volume 8 • fall 2015
The expectation
is sometimes that once a policy has been written or a third-party supplier agreement is in place, you’re all set. But compliance is not a tick-box exercise.
—Craig James, Neopay
validation,” Corbine notes. “But many countries don’t have those kinds of databases or information available—which is a challenge for payments companies looking to expand into new global markets.” To help providers meet this chal- lenge, SightSpan developed a Paybefore Award-winning program specifically for prepaid and e- money products, defining KYC and customer identification program (CIP) requirements for the Americas, Europe, Southeast Asia and the Middle East to ensure clients are
in compliance across markets (see sidebar).
Even in countries where well- established data are available, there remains the risk that fraud-
sters can access that data and
use it to open accounts, notes John Dancu, CEO of IDology, a multilayered ID-verification special- ist that also offers an anti-fraud platform to payments companies. When criminals or fraudsters gain access to personal data, such as birth dates and Social Security numbers, they can create what IDology calls a “perfect identity,” and can open an account without raising any red flags.
“With the fraudsters creating per- fect identities from stolen data, you have to go beyond data- matching during account origina- tion,” Dancu says. “You have to go to other steps like location-based factors, device factors and other elements.” The trick, Dancu notes, is providing robust defenses against fraudulent accounts being created, while not making the process too onerous for legitimate customers. “Most customers are legitimate, so you don’t want to make those customers go through a process that’s so unbearable it hinders customer acquisition.”
To help its clients strike that balance, IDology enables them to set their own scoring models for risk and escalate only those cases that are deemed risky to further verification levels with higher friction. “You want to make sure you can increase friction when you need it, but reduce friction when it’s a negative,” says Dancu.
But it’s not just knowing your customer that’s important; you
have to know your partners, too. Holding regulated payments providers responsible for the compliance of their vendors and other partners has been a point
of emphasis by regulators over the past few years. When the NBPCA updated its guidance on AML compliance last year, the industry association stressed the importance of ensuring third-party compliance, recommending that prepaid issuers ensure their partners, including program managers and processors, have adequate BSA/AML compliance programs in place—and continue to monitor those practices on an ongoing basis.
“A financial institution that con- tracts with third-party agents accepts the risks related to the services provided by their agents,” the guidance notes.
This regulatory pressure on pre- paid issuers has trickled down to partners, adds Corbine, whose firm offers third-party oversight support for its issuer and program manager clients. “The banks are increasing their oversight of third parties, as directly requested by regulators,
so it’s important that every entity in the value chain is proactively ensuring their compliance pro- cedures are strong,” she says.
The primacy of third-party compli- ance has led to an increase in the number of program managers and processors themselves seeking outside compliance support to meet their issuers’ and regulators’ expectations, she says.
paybefore.com 115