Onboarding and its Challenges

Onboarding and its Challenges

Onboarding is already a complex, competitive and ever-evolving process: but is about to become `THE CHALLENGE’ over the next year. But why? And how can we be sure?

We will discuss here:

  1. Some of the current regulatory changes and why these are such a great thing for those of us with onboarding functions
  2. How in the coming year or two, these changes will have a major impact upon onboarding functions, and
  3. What we should look-out for and what we can start doing.

We are having to make major changes to our businesses and more will be needed as further legislation continues to ‘hit-us’. But it is mostly GOOD regulation. We are entering a period now of high-disruption and high-regulation – see below for a UK market example.

The graphic below indicates the balance between disruption in the financial services environment and all of its stakeholders. It is the view of UK Finance[1], the UK Banking industry trade association, and their thoughts on ‘the future of payments and banking’.

Kevin Smith - Risk Review Specialist
Kevin Smith

For all of us, it would appear that we are accelerating into a period of both high national and international regulation as well as high market disruption through new entrants and competition, innovation, data availability and enabling technologies. This is a good thing because it means that the marketplace will evolve in a controlled way and we should rather want to be in such a marketplace than the others shown above. But it is worthy to note that this high regulation is in the main a very good thing because:

  • The legislation is positive rather than punishing – it clarifies who does what, where, how and why,
  • It prevents abuse and misuse of the global payments infrastructure and any ‘more localised’ deployment,
  • It supports consumers and their needs – protecting end-users of the payment system,
  • It encourages further innovation and market development,
  • It is designed to support competition and to challenge the status-quo in the markets.

EXAMPLES

PSD2 is very prominent because of Strong Customer Authentication (SCA) implementation and enforcement at the moment, BUT PSD2 and broader European financial services regulation have also given us Open Banking and push as well as pull payments with the opening-up of banks to new payment organisations such as PISPs[2] and AISPs[3] and their new regulatory registration category.

GDPR was seen as a surprise to many and a headache to most last year, but it really is ‘the best thing that has happened to information management’.  It leads to a greater understanding of our data, our data needs and it requires us to ‘do our jobs’. It reminds us that it is not necessarily our data and that we need to justify why we process the data in the way we do. It enables us to deploy better practices, develop new products and services and to use information sources better to help us know our customers. In turn, GDPR has helped us refocus on the importance of Information Security Management Systems (ISMS) and further this year to comply with ISO 27001 and now additionally with ISO 27701 (a current urgency).

The current and ongoing UK Government-initiated evaluation (and similarly across the EU) of the operations and activities of company registers, highlight the concerns that Governments themselves must also continue to improve the data available and to deliver access to reliable, trusted data.

Money Laundering regulatory changes globally are also now creeping up upon us – but we will say no more about these challenges here as they envelop us.

In the UK, the Payment Systems Regulator (PSR) was established three years ago and is in the process of overhauling the payments regulation with the drive towards more innovation, inclusion and competition. It is now part-way through a deep review of the merchant acquiring marketplace and practices, the economics and the profitability of the big players and other stakeholders. We can expect the PSR to make rulings that will again focus us upon applying greater transparency, and in creating competition and innovation in payments.

Bill Trueman - Risk Review Specialist
Bill Trueman

Key to a lot of regulation in this area is making access to services easier, simpler and faster; removing barriers to entry and services more innovative. So, we can expect this review and further disruption to include regulation mandates (especially the UK PSR requirements due to be published in Q1 2020) around:

  • More shared data across the industry,
  • Faster onboarding – with increased focus on both initial and ongoing merchant underwriting,
  • Mandated acquirer ‘account switching’ service (i.e. to be able to change acquiring partners with greater ease),
  • Data sharing to facilitate this,
  • Easier, faster and more accurate due diligence,
  • Mandating innovation and competition in favour of smaller, newer, innovative technologies,
  • Greater transparency in the application of merchant contracts, operational support, and providing ‘value-add’ services to manage merchant and systems risks.

