Cash & Liquidity ManagementPaymentsHow does payment processing work and how is it regulated?

How does payment processing work and how is it regulated?

In the world of payment processing, treasurers and finance managers have benefited significantly from faster, more secure systems that have allowed for leaner and more progressive business processes. However, the waves of regulations in financial markets have led to tighter and stricter procedures.

Payment processes have evolved significantly over the past couple of decades, and with them, the regulations governing them.

In the world of payment processing, treasurers and finance managers have benefited significantly from faster, more secure systems that have allowed for leaner and more progressive business processes. However, the waves of regulations in financial markets have led to tighter and stricter procedures.

The fintech revolution, digitisation of business processes and globalisation have all helped banks and financial firms to address latencies within business payment systems. Concurrently, regulations such as the second payments services directive (PSD2) have built frameworks around which all firms must adjust. The directive, which came into force at the beginning of 2016, aims to make sure that corporate treasuries optimise liquidity, increase visibility, and prevent fraudulent activity.

With the arrival of faster payments, Swift GPI, as well as credit card companies like Visa offering compressive business solutions, its generally accepted that within the next three to five years the entire architecture of the payment processing world will have irrevocably changed. And there’s much more driving the change from the tried and tested bricks and mortar systems towards payments-on-behalf (POBO) and cloud-based systems.


Liquidity and cash

It has only been a quarter of a century since credit cards started to dominate public payments. Now, the agenda is set by the likes of Europay, Mastercard and Visa (EMV) smart cards, payment terminals with automated tellers, merchant accounts and payment gateways, e-wallets and Apple pay. This retail experience is in stark contrast to the corporate one. Just as retail swiftly adopted the new card based technologies, many firms looked to expand their online presence leading to a boom of merchant service providers, for example PayPal, Klarna. These technology companies provided an online platform to replicate the sales terminal within the retail outlet. A payment gateway is imbedded in the site, encrypting customer data and feeding it to the payment processor (or acquirer), which has a direct link to the credit card association – such as Visa or Mastercard – who in turn routes the transaction for the approval of the issuing bank.

Through these merchant accounts, small businesses can easily process credit card payments instantly in multiply currencies and with full transparency. As the technology advanced, so did cybercrime, which led to the creation of the payment card industry data security standard (PCI DSS), which in turn created a level of compliance for any company that accepts card payments and stores or processes consumer data. Non-compliance of these standards would leave the company liable for fraudulent losses, as well as hefty administration fees in recovery and reissue of accounts.

Larger corporations have also benefited from these developments in payment processing, particularly within their cross-border payment systems. Automation between enterprise resource planning (ERP) and multiple payment portals has replaced manual transaction processing. Real time cash position, data, dashboards and reporting tools are becoming more widely used. Companies such as AccessPay, which has been a forerunner in cloud-based technologies, believes that banks are not doing enough to meet the needs of today’s customers. Intent on replicating the retail market they offer various payment process products including cash management, fraud and error detection and faster payments, SEPA and SWIFT.

Its rumoured that, though there are obvious advantages to utilising these technologies, as many as 50% of corporates have no plans to defer these cross border business payments to a third party provider. Instead, they are deciding to stay true to the tried and testlow-riskisk methods of old. One of the main reasons is the emergence of SWIFT GPI. Launched in January 2017 the firm created a set of SLAs (service level agreements) for participating bank to provide transparency of fees as well as end to end tracking of transactions. The company also agreed to make funds available for same day clearing meaning that accounts can be credited within minutes.


Knowing the market

In recent years, know your customer (KYC) policies have directed regulations across the world, and assisted firms in creating better customer service processes. In essence, KYC is about garnering information prior to on-boarding new clients, and holding extensive knowledge of each customer in order to better assess risk to the organisation.

Various anti-money laundering directives have come into force recently, which have added greater structure to KYC processes. Many of these rules aim to combat criminal activities, such as market manipulation, tax evasion and trade of illegal commodities.

The European Union’s AMLD4 became law in June 2017, replacing the third directive and tightening up due diligence procedures by focusing more on risk analysis. AMLD5 has been agreed and will come into effect next year, bringing with it tougher criteria to combat risk whilst increasing transparency by recognising national financial intelligence units (FIU).

The consequences of non-compliance start with a lengthy detailed study of internal process and documentation causing upheaval and additional cost to daily operations. Unearthing a breach will lead to hefty fines, possibly suspension of business activities and imprisonment.

However the most far reaching will be the damage such a scandal would imprint upon the company’s reputation. Reputable investors do not want to be seen doing business with a company potentially laundering money for personal gain and customers will not do business with a firm threatened with financial penalties. This has been the biggest barrier to entry for the payment processors with companies not yet willing to open themselves to the risk of sharing data with another organisation in an evolving market. Accuity, a market leader in regtech, is trying to address these concerns. The firms provide payment solutions with an emphasis on reputation protection through advanced compliance and security screening. In-house technology Fircosoft addresses key area such as KYC, sanctions, data screening, trade compliance, US securities and of course transaction screening.



PDS2 became European law at the beginning of this year, with regulators aiming to standardise the payment process across the union whilst providing structure for the emerging PSPs. The regulations empower payment providers to request access to sensitive customer data to make POBO or collections on behalf of (COBO) services. Through the new structures, firms can interact with other directly with financial institutions and consolidate multiple bank accounts onto a single platform through API technology. Pelican are self-professed pioneers on this front, using sophisticated artificial intelligence technology, machine learning and language processing as part of the company’s Innovation Hub. Adopting an open API integration structure enables the development of a bespoke solution that integrates with legacy software and negates the need for an expensive rebuild. Open API allows for end to end visibility on a group of accounts, with real time cash position, dashboards and bespoke reporting. Through this range of benefits, corporates can utilise their scale to their advantage.

PDS2 has added much required structure and clarity to the payment processing ecosystem. As well as promoting standardisation through a single secure messaging system, subscription charges over single payment fees, mobile payments and integrated dashboards containing multiple bank accounts with sophisticated reporting suites have been spurred by the regulation.

However, the market is still undergoing significant development. Security and fraud remain key concerns for financial organisations, with the sophistication of cyber criminals ever-evolving. Indeed, many of the bigger players are taking action, and continue to evolve their service range. Visa has recently launched Visa Direct to enable real time payments, and partnered up with WorldPay in order to accelerate the roll out, and MasterCard acquired VocaLink with the aim of still bettering the companies services. SWIFT’s observer systems are being white labelled, and promise greater transparency while increasing security. Elsewhere, start-ups are continually bringing new products to market, giving modern treasury departments a wide selection of payment processing technology.

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation