With AIRLINES this is different. We pay them €£$ billions each year through our cards, and the card companies pay this money almost immediately to the airlines to fund their operations with no regulatory oversight or protections whatsoever. The card companies ‘once upon a time’ had rules that required only the biggest and most capitalised card processing companies (USD100,000,000 balance sheet capital) to support the airlines in this way: but now many others have entered this trading:

• without understanding the potential losses
• not put in place systems to protect, hold or look after the customer money

• agreed to pay the money to the airlines with the airlines having no segregation of customer funds from their own finds in the way that any other business holding customer funds MUST do.

Reading the accounts of some of the biggest airlines in Europe, we have seen that they use these funds (openly) in lieu of corporate-banking finance, or debenture funding. Such funding might not even be available, as the funders of such airlines will be afeared to provide such facilities to such poor credit risks. This means that as customers, we always fund airlines that professional lenders would often not help fund.

Travel bodies that usually ‘step-in’ such as ATOL/ABTA/CAA, or national equivalents, have realised that this is not a very positive position and have started to re-position themselves as uninvolved in the ‘financial guarantee’ part of the transactions.

What should be done and how will or should the industry change?

By default, the card schemes are very aware, as are the acquirers and airlines that this issue exists; so will need to work together to ensure that the customer money is at all times protected and effectively ‘held in escrow’ by trusted and independent parties until they have taken their flights. They will make sure that airlines, should they fail, have the money, and that this money is ‘immediately’ available to be refunded to the customers; and never, never accessible to the liquidators, administrators, or bankruptcy officials to use to favour other creditors.

In the EU and in the UK (not sure whether the UK is part of the EU anymore), we have a regulatory system to protect customer funds in most financial institutions: but we have no strong travel industry regulator that has insisted, or is insisting that customer funds ‘in the travel pre-payments world’ are protected. Nothing in law requires the airline CFO to protect customer funds either.

We have as a payments industry, that readily allows the airline liabilities to be passed to the card payment sector, which then plays ‘Russian roulette’ with our holiday funds without understanding the risks, the liabilities and greedily fighting over the transaction processing revenues and at the same time passively funding the airlines. We now urgently need:

• A strong government (EU/UK) to step-in and insist upon regulation that safeguards our money when we buy flights and holidays;

• Airlines that think about customer funds ahead of trading cashflow to make sure that they separate out these funds from their trading; and when they do not do so, have consequences. Personal consequences;

• An accounting industry / sector that properly reports if an airline accounts the customer funds that are held as liabilities (prepayments) rather than as a working capital item in the airline accounts, and which realises the income only at the time that the product has been delivered (akin to the way that insurance companies only realises its income at the time of exhausting the insurable risks liability).

And to do this our governments need to recognise this problem. Sadly, they may not recognise this challenge until later this year (or next) when we have lost a few more major EU airlines, have created financial hardship for many consumers and adversely impacted the reputation and operations of a chunk of the card payments industry and its participants.
“There is turbulence ahead”. But not the normal kind.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at http://www.riskskill.com/

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

Riskskill Has Partnered with Primed for a Joint Venture!

We are delighted to announce that Riskskill and Primed have partnered for joint venture for bringing together decades of card payment risk and compliance best practice. With Primed’s ability to extend the reach of good governance in fluid times for payment companies with real time penalties ever evolving rules to understand and apply good governance which is hard to find and an ever increasing administrative burden to manage.

Primed and Riskskill have combined their expertise and are digitising good practice providing rules mapping, policy and compliance oversight, horizon scanning and remediation tracking.

The first of five brand new propositons, the first arriving in December 2020, reducing business risk, removing administrative cost, improving insight and oversight.

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at http://www.riskskill.com/

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

PRIMED is a software service provider which help reduces the administrative burden of information gathering and gap analysis.. For more information about Primed visit https://www.primedfor.com/

AML: Have We Forgotten What We’re Trying To Achieve?

Around $2 trillion or 2-5% of global GDP is laundered annually, according to UNODC estimates in a 2017 study. At the same time, only around 1% of criminal proceeds are confiscated in Europe each year.

Financial institutions are in the line of sight for both money launderers and regulators. But are their AML efforts too literal, too narrow and too patchy? Or are firms just overwhelmed by the amount of regulation and competing demands on their time to be truly AML-effective? The panel moderators of RiskConnect Virtual 2020 – Kevin Smith and Bill Trueman from Riskskill take a back-to-basics look at fighting financial crime and remind us what we are trying to achieve with AML.

This article is part of the RiskConnect 2020 Magazine.

Implementing AML controls frequently comes up against the Goldilocks problem. What is not too much or too little, but just the right amount?

To some extent, the financial services industry has gone too far in implementing AML controls. It places huge onus on repeating on-boarding checks, particularly around re-identifying customers, for example. But at the same time, it does not go far enough with ongoing monitoring and management of existing customer relationships.‍

“People understand that you need to do customer due diligence on new customers. But as the relationship develops, you should always be monitoring, looking for fraud and suspicious activity. It’s part of a broader understanding of the business and people, not just a one-off activity,” says Kevin Smith.

