Risks lurk in fintech sector

Wirecard’s collapse raises questions about the future growth of the financial technology sector.

Do no harm—the pre-paid card

If you’re in search of financial products that harm consumers, you don’t have far to look. From leveraged spread betting platforms, to ETFs that automatically self-destruct over time, to cryptocurrency scams and ruinous payday loans, there’s a long list of candidates.

With a pre-paid card, consumers are at little risk

But sometimes beneficial financial products really do appear. Pre-paid debit cards are an obvious example.

With a pre-paid card, consumers are at little risk of hurting themselves. The cards incentivise financial responsibility: you can only spend the money you’ve loaded onto the card, meaning there’s no concern about accruing a large debt at high interest rates.

You can pay seamlessly and quickly, using tap and go. You no longer need to handle cash, an increasing benefit in the post-Covid era. And with the pre-paid cards that are designed for foreign travel, you can improve on the rip-off foreign exchange rates typically charged by banks.

Yet at the end of June, in a knock-on effect of the Wirecard fraud, some pre-paid cards showed an unexpected vulnerability: the cards stopped working and their users lost access to the money they had saved.

The funds freeze, imposed by the UK financial regulator in an attempt to protect consumers’ interests during a potentially complex corporate insolvency, hit pre-paid card users from across the spectrum.

The cryptocurrency rich, freelance programmers, low-paid benefit recipients and owners of small businesses all suddenly found themselves unable to spend their own money.

Although the affected funds were soon unfrozen by the regulator, the episode has created nervousness about the safety of virtual currency held on cards. It has also raised broader questions about the prospects for financial technology, a key area of global economic competition.

Meanwhile, financial regulators seem caught between two stools: promoting innovation and competition and clamping down on risk.

Cards from Newcastle

To understand why a temporary freeze on a hitherto obscure Wirecard subsidiary had such a dramatic knock-on effect on some debit card users, it’s necessary to go back two decades.

The first electronic money (‘e-money’) directive was issued by the European Union in 2000, with the objective of providing a ‘technology-neutral legal framework’ for virtual currency.

E-money was defined broadly and included digital coins, pre-paid online accounts and pre-paid cards.

But there were competitive barriers stopping those wanting to join the e-money boom.

“In those days, to be a member of Visa or Mastercard you had to be a bank,” David Parker, a payments expert and director of Polymath Consulting, told New Money Review.

“And none of the banks wanted to issue pre-paid debit cards,” he said.

At the time, British banks were raking in money from the lucrative issuance of credit cards with inbuilt payment protection insurance, a mis-selling scandal that cost them up to £50bn in fines and compensation a decade later.

In 2005 a firm called Cashplus found a way to upset the cosy club of bank credit card issuers.

It managed to create the UK’s first pre-paid card by using a third party with a banking licence to gain access to the Mastercard system.

“Payment cards are the first step towards making cash obsolete,” the Independent’s David Prosser wrote, perceptively, at the time.

“Our first target is the customer who has been disenfranchised by the financial community,” Rich Wagner, chief executive of Cashplus, said in 2005, a decade before cryptocurrency promoters took up the same theme.

Sponsoring access to banks

Cashplus’s innovation was to find a ‘sponsor’ to play the role of accessing the banking (and hence the payment card) system.

This intermediary provided the first six digits—called a bank identification number or ‘BIN’—of a sixteen-digit credit or debit card number.

BIN number on a Cashplus card

The ‘BIN sponsor’ model proved wildly popular. Soon a financial institution in the north-east of England had become the issuing bank for over 150 new card schemes, branded in the names of a variety of market entrants like Cashplus.

“We are the leading pre-paid cards provider in the UK and Europe,” Newcastle Building Society boasted in its 2008 report and accounts.

But, like other banks and building societies, Newcastle was soon caught up in the financial crisis and had to raise cash.

In 2011 Newcastle Building Society sold its pre-paid cards operation to an upcoming ‘international provider of products and services for electronic payments’—Wirecard Card Solutions Limited, a subsidiary of Munich-based Wirecard AG.