Accordingly, the challenges for acquirers, and their trusted processing partners, over this coming year (2020) will see a need for us to become smarter, faster, much more automated, more innovative and accommodating to new technologies and solutions in an ever-evolving and faster way. Those who do this quickly and efficiently will survive, those who do not or cannot: will struggle and start to suffer.

Merchant onboarding has often been a ‘race to the bottom’ and must now start to become a ‘technology race’. The challenge will be to stop giving ‘lip-service to innovation’ and to now adopt and meet the onboarding challenges to:

  • Automate (and cleverly) the sanctions / PEPs screening functions,
  • Make greater use of bureaux data for businesses,
  • Make use of stronger and better technology to use the many existing and newer data for merchants, individuals, web-presence, payment solutions, etc.,
  • Secure timely access to critical data across multiple jurisdictions,
  • Gather more data from the web and other trusted sources about businesses, business performance, their people and their customers,
  • Understand businesses better, and bringing compliance and business due diligence into the sales team and other front office rather than seeing it as a ‘back-office function’ only; and the responsibility of risk, credit and compliance teams alone.
  • Develop stronger credit risk skills, risk management understanding and exposure measurement and management both at underwriting and at every stage or significant change in the merchant life-cycle.

We are certainly entering a period where onboarding WILL become even more important and more competitive and the biggest challenges will be for acquirers and their partners to focus upon and to ‘up-their-game’ to compete and innovate in their application of risk management in general, but in particular in their onboarding.

The current Regulatory changes and impositions are a very good thing and will be the catalyst for further innovation, disruption and change in our industry today – and also for the industry that we will evolve over the next few years and into whatever form it may morph into!

Bill Trueman and Kevin Smith work as Riskskill.com to help businesses in the payment sector perform better, whether in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing. They are industry commentators and also help companies in the industry establish direction, strategy and new ways of doing things.

[1] UK Finance https://www.ukfinance.org.uk

[2] Payment Initiation Service Provider

[3] Account Information Services Provider

 

RiskSkill Attends WebShield’s RiskConnect Conference 2019 in Warsaw

Webshield RiskConnect Conference 2019 Warsaw

The team at Riskskill were both honoured and pleased to attend and support our friends at Web Shield and yet another successful networking conference for risk management people, this time at RiskConnect 2019 in Warsaw.

Over the 19th and 20th November, Web Shield hosted some 250 risk practitioners from across Europe and many from further afield.

There was a superb group of presenters at the event, who rewarded the audience with powerful presentations; such as:

– Keynote presenters from Süddeutsche Zeitung (Obermayer and Obermaier – who were the original ‘Panama Papers’ 2017 pulitzer-prize winners) who signed copies of their book at the conference.

– Mastercard and Visa executives who presented their visions and key changes to global chargeback and fraud rules.

– USA-based; Better Business Bureau: on the extent of global Deceptive Marketing Practices (also the title of a new publication from our hosts at Web Shield)

– G2A.com and the Belgian Gaming Commission: who presented massively engagingly upon loot boxes.

– The Royal Canadian Mounted Police talking about significant investigations into malpractice

– Deloitte and Deloitte RegTech Lab, MarketScape, Nethone, Bankingblocks, Ethoca and Crystal Blockchain all produced extraordinary presentations about current, interesting and informative topics, as did great people from Web Shield too – who also announced the launch of its multi-language training academy courses on risk management.

Fuller agenda and details on the event can be found on the Web Shield / RiskConnect website.

Bill Trueman from Riskskill moderated a lively and fascinating panel discussion on Day-1 on the rapidly emerging and poorly understood issue of loot boxes (aka loot crates) and the various views taken by individual national regulators, the card schemes and the ultimate need for a greater understanding and potential need for further clarifying regulation. The panel comprised Peter Naessens (Belgium Gaming Commission), Olav Leonov (G2A) and Markus Prause (Web Shield).