Conducting know-your-customer and know-your-business (KYC/KYB) checks and verifying data on potential customers is critical — as well as being a legal requirement. But if an organisation does not really understand the purpose and intended nature of a customer relationship, they may not have a full picture of the risk associated with that customer. Or have a meaningful basis for deciding what is normal in the context of their business, so unusual or out-of-pattern behaviour stands out more clearly.‍

This is all part of a risk-based approach. Instead of taking a blunt-instrument or one-size-fits-all approach to identifying suspicious transactions or behaviour, if you know what genuine customer behaviour looks like, anomalous behaviour will stand out more clearly. There is little to be gained, and much to be lost, by inconveniencing genuine customers, blocking or declining particular transactions and creating more false positives. With a risk-based approach, only higher-risk transactions are pulled out for extra scrutiny. The overwhelming majority of business can proceed without this as it is not high risk.‍

Building Capacity

We must focus on not just doing AML for AML’s sake, says Kevin. Part of this is a capacity issue. Risk management and compliance staff, but also their colleagues in business development and account management roles, need to be sufficiently empowered to ask difficult questions. They need to look in detail at customer relationships and, of course, know what they are looking for.‍

“During client engagements, it often becomes quite apparent that underwriting and compliance teams don’t know the questions they should be asking potential and existing customers. There is always a drive to get clients on-boarded, and people can often forget the mechanics of why it was important to understand the true merchant business and to be cognizant of a concerns in the data presented and noteworthy changes,” says Smith.

Continue reading at original source https://www.webshield.com/post/anti-money-laundering-have-we-forgotten-what-we-are-trying-to-achieve?

Wirecard Acquiring is ‘Dead’: Who Will be Next?

Image Credit: CNBC

Wirecard has gone: one of the biggest card acquirers in Europe and elsewhere too. It was a major ‘new tech’ company in Germany, and only last year planned its bid to buy the 150 year old Deutsche Bank. We now know this was part of the deliberate ruse.

In 2019, the UK Financial Times reported the Wirecard fraud and how it had taken several years for its auditors to expose what had been detailed as a ‘financial reporting’ fraud – i.e. a company that said it had €1.9 billion more in cash than the auditors could find!

But why did it fail? Why do other acquirers fail? Why did this one struggle? And what makes acquirers succeed?

But more importantly, who will be next?

Card acquirers fail each year, typically doing so quietly, and as a result of national regulator actions, card scheme sanctions or pressure. Once a regulator or the card schemes ‘get their teeth into’ these companies: it most certainly signals ‘the start of the end’.

Many acquirers struggle to make profits, because of a combination of:

  • High processing costs and thereupon small margins,
  • The need to employ sales agents that take large cuts from the margins,
  • The need to spread fixed costs across a broad/ wide number of merchant businesses,
  • A hard and very competitive market, where acquirers undercut one another and seek to acquire volumes at the expense of profits,
  • Increasing card scheme fees, that cannot always be quickly passed on to merchants.

Card acquirers must then:

  1. a) have a ‘volume business acquisition’ strategy to distribute the ‘costs of being an acquirer’ over large numbers of customers and/or
  2. b) Identify and choose a higher-margin, higher-risk business that they are likely to be able to service well, manage well, and where they control and understand the risks.

This brings serious challenges. In the case of Wirecard, we know from the reporting that:

  1. a) Control mechanisms and governance controls were not strong. The incoming chairman in 2020 was appalled at what he found. The key executives were able to hide this: which demonstrates the significant failings of the independent board members along with second/third lines of defense in corporate governance. The fact that the CEO and COO (and others?) were able to hide a €1.9 Billion ‘hole’, to control their independent board members and to control the ‘message and direction’ should never, ever happen. Equally and potentially, Wirecard were able to ‘bully’ and/or deceive the national regulators (BaFin especially), auditors and card schemes. So even though these people did not have their ‘fingerprints on the daggers’ they were all clearly also culpable.
  2. b) Safeguarding: It is clear that customer funds were NOT safeguarded: up to a staggering €1.9 billion. Does the ‘buck stop’ with the CEO. Of course, but the auditors again failed to ‘get to the bottom of this’ for several years. So did the rest of the Wirecard board and certainly the independent directors. There are a lot more people that are culpable here and more than just the CEO: some of whom should also go to jail. It seems that everyone else that might also be culpable: will surely now make sure that it is the CEO that is blamed and will be the only one that will be ‘left swinging’.
  3. c) National Competent Authorities, i.e. the regulators, along with the card schemes should also not be too easily exonerated. It is clear that whatever they did know or should have known: the size of the Wirecard business, and the sheer gall of the executives (older and newer alike) allowed Wirecard ‘certain privileges’ that permitted it to continue trading where and when others would have failed. It seems that Wirecard was probably deemed ‘too big to fail’ for too long.

Image Credit: Reuters

Wirecard had such a sizable portfolio, and such a significant gap in its financials: that we can only start to speculate the full extent of the dishonesty, deception and incompetence. We now know from the Wirecard auditors that the EU business was loss-making and that the Asia/Pacific business was ‘seemingly’ profitable (but also where the alleged ‘missing funds’ were supposedly located). So we must look for signs: which we need to remember were always present; even if it is to review the ‘Zatarra papers’ that are increasingly proving to have been correct in more and more places.

