Understanding and Managing the Risks of Moving Money, Part 2 | Episode 4

Updated on April 14, 2021

In the fourth episode of PayFAQ: The Embedded Payments Podcast brought to you by Payrix, Host Bob Butler interviews Billi Jo Wright, Chief Risk and Compliance Officer of Payrix. This conversation is the second part of a two-part series on understanding and managing the risk of moving money.

Billi Jo Wright has been in payments for over 25 years. She spent her first 10 years on the issuing side and moved over to the acquiring side of the business with stops at Worldpay, MerchantE and Elavon over the past 15 years.

In the market, there’s this perception that B2B vertical payments aren’t risky. Billi Jo argues that while it may be a little less risky, you still have to meet the risk and compliance expectations of your acquirer. As a payment facilitator, you are responsible for the many facets of payments and must have a strong risk and compliance program in place.

Billi Jo walks through the three business models for embedded payments (referral, payment facilitator, and payfac as a service) from a risk and compliance perspective, and wraps up the episode talking about the regulations you must abide by as a payments company. These regulations are constantly changing, adding complexity to maintaining a strong risk and compliance program.

The good news is: there are technology companies out there like Payrix that can help manage those risks for you. Get in touch with us today.

  • Transcript

    Bob Butler:

    Hi everyone. Welcome to the PayFAQ Embedded Payments podcast brought to you by Payrix. I’m your host, Bob Butler and today we’re continuing our conversation with Billi Jo Wright, the Chief Risk Officer here at Payrix about understanding and managing the risks of moving money.

    When people think about the PayFac® experience, what they’re thinking about is that instant, seamless onboarding experience, and they just want it to happen. And I know that from your standpoint, it’s probably a tough needle to thread and for somebody just jumping into payments or payment facilitation for the first time, it can be, it can be daunting. You and I have spoken about this. We’ve heard some of our competitors say vertical payments isn’t risky. And so I’d love to get your thoughts on that.

    Billi Jo Wright:

    I mean, I think there’s definitely the benefit of knowing your vertical and knowing what your customer profile looks like. And so, I think when people talk about, “oh, vertical payments isn’t risky,” I think that’s what comes to mind, but it doesn’t mean that you still don’t have all the risks and compliance expectations from your acquirers. It doesn’t mean that you can’t still have fraud that occurs within your own portfolio. And it doesn’t mean that you don’t have merchants that don’t go out of business. And so there’s still this expectation that you have to do the proper underwriting. You have to do the proper monitoring on the backend, so that ultimately you know what’s going on with your portfolio, what is the health of your portfolio? And that’s where having technology can really be an advantage because you’re, able to obtain that frictionless experience that customers are really expecting, but you, and if you design your platform or your technology correctly, you can focus on the lower risk and drive automation through those types of customers. And then when you start to see risks come into your portfolio, that’s where you can have your resources really pay attention to those, those sections of your vertical. I do tend to agree that if you are in a specific vertical, that it does, it could be less risky, but it doesn’t mean that you can still kind of forego what you need from a strong risk and compliance program.

    Bob Butler:

    Talk about compliance. And so what is compliance? I mean, it seems obvious, but from a payments perspective, what does a payments company need to do to be compliant and compliant with what?

    Billi Jo Wright:

    So, driving compliance means that you have a risk and compliance program that really it incorporates a gamut of things, right? So policies and procedures. And when I talk about policies and procedures, that’s from your underwriting policies, and we spent a little bit of time talking about what that means, but that also needs to incorporate sanctioned screening and what, when you do it and how you do it, your KYC, or Know Your Customer elements of your policies, anti-money laundering. When you’re a payments company, you are moving money and therefore you could potentially be a victim of anti-money laundering, which is a little bit harder to detect than fraud, which is why you have to have sound transaction monitoring so that you can identify that unusual activity, all the way down to what type of AML training do you supply to your entire organization?

    And are you as an organization prepared to do suspicious activity reporting. There’s a number of things that you need to think about from a payments perspective to have a compliant risk and compliance program. And then I would say ultimately it comes down to resources. And I’ve mentioned this a couple of times, because I think from a payments perspective, that part may get overlooked from time to time, is the resources available to be able to drive that level of compliance, and generally speaking, like compliant with what? I mean there’s requirements from your regulators, sponsor banks, card networks, they all have an expectation. They all have requirements that they pass down to payment facilitators regarding all of the things that I’ve just mentioned. And sometimes they have varying levels of what compliance means, which ultimately can contribute to the complexity of payments in general.