Webshield RiskConnect Conference 2019 Warsaw attended by Bill Trueman

Kevin Smith moderated a panel discussion on Day-2 on the thorny topic of deceptive marketing. The panel comprised Steve Baker (Better Business Bureau), Kyle Smith (Ethoca) and Iveta Korenciakova and Chris West (Bankingblocks). They provided further guidance, experiences and emerging challenges that pulled together a lot of the content from their earlier presentations and the entire event overall. The discussion highlighted the growth and global expansion of the ‘tricks’ used against consumers and the risk of harm (or worse) that, for example counterfeit products can cause, as well as those of unlicensed pharma and neutra products – and their often inert, harmful or even illegal ingredients.

Webshield RiskConnect Conference 2019 Warsaw attended by Kevin Smith

Christian Chmiel chaired the event in his usual calm, confident and professional manner. The common theme remains industry collaboration in what is becoming an ever complex and diverse environment.

The quote of the conference, first introduced by Peter Bayley from Visa was: “What are the brakes on a car for? …. To make the car go faster”

Books from Christian Chmiel and Markus Praus, edited by Joyrene Thomas – also available at the conference): https://about-fraud.com/author/christian-a-chmiel/
Panama Papers book on Amazon: https://www.amazon.co.uk/Panama-Papers-Breaking-Story-Powerful/dp/1786070707/ref=sr_1_1?keywords=panama+papers&qid=1574442501&sr=8-1

Bill Trueman and Kevin Smith are leading payment, risk & fraud specialists who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit websites at RiskSkill, and AIRFA.

RiskSkill Attends CIR 10th Annual Risk Management Awards 2019

CIR 10th Annual Risk Management Awards 2019

Bill Trueman on behalf of RiskSkill was delighted to attend the CIR Risk Management awards last week with Joyrene Thomas (pictured), when we supported Christian Chmiel (also pictured) and saw him collect yet another award for the ‘Webshield’ solutions and their ongoing quest to help merchants with their risk management efforts. Webshield is very much an integral part of the industry. We were all looking forward to attending the RiskConnect.eu event in Warsaw next week.

Winners of CIR 10th Annual Risk Management Awards 2019 were declared on 6 Nov 19 organized by comedian Zoe Lyons at the London Marriott Hotel, Grosvenor Square.

These Awards celebrate the excellence in the field of risk management – recognising the expert, products and programmes in the risk sector for a decade.

For more information visit https://www.cirmagazine.com/riskmanagementawards/winners19.php

 

E-Money Risk, Fraud & Compliance Advisory Service by RiskSkill

About RiskSkill’s e-Money Compliance Services

Mobile Payment Fraud Prevention

RiskSkill help businesses avoid €multi-million fines and embarrassing brand damaging mistakes from regulatory non-compliance and process and regulatory mistakes. We help clear up the mess when we are called in later.

E-money Licence Changes:

Recent new financial services legislation in the UK, has led to the Financial Conduct Authority (FCA) introducing a Payments Systems Regulator from April 2014. The ECB, and the European Commission are also proposing ways to regulate and police the whole e-money arena, as are the international card schemes. The FCA is now also starting to review and audit the e-money licences they have granted previously and for observance with ALL regulations and also best-practices.

We believe that the FCA have seen that the governance of payment systems, including e-money issuers, is a difficult and continuous task and needs several layers of supervision and oversight in the way that other payment methods have already established (e.g. through the regulations of the international card schemes).

Requirements:

As an e-money licence holder, you need to ensure that your organisation and all of its agents, including passport holders, are fully conversant with and engaged in all due diligence in customer selection and identification, transaction/event screening, suspicion reporting, record-keeping, corporate assessment of exposures and risk, and the Base II (and III) capital assignment to the exposures. Having reporting to the FCA, a clear payment strategy and ABOVE ALL understanding and observance of laws relating to payments in all areas of operation are all also essential.

