Every Saturday morning, I do Muay Thai at a local gym. Mercifully, combat sports and payments have few overlaps – but there is one lesson I can take from one to the other: identifying the meaning of different types of pain. There’s superficial pain, which you need to grin and bear – doing so means you grow and get stronger. But there’s also pain that means something’s genuinely wrong. Understanding the difference between danger and discomfort can be a painful learning experience, but one that can apply outside of the ring.

The same principle applies when onboarding new clients. There are times when many companies will rightly tap out immediately, refusing to work with merchants who are non-compliant with rules and regulations or are blatantly operating in a manner that will inevitably cause problems. There are other times when you might give in too early, losing out on an opportunity simply because you didn’t take the time to understand a business or work with the merchant to manage the risk.

Effective risk management can be difficult for any company, but particularly for those in payments, which is why so many enmesh themselves in too-stringent rules to avoid even the slightest of potential issues. Unfortunately, this risk-averse approach comes at the cost of being unable to onboard good merchants, which prevents revenue from being generated. Others take a haphazard approach to risk, onboarding merchants that are obviously a risk in hopes of making a quick profit. However, this short-sighted strategy will inevitably lead to an unmanageable amount of risk or very serious regulatory violations, both of which can compromise a payments firm to the point it can no longer operate. Neither approach is sustainable, so an intelligent risk-based approach is called for in which companies aren’t afraid to say no, but also aren’t afraid to say yes.

Understanding Risk

Every transaction contains an element of risk – if you’ve ever seen somebody bite a coin to check that it’s genuine or hold up a banknote to the light, then you’ve seen somebody try to reduce payments risk. Today, online payments primarily carry risks of fraud and chargebacks, some classes of merchant will be more prone to these risks than others, and a whole host of factors will have significant effects. These include everything from verticals the merchant operates in, the country in which the company is based to the time of the year the payment is made (fraud and chargebacks are both more common during peak shopping seasons).

This is especially the case in real-time payments. When payments happen almost instantly – a rising trend in global commerce – organisations across the payments ecosystem have markedly less time to catch errors. This means that companies working with real-time payments will need partners who can balance speed and security. It means knowing that your payments partners are taking compliance very seriously, no matter the size or risk profile of the companies they work with.

Merchants who are either classed as or prove themselves to be high-risk will typically pay more for transactions or be barred from dealing with certain payment providers. These high-risk companies provide goods and services such as firearms, subscription box vendors, adult content providers and gambling. 

Risk, Sales and Compliance

Risk and compliance are not the same thing, despite their many overlaps. The compliance team is responsible for ensuring potential merchants complying with the relevant rules and regulations of the regulator, schemes, banks etc. The risk team is responsible for assessing the exposure financial, operational and reputational risk created by servicing a particular merchant and the processing of their transactions.

High-risk and non-compliant merchants are also two very different scenarios. There are high-risk merchants who are compliant, and there are low-risk merchants who, for whatever reason, won’t pass compliance. Legitimate payments service providers can service any category of risk that their internal policies and external partners allow, but they cannot service a merchant that is not compliant with the relevant rules or regulations, which can have very serious consequences.

With that in mind, let’s look closer at how a company might deal with risk in the real world, and take an effective risk-based approach. As much as we don’t like to admit it, a payments company isn’t one single organism working in unison toward a common goal - the sales team and the compliance department often work at cross purposes.

In fact, there is a cliché that sales and compliance work against each other. In this worldview, the sales team wants to increase revenue by onboarding as much business as possible, regardless of the quality of the merchants, while compliance wants to mitigate risk by not onboarding anything that isn’t perfect. This should never be the case.

Firstly, because the sales team should be educated about risk and compliance to the point that they aren’t trying to sign up poor-quality merchants, and definitely aren’t letting high-risk merchants persuade them to cut corners (‘Another company told us we only had to submit X many years of paperwork’). Secondly, because compliance Team should be finding ways to say yes when providing service is possible – looking into the legitimate merchants that may provide certain challenges with a view to finding ways to onboard them in a way that doesn’t create unmanageable risk or cut regulatory corners. There are very few perfect clients, and equally few irredeemable clients, but there is a massive tranche of potential clients who are in between that a smart compliance department can work to onboard.

An Intelligent Approach to Managing Risk

So, what can your company do to take advantage of the opportunities from being smart about risk instead of engaging in black and white thinking?

As with so much, communication is key. Payment companies should focus on creating a compliance culture in which the entire organisation, not just the risk & complaint teams, understand the relevant rules and regulations they operate within. Merchants need to understand that the initial review of their business is not just a regulatory obligation, but a way of ensuring best business practice that will allow them to have long term and mutually beneficial relationship. The aim is to create buy-in for what can be a difficult and sometimes lengthy process, one that has no guarantee of being successful.

We’ve seen a lot of companies employ automation in onboarding in recent years, and while it can be useful to automate some of the rote parts, having a human eye on the information is vital. The old adage that ‘a computer can never be held accountable, therefore a computer must never make a management decision’ applies here, but fully-automated onboarding risks outsourcing the relationships that are going to sustain your relationship.

Reducing risk in the payments ecosystem requires a multifaceted, holistic approach that combines robust compliance measures with smart decision-making. Companies that implement this approach serve as examples of how payments providers can mitigate risk for their merchants by taking risk and compliance seriously, but remembering that it is a tool, not a straightjacket that is going to impede you. Done right, this enables a business to tell whether the pain is just superficial and they should power through, or if it’s likely to result in a broken arm – this distinction is key to success. And a shoutout to Greg Collins at Fordes Gym for teaching me everything I know about the different types of pain!