The Wirecard scandal has raised serious questions about trust in the financial services supply chain. With most challengers and an increasing number of incumbents relying on third parties, we asked PPS’ Ray Brash and Polymath Consulting’s David Parker to consider the nature of outsourcing
Look closely at any sterling banknote and you’ll find a pledge, whispered in tiny letters, that underwrites the entire system of fiat currency exchange: ‘I promise to pay the bearer…’.
That promise – that essential bond of trust – maintains a certain global economic order, forging mutual connections of borrowing and lending, depositing and withdrawing, and a sense that, come what may, debts will be paid and promises kept. And this trust doesn’t only flow between consumers and merchants. It is the essential ingredient in the relationship between banks and the service providers to which they increasingly outsource.
Indeed, many of the neobanks fawned over by today’s financial commentators would never have had a product in the first place without these strong relationships – especially with payment services providers (PSPs), which support features boasted by Monzo, Revolut and other challengers.
Ray Brash, CEO and chair of PPS (previously PrePay Solutions), believes the fintech ecosystem could not have grown without the services of these PSPs.
“The growth of fintech, in the last five years, has been because of outsourcing payments,” he says.
“Without processors like ourselves, or GPS (Global Processing Services), guys like Monzo and Revolut would not have got into the market, or to where they are, because outsourcing allows companies, particularly fintechs, to really focus on where they add value, which is proposition and customer experience.”
PPS, which operates with a dual licence in the UK and Belgium in preparation for Brexit, handles clients’ processing, issuing and prepaid programmes in the UK and European Union. With customers ranging from UK fintech Coconut to a growing list of retailers with prepaid cards, PPS’ services are depended upon by hundreds of firms – and their millions of customers.
The same trust was, until recently, invested in German payments firm Wirecard, whose calamitous fall from the DAX 30 to insolvency this summer will go down in history as one of the most dramatic failures in the sector.
The fallout from this scandal has shocked fintechs into a frenzy of due diligence checks. And yet, while the trust between banks and PSPs has certainly been bruised by Wirecard, it’s consumers who have once again been left to bear the brunt of the latest fintech disappointment.
Sarah Kocianski, of fintech consultancy 11:FS, believes the damage to consumer trust caused by the Wirecard meltdown is ‘likely to be irreparable’. But what of Wirecard’s partners – like Curve, ANNA Money, Pockit and U Account – and the financial institutions counting their lucky stars not to have outsourced to Wirecard? How should they respond to the fact a payments processor trusted by millions, and valued in the billions, could betray its customers’ trust so badly?
For Brash, restoring confidence in outsourcing is all about close, forensic management.
“You have to manage your suppliers in almost exactly the same way as you’d manage your own teams,” explains Brash. “That was the lesson in the case of Wirecard: a lot of the Wirecard customers took it absolutely for granted that they would sign a deal with Wirecard, and that was it.”
A tricky trade-off
If Wirecard was a failure of governance, then what about dealing with third party technology failure?
David Parker, director at Polymath Consulting, regards failure as an inevitable by-product of innovation.
“There’s virtually no technology that is 100 per cent reliable, 100 per cent of the time,” he says. “It just doesn’t exist. Virgin goes down. Microsoft continually has to put out updates to its software. The Hubble Telescope goes down. These things cost billions to build; they still go down sometimes. We are ultimately talking about technology and bugs, and things that do eventually break. You can put in place processes and systems to minimise problems, but to expect something to never, ever stop working is unrealistic.”
“It’s a trade-off,” Brash agrees. “If you wanted to have 100 per cent uptime, it might be possible, but the money you’d have to spend would probably make the business uneconomic.”
That raises an important alternative. If banks are intent on derisking, then why not bring payments processing systems in-house: in other words, insourcing, not outsourcing?
For Parker, whose consultancy advises firms on payments and cards, there is rarely a sensible business case for doing that.
“Insourcing is often done for the wrong reasons,” he explains. “Don’t get me wrong, there are good, solid reasons to insource. But the biggest ones I see for insourcing are egos and company valuations.”
It’s easy to imagine ego and hubris driving a chief financial officer or chief technology officer into a software development quagmire – but why would firms insource for the sake of their valuation?
“I’ve heard investors talk to our clients about their investments, saying ‘yes but what exactly do you own?’,” says Brash. “But, you know, in today’s world, where everything is hosted in the Cloud, no one owns anything anyway. It’s all about intellectual property – it’s not like the old days, where you owned your datacentre and that somehow made you more secure.”
So, the majority of financial institutions should continue to outsource, albeit with a new-found sobriety around who they trust, and how they measure that trust. There’s clearly a strong case for trusting specialists in specific service provision, like PSPs. As Parker reminds us, payments firms can manage the trickiest payments processing scenarios far more comfortably than multi-department, multi-product banks.
“Don’t forget, if Christmas Day falls on a Monday, and Boxing Day is on a Tuesday, on the previous Friday you’ve got to put enough money into the account for Saturday, Sunday, Monday and Tuesday – and if you’re a penny short, you get fined,” Parker points out.
“Wouldn’t you rather have that on Ray’s shoulders at PPS, who’s been doing it for the last 20 years, than your own? After all, if you’re a neobank, this might be your first Christmas.”
Meanwhile, both Parker and Brash agree that banks shouldn’t be focussing on building systems that already exist in the PSP ecosystem. Rather, they should concentrate on their product – which, for neobanks especially, is the frontend.
“Ultimately, it’s all about knowing what business you’re in,” says Parker. “For most neobanks, their expertise is around the customer interface – not running great big processing platforms.”
Brash agrees: “Banks are customer user experience, customer interface companies; they’re not backend technology companies,” he says. “And I think, while we have seen growth in the number of people looking to hold their own ledger, we’ve also seen growth in the number of players that’ve realised just how complex that is.”
The Financial Conduct Authority intervened in June when the severity of the Wirecard situation became known, freezing the accounts of consumers whose banks were supplied by the payments firm. Naturally, despite a flurry of press releases apportioning blame, those consumers held their banks responsible. What measures can neobanks put in place to avoid further loss of trust in the face of a similar outsourcing event?
“You have to accept a trade-off between reliability and features,” says Brash. “We’re moving so quickly, as an industry, it’s inevitable we’ll not get everything right first time – every so often there will be a blip. And customers are relatively forgiving. We saw that with Monzo, when it had processor problems: it was more transparent than banks had been historically, and customers responded well to that.”
Nonetheless, if fintechs want to retain the trust of the regulator and their customers, they’ll do well to use the Wirecard scandal as a lesson in safeguarding. A robust ‘Plan B’, kicking in when a supplier goes offline, seems a particularly appropriate measure. And, in Mastercard, Brash recalls an example of how it might work.
“There’s a service Mastercard has, called Stand-In, which means that if a processor is down, the card will continue to work,” Brash explains. “And the interesting thing is that it was put in place by Mastercard because banks, back in the day, didn’t have any back-up when they wanted to do maintenance. They’d literally take their platform down for hours at a time. So Mastercard said ‘OK, for the five hours on a Saturday when you’re down, we’ll stand in for you’. There’s no reason why similar back-ups and stand-ins couldn’t be created across the payments ecosystem.”
Whatever lessons the industry learns from Wirecard’s broken promises, trust remains the key to a healthy, well-regulated financial sector. Now is the time to be held accountable – outsourcing payments, but insourcing responsibility.