Is PayTech risking its own demise?

Share this post

Written byHead of AML and Transaction Monitoring, Customer Risk

I recently had the opportunity to speak to an audience at the The Payments Association in London on the EU’s 4th Anti-Money Laundering Directive and how to build effective Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) governance and process frameworks.

The discussion prompted many questions; predominant was that abiding by current and forthcoming AML / CFT laws risks stifling the nascent PayTech industry to the point it ceases to innovate. The EU is already lining up a 5th directive as an amendment to the 4th that will go further still, bringing stored value and digital currency providers into a regulated framework.

Financial crime is not victimless. Bribery, corruption, terrorism, tax evasion, smuggling, and trafficking all have a detrimental effect on our society and destabilise our financial systems.  It is well documented that the Paris and Brussels attackers used pre-paid cards to fund their attacks. Thus, within the EU at least, law makers have looked to tighten regulation around any form of value storage or transfer, placing many of the organisations who create and operate such technologies under obligation.

For a start-up PayTech though, this places a significant regulatory burden onto the fledgling company. Large banks have had to manage this overhead for years, some better than others. Already, evidence suggests that PayTech firms are being de-banked as their banking partners withdraw services to them where they sit outside the bank’s risk profile. The problem here for PayTech’s is that to a bank providing services to a PayTech, the bank doesn’t know the PayTech’s customers. In other words, the bank does not know its customer’s customers.

This is where Know-Your-Customers-Customer (KYCC) has significance. If a bank cannot trust the PayTech to have conducted sufficient due diligence on its customers, including ongoing monitoring of transactions, it will be unlikely to take the risk of on-boarding the PayTech for risk of being caught complicit in, or unwittingly involved in, a money laundering / terrorist financing initiative.

Here in the UK, with the FATF mutual evaluation just around the corner, we may see the regulator become more active in enforcement actions against the 1,100 or so PayTech firms. This would then see the industry face enforcement actions similar to those that the banks have faced for a number of years. And, sometimes these fines are not driven by actual evidence of illicit activity but simply by failing to have the appropriate systems and controls in place.

PayTech’s are faced then with a double-edges sword; fail to complete compliance obligations and risk losing banking services and face enforcement actions, or undertake compliance obligations and risk an administrative and data cost overhead that makes continued business unprofitable or so slow as to dissuade customers.

However, the wider implications for the PayTech industry are huge. This may come in two forms. First, if banks see the sector as non-compliant and failing to satisfactorily complete KYCC it may move it even further outside an acceptable risk profile, making it harder for PayTech’s to obtain or maintain banking services. Second, if enforcements do begin in the sector, again it will serve to tarnish the industry as a whole that will reinforce the banks’ view of non-acceptable risk.

This is where the smart approaches that have given rise to PayTech need to be applied to PayTech AML / CFT compliance. There are numerous regulatory technology (or RegTech) solutions that can help to speed up due diligence, making it near-frictionless in many cases. Examples include electronic identity verification, managed services for AML / CFT name screening and enhanced due diligence reports, and big data / machine learning approaches to transaction monitoring. The key is to finding the right blend of RegTech to service the needs and speed of the organisation.

Cheapest may not always be best though, and PayTech’s must seek out appropriate solutions for their compliance needs rather than simply the lowest-cost option on the market. Companies need to adjust their business models as a result, for whereas previously regulatory compliance was low on the agenda and not built into pricing models, the cost of thorough compliance may make existing strategies unprofitable.

Technology aside, PayTech’s should start with an appropriate governance framework, and within it a tone from the top that drives the compliance agenda. As a group of like-minded businesses they should also be ready to support one another, or call one another out, given the potential that one bad apple could potentially spoil the entire barrel.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?