The main legislation that is pertinent is the meeting of the requirements of the Money Laundering regulations for all countries in which an e-money licence holder, and its agents and Passport Holders, operates. Not doing what is right by the European Money Laundering directives is the quickest way of losing money, being fined, suffering crippling bad media attention, or losing a market – or a full e-money licence (which will happen when firms are reviewed).

emv chip and pin online payment fraud

ACTIONS 

In advance of the FCA performing its own validation on individual license holders (and making high profile examples of those who are not fully compliant), you need to:

A. Make sure that all your processes, operations and compliance teams are all fully observant of all applicable regulatory requirements, laws and best practices.

B. More importantly though, are you confident that your third party agents are also fully compliant?

We Can and Will Help You In: 

1. Determining your current state of preparedness and identify areas for attention and action before the FCA requests an onsite review of your business.

2. Review the state of compliance and preparedness of your third party agents or passport-licences and report to you on them as the principal e-money licence holder?

We can provide you with our credentials when you need help, as we are a team of payment industry specialists, that have previously worked in many banks and card schemes, and now help organisations assess their current operational status, and become and remain compliant. We have also worked extensively with the rules, regulations, legislation and best practice across the sector, in the UK and across Europe and advise payment organisations on market strategy and direction rather than simply focusing on ‘tick-box’ auditing.

Contact RiskSkill for our Services for all Risks, Fraud and Compliance solutions for e-money, e-payment, internet payments, e-funds, e payment systems, online payment and digital cash’s safe transactions. RiskSkill is also a permanent member of AIRFA an independent and global risk and fraud advisors organization.

How do we Need to Attack the Fraud Losses as They Arise and Rise?

corporate fraud prevention

Increasing fraud losses are one of the main concerns of most of the organizations worldwide. But if we take care of some points then we can minimize such fraud losses. I am mentioning some important points to minimize such fraud losses in any organization.

  1. Ensure that management are fully behind the need to address the problems and prepared to invest in the solutions even if they will take more than a few months to see pay-back. Often the payback for these things is a matter of weeks, because left without a solution the fraud rises exponentially. We often need to invest to prevent this….. again.
  1. Make sure that the problem is being measured; and any which way. There is no point in investing in a ramped up a POS identity validation or rule-sets in a solution if the problem is in the e-commerce field, and equally little point in spending money on a overseas issue or a portfolio review if we do not identify our new customers properly. So we need to measure the problem to focus our attentions on the solutions needed, but also to ensure that the right management can see the trends and start demanding the right investment in the right direction.
  1. Often we see such problems where there is investment and there is measurement and management, but no-one on the board is responsible i.e. has ‘ownership’ of the rising losses that start to kill the profitability. Someone has to be responsible and someone’s head has to be about to roll if they do not get addressed. And if someone does own the problem, usually they take action and make sure that the right things happen. Hopefully.
  1. Lastly, if the culture is not there, things suffer and fraud goes up and up and up. People have to be hungry to find the liars and cheats and attack them. People have to demand immediate action and take the fight to the crooks and cheats, and we have to be hungry to address the IT challenges, rule corrections, falling staff levels, loss of focus in the management team. We also have to work as teams and both be able to deal with the problems as we find then, to LOOK for the problems that seem to underpin the problems but also to have the function in the business to PREVENT the next possible attacks.

Bill Trueman is a leading payment, risk & fraud expert who provide payment fraud prevention consultancy services to card issuers, banks, and business organizations worldwide. For more information one can visit website at RiskSkill, apart from this Bill is also a permanent member of AIRFA.

Card payments – Who am I dealing with? The parties involved are changing… again

Bill Trueman from Riskskill.com talks about who is involved in the four-party payment models and how and why these are changing

In four party models (those that involve Mastercard and Visa), include:

  • Cardholders – like us.
  • Merchants – the shops that we use, whether in the high-street or on-line.
  • Card Issuers: usually banks that provide us with the plastic-card, the CHIP, PIN and then our statements and customer services.
  • Merchant Acquirers: which provide the equipment to accept payments, but which also settle against the issuers globally through the card schemes and most importantly take the risks involved in doing so.

