770 words, 3 minute read

The Wirecard debacle has hit the headlines with a vengeance, begging the question: flawed regulation or flawed Fintech models?

On first appearance, it feels like that there is a regulatory problem. However, it looks like this is an old fashioned accounting fraud, that just happens to be with a payments processor. The missing 1.9bn euros at issue appears to be fictional money that never existed, rather than stolen customer money – investors and lenders may have been duped, but no one else it seems.

Time will tell, but payments regulation appears to have done its job – e-money issuers and payment institutions may hold funds only for the purpose of making payments. This makes sustained fraud in the payment chain unlikely, as payers or payees notice missing payments almost immediately.

Even so, the episode has highlighted key issues that regulators and Fintechs need to address. In the UK, the FCA froze e-money accounts and payments transactions supported by Wirecard for a short time, presumably to prevent client funds from being used to shore up the parent company or other overseas subsidiaries. Even though regulation safeguarded and ringfenced client funds, the regulator still had to act in case those funds were at risk of misuse. This had the effect of preventing merchants and SMEs getting paid, and consumers being unable to access their funds to make payments. Millions have been affected (according to the FT) which in itself is a regulatory shortcoming.

Many of Wirecard’s customers are other Fintechs for whom it holds e-money accounts or processes payment transactions. These have all been adversely affected through being unable to serve their own customers, which goes to the heart of the issue exposed by Wirecard – the payments industry has systemically important entities such as Wirecard, which seem to be unrecognised as such by regulators and by those that depend on them.

This is hardly new. For example, 80% – 90% of the UK cards market is served by just two merchant acquirers, only one of these is owned by a regulated bank. Each are clearly systemically important, and have been for decades, but I am unaware of regulation that addresses their specific systemic importance. If either has an outage or fails, roughly 40% of UK retail commerce would grind to a halt.

Similar concentration is present in many other countries, and is a function of the business models of the big card brands which encourage concentration – the brands are better served by overall volume growth generated by a small number of acquirers with scale economies, than by competition between acquirers for volume. From the brands' perspective, competition between acquirers is a zero-sum game. The widespread customer impact of Wirecard’s insolvency demonstrates it is systemically important, but it is a relative minnow in size compared to some payment companies such as major acquirers. This indicates there must be a significant gap for regulators to address in recognising systemically important payment companies.

However, this is also a wake-up call for Fintechs , merchants and other users of payment and e-money processors. If their business model is dependent on third parties such as Wirecard, then they should have contingency and business continuity plans in the event of short, medium term or permanent outages. These plans appear to have been lacking with Wirecard users, despite the existential risks.

Inevitably, contingency plans incur additional costs, but they should make good commercial sense – judicious use of multiple providers for the same service enables operational resilience, avoids supplier lock-in and allows providers to be played off against each other to keep costs down and service quality up. These may be lower priorities when establishing a new business, but as Wirecard has shown they are in fact critical and are best planned in and architected from the start.

So rather than wait for the inevitable regulatory tightening, Fintechs should examine their contingency plans and act to make their operations and business models more resilient and flexible.

Meanwhile, for regulators the task is straightforward. They should require users of payment service providers to have contingency plans so that consumers and merchants are insulated from a failure of any one provider, and they should set classification criteria for systemically important payment providers. For these, a payments equivalent of the EU Bank Recovery and Resolution Directive is probably required, in which payment providers are mandated to prepare recovery plans and living wills to overcome insolvency or operational distress.

Crises often create opportunities – in this case, the opportunity is for increased resilience among Fintechs in payments, and increased resilience and robustness of the overall payments industry.