Regardless of the country, the regulatory risk and compliance agenda is always playing catch-up with innovation and technology. As a result, early PayTech adopters need to pivot and re-evaluate their business models. In many cases, it also means keeping a large portion of potential adopters (mainly heavily regulated entities) on the sideline, taking a “wait-and-see” approach. This is often the case with BNPL, which are digital installment lending services, with different regions at different stages of maturity, from Australia (mature) to the EU (newly regulated) to the US (early stage).
Australia leads the way in regulating the BNPL market, with regulations that require players to conduct affordability checks before offering credit, allowing for a 14-day cooling-off period to customers to cancel agreements. Moreover, players must disclose all fees and charges associated with their services up front, along with late fees. The UK is in the final stages of consultation to introduce similar measures, several years after product introduction.
In 2021, the European Commission issued a proposal for a revised Consumer Credit Directive. It seeks to promote financial education and debt advice, while mandating stricter rules for assessing customer credit worthiness. Separately, the UK is proposing to extend the scope of regulation to capture BNPL firms that are not regulated, and the Financial Conduct Authority has warned BNPL firms about misleading advertisements.
Across the US, BNPL providers are subject to state-level regulation and must comply with Truth in Lending Act (TILA) disclosures. In 2022, the Consumer Financial Protection Bureau issued a report1 indicating that it plans to increase regulation of the BNPL industry. The report also found that BNPL customers may encounter products that do not offer the same protections that are otherwise standard across the consumer financial marketplace, such as cost-of-credit disclosures and a forced opt-in to autopay.
Other examples beyond BNPL include generative artificial intelligence (GenAI) in payments. There is a lot of promise in GenAI use cases — not only in the servicing of payments, but also in the marketing and promotion of payments. Given the newness of GenAI and its accessibility, regulators are taking notice but not action so far. This may create another wait-and-see aspect for regulated payments organizations. Not having a specific compliance playbook for a new product or service such as BNPL or a capability like GenAI can be paralyzing for some institutions and seemingly incents unregulated innovators to seize the opportunity to develop the market. However, there are ways to navigate this evolving risk and compliance landscape. Visionary leaders committed to innovation in payments, particularly in the consumer space, take four steps that make them particularly adept to navigating uncharted territory:
1) Designate a risk and compliance innovation team
Form a small team that is purely focused on new products and innovation in payments. This team should consistently evaluate new partnerships and capabilities, be deeply knowledgeable about payments as a domain, have consistent dialogue with regulators on innovation topics, and constantly evaluate lessons from other countries to incorporate them into a payments risk and compliance framework. This team should also be part of the journey from the beginning, continually evaluating performance from the launch through every change along the way. Additionally, in the UK we see these teams work with regulators and government to help shape the future of the payments landscape.
2) Instill a risk management-by-design mentality
Develop a fresh and customer-centric approach that embeds risk intelligence deeply into a range of critical interactions across the customer journey, rather than orienting around traditional risk management processes. This means breaking down the customer journey, identifying risks, installing controls across each part of the journey and evaluating risk acceptance on a continual basis to determine if additional controls need to be implemented.
3) Apply key risk principles to new innovations even without firm guidance
A good example of this would be applying anti-money laundering (AML) concepts in digital payments and investing in areas where recipient information is scored and shared. PayTechs can also go deep and focus on how to automate third-party risk management capabilities when embarking on embedded payments and ecosystem partnerships, anticipate fraud and cyber events and apply principles of fairness on fees. Even without exact written rules for new products, tried and tested principles from established regulatory frameworks can be excellent guides for innovation.
4) Prepare for the inevitable pivot
As the regulatory landscape changes and catches up to innovation, PayTechs need to be designed for flexibility. That preparation involves the ability to pivot terms and conditions, experiences, disclosures, business models and data to fit a new regulatory environment. The technology platform needs to be flexible enough to accommodate new guidance and more stringent expectations as the landscape matures. Smart, early adopters expect change and build that flexibility into their business model.