How these parties operate with one another is shown in figure 1 below. Contracts exist between each party, whether formal, OR

a) the sale of goods and services contract (in shop),
b) Visa and Mastercard rules and contracts – through which issuers and acquirers connect globally.

Base four-party model for Card Payments.png
Base four-party model for Card Payments

This is how the processes have worked in the past, but things are changing and getting increasingly complicated.

Newer Parties

Businesses have evolved because of a need for evolution, and/or because of an evolving internet, mobile technology, increasing demands of ‘new solutions’ from merchants and the need to serve ever-newer cardholder services. Acquirers of yesteryear (banks) did not or could not change with market demands. The types of organisations that have evolved include:

Sales/Introducer organisations

Organisations that ‘sell to’ merchants on behalf of acquirers. Often these ‘take a cut’ of all transactions, and often contractually taking some of the work and the risks.

Technical Gateways

Companies that provide merchants with specialist connectivity / IT solutions in the process; aim to link the merchants to the acquirer akin to an internal IT department for payments. These may include specialist data security and tokenization solutions.

Intermediate Processors – PSPs/ Payment Facilitators

Companies that work with the merchants to process transactions to acquirers, and/or other parties for ‘other’ payment types; adding services that acquirers did not or could not provide. These may be specialisms for particular markets or for particular software or applications. Elements of technical gateways and/or specialist data security and tokenization solutions may be involved.

Acquirer Processors

Companies who will provide the processing services for multiple acquirers, or increasingly, also act as acquirers too; and/or offer ‘white-label’ acquiring solutions/platforms and services.

These are shown in figure 2 – Complications include:

– Many different ‘names’ for parties involved across geographies, by the organisations themselves, through the categorisation of these by the card schemes/ regulators. These names change as the market changes.

– Many of these parties overlap into one another e.g.

  • A sales/introducer may also start to provide equipment or software, a gateway solution, and/or become an intermediate processor themselves.
  • Intermediate processors, may apply for their own acquiring licences to become banks and/or Visa / Mastercard licensed businesses; or set-up or acquire sales businesses.
  • Acquirers may buy or establish intermediate processors, or other parties in the chain and;
  • Technical transaction processors (Gateways) may become sales businesses or provide intermediate processing and/or other services to the merchants.

– Three-party card schemes such as American Express and Diners can also be processed through the different parties involved above, in parallel or separately.

– AliPay and WeChat Pay are making big inroads in Europe, and are now by many reports bigger than Mastercard and Visa and have big ambitions.

– Domestic card schemes operate in many markets across the EU.

– Other payments schemes – electronic money, wallets, digital currencies.

Acquirer intermediates and disintermediation.png
Acquirer intermediates and disintermediation

Challenges

The challenges that arise and cause difficulties include:

a) Bank regulators required Banks to understand, monitor and continually manage all risks involved. The ‘art’ of doing so is being lost as other parties move into acquiring without the same regulation and knowledge.

b) Risks are often not identified, with credit risk largely uncalculated, untracked or ‘priced for’.

c) Customer identification can become diluted when multiple parties are involved; especially when contracts are written without it being clear who is responsible for the risks/exposures; so problems evolve.

d) Regulators and card schemes introduce many and varying rules and requirements that are often hard to understand and to communicate.

e) Capital adequacy / liquidity – banks are always required to manage this; but as non-bank acquirers develop, there is no non-bank regulator to force these business protection solutions with active regulators examining progress.

f) The fallacy that “acquiring is simple”, has led to more ‘new breed’ acquirers emerging with many quickly failing or required to stop trading when things ‘go wrong’.

Common Challenges that must be mitigated

1. Understand a) exposures, b) risk of failure, c) reward for exposures/risks; as well as all the ‘tricks’ used to con acquirers.

2. Have a clear strategy, policy, procedures, documented risk appetite, calculation methodology, management information and reporting structure.

