The scandal at Wirecard has not only exposed a multibillion-dollar fraud in the accounts and profound failures of oversight. It has also raised fresh questions of whether payments regulation in Europe has kept pace with the huge changes in the industry.
Once a sleepy arm of heavily regulated banks, the payments sector is being transformed by technological innovations, new legislation, new players and shifts in customer habits. Little wonder technology and payment-processing companies and banks are all vying to grab a share of the large and fast-growing market for digital payments.
Modern payment chains consist of an increasing number of companies that are interdependent but do not always have shared interests. They may be under the supervision of various authorities or even under no supervision at all.
That’s why last year my review of financial services for the Bank of England argued for a cross-authority review of payments regulation to reflect the shifting risks and gaps. The Wirecard debacle makes urgent action essential.
Technology and regulation have driven an unbundling of payments that historically were done under the roof of a regulated bank. The EU is especially vulnerable in this regard because it has been explicitly trying to break banks’ monopoly on payments. In addition, many European banks have raised capital by selling the parts of their businesses that work with retailers who want to accept cards.
This creates a challenge for policymakers who must decide which regulations should apply to those businesses while keeping a competitive system. Simon Gleeson of Clifford Chance argues in The Legal Concept of Money that a regulatory paradigm shift is needed; from an approach focused on entities to one based on activities.
A key lesson from the 2008 financial crisis was that some of the systemic importance of banks came from their function as payments providers to the real economy. If payments are systemic, then the largest payment companies must also be systemic once they exceed a certain size. Systemic companies must have appropriate oversight aimed at ensuring their resilience and operational continuity. It may not matter that a new payments company can get started with initial capital of just €50,000 and some insurance, but it does matter if additional oversight and systemic requirements do not kick in as the business becomes more important.
Some jurisdictions are leading the way. Singapore has recently introduced a three-tiered regulation for payment companies, which encourages innovation in smaller businesses, but imposes appropriate oversight on larger ones. Since the crisis, regulators have started forcing banks and clearinghouses to write living wills to govern how they could be wound down in a crisis. That requirement should now be applied to payments companies that are deemed systemic, with clear segregation of funds to ensure smooth transitions and alternatives for businesses and consumers.
In addition, the resilience of payments systems and their linkages should be tested with cyber penetration exercises. Such measures would make it easier for regulators to determine which companies are critical, and where there should be a pre-agreed plan in place of how they can step in for each other.
As payments data becomes increasingly valuable, we need to revise data-sharing rules. The EU’s second payments directive has created an unlevel playing field where banks are obliged to give customer data to unregulated businesses. Moreover, the liability when things go wrong can often rebound to the banks. Ana Botín, group chief executive of Santander, is right to argue that PSD2 should be amended to treat everyone involved in this activity the same way.
Digital payments innovation brings huge benefits to customers and businesses. The pandemic is accelerating our use of electronic payments and digital wallets. As a result, an even larger proportion of payments is likely to take place outside the tightly regulated perimeter of financial services. Wirecard’s bankruptcy underscores the urgency of next-generation payments regulation.
* * *
The writer, a former adviser to the governor of the Bank of England, chairs the sustainable finance committee at UBS