Many companies whose business model involves handling payments assume that ensuring regulatory compliance is something they must do themselves. When, sooner or later, they find out just how complex and expensive that is, however, many start looking for alternatives.
If your company falls under this category, it’s probably not big enough to justify having a separate compliance department.. You may lack the in-house capacity for that, as performing all the mandatory procedures efficiently will inevitably require hiring new staff and providing specialised training. After all, as compliance doesn’t end at onboarding or KYC, you’d be looking at hiring, training and retaining 6-10 people
The problem is further complicated by the fact that few payment or financial service providers are willing to do compliance on behalf of their clients. Left to fend for themselves, online businesses have to juggle several contractors (one for payments, one for KYC, one for Transaction Monitoring, and so on). But does it have to be that way?
Luckily, there’s now a better option available for you – one that’s becoming increasingly popular with online businesses around the world. Partnering with a full-scope financial services providers that offers Compliance as a Service. Before we proceed, though, let’s first take a brief look at what compliance entails and what makes it such a thorny subject for many.
Regulatory compliance and its discontents
The key pain points when it comes to compliance are the strict PSD2 requirements, and the complicated AML/KYC procedures. There’s also ongoing due diligence, merchant onboarding, and a number of additional functions that add to the overall burden put on business.
As you may know, the revised, second version of the Payment Service Directive (PSD) came into force back in 2017. Its aim was to reduce the incidence of financial crime by, among other things, removing the so-called “commercial agent exemption”. The latter allowed marketplaces and other businesses avoid the requirement of becoming licensed payment service providers (PSPs).
Since the inception of the PSD2, however, businesses acting as financial intermediaries between buyers and sellers have had three options for securing compliance. They could apply for an exemption, seek to obtain a license from a central bank, or deflect the regulatory obligations onto a third party, such as a PSP license-holder.
The first option is only viable for small companies – those dealing with a narrow range of goods and services, or with a limited number of people. There are, furthermore, exemptions applicable to payment instruments valid only within a national territory, and those based on transaction value, neither of which is particularly helpful to financial (or finance-adjacent) businesses.
The second option, on the other hand, is only feasible to large companies – those able to handle the long and complex process of applying for a PSP license. This process is very demanding and can take anywhere between 6 months and several years to complete.
Incidentally, the first and second options are further complicated by the Directive’s jurisdiction-specific application. Different EU Member States interpret the PSD2 in divergent ways, making it difficult for companies to figure out what they’re expected to do and how their business will fare abroad.
The third option is the most business-friendly and hassle-free because it allows fintechs, platforms, and other financial market players to conserve resources and attention given to their clients and set growth or performance goals.
AML/KYC – the second prong of compliance – is, unfortunately, no less of a hurdle. This is because it requires collecting large amounts of data and using it for the purposes of identification, figuring out the applicability of international sanctions, providing intelligence on entities suspected of criminal activities, and more.
If you don’t have a staff experienced in these matters or can’t spare the necessary time, AML/KYC may quickly become a drain on resources and a serious growth impediment.
The one-stop-shop approach to compliance
As we’ve mentioned in the last section, companies now have a third option for covering their compliance requirements. That option is outsourcing.
Some businesses pursue it by handing over different procedures to different companies. There is nothing inherently wrong with this approach. However, it often comes with a high price tag and sub-par results, which are due to issues arising when multiple providers take on overlapping responsibilities.
The other approach is contracting all of a company’s regulatory compliance needs out to a single PSP that offers Compliance as a Service (CaaS). Such providers typically have the experience, resources, know-how, and tools necessary for a one-stop-shop compliance service.
By outsourcing in this way, companies save both time and money, which allows them to focus on growing their business. In addition, they no longer need to deal with lengthy and complicated procedures, and to stay up-to-date on the ever-changing global regulatory landscape.
We at ConnectPay believe that the burden of compliance should be ultimately borne by the license-holder – not the company using its financial services. For this reason, we offer CaaS as an integral part of all our products.