Onboarding and its Challenges

Onboarding and its Challenges

Onboarding is already a complex, competitive and ever-evolving process: but is about to become `THE CHALLENGE’ over the next year. But why? And how can we be sure?

We will discuss here:

  1. Some of the current regulatory changes and why these are such a great thing for those of us with onboarding functions
  2. How in the coming year or two, these changes will have a major impact upon onboarding functions, and
  3. What we should look-out for and what we can start doing.

We are having to make major changes to our businesses and more will be needed as further legislation continues to ‘hit-us’. But it is mostly GOOD regulation. We are entering a period now of high-disruption and high-regulation – see below for a UK market example.

The graphic below indicates the balance between disruption in the financial services environment and all of its stakeholders. It is the view of UK Finance[1], the UK Banking industry trade association, and their thoughts on ‘the future of payments and banking’.

Kevin Smith - Risk Review Specialist
Kevin Smith

For all of us, it would appear that we are accelerating into a period of both high national and international regulation as well as high market disruption through new entrants and competition, innovation, data availability and enabling technologies. This is a good thing because it means that the marketplace will evolve in a controlled way and we should rather want to be in such a marketplace than the others shown above. But it is worthy to note that this high regulation is in the main a very good thing because:

  • The legislation is positive rather than punishing – it clarifies who does what, where, how and why,
  • It prevents abuse and misuse of the global payments infrastructure and any ‘more localised’ deployment,
  • It supports consumers and their needs – protecting end-users of the payment system,
  • It encourages further innovation and market development,
  • It is designed to support competition and to challenge the status-quo in the markets.


PSD2 is very prominent because of Strong Customer Authentication (SCA) implementation and enforcement at the moment, BUT PSD2 and broader European financial services regulation have also given us Open Banking and push as well as pull payments with the opening-up of banks to new payment organisations such as PISPs[2] and AISPs[3] and their new regulatory registration category.

GDPR was seen as a surprise to many and a headache to most last year, but it really is ‘the best thing that has happened to information management’.  It leads to a greater understanding of our data, our data needs and it requires us to ‘do our jobs’. It reminds us that it is not necessarily our data and that we need to justify why we process the data in the way we do. It enables us to deploy better practices, develop new products and services and to use information sources better to help us know our customers. In turn, GDPR has helped us refocus on the importance of Information Security Management Systems (ISMS) and further this year to comply with ISO 27001 and now additionally with ISO 27701 (a current urgency).

The current and ongoing UK Government-initiated evaluation (and similarly across the EU) of the operations and activities of company registers, highlight the concerns that Governments themselves must also continue to improve the data available and to deliver access to reliable, trusted data.

Money Laundering regulatory changes globally are also now creeping up upon us – but we will say no more about these challenges here as they envelop us.

In the UK, the Payment Systems Regulator (PSR) was established three years ago and is in the process of overhauling the payments regulation with the drive towards more innovation, inclusion and competition. It is now part-way through a deep review of the merchant acquiring marketplace and practices, the economics and the profitability of the big players and other stakeholders. We can expect the PSR to make rulings that will again focus us upon applying greater transparency, and in creating competition and innovation in payments.

Bill Trueman - Risk Review Specialist
Bill Trueman

Key to a lot of regulation in this area is making access to services easier, simpler and faster; removing barriers to entry and services more innovative. So, we can expect this review and further disruption to include regulation mandates (especially the UK PSR requirements due to be published in Q1 2020) around:

  • More shared data across the industry,
  • Faster onboarding – with increased focus on both initial and ongoing merchant underwriting,
  • Mandated acquirer ‘account switching’ service (i.e. to be able to change acquiring partners with greater ease),
  • Data sharing to facilitate this,
  • Easier, faster and more accurate due diligence,
  • Mandating innovation and competition in favour of smaller, newer, innovative technologies,
  • Greater transparency in the application of merchant contracts, operational support, and providing ‘value-add’ services to manage merchant and systems risks.

Accordingly, the challenges for acquirers, and their trusted processing partners, over this coming year (2020) will see a need for us to become smarter, faster, much more automated, more innovative and accommodating to new technologies and solutions in an ever-evolving and faster way. Those who do this quickly and efficiently will survive, those who do not or cannot: will struggle and start to suffer.

Merchant onboarding has often been a ‘race to the bottom’ and must now start to become a ‘technology race’. The challenge will be to stop giving ‘lip-service to innovation’ and to now adopt and meet the onboarding challenges to:

  • Automate (and cleverly) the sanctions / PEPs screening functions,
  • Make greater use of bureaux data for businesses,
  • Make use of stronger and better technology to use the many existing and newer data for merchants, individuals, web-presence, payment solutions, etc.,
  • Secure timely access to critical data across multiple jurisdictions,
  • Gather more data from the web and other trusted sources about businesses, business performance, their people and their customers,
  • Understand businesses better, and bringing compliance and business due diligence into the sales team and other front office rather than seeing it as a ‘back-office function’ only; and the responsibility of risk, credit and compliance teams alone.
  • Develop stronger credit risk skills, risk management understanding and exposure measurement and management both at underwriting and at every stage or significant change in the merchant life-cycle.

We are certainly entering a period where onboarding WILL become even more important and more competitive and the biggest challenges will be for acquirers and their partners to focus upon and to ‘up-their-game’ to compete and innovate in their application of risk management in general, but in particular in their onboarding.

The current Regulatory changes and impositions are a very good thing and will be the catalyst for further innovation, disruption and change in our industry today – and also for the industry that we will evolve over the next few years and into whatever form it may morph into!

Bill Trueman and Kevin Smith work as Riskskill.com to help businesses in the payment sector perform better, whether in complying with regulation, doing more business, challenging partners and/or helping to put things right when they go wrong and if/when regulators, card-schemes and other parties start to challenge what our clients are doing. They are industry commentators and also help companies in the industry establish direction, strategy and new ways of doing things.

[1] UK Finance https://www.ukfinance.org.uk

[2] Payment Initiation Service Provider

[3] Account Information Services Provider