These documents named and detailed culprits several years ago, and were consistently attacked by Wirecard when various allegations therefrom were picked up in the media. We should hope that these are now being looked at by the ‘prosecutors’, and consider whether even those who were behind the publication of these papers were they implicated too. Maybe they were not just stock-shorters as alleged by Wirecard: but insiders that did not ‘do their duty’ to formally raise and report concerns. Or where they people who were uncomfortable put under pressure not to act, so they took an anonymous stance?

Our speculation must therefore lead us to:

  1. a) The board and the CEO/ COO that must have amongst them known exactly where and what the losses were; and conspired to conceal the losses. In theory, they could have been utterly stupid, which we should clearly dismiss: given their repeated investigations and dismissal of them, and ultimate findings that the money clearly did not exist.
  2. b) Conclude that the Wirecard business in Europe was either:
  3. Priced to undercut the competitors in search of volume business.
  4. Priced poorly, OR, much more likely and possible to evidence:
  • Inaccessible to other acquirers in the market because of the dubious nature of this business – i.e. not fully scheme compliant, potentially illegal, breaching AML law through significant cross-regional transactional laundering.

And the profitability of the business is Asia? Was this business really profitable?

There are far too many unknowns and also too much that will yet be revealed (or ultimately veiled to protect the financial systems and reputation of regulators and card payment schemes) in relation to this case. But we know that there is so much and so many aspects of this case that simply ‘do not add-up’.

Industry mutterings and speculations indicate that the key people at Wirecard (again the CEO and COO but others too?):

  1. Allowed or conspired to aid and abet, cross-continental transaction laundering. This has been the inference in the reporting that has appeared either the official ‘reporting’ or the often under-recognised Zatarra documents: all of which has kept surfacing over the last five years.
  2. Somehow elicitly involved executives and/or counterparty claw-offs (knowingly or passively?) for acquiring loss-making merchants, illegal transactions and money laundering processing where others could not do so. This is a problem that will now challenge us as a heavily regulated industry and will quickly be transferred to other acquirers and continue to haunt our industry into the future. Every regulator and card scheme should now be worried about:
    1. Where the more questionable Wirecard customers will have moved to next. Industry insiders will have witnessed a ‘feeding frenzy’ from the Wirecard portfolio,
    2. Which acquirers will require additional supervision. This is very concerning.

Image Credit: Bloomberg

Every acquirer across Europe should be aware, but who will have no chair ‘when the music next stops’?

The writers have a high level of confidence in the regulators – BaFin and also in the card schemes. They will now ‘follow the money’ and establish who the next acquirers are that start to process, to find and track the illegal money laundering now that Wirecard is no longer a vehicle. But will the card schemes and regulators move more assertively now, or allow ‘another Wirecard’. “Wirecard, jailed executives, fail to learn, then repeat” perhaps?

Who will take-over now that Wirecard ‘has left the party’?

We are aware that there are key individuals who know where this business is going. There are agents that are busily and knowingly ‘placing this business’ with the next, and the not so diligent acquirers around the globe. It is really a matter of how long it will take the card schemes, the regulators and then for law enforcement to act. They have the tools now and do know where and how the traffic is travelling. They just need to now act assertively and not be frightened-off by the ‘next bully’ who processes this business.

Hopefully, the Wirecard events will educate us all, deter some, frighten others and drive a few more people towards reporting these matters appropriately to the right authorities, and hopefully in a more public way than we saw in the ‘Zatarra papers’.

We will continue to monitor regulatory and payment network progress as we learn more about this case and hopefully everyone will be more observant and challenging going forward. Failure to do so will lead to serious and more fundamental questions on the effectiveness of those who should ensure that as an industry, that we have a legal, compliant, competitive and transparent payment system.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at www.riskskill.com

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

Cash and Sex! But What Will Covid-19 Do For Payments After 2020?

 

The Covid-19 lockdown has already ‘hit’ many aspects of our lives: so let’s predict some of the potential impacts upon payments. Predictions will always be contentious, but we can guarantee more accuracy than almost any forecast from January 2020.

Job security, the health service, travel, holidays, fuel, office space, public events and retail shopping have been dramatically impacted, in some cases decimated; but on a positive note, the New Scientist reported the pandemic-caused fall in carbon-emissions in 2020 of between 4.2% and 7.5% on 2019; and by only April 2020, had led to a 17% drop in global CO2 emissions.

Whilst family life has been enhanced, children have bonded more with their parents (usually a good thing!), school education has been impacted (probably a bad thing!) as has the loss of extended family contact. However, home DIY projects have risen dramatically too (not sure if this is good or bad!).

There has been less litigation, less reported violence, less prostitution, less casual sex, crime, and illness. We have all become cleaner and more hygienic (at least when we do go out). Hand gel, wipes and toilet paper sales have out-stripped razors, condoms and shampoo sales.

But what about payments?

More obviously in payments, we know that:

  • Contactless payments have dramatically increased (to 78% of over the counter (OTC) sales) and rising,
  • Cash use has ‘fallen off a cliff’ (60% fall) – if ‘Cash is king’ then ‘the king is dead’ or at least: ‘on his last legs!’,
  • E-commerce payments have displaced face-to-face payments – driven online shopping, home delivery, ‘click ‘n’ collect’ and other models,
  • Food consumption has moved from restaurants to home cooking and take-aways,
  • Amazon, ASOS, Boden etc. have flourished and struggle to recruit staff to cope with sales growth; and home entertainment products sales have rocketed.