    Bob Butler:

    Wow I mean, it really is not for the faint at heart sometimes when you really think about it. And I know there’s a couple of different business models out there, and we’ve talked about them on some other shows and really the models that software companies can use to integrate payments into their technology or their solution. There’s the referral model, the hybrid model or PayFac-as-a-service and becoming a payment facilitator, which we’ve just walked through a lot of the issues that you need when you are running your own payment facilitation company, but can you walk us through the risk and compliance for each of those three types of models?

    Billi Jo Wright:

    Yeah, I mean, referral is probably the most traditional business model that I can think of. It’s probably the less risky for a software company because essentially it’s a model where that company may identify a customer that needs to add payments to their business. And then from there a payments processor, once that software company sends the referral over to a payments partner, they take over from there and they own the acquisition of the sale. They own the underwriting of that particular merchant. And then in most cases, they service the customer as well. So they basically own that entire customer experience, but they don’t own the risk. And some of the downside to that is that they don’t control the customer experience. And then, you know, that financial benefit isn’t always the same because they’re in that referral model. Being a PayFac®, it truly allows the software company to really own the customer experience and it also provides a better financial benefit, but it’s also the riskiest of the three, as we kind of already talked about and PayFacs®, really bear the responsibility and own the risk in this model completely.

    So, the process to get approved for a PayFac® license, like can be quite burdensome and it can take anywhere from 6 to 12 months to gain approval. It also requires a significant investment from a resource from platform like technology standpoint, and then just time, right? The number of resources that will be involved in getting a PayFac® kind of up and running. And then you have this, your hybrid PayFac-as-a-service model. And I think it really kind of marries the two other models into one. It provides the benefit of being able to control the frictionless experience, and it allows a software company to monetize the payments part of their business. However, they don’t own the risk in this model. So this really kind of minimizes this from a, like a resource from a technology standpoint, they’re able to leverage the technology of their, of their payments provider. So, it truly kind of provides the benefits, you know, the most benefit from a software company without having to have that burden of being a PayFac®, you know, like a PayFac® like experience.

    Bob Butler:

    You’ve given us a lot to think about Billi Jo, any final thoughts you’d like to leave with the audience?

    Billi Jo Wright:

    Yeah. I mean the regulatory landscape, it continues to change ultimately from a regulator standpoint, their primary kind of focus is protecting consumers. And I would say regulations that they’re going to continue to get more complex. And I think you can see that from what’s going on with each of the states within the US and then starting to kind of implement and consider their own guidelines at the state level. That’s just going to continue to add a level of complexity when it comes to things like data privacy, and even like how you treat victims of fraud, all of those things kind of continue to evolve. And then you add in kind of that customer expectation where it’s provide less information and do it faster, right? So, it’s like you have this increased regulatory burden with an increased customer expectation as it comes to how you treat them and how you manage risk and what we have today.

    Like what exists today. It’s not going to be the same 12 months from now. So it’s just ensuring that as a company, you’re really focusing on what’s going on in the market, what’s going on from a regulatory standpoint and how does that impact your business? And so the good news is that there’s providers out there today that can really streamline or remove those burdens, right? So when you think about the regulatory landscape, like a good payments strategy should really take those things into consideration and determine ultimately what’s most important for their business. Do they want to focus on the core business or do they want to really kind of encompass that total intake on those challenges as it relates to the risk and compliance?

    Bob Butler:

    Billy Joe, this has been an awesome show and I really want to thank you for joining me today. I really appreciate all your time. Thanks.

    Billi Jo Wright:

    It’s great catching up.

    Bob Butler:

    Absolutely. Here at Payrix, we want to be a trusted resource for software providers who are out there trying to make sense of Embedded Payments. And we want to help you get the education you need to make the business decisions that your customers and key stakeholders will thank you for. This is Bob Butler, and this has been the PayFAQ Embedded Payments podcast brought to you by Payrix.

Payment experiences designed for your software

Unleash powerful Embedded Payments technology that delivers on a better experience.