A summary of the recent panel on compliance protocols at GMTS

Winging my way home across the Atlantic after a successful and informative session is the perfect time to share some thoughts on the recent payments and remittance conference I attended.

The International Association of Money Transfer Networks (IAMTN) held its annual Global Money Transfer Summit (GMTS) in London last week. Among the many topics presented and discussed in front of an audience of international company executives was the touchy topic of regulatory compliance.

I had the privilege of moderating a session on regulations in the UK, Europe and the US. On the stage were representatives from the US Treasury, the Financial Conduct Authority (FCA)—the UK governing regulatory body—and a knowledgeable expert on compliance issues in the UK and the Eurozone. Between the opening comments/presentations from these impressive individuals and their responses to the questions that followed, the panel imparted valuable insight about the current and future picture of regulatory compliance impacting our industry

We know that all industries have their acronyms and shorthand descriptions; the global payments business is no exception. At times any conversation about our industry feels like diving into a bowl of alphabet soup: EU, EEA, MTL, MTO, FCA, PSD, OCC, CPPA, and on and on. I’ll take a moment to tackle the most relevant items pertinent to this topic.

PSD: The original Payment Services Directive established an EU-wide legal framework for payment services. Its main objective has been to increase competition and facilitate market entry for non-bank providers of financial services

PSD2: As an offspring to the original, the objective of this regulation (and its most controversial section) forces banks to openly share their customer data with fintechs and other non-bank service providers. It remains to be seen the level of cooperation that will accrue from this groundbreaking law.

GDPR: The General Data Protection Regimen is a set of broad requirements about the handling of individuals’ personal data in the EU. It affects any entity that offers goods or services to any person residing in the EU. Not only are EU-based companies impacted, but also any US company whose business deals with EU citizens.

CCPA: The US does not have any such privacy law, but we have one state—California—that has passed legislation similar to GDPR and takes effect January 1, 2020. It is unclear if other states will follow.

OCC: The Office of the Comptroller of the Currency is a Federal agency that plans to begin accepting applications from non-fintech firms that would allow them a charter to operate nationally, thus pre-empting the current state by state licensing regimen that has been operating for years.

DLT: Distributed Ledger Technology or Blockchain as its commonly known. For purposes of this paper we’ll talk about its most common manifestation: Crypto currency. For deeper knowledge of DLT, you will need to consult other sources—I am not an expert!

Sandboxes: Obviously, this term is not a jumble of letters, but still quite relevant to the regulatory discussion. Regulators throughout the world, including the UK/Eurozone--but sadly not the US—have established low-risk opportunities for fintech firms to market their offerings on a small scale, in effect to test the customer demand without the large expenditure of time, effort and money required to enter the marketplace. The US is particularly daunting for startup fintechs; although eight nations currently offer programs and several more are under consideration, the US lags behind.

In summary, I left the conference with four key observations comparing the regulatory environment in the US vs. the UK/Eurozone:

1.      GDPR does not exist currently in the US, except for the California law effective in a little more than a year, but US payment firms who operate in Europe are very much affected. They must comply or be cited for violations resulting in fines or censure. We’ll see if the US follows suit via more state legislation.

2.      Passporting is a beautiful concept which has greatly benefited UK and European firms, but still does not exist in the US, with 50 unique jurisdictions. An initiative exists to harmonize state by state regulations (so called “Vision 2020”), but it is unclear if the goal will be attained.

3.      Crypto currency firms operate mostly unregulated in the UK and Europe, whereas approximately 50% of the states require licensure depending on the Digital currency model. No doubt, the EU and UK continue to examine potential controls; likewise, various state legislatures will tackle this in their 2019 sessions

4.      Sandboxes exist in Europe, but sadly only 1 US jurisdiction (Arizona) has enacted this progressive and promising policy. Globally, 7-8 countries have national support with several more under consideration. The US is missing an opportunity to encourage fintech innovation by not moving aggressively.

Each of these items deserve and will receive more analysis from all sides of the discussion. What remains to be seen is to what degree the US might mirror some of the regulatory changes and challenges that exist in the UK and Eurozone over the next 2-3 years. Stay tuned….

{Many thanks to my panelists for their professional insight and to the law firm of Dykema Gossett PLLC for use of presentation segments describing the various terms used in this paper. Further appreciation goes to Mohit Davar, IAMTN Chair and Veronica Studsgaard, IAMTN Founder and CEO for providing the opportunity to moderate}.