Financial crime has grown exponentially too, especially push payment scams and remote payments fraud, and driven a need for multi-factor authentication in e-commerce payments (the timing being good, but not perfect!). OTC fraud has been under control, but with less travel: cross-border transactions and forex revenues have been largely killed as well.

So prediction time…….

  1. Strong Customer Authentication / EMV3DS2.x

With Covid-19 and more e-commerce the UK needed to expedite complex SCA systems changes, certification and communication. But the FCA deferred enforcement from March 2021 to September 2021, which is now two years behind the original ‘EBA date’.

SCA delays will lead to more fraud in the short term; but the confusion will aggravate regulators across the EU and drive them to push harder for push-payment solutions, further revolt against the card scheme duopoly. Globally, we should then see new rush towards SCA to copy the EU solution and address a new global (but non-EU) e-commerce fraud pandemic.

  1. Payment Processing Costs

With higher relative card processing costs, including new EMV3DS2.x support fees, lost foreign currency and other cross-border revenues, we will see the card schemes try to reduce costs, but again increase processing fees. Again, this will fuel the ire of Europe’s regulators and accelerate the rollout and adoption of Open Banking, and much more innovation including more AISP and PISP participants.

  1. Central Bank Digital Currencies

With more contactless (78% OTC payments now) and more remote payments, often for smaller amounts card processing costs are increasingly disproportionate. With a 60% fall in cash use, maintaining a cash economy also gets increasingly expensive.  The Bank of England sponsored a review of the Future of Finance in June 2019: and these significant changes will fuel desire and speed of changes proposed within the report to the Bank’s Governor.

Central banks have been ‘playing’ with the need for their own CBDC, and our Covid ‘attack’ will cause banks across the EU and globally to move faster and more assertively towards national and global digital currencies, to more effectively compete with the international payment brands.

In turn these will either adopt some of the current digital currencies, or more likely make them redundant and kill off their values especially and including many of the blockchain currencies such as Bitcoin.

Local competent authorities and central banks will licence and encourage companies that can help them towards this goal, but they will inevitably need to legislate further to steer the direction.

  1. New Commercial Solutions

With good, innovative and intuitive people being mad unemployed, they will drive new payments solutions in the market with business cases made anew from the massive impact of the pandemic; which may well be accelerated because of the pandemic or the new dynamics. People will want a myriad of new solutions that we can’t conceive of yet: but we know that our sports clubs, taxis, coffee shops, newsagents and other low-cost purchases too will seek non-cash solutions e.g. for ‘pitch/court lighting’ and booking to pay for bar bills and food, through to loyalty card scheme designs linked to bank-based push payments; and all the way up the value chain to relaunches of commercial (closed loop) digital currencies. We are likely to see a ‘second-generation’ to the disappointment that Libra-1.0 was: but this time central banks and regulators will drive the solutions. This will not involve the same people.

  1. New Launches, ‘same-old’ ‘big players’

Covid-19 has created a new opening for more urgent innovation and change, because every business case has changed forever. Remote commerce, remote business, home delivery, ‘click and collect’ are now ‘essential’ offerings. Instalment programmes, short-term credit, peer-to-peer lending will all see a new resurgence.

Whilst this will involve smaller innovators, it will be those that can leverage opportunities quickly and adroitly that will ‘win’: e.g. we can be assured that some or all of the following:

  • More payments linked to loyalty and stakeholders like the airlines and large supermarket loyalty brands will be overhauled to leap more towards a) ecommerce, b) towards push-payments, c) cross industry business relationships.
  • A UK or EU collaboration for a more localised version of the planned global; ‘Libra’ initiative (as above) but the regulatory gaps that Libra-1 saw addressed.
  • Big banks and retailers with new payments and banking solutions, moving with extreme vigour and innovation-centred collaborations: both with and without regulator partnerships and sanction; often across multiple jurisdictions.
  • Telecoms entering the payments space again to use their market presence and infrastructure for payments solutions, but in a more focused and successful way than they did in the last decade.
  1. Global – new business infrastructures

With strong guiding legislation, the EU in particular, is in a strong position to become a future centre for a new global payments’ infrastructure and a place for innovation, alongside robust governance: rather than through the USA anymore.

International governments have quashed the ability for the Chinese or Russians to lead the way  (in the main) due to human rights abuses, disrespect for global IP protection, and/or anti-competitive pushes or state sponsored commercial espionage, and of course hygiene issues around Wuhan.  China and Russia continue to lose their impetus in payments through being rebuked by international governments for other economic, political and social actions. However, other Asian economies must not be disregarded. They will remain behind the EU for the moment due to geopolitics, social issues, language or location, but they remain the source of great innovation and creative thinking.

We believe (hope?) therefor that the EU and maybe even the UK with a renewed political position could start to lead new solutions and direction after a Brexit, Covid19 and geopolitical shake-up. But we will have to stay on top of and lead discussions in political, economic, regulatory, trade restrictions, global diplomacy, cyber security matters, and any local conflicts.

Conclusions

It is clear that the Covid-19 pandemic has caused loss of life, financial uncertainty, job insecurity and has changed lives and commerce forever. But it is also accelerating technological thinking and innovation, regulation and politics, speed of change and making compelling business cases for doing something different or simply better.

The payment industry is not different. Things are going to change – for better and worse: but we can take advantage of this if we embrace the future.

Even if things quickly ‘go back to normal’ we must ensure that we do abandon ‘the old ways’ and adopt the new desire, spirit and pace of change and adopt new ways and to challenge the status quo when we need to do so.

Businesses, Central Banks, governments and national regulatory bodies should move faster than before and adopt changes faster too. If not, just in fear of the next pandemic.

We can expect a ‘fun ride’, more change, more (trade) wars and faster competition; but also the demise of some of the oldest and slower industries in the world.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at http://www.riskskill.com/

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

ENDS

The FCA “Dear CEO” Letter

Did you receive and action the “Dear CEO” letter from the FCA, dated 9th July 2020? We hope so.

The communication, was targeted at all organisations, and especially new and smaller businesses, was entitled:

‘Portfolio strategy letter for payment services firms and e-money issuers – We expect you to act to prevent harm to your customers.’  

It explained that the FCA expected every UK regulated business to take appropriate action and be ready to explain what they did when the FCA makes contact with individual organisations.

Directors and the boards must be able to demonstrate compliance with FCA requirements and what actions the board has taken to ensure its customers are adequately protected in the areas that they highlighted. Failing to meet FCA requirements or breaching a Principle could lead to FCA disciplinary sanctions.

We should all be concerned about the FCA letter, not least as the FCA highlights its concerns and the main areas in which it sees failings. It is clear from the letter that there are real issues with respect to customers not being sufficiently protected. These concerns have increased with increasing business failures, compounded by Covid-19, but also as the ‘new breed’ of authorised firms ‘let into the fold’ to try and boost innovation and competition have started to fail because their business practices and resilience may be as wanting as their compliance and customer protection.

We urge everyone to refresh themselves with the contents of the FCA letter and to check in particular that the requirements on protecting customer funds (safeguarding arrangements), governance and oversight as well as records management and reporting are all in place. And evidenced.

But as the FCA explains, financial promotions and customer communication, combatting financial crime and even prudential risk management all fall strongly within the remit of the issues that the FCA expects us to be able to answer to; and for which the FCA may start to take action if insufficient progress is made.

We talk to people widely across the payments sector and are astounded by the inability of newly licenced businesses to understand and adhere to regulatory requirements. They do apply to everyone and we do need to know what we are doing. If we have any sort of licence, then we cannot defend ourselves to the FCA with claims of being unaware of the requirements.

And the bigger we get, especially when we have a market presence, and even more so whilst if we are in a ‘cash-burn’ / funded stage of development, the more likely it is that we need to operate to the FCA requirements. Increasingly safeguarding, governance and financial crime strategies have become more critical. The FCA are actively monitoring non-compliance cases, whether reported anonymously to them or through formal/informal reporting from other oversight bodies; which are all becoming more common: especially with people within organisations that fear prosecution personally when companies do not follow ‘the rules’.

And it is clear that the FCA is now on the hunt, as we have discovered are other regulators that we have talked to. We know well, that there are other National Competent Authorities around the EU also now starting to take strong action, especially those that have been criticised for their previous laxness in recent years and in their own oversight responsibilities.

We have come to a juncture now where major financial institutions, which incorrectly believe that ‘the requirements do not apply to them’ or which flout the regulatory requirements, e.g. Wirecard, can now quickly end up failing, and lead to the company officials being either arrested or ‘on the run’. BaFin in Germany have been bitten and other EU regulators do not want that to happen to them.

When we perform ‘health checks’ upon financial services firms, we see more and more severe regulatory issues; which lead to significant actions being taken before they act to get ‘on-track’, or worse still, find their actions to be too little and too late and start them going down the route of regulator penalties, sanctions, operating restrictions or license removal. Or worse in the case of criminal negligence or intent.

You have been helped a lot with the ‘tip-off’ from the FCA. The FCA will ‘not take prisoners’. Or maybe they will!

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. Riskskill.com is a global GARS Reviewer for Visa. For more information visit website at http://www.riskskill.com/

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

Time for Next ‘Killer Punch’ from EU Regulators on Interchange?

Key legal challenges – what happened?

Five years ago, EU regulators devised the controversial Interchange Fee Regulations (IFR), capping Mastercard and Visa consumer-card interchange fees.

The EU Regulators cited their experience in regulating anti-competitive practices: to fuel innovation and change. The EU now needs to assess what has been achieved against its 2015 aspiration. The regulatory review process is underway, but what has it concluded to date including next steps?

How will the EU regulators act with interchange in a post IRF / PSD2 Europe? Here comes IRF2?

What did the IFR review achieve?

Initially, the IFR quelled concerns of EU and national Regulators and those of key merchant lobbying groups across Europe. It challenged the interchange rate levels, the methods of calculation, and it simplified the complex card scheme qualification criteria in place at that time.

Mastercard and Visa brought legal challenges but struggled to present robust defences. Some believe they missed the opportunity to explain more eloquently that even cash has a cost. But in the end, some common-sense prevailed, leading to interchange fee rate reductions.