Hard to replace

Though Visa and Mastercard soon changed their scheme membership rules to broaden access to e-money and other fintechs, the concept of an intermediary to gain access to the banking system lives on.

Some large fintech firms have passed through the stage of using a third party to access the major card schemes: in 2018 both Revolut and Monzo gave up Wirecard as the issuer of their in-house cards. For Monzo, the move went hand-in-hand with a regulatory upgrade from e-money issuer to full banking status.

According to Polymath Consulting’s Parker, BIN sponsorship still makes sense for a large number of e-money issuers.

“We are increasingly seeing people use a BIN sponsor even when they have their own e-money licence,” Parker told New Money Review.

“Why? Keeping the BIN sponsor makes sense for a number of reasons. First, the card schemes have collateral requirements. Second, the schemes fine people quickly when they get things wrong. Third, Mastercard, for example, publishes up to 30 updates a month for scheme members. Who’s going to sit and read them?”

But the Wirecard Card Solutions freeze showed an unexpected dependency in the pre-paid card market, suggests Parker.

“There aren’t that many BIN sponsors out there. And most sponsorship contracts are for 3-5 years,” he told New Money Review. “It’s not easy to move away.”

Safeguarding nerves

As the UK’s Financial Conduct Authority (FCA) gave permission on 29 June for Wirecard’s Newcastle subsidiary to resume its activities, concerns over potential weak points in pre-paid card schemes’ infrastructure may seem overblown.

But the FCA’s green light came with a little-noticed condition: the regulator specified that Wirecard must “take all necessary steps to ensure that all other monies held in banks by it overseas are transferred to accounts held at credit institutions authorised by the Prudential Regulation Authority (PRA) in the United Kingdom”.

Customer funds held by e-money and payment services firms are supposed to be ‘safeguarded’—held separately from the firms’ own assets. The UK regulator’s own safeguarding rules specify that any European Economic Area bank can hold those customer funds.

“Our primary objective is to protect the interests and money of consumers”

So why did the FCA feel the need to tell Wirecard to transfer the money back to the UK? The regulator did not respond to a request for clarification.

However, when freezing Wirecard’s UK activities the FCA hinted at concerns that customer money could be siphoned off to Germany to meet a cash shortfall at the now-insolvent parent company.

“On 26 June, we took additional measures to require the firm to cease all regulated activities in order to further protect customer money,” the FCA said.

“This now means customer money cannot be accessed. Our primary objective is to protect the interests and money of consumers who use Wirecard.”

Client money missing

In past financial company insolvencies, such as Lehman and MF Global, the failing firms were found to have failed to comply with the rules on keeping clients’ funds separate from those of other creditors.

And differences in national insolvency rules have also complicated past attempts to recover client money.

In the case of Lehman, administrators for the investment bank’s European operations questioned why $8bn had been transferred to New York from London just before the bank collapsed.

“The sums of money claimed by [Lehman UK] investment bank’s clients were vastly greater than the sums segregated by Lehman as client money,” said accountancy firm Deloitte.

While Lehman’s UK clients eventually received all their cash back, those caught up in the collapse had to wait: the administration of the failed investment bank took eleven years to complete.

FCA’s new safeguarding rules

Last week the FCA released new guidance on how e-money and payment services firms should safeguard customer funds.

Under the new rules, the FCA said, e-money and payment firms will have to undertake a number of extra steps to ensure that customer funds are kept separate from those of the service provider.

In particular, the FCA said, firms should be able to identify what relevant client funds the firm holds, ‘at any time and without delay’.

Payment firms’ accounting records should enable a third party, such as an insolvency practitioner, to distinguish clients’ funds from the firms’ own money, and the funds of one customer from those of another, the FCA said.

And payment and e-money firms should also obtain written assurance from the banks holding safeguarding client funds that those banks have no interest in or access to funds held in the customer account, the regulator said.

A nascent legal regime

According to Jonathan Herbst, global head of financial services at law firm Norton Rose Fulbright, the legal framework for e-money firms’ customer funds is still being worked out.

In a webinar held earlier this week, Herbst contrasted the safeguarding rules for e-money with the rules governing client money at traditional investment firms, which are known as the ‘CASS rules’.

“The safeguarding regime for e-money is somewhat similar to the CASS regime for client money but it’s far less developed,” Herbst said.

New Money Review asked Herbst to comment on the FCA’s decision to require Wirecard to repatriate pre-paid card customers’ funds to UK banks.

“I suspect it is just a quest for safety in sensitive circumstances given the situation,” Herbst said.

No single safeguarding model

Complying with the FCA’s new guidance for customer fund safeguarding may come as a challenge for many fintech firms.

According to Martin Threakall, interim chief product officer at Modulr, a London e-money firm, there is a wide variety of safeguarding practices across the sector.

“Whether or not customer money flows directly into and out of a safeguarded account depends on an individual firm’s supply stack,” Threakall told New Money Review.

“For example, it depends on how the firm accesses the payment schemes it’s using,” said Threakall.

“If it is using card acquiring services, how does it receive funds from the card acquirer? If it’s issuing cards, how does it settle transactions with Visa and Mastercard—via a direct membership of a card scheme or using an intermediary? And it depends on how the firm is interacting with systems like faster payments and BACS,” Threakall said, referring to two of the UK’s wholesale payment infrastructures.

According to one of the pre-paid card firms caught up in the funds freeze, Wirecard’s UK subsidiary did not allow it to identify all the accounts where its customers’ funds were held.

“We only had partial visibility into the safeguarding accounts: we knew that the account into which Anna Money’s clients’ funds arrived was with Barclays, but we didn’t know about the rest,” Boris Dyakonov, co-founder of Anna Money, told New Money Review.

Risks of killing fintech

Tony Craddock, director general of fintech trade body the Emerging Payments Association, warned of wider repercussions from the FCA’s Wirecard intervention.

“The FCA undertook an extraordinary and unprecedented act in asking for the funds in safeguarded accounts to be put into a PRA-registered UK-based bank account,” Craddock told New Money Review.

“If this were to become normal, the range of options available to fintechs across Europe would become limited in a way that’s unhealthy. It would also set a precedent for other countries to behave in the same way. If everybody pulls up the ladder, the market fails,” Craddock said.

According to the trade body chief, the events of the last few weeks have come as a shock.

“What Wirecard has done is raise fears that there’s risk in this sector,” Craddock said.

“I just spoke to a chief executive of a money remittance firm whose BIN sponsor banks with Lloyds,” he went on.

“Yesterday they got a letter saying, ‘We are no longer banking you and we want you to stop all transaction processing now’. That’s abuse of market power, bullying, fearmongering and it’s altogether wrong,” Craddock said.

“If you overregulate this sector, you will kill it,” Craddock said.

According to Modulr Finance’s Threakall, there’s huge uncertainty about where the dividing line lies between legal and illegal activity.

“If an e-money firm ends up dealing with a criminal or terrorist, the anti-money-laundering regulations make it clear that the e-money firm is on the hook,” he told New Money Review.

“But it’s a grey area whether a bank providing clearing services to that e-money firm is off the hook, even though the end customer is not the bank’s own customer.”

The risk for banks in getting it wrong is obvious. In recent years, they have been fined billions for stepping on the wrong side of the rules.

It’s two decades since new European regulations were put to good effect. The new e-money framework helped launch a two-decade long financial technology boom across the region. Consumers benefited from safer, good-value new products like pre-paid cards.

But recent market events hint at lurking risks in the fintech sector. For policymakers, striking a balance between innovation and consumer protection will be harder than ever.

Sign up here for our monthly newsletter

Click here for a full list of episodes of the New Money Review podcast: the future of money in 30 minutes


Comments are closed.