How to turn risk and compliance into opportunity
Risk and compliance officers are becoming integral members of the payments innovation team. Intrapay CRO, Stephen Buechner, explains how perceptions of these functions are changing as enlightened companies recognize the link between customer trust and higher revenue. Payments have to offer everything and anything users are comfortable with. If a new product or channel is created, technology companies need to take a smart approach to making it secure and accessible. Given the sheer pace of change in the payments industry, we have to think about the preferences of the next generation of users and how to use data to make better decisions — not just in terms of risk management but also regulatory compliance. Consumers want secure solutions, but they also want authentication to move away from complicated processes that require them to remember lengthy passwords. In this environment, there is obvious potential for biometrics and other solutions — we can streamline the process and make the whole interface instant, secure and friendly, avoiding passwords and other painful experiences. Single click payments, biometrics and other new processes will allow faster payments and instant payments. According to Mastercard, new EU regulations coming into effect in 2019 will lead to a significant increase in the use of biometric technology to authenticate who is paying. In line with changes in authentication processes, risk assessment is also evolving. The vast quantities of data generated by ecommerce activity can be used to determine a consumer’s credit risk to a far higher degree of accuracy, ensuring consumers are offered products and services appropriate to their needs. Risk and compliance has traditionally been viewed as the part of a company where the answer is always ‘no’. But rather than acting as a brake on innovation, risk management makes it possible to identify and successfully develop new payment solutions. The task for risk and compliance as an enabler is to consider the future needs of customers and ensure that new functionality, channels and/or services are offered in a way that secures both the provider and the user. For example, we are seeing behavioral data being used to make specific products available to individuals based on how they use their mobile device. This will allow the industry to move away from risk card-based decisions. Artificial intelligence is already being used to evaluate risk and will become even more widely used in the future to ensure services are delivered securely for both the customer and the merchant. The influence of artificial intelligence on risk assessment is growing — one in eight consumer business respondents to PwC’s Global Economic Crime and Fraud Survey 2018 said predictive analytics and machine learning were useful for combatting or monitoring fraud and other economic crimes. In the wider financial services space, Oliver Wyman research refers to the use of behavioral data-based models to help better judge which customers intend to repay their loans, thereby identifying potential fraud risk. The reason payment service providers exist is because banks became too big and their IT environment too complicated to quickly offer goods and services to merchants in different currencies and markets. Banks are happy for payment service providers to have this relationship because of the high level of risk attributed to fraud and merchant failure and we have become very effective at managing risk for merchants. Of course, all these trends will be impacted by the approach of regulators, who have to date adopted a relatively light touch approach to ecommerce, which has been a positive development. They have not closed the door on merchants being cross-border, instead facilitating these businesses in reaching beyond their domestic market. It might be controversial to suggest that GDPR has been a positive regulatory change. However, a regulation that limits what firms can use a consumer’s private data for, is a sensible safety net. As Gartner research director Lydia Clougherty Jones puts it, implementing GDPR consent requirements is an opportunity for an organization to acquire flexible rights to use and share data while maximizing business value. We spend a lot of time designing systems to ensure they work within the appropriate regulatory framework but we also have to be aware that customers want different things. Our job as risk and compliance specialists is to ensure that whether the focus is on faster throughput or solutions based on a specific marketplace or geography, innovation is delivered securely.