Consumer debit (and prepaid) rates decreased to 0.20%, even in markets where typically this had been a fixed fee. Consumer credit rates lowered to 0.30%. But there were challenges:

  • Mastercard and Visa presented different timelines for fee reduction.
  • Acquirer systems were not ready, which led to manual workarounds.
  • Merchants were concerned by the changes (fixed fee to ad valorem and in how caps and different cards were treated.
  • Merchants were not prepared for ‘interchange plus plus’ pricing and did not like manual workarounds.
  • Issuers across the EU were not prepared for the revenue reductions.
  • Commercial cards and other consumer card brands were excluded.

These challenges were compounded by other high-profile legal actions against the schemes by the EU and national regulatory bodies too, as well as from merchant groups.

An additional change for merchants in October 2019 seemed positive when Mastercard and Visa reduced interregional rates for consumer POS transactions to 0.2% and 0.3%, and additionally inter-regional CNP transactions accepted in Europe down to 1.15% for consumer debit/prepaid and to 1.50% for consumer credit. Again, commercial cards were excluded.

Has it worked?

As with Schrödinger’s work, the IFR review has ‘worked’ and also ‘not worked’ depending upon your perspective. It has undoubtably introduced unintended consequences and controversy.

Yes, it worked….

IFR debates have led to global changes in the approach to interchange fees; and led to greater scrutiny of acquirer and scheme fees. It contributed to the PSD2/Open Banking initiative and evolved greater trust and transparency and new payments thinking. More recently, it led to the UK Payment Systems Regulator (PSR) undertaking a market review of card acceptance costs (reporting H1 2020) along with other EU National Competent Authority reviews.

But in reality…… no, it really has not worked….

The IFR review has led to years of delays and destructive legal cases between the EU regulators, major merchants and the international payment networks. The result appears to be a reduction in interchange fees but has been largely ‘cancelled-out’ by increased scheme fees and ergo acquirer fees. As these were outside the IFR scope, these many ‘new fees’ have been passed onto the merchant. Merchants blame acquirers, as their card processing costs increased, as have the revenues and profits of some acquirers and the card schemes.

Card issuers lost revenues as the result of lower interchange rates, replacing these in many cases with card fees, account fees and transaction fees, higher borrowing rates and reduced ‘free borrowing / repayment periods’; along with removing or weakening many cash-back / reward programmes.

Next steps 

We now need to complete and assess the findings of another regulatory review:

Strategic considerations?

  • What price changes have consumers seen from any Merchant cost changes?
  • Has competition, choice and innovation in European payments been realised, as originally sought by EU regulators?
  • Has the reduction in interchange rates, as part of the overall merchant commission, been simply replaced by other fees, that were and remain out of scope of the original IRF?
  • Have regulatory bodies learnt any more about the true costs of cash and other non-card payment methods?
  • Have the IRF reductions undermined the European Regulator promotion of PSD2 initiatives and alternative payment methods? Is there viable competition to cards now, e.g. account to account payments / credit transfers and PISPs?
  • Is there greater transparency on merchant fees?
  • Has individual country National Competent Authority (NCA) enforcement/ guidance been seen and sufficient?
  • What have we learnt from loopholes, vagueness and omissions in EU IRF regulatory language?

Impact on card usage?

  • Has IFR led directly to increased consumer card spending?
  • What has the effect been upon displacing cash at merchants?
  • Has the prohibition of surcharging on cards been simply replaced by discounts for cash, merchant steering of consumer payments and/or minimum purchase amounts?
  • Where surcharging on cards outside of scope is permitted, how has this been performed and what was the effect?
  • Has interchange fee reduction derived benefits such as increasing contactless payments across Europe?

Regulator next steps?

  • The EU regulator should now see a clear way to make further sweeping changes.
  • A cap should be considered for the total fees (including interchange) paid per transaction, especially poignant for higher-value card transactions?
  • The regulator should rule also on commercial card rates
  • Further regulation, including broader review of acquirer pricing and scheme fees to issuing and acquiring clients should now be proposed?

We should not be satisfied with the EU regulator actions of five years ago either. The European Commission was tasked in 2015 to assess the IFR effectiveness by 2019, They struggled to find and appoint research consultants, only appointing Ernst & Young (EY) in late 2018. The long-awaited review and publication of results has been delayed until 2020.

Back in 2015, when EU regulators pulled this programme together, they and we did not know what we know, see and experience now. We still have uncertainty, lack of clarity on what benefits have been achieved, the unintended consequences of these changes and continued marketplace evolution.

The EU regulators really must act. They have no choice. What we can be assured of though, is that we WILL be surprised, changes will be significant, complex and ever more impactful, and as ever stakeholders will fight and then find ways around restrictions. The payments marketplace will both continue and evolve. So, let’s have some fun with the journey!

Riskskill.com is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks, competing in a fierce world and dealing with regulatory and scheme changes. Riskskill.com works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Its people are widely accepted as some of Europe’s leading payments and risk experts and they are frequent commentators on the issues involved. The key team have a wide experience in banking, insurance and the financial services and payments sectors and are thought leaders at the forefront of many industry wide and international debates.

Riskskill.com is an approved Visa Inc. GARS Reviewer.

For further information, please contact:  Bill Trueman or Kevin Smith at Riskskill.com

enquiries@riskskill.com

Bill Trueman and Kevin Smith

Principal Consultants, Riskskill

www.riskskill.com

Contactless Card Payments Limit Increased From £30 to £45 in UK

UK contactless card payment

Contactless payments limit in the UK increases from £30 to £45 is being seen as Another blow for cash payments in United Kingdom. This will off course help the customers to save time during checkout at retail stores.

After much speculation, the contactless payments limit in the UK increases from £30 to £45. It has been under discussion for some time but recent Covid-19 developments have accelerated the decision and communication processes.

Effective from 1 April 2020, there will be a lengthy and phased migration for consumers and across merchant sectors. This will be further complicated by the retail temporary closures as a result of the steps to manage Covid-19.

All stakeholders, especially cardholders and merchants should welcome the increase. There will of course be concerns about fraud on contactless payments, but we should remember that current fraud figures show fraud on contactless payments is just 2.5p in every £100 spent.

For more information visit https://www.ukfinance.org.uk/contactless-limit-change-faqs

Kevin Smith is a Senior Payment Services & Risk Management Consultant & Industry Advisor at Riskskill.com and permanent member of AIRFA. He helps businesses in the payment sector perform better, in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing.

 

Onboarding and its Challenges

Onboarding and its Challenges

Onboarding is already a complex, competitive and ever-evolving process: but is about to become `THE CHALLENGE’ over the next year. But why? And how can we be sure?

We will discuss here:

  1. Some of the current regulatory changes and why these are such a great thing for those of us with onboarding functions
  2. How in the coming year or two, these changes will have a major impact upon onboarding functions, and
  3. What we should look-out for and what we can start doing.

We are having to make major changes to our businesses and more will be needed as further legislation continues to ‘hit-us’. But it is mostly GOOD regulation. We are entering a period now of high-disruption and high-regulation – see below for a UK market example.

The graphic below indicates the balance between disruption in the financial services environment and all of its stakeholders. It is the view of UK Finance[1], the UK Banking industry trade association, and their thoughts on ‘the future of payments and banking’.

Kevin Smith - Risk Review Specialist
Kevin Smith

For all of us, it would appear that we are accelerating into a period of both high national and international regulation as well as high market disruption through new entrants and competition, innovation, data availability and enabling technologies. This is a good thing because it means that the marketplace will evolve in a controlled way and we should rather want to be in such a marketplace than the others shown above. But it is worthy to note that this high regulation is in the main a very good thing because:

  • The legislation is positive rather than punishing – it clarifies who does what, where, how and why,
  • It prevents abuse and misuse of the global payments infrastructure and any ‘more localised’ deployment,
  • It supports consumers and their needs – protecting end-users of the payment system,
  • It encourages further innovation and market development,
  • It is designed to support competition and to challenge the status-quo in the markets.

EXAMPLES

PSD2 is very prominent because of Strong Customer Authentication (SCA) implementation and enforcement at the moment, BUT PSD2 and broader European financial services regulation have also given us Open Banking and push as well as pull payments with the opening-up of banks to new payment organisations such as PISPs[2] and AISPs[3] and their new regulatory registration category.

GDPR was seen as a surprise to many and a headache to most last year, but it really is ‘the best thing that has happened to information management’.  It leads to a greater understanding of our data, our data needs and it requires us to ‘do our jobs’. It reminds us that it is not necessarily our data and that we need to justify why we process the data in the way we do. It enables us to deploy better practices, develop new products and services and to use information sources better to help us know our customers. In turn, GDPR has helped us refocus on the importance of Information Security Management Systems (ISMS) and further this year to comply with ISO 27001 and now additionally with ISO 27701 (a current urgency).

The current and ongoing UK Government-initiated evaluation (and similarly across the EU) of the operations and activities of company registers, highlight the concerns that Governments themselves must also continue to improve the data available and to deliver access to reliable, trusted data.

Money Laundering regulatory changes globally are also now creeping up upon us – but we will say no more about these challenges here as they envelop us.

In the UK, the Payment Systems Regulator (PSR) was established three years ago and is in the process of overhauling the payments regulation with the drive towards more innovation, inclusion and competition. It is now part-way through a deep review of the merchant acquiring marketplace and practices, the economics and the profitability of the big players and other stakeholders. We can expect the PSR to make rulings that will again focus us upon applying greater transparency, and in creating competition and innovation in payments.

Bill Trueman - Risk Review Specialist
Bill Trueman

Key to a lot of regulation in this area is making access to services easier, simpler and faster; removing barriers to entry and services more innovative. So, we can expect this review and further disruption to include regulation mandates (especially the UK PSR requirements due to be published in Q1 2020) around:

  • More shared data across the industry,
  • Faster onboarding – with increased focus on both initial and ongoing merchant underwriting,
  • Mandated acquirer ‘account switching’ service (i.e. to be able to change acquiring partners with greater ease),
  • Data sharing to facilitate this,
  • Easier, faster and more accurate due diligence,
  • Mandating innovation and competition in favour of smaller, newer, innovative technologies,
  • Greater transparency in the application of merchant contracts, operational support, and providing ‘value-add’ services to manage merchant and systems risks.

Accordingly, the challenges for acquirers, and their trusted processing partners, over this coming year (2020) will see a need for us to become smarter, faster, much more automated, more innovative and accommodating to new technologies and solutions in an ever-evolving and faster way. Those who do this quickly and efficiently will survive, those who do not or cannot: will struggle and start to suffer.

