What is compliance, and why it is important? Who are PSPs and how they onboard clients? How’s compliance for high-risks different? How to know if your company needs PCI DSS? PayCore.io and Avitar answered all these and many more questions at their first joint offline event from the educational series #rooftopmeetups.
The event took place in our new office, so we were twice as happy to meet and greet all the visitors. We believe some key points covered on the event may be of interest to those who couldn’t make it to the event, so here’s a glimpse into what we discussed yesterday. And a couple of pictures to show off our smiling faces!
Payment market basics
Here are some key takeaways from our co-founder and COO Den Melnykov:
- Payment industry actors are payment systems, payment service providers, acquirers and card issuers, and merchants.
- A merchant account is a bank account from an acquiring bank or financial company that allows a merchant to accept credit, debit and other payment types. Normally, a merchant account can not be opened for an individual. It can be opened only for the business of any type, including private entrepreneurs.
- The activity of all payment industry actors is regulated (by central banks, financial authorities, watchdogs, etc.).
- In most countries, payment companies are not allowed to store customers’ funds. They use escrow accounts for these purposes.
- A company needs a PCI DSS certificate to process and tokenise card data.
- When opening a company abroad, businesses are usually obliged to prove to the regulator that they really operate in that jurisdiction. Some countries even allow it for a new entity to be established online.
- Some firms provide assistance in opening a company abroad and getting all the necessary licenses. These activities are absolutely legal, and it’s often simpler, and sometimes even cheaper, to leave this job to the experts.
- As we explained in one of our previous articles, there are multiple kinds of PSPs. For instance, facilitators and integrators. Facilitators cover account openings, KYC/AML procedures, and compliance. Integrators (we are one) provide the technical infrastructure needed to handle payments. Though it may seem more efficient to put all the eggs in one basket and work with a facilitator, many business people prefer to entrust each segment of work to those who do it best, i.e. legal firms and integrators.
Here are some of the points Maria Skakun, Senior Associate and Head of Business Development at Avitar, covered in her presentation:
- The more reliable and well-established a PSP is, the higher its compliance requirements are.
- It is too risky for the business not to have these documents. The law is usually consumer-friendly, so in case of any legal conflicts with customers, it will be extremely hard for the business to win an argument. A business should see it not as a regulatory burden, but as an opportunity to limit its liability fairly.
- Payment companies ask for these documents for a good reason. It helps them meet regulatory requirements while minimising the risk of dealing with chargebacks and refunds.
- According to GDPR, the liability for the safety of customers’ data lies on the data controller, not the processor.
- Compliance is always an ongoing process, given the fact that regulation evolves alongside the technologies. That’s why it’s important to maintain all the documents up to date and in accordance with the current legislation.
Come and join us for the next event, taking place in our development office in Kyiv on September 24. We’re going to discuss compliance, personal data protection and KYC procedures for fintech companies in more detail. Don’t miss the chance to receive answers to your questions directly from experienced experts, meet new people and enjoy a pleasant and useful evening!