By: Jodie Ruby, Director of Marketing
At the NACHA Payments 2016 Conference, G2’s Jane Hennessy, head of external alliances, led a panel session featuring Cristina Hellems, senior product manager, MUFG Union Bank, Lisa Hrabosky, director, Global Core Payments, PayPal, Inc. and Nathan Monson, manager, Accounting Risk & Fraud, Global Cards & Merchant Services, Silicon Valley Bank. The room was packed with attendees wanting to learn how banks and third-party payment processors can build strong relationships in the current regulatory environment.
The panelists showcased different industry perspectives: Union Bank is a more traditional type of financial institution, Silicon Valley Bank takes on less traditional customers such as fintech companies and Paypal represented the processor perspective. Despite differences in business models, the panelists shared common themes when it comes to KYC such as having a strong EDD process at onboarding, the importance of ongoing monitoring and the benefit of working with third-party experts to enhance their KYC programs.
The established FI
Cristina Hellems kicked off the panel by discussing how Union Bank reevaluated its portfolio last year as a result of regulatory guidance, reviewed its onboarding processes and bolstered its sales training to teach sales reps the questions needed to really understand originators’ businesses. As Union Bank is more conservative when it comes to risk, the bank took extra steps to ensure it knows its customers and its customers’ customers. The BSA department at Union Bank is very involved with the sales team to verify that the customers the bank takes on have been properly vetted and fit the bank’s risk profile.
Though the changes have led to a longer onboarding process, the bank has improved its portfolio visibility by taking the following steps with its TPPPs:
- Reviewing TPPP Risk Management programs
- Searching for any adverse actions or public filings about the TPPP
- Scanning all merchants for risky behavior
- Training sales to ask detailed questions about the TPPP’s business using a high-risk checklist
- Why is the TPPP switching banks?
- If it is running scans on its customers for changes, could that could increase their risk profiles?
In terms of ongoing TPPP management, Union Bank requires its TPPPs to supply them with a complete merchant list for review twice a year. Cristina mentioned that regulators will ask for these lists, so it is an important step in their compliance process. Sales also reviews each TPPP for changes that could affect its risk profile, such as whether the TPPP is moving into a new business that could mean more risk for the bank. Union Bank also uses ongoing monitoring to flag any potential risky behavior. TPPPs are also required to monitor their customers and provide important updates to the bank.
The tech bank
Silicon Valley Bank focuses on providing banking services to startups, entrepreneurs and companies experiencing rapid growth. Nate Monson started off by explaining that SVB pays close attention to BSA/AML, UDAAP, Regulation E and other regulations that have KYC implications, but due to its focus on technology companies, the bank is also keeping a keen eye on potential OCC regulations directed at fintech companies and the implications for its business.
Despite the unique nature of SVB’s business, it uses similar KYC processes to traditional banks to ensure compliance, including:
- A TPPP policy that has been vetted and agreed to by the bank’s executives and all key stakeholders, and has been well communicated throughout the organization
- Thorough onboarding procedures that are adjusted based on the company’s size, as well as ongoing business customer monitoring where the frequency is also adjusted based on the company’s risk profile
- Contractual obligations requiring TPPPs to provide information on their customers at the bank’s request
- Periodic reviews to look for changes in the business that would affect how they would onboard that customer now versus how they originally onboarded them, allowing SVB to continually refine its onboarding process based on changing conditions
Lisa explained that as Paypal operates in over 200 countries, has significant regulatory oversight and must stay on top of the myriad of regulations that vary by country. While this situation does not apply to most TPPPs, they can still apply Paypal’s best practices to their businesses to ensure strong relationships with their bank partners. These include:
- Creating a strong policy for the types of customers allowed into the portfolio
- Taking an active stance in managing business customers, including immediate termination for customers that violate Paypal’s terms
- Using third parties to help Paypal identify brand violations, counterfeit and other high risk behavior
- Providing transparency to its banking partners in a proactive manner on KYC processes
Lisa commented that fraudsters are using increasingly deceptive tactics to commit fraud, requiring Paypal to employ higher levels of sophistication to its fraud detection processes. She highlighted that Paypal has used G2’s services for a number of years to monitor business customer websites for changes that would warrant termination.
With the complexity of the regulatory landscape and the growing sophistication of fraudsters, strong partnerships between banks and TPPPs are crucial to reducing risk exposure in the payments ecosystem. Learn about how G2 can help you enhance your KYC program with our Solutions for Commercial Banks, TPPPs and TPSs.