Merchant onboarding has often been a ‘race to the bottom’ and must now start to become a ‘technology race’. The challenge will be to stop giving ‘lip-service to innovation’ and to now adopt and meet the onboarding challenges to:

  • Automate (and cleverly) the sanctions / PEPs screening functions,
  • Make greater use of bureaux data for businesses,
  • Make use of stronger and better technology to use the many existing and newer data for merchants, individuals, web-presence, payment solutions, etc.,
  • Secure timely access to critical data across multiple jurisdictions,
  • Gather more data from the web and other trusted sources about businesses, business performance, their people and their customers,
  • Understand businesses better, and bringing compliance and business due diligence into the sales team and other front office rather than seeing it as a ‘back-office function’ only; and the responsibility of risk, credit and compliance teams alone.
  • Develop stronger credit risk skills, risk management understanding and exposure measurement and management both at underwriting and at every stage or significant change in the merchant life-cycle.

We are certainly entering a period where onboarding WILL become even more important and more competitive and the biggest challenges will be for acquirers and their partners to focus upon and to ‘up-their-game’ to compete and innovate in their application of risk management in general, but in particular in their onboarding.

The current Regulatory changes and impositions are a very good thing and will be the catalyst for further innovation, disruption and change in our industry today – and also for the industry that we will evolve over the next few years and into whatever form it may morph into!

Bill Trueman and Kevin Smith work as Riskskill.com to help businesses in the payment sector perform better, whether in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing. They are industry commentators and also help companies in the industry establish direction, strategy and new ways of doing things.

[1] UK Finance https://www.ukfinance.org.uk

[2] Payment Initiation Service Provider

[3] Account Information Services Provider

 

RiskSkill Attends WebShield’s RiskConnect Conference 2019 in Warsaw

Webshield RiskConnect Conference 2019 Warsaw

The team at Riskskill were both honoured and pleased to attend and support our friends at Web Shield and yet another successful networking conference for risk management people, this time at RiskConnect 2019 in Warsaw.

Over the 19th and 20th November, Web Shield hosted some 250 risk practitioners from across Europe and many from further afield.

There was a superb group of presenters at the event, who rewarded the audience with powerful presentations; such as:

– Keynote presenters from Süddeutsche Zeitung (Obermayer and Obermaier – who were the original ‘Panama Papers’ 2017 pulitzer-prize winners) who signed copies of their book at the conference.

– Mastercard and Visa executives who presented their visions and key changes to global chargeback and fraud rules.

– USA-based; Better Business Bureau: on the extent of global Deceptive Marketing Practices (also the title of a new publication from our hosts at Web Shield)

– G2A.com and the Belgian Gaming Commission: who presented massively engagingly upon loot boxes.

– The Royal Canadian Mounted Police talking about significant investigations into malpractice

– Deloitte and Deloitte RegTech Lab, MarketScape, Nethone, Bankingblocks, Ethoca and Crystal Blockchain all produced extraordinary presentations about current, interesting and informative topics, as did great people from Web Shield too – who also announced the launch of its multi-language training academy courses on risk management.

Fuller agenda and details on the event can be found on the Web Shield / RiskConnect website.

Bill Trueman from Riskskill moderated a lively and fascinating panel discussion on Day-1 on the rapidly emerging and poorly understood issue of loot boxes (aka loot crates) and the various views taken by individual national regulators, the card schemes and the ultimate need for a greater understanding and potential need for further clarifying regulation. The panel comprised Peter Naessens (Belgium Gaming Commission), Olav Leonov (G2A) and Markus Prause (Web Shield).

Webshield RiskConnect Conference 2019 Warsaw attended by Bill Trueman

Kevin Smith moderated a panel discussion on Day-2 on the thorny topic of deceptive marketing. The panel comprised Steve Baker (Better Business Bureau), Kyle Smith (Ethoca) and Iveta Korenciakova and Chris West (Bankingblocks). They provided further guidance, experiences and emerging challenges that pulled together a lot of the content from their earlier presentations and the entire event overall. The discussion highlighted the growth and global expansion of the ‘tricks’ used against consumers and the risk of harm (or worse) that, for example counterfeit products can cause, as well as those of unlicensed pharma and neutra products – and their often inert, harmful or even illegal ingredients.

Webshield RiskConnect Conference 2019 Warsaw attended by Kevin Smith

Christian Chmiel chaired the event in his usual calm, confident and professional manner. The common theme remains industry collaboration in what is becoming an ever complex and diverse environment.

The quote of the conference, first introduced by Peter Bayley from Visa was: “What are the brakes on a car for? …. To make the car go faster”

Books from Christian Chmiel and Markus Praus, edited by Joyrene Thomas – also available at the conference): https://about-fraud.com/author/christian-a-chmiel/
Panama Papers book on Amazon: https://www.amazon.co.uk/Panama-Papers-Breaking-Story-Powerful/dp/1786070707/ref=sr_1_1?keywords=panama+papers&qid=1574442501&sr=8-1

Bill Trueman and Kevin Smith are leading payment, risk & fraud specialists who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit websites at RiskSkill, and AIRFA.