In the third episode of PayFAQ: The Embedded Payments Podcast brought to you Payrix, Host Bob Butler interviews Billi Jo Wright, Chief Risk and Compliance Officer of Payrix. This is part one of a two-part series on understanding and managing the risk of moving money.
Billi Jo Wright has been in payments for over 25 years. She first spent 10 years on the issuing side and moved over to the acquiring side of the business with stops at Worldpay, MerchantE and Elavon over the past 15 years.
It is good business for software companies to monetize payments and own the customer experience, but there is a lot of risk associated, which can be very complex. According to Billi Jo, there are at least six categories of risk including underwriting, fraud risk, transactional risk, chargeback risk and then regulatory risk and compliance. As a payments company, you are responsible for every transaction and every merchant that you process payments for.
Billi Jo goes on to provide a brief description of each kind of risk and states that the biggest risk is underwriting risk – where there are a lot of regulatory and compliance requirements to assess the overall financial viability of each and every merchant.
Please join us for Episode 4 where Billi Jo Wright continues her discussion of understanding and managing the risk of moving money.
Learn how Payrix can reduce your payments’ risk and take on the regulatory and compliance challenges, by connecting with us today.
-
Transcript
Bob Butler:
Hi everyone. Welcome to the PayFAQ Embedded Payments podcast brought to you by Payrix. I’m your host Bob Butler. And today I’m going to be talking with Billi Jo Wright, the Chief Risk Officer of Payrix about understanding and managing risks of moving money. So hi, Billi Jo. Welcome to the show.
Billi Jo Wright:
Hey Bobby, how are you?
Bob Butler:
I’m doing awesome. It’s great to be on the show with you. You’re one of my favorite people in the payments space. What I think would be helpful for the audience is if you could tell us a little bit about yourself and really the software and payments experience that you bring to Payrix.
Billi Jo Wright:
Sad to say I had actually been in the industry for quite some time now. I can’t believe it’s been over 25 years. I’ve been, I would say almost through the whole life cycle of the payments world. I’ve started my career out on the issuing side with a small little company, First USA Bank, that was later acquired by Chase and then had the benefit of working for a small startup bank called Juniper that later got acquired by Barclay Card. So spent about 10 years on the issuing side. And then over the last 15 years, I’ve really been on the acquiring side of the business and worked for companies like Worldpay, spent a large chunk of my career there, 10 years in a number of different capacities from operations, chargebacks, and then spent a couple of years on the sales side, along with risk, and then spent a couple years at Merchant eSolutions and Elavon.
And even spent some time in a merchant of record and a PayFac®-like company called Two-checkout and having that pretty well-balanced experience has really kind of allowed me to think about it. Think about the advantages, some of the challenges that payments companies may have. And as you mentioned earlier, I’m a Chief Risk Officer for Payrix today and ultimately my team and I are really responsible for our risk and compliance program. And our primary focus is driving compliance, protecting the company from financial fraud and regulatory risk. And, but I would also say just as importantly, we’re also responsible for sales enablement. So, which is really primarily served by really a streamlined frictionless experience for our partners customers, because I think ultimately that’s what our partners are looking for when it comes to risk management, whether that would be new account sign-up or processing payments. So, I really try to take my prior experience and apply that to the role that I’m in today and enabling our sales team.
Bob Butler:
Understanding payments is hard and some people even call it complex, especially for our software partners. And one of the areas that I think needs a little more explaining is the area of risk. So, can you explain what risks there are in accepting payments?
Billi Jo Wright:
Yeah, I mean, I would say first of all, payments is pretty complex, right? And when you add in the complexities of risk, I think it can be a little overwhelming for payments companies, especially maybe some of the smaller companies that are out there or even startups that are looking to monetize payments. I think the reality of “we really want to be able to monetize payments and control that customer experience” is a really good thought in general, but when you start to really break down into the layers of what that means, risk is definitely top of mind for me. There’s many different aspects of risks that companies should really consider, but I’ll touch on, I’ll break it down to six different categories and I’ll try to simplify it a bit, but these will be the kind of the areas that I focus on there. There are certainly more, but I’m just going to focus on these main areas and those would be underwriting, fraud risk, transactional risk, chargeback risk, and then you have a regulatory and compliance risk, I kind of put them in the same bucket and then reputational risk.
So, to go into a little more detail, when you think about underwriting risk, that’s really what I believe to be one of the bigger risks that you have when you think about it, because there’s two aspects that you really need to think about. For me I think it’s where your biggest risk occurs. Meaning like if you don’t have sound business practices in place, you can really expose your company and you know, whether that’s from a credit, a fraud or regulatory and risk perspective. And then on the flip side, you can really kind of play, say a burdensome process on your organization or your customers, if you’re overdoing your underwriting and your due diligence. What companies really need to keep in mind when it comes to underwriting is that as a payment facilitator, they are responsible for all the sub-merchants that they board on their portfolio.