3. Ensure that all card scheme, regulator, AML and other laws and rules are understood, stayed abreast of and corrected when they arise

4. Measure and manage all changes in business models, exposures, risks, management etc.

5. Look for daily / real-time unusual business features and ‘blips’ in the transactions away from norms and then act upon them.

6. Manage and monitor all third-parties employed or delegated-to in the process of card acquiring.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks. The firm works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. Riskskill.com is a global GARS Reviewer for Visa.

For further information, please contact: Bill Trueman or Kevin Smith at enquiries@riskskill.com

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line. For the last 12 years he has been diving-into many other businesses: largely advising merchants, acquirers and others in the payment chain; to reduce risks and costs, and to find improved ways to do business and/or to make significant organisational change. He is a mentor for innovative payments startups and sits on working parties and panels for the UK regulators.

Source: https://www.thepaypers.com/expert-opinion/card-payments-who-am-i-dealing-with-the-parties-involved-are-changing-again-/776837

RiskConnect 2018: The Anatomy of a Good Risk Management Strategy

Webshield Riskconnect Conference 2018 at Frankfurt

Thought leaders and industry experts met at RiskConnect conference in Frankfurt to discuss the newest challenges that risk professionals face within the payments industry and to provide hands-on knowledge they can use in their daily work. RiskConnect is organised by Web Shield, one of the leading onboarding, underwriting and monitoring solution providers.

The event started with a presentation held by Pulitzer Prize winner Carl Bernstein on fake news, the impact this has on our societies and the way truth is perceived via ‘fake news lenses’. Bernstein has preached the gospel of finding ‘the best obtainable version of truth’, stressing the fact that journalists are similar to data miners, permanently searching for info, and that their ultimate role should be connecting these data to offer the best obtainable version of truth. This ideal can be achieved if we present information in context, as simple facts presented isolated from the bigger picture do not cover the truth. A crucial role in this system is played by the validation of our data sources.

He concluded his presentation by drawing a parallel between the role of journalists and risk management professionals, as both categories use similar investigative principles to grasp the whole picture of a given situation / merchant profile, for instance. When you don’t know/suppose you know the truth you face a risk, the risk of missing out the factors that made that truth happen, of not knowing what will be the right consequences, of being part of a distorted world, hence, facing unreal consequences/facts.

What exactly is risk?

There have been a lot of debates around this concept, as it is not a fix, but a variable one, depending on the degree of risk a business/person is willing to accept, the impact the accepted risk has on the business/consumer, risk appetite, the way it makes a business/consumer feel when they take a particular risk etc.. Nevertheless, risk can be monitored/assessed due to ISO 31000 standard on ‘Risk management – Principles and guidelines on implementation’ that states that the process of risk management consists of several concrete steps, such as establishing the context and identifying potential risks and assessment – once risks have been identified, they must then be assessed as to their potential severity of impact.

According to Shaun Lavelle, Senior Vice President Risk, Payment Processing, Paysafe Group and Bill Trueman, Director, RiskSkill (http://www.riskskill.com/) the concept of high-risk is meaningless if the types of risk are not specified. Moreover, the lack of a proper risk scoring analysis can be caused by not taking into consideration operational risk, currency risk, reputational risk, fraud and regulatory risks.

For instance, at the moment there are too many shady merchants under some acquirers’ custody conducting illegal activities, such as child pornography, nutraceuticals, and unfair billing practices causing great fines applied to these acquirers by the regulators/schemes. Not to mention the different perspectives regulators have over these risks and the vast terminology used within this market (that not everyone understands/has consensus over its meaning). Within this context, risk managers plan hard – and put-in place early –warning processes and measures to avoid their business going bust.

Bitcoin, ICOs, crypto… a risky business?

Over the past few years, cryptocurrency has grown exponentially and it seems that a new cryptocurrency pops up every day (currently there are more than 1500 available). The appeal of making a fortune by joining the cryptocurrency market is enticing with mining facilities multiplying and the emergence of “Initial Coin Offerings” (ICOs). Similar with IPOs, ICOs enable startup businesses to raise capital for their projects by issuing their own digital tokens.