It’s no longer just about whether or not a customer can pay for licensing fees. At this point, you really are responsible for is your customer, who they say they are. Do they have a bonafide business? Do they pose a financial risk? Whether that risk would be because the company itself has fraud, you know, are they financially viable to kind of support the business model that they’re in. So, in other words, do you know your customer. And then your bank sponsors and acquirers, they pass requirements to you as a PayFac® to ensure that you know who your customers are and that you’re able to conduct the proper KYC checks, whether or not you have anti-money laundering, OFAC, sanction screening, and then also conduct financial assessments. So, all of these things you do in the underwriting process, and then at the same time, you have customers that have this expectation that you can do this in a frictionless automated, fairly quick process. So, you have to balance being able to conduct those due diligence requirements and do it in a manner that creates very little friction to your customers.
Bob Butler:
So, you need to have the technology to be able to provide those kinds of frictionless type services?
Billi Jo Wright:
Exactly, exactly. So, it’s, I always say it’s your systems. And do you have resources available that can help drive that automation when it comes to your systemic solutions? And do you have sound business practices in place to help manage that? So that’s from an underwriting perspective. And if you think about that piece of it, that kind of ties into your fraud risk, right? There’s multiple stages through the life cycle of a merchant account that kind of present fraud risk. Generally, you have identity theft that tends to kind of rear and expose itself pretty early in the process. I mean, typically when you have identity theft, merchants will onboard into your platform and then they usually hit you pretty hard and fast, but that damage can add up pretty quickly. And then you have like dormant accounts that may be on your portfolio for a period of time.
They may even transact a little bit to act like a good merchant, and then they suddenly bust out and they start processing large amounts of transactions. That’s another type of fraud. And then you have what I consider to be good merchant fraud, where you do have a legitimate merchant on your books, but they are themselves a victim of fraud. And they’re just unable, they’re not financially viable to handle that fraud. And ultimately that comes down to the fact that as a payment facilitator, you’re responsible, regardless of whether the merchant itself is fraud or the merchant has been a victim of fraud. If they can’t sustain that type of fraud, then ultimately you’re responsible, which really kind of brings me to the next risk, which is transactional risk. Essentially, every transaction that you process on your platform, there is an expectation that you were reviewing it for credit fraud, anti-money laundering and reputational risks.
It’s not necessarily as bad as it seems because you can take a risk-based approach when it comes to transaction monitoring, but you really do have to have those sophisticated systems in place to ensure that you’re able to identify suspicious activity or unusual activity as it’s coming through your platform. You know, and this is really why it’s important that you know your customers, again, that you have a knowledgeable staff that can kind of implement those rules and decisions to be able to monitor that type of activity. I want to touch a little bit more on the credit kind of piece of the transactional risk. You know, I mentioned that there’s credit, there’s fraud, there’s anti-money laundering, there’s reputational, but from a credit perspective, I think this is a piece that maybe that companies miss sometimes in the fact that, and I touched on a little bit, but essentially as you are processing transactions, you’re ultimately responsible for them as they come through your platform, right?
And in most cases, when you’re settling a transaction, you’re settling that transaction with the anticipation that goods and services will be provided later. And that is essentially a line of credit. So, you know, the further out your future services are goods are delivered that really increases the risk. And so, when you’re underwriting a customer, you really need to understand whether or not they have any advance payments in their platform. If a merchant goes out of business and is unable to deliver those goods or services, as a payment facilitator you’re responsible for those transactions. So, understanding that business model understanding whether or not they’re taking advance payments is part of that underwriting process. But even more importantly, you have to do that at the transaction monitoring process to understand whether or not there’s any kind of signs of vulnerability in their business. So that’s increased processing volume or decreased processing volume, a spike in chargebacks, a sudden deviations from their processing. These are all things you should really be monitoring for at the transaction level to help identify any kind of problems or symptoms of a company that may be in trouble. I know we saw a lot of this this past year with COVID, a sudden chargebacks, or refunds, we definitely saw a lot of that. And so being able to identify that within your process or your systems is pretty important.
Bob Butler:
You talked about these six types of risks, these multiple types of risks, should a software company be more concerned with underwriting versus reputational, or how do you view that from a risk professionals point of view?
Billi Jo Wright:
You know, being in risk, I would say all of them are really important, but I do tend to think about kind of the underwriting piece of it more than anything, because ultimately I think it’s the core of all things related to risk. It’s where a lot of your regulatory and compliance, even though I don’t know, when I traditionally thought about underwriting, I thought it was more credit related, but it’s also about the regulatory and compliance risks that are kind of folded into that, ensuring that you know your customers, those are all things that are being driven by the regulatory bodies. So being able to incorporate all of that into your underwriting process and do it to assess the overall kind of financial viability of a company, it’s a lot to do in a very short period of time. And that’s why I kind of look at that as being probably top of my list. And top of mind when it comes to things that software companies should think about.
Bob Butler:
That was Billy Jo Wright in part one of our two-part series on understanding and managing the risks of moving money. Here at Payrix we want to be a trusted resource for software providers who are out there trying to make sense of Embedded Payments. And we want to help you get the education you need to make the business decisions that your customers and key stakeholders will thank you for. This is Bob Butler, and this has been the PayFAQ Embedded Payments podcast brought to you by Payrix.