However, fraudsters are also exploiting this new digital asset ecosystem. For instance, there are sites that teach you how to launch an ICO in just 20 minutes, or others that through deceiving advertising trick users into thinking that they are buying ‘the next worldwide crypto’ (when actually they don’t receive anything). Also by co-opting well-known brands, such as card schemes – Mastercard, Visa – or by using celebrity names/faces in a deceiving way, ICOs can gather over 30,000 registrants in just a few days, according to the Canadian Financial Authority investigators Annie Leblanc and Maude Blanchette.

The good news is that there are regulators and authorities throughout the world, such as the North American Securities Administrators Association (NASAA), European Securities and Markets Authority (ESMA), Financial Action Task Force (FATF), and many others that monitor these fund raising activities/transactions, investigate any illegal/illicit/deceiving involvement and prosecute where needed.

How to lower the risk?

Mastercard and Visa are preparing their clients/merchants on how to deal effectively with the evolving risk management challenges. During RiskConnect, Jonathan Trivelas, Director, Customer Compliance and Fraud, Mastercard, covered Mastercard’s Business Risk Assessment and Mitigation (BRAM) program and its latest requirements concerning high risks merchants. These initiatives are called AN 1683—Addition of High-Risk Securities Merchants to the BRAM Program and Revised Standards—High-Risk Securities Merchant Registration and AN 1695—Addition of Cryptocurrency Merchants to the BRAM Program and Revised Standards— Cryptocurrency Merchant Registration and apply mainly to cryptocurrency use and chosen high-risk financial instruments trading. This includes recent developments regarding cryptocurrency merchants, high risk security traders (Binary, Forex, etc.), sports betting and high risk negative option billing merchants.

These standards came into effect on October 12th, though discussions around them have been started by Mastercard in spring 2018. Generally speaking, they apply to high risk merchants. It is also worth mentioning that ESMA (European Securities and Markets Authority) has already taken the intervention measures and temporarily prohibited the marketing, distribution or sale of binary options to retail clients. AN 1683 and AN 1695 also aim to provide legal opinions on the possibility of carrying out cryptocurrency business in a particular country.

In a world where anyone can be a merchant, everyone can be a customer, and the regulatory environment continues to extend their enforcement. Another option to lower this risk is to leverage global data points to automate and revolutionise online verifications and fraud prevention.

There are companies such as 4Stop or IdentityMind that, through the power of data, they can achieve automated risk mitigation, even for … cryptocurrency transactions, as technology has the capability to deanonymize an address on the Bitcoin network, thus attaching it to the real world identity of the person controlling it. Once this happens, all transactions made from and to this address become visible and traceable since the beginning of the blockchain and till the very last block.

Education in risk management is crucial

We have the tools and technology, we have the regulations and best practices examples, but how can risk professionals establish a knowledge base in an industry that lacks an established professional educational path and is evolving as quickly as it is? Clearly, by setting industry standards for professionalism and proficiency for the acquiring industry. There are a few associations, companies, groups like Electronic Transaction AssociationWeb ShieldMerchant Acquirer’s Committee that through programs, trainings, book releases, events, and many more are trying to offer new market players the tools to understand the risks associated with financial services.

We cannot but agree with Jason Oxman, CEO, Electronic Transactions Association who says “Through the ETA Certified Payments Professional program, as well as ETA’s new Self-Regulation Program, we are raising the level of education and professionalism in the payments industry, and events like RiskConnect help us increase awareness of the importance of global partnerships.”

We want to take this opportunity to thank the Web Shield team for inviting us for the RiskConnect event and conclude by adding Christian’s Chmiel, CEO&Founder Web Shield remark: “In the fight against fraud, education and collaboration are at least as important as technology”.

Original Source: https://www.thepaypers.com/expert-opinion/riskconnect-2018-the-anatomy-of-a-good-risk-management-strategy/776286