top of page

The compliance mindset

Many customers perceive compliance as a black & white area. In practice, this isn’t always the case; there can be many shades of grey. In this short article I describe how we, at Lerex, work closely with our customers to eliminate, reduce and overcome the impact of any compliance issues.

One of the steepest learning curves I see for Lerex’s new customers involves compliance. This is not surprising, since formal compliance is not an area that most people encounter in their day-to-day life.

The most common mental hurdle to overcome is that people tend to interpret “the rules” in a binary way; yes or no; black or white.

In reality, most of “the rules” we have to comply with in the implementation of pre-paid payment cards are written using a principles-based approach which allows room for, both, interpretation and mitigation.

In practice, the likelihood of an event taking place, the magnitude of its negative impact and measures taken to minimise and manage the risks are all taken into account before taking a final decision.

At Lerex, the steps we take to arrive at decisions about compliance and risk include:

1. Data collection:

With our clients, we collect as much data as possible to form a complete view of the situation. This includes the scenario we’re directly faced with, but also its periphery, the actors and their behaviours.

KYC, KYB, PEP & sanctions lists, adverse media, common fraud patterns; these are all tools you can and should use to build those data points.

2. Use our joint expertise, experience and processes:

Some scenarios might bring risks but, together, we might be in a good position to mitigate them. Perhaps our customer understands the specific industry inside out, maybe we at Lerex have seen a specific situation many times before, understand its risks well and know how to contain them, or to minimise their likelihood.

Being objective and realistic about how well you understand the underlying risks and how well you can mitigate them is important. And pooling our resources can be invaluable.

3. Residual risks and mitigation:

Once we understand the situation and how our joint experience will help tackle it, we are then able to drill down on the residual risks (the ones we cannot mitigate through our experience and current processes). We need to understand how severe risks in this category are and what can further be done to reduce or eliminate them. A change in processes might be required, or making sure we gather additional information, perform more regular checks, etc…

4. Decision:

Once residual risks have been identified and discussed, we should then have a clear picture about the final state of the situation. How many risks are left, how severe are they, and how well can they be mitigated.

Based on all these answers, it usually becomes a business decision whether to accept the situation or decline to proceed any further.

We also think it is good practice to involve relevant suppliers and/or the regulators in this final step; being as transparent as possible will always be beneficial.

Going through our process means the outcome is rarely black or white.

I like to use the analogy of red flags. A business might be comfortable with one or two red flags if it feels they are small and can be mitigated. But, as the data collection process continues, more red flags might be discovered which could ultimately lead to a big issue, and perhaps even a refusal to engage in that business activity.

Alongside a very transparent approach, what compliance officers will expect from businesses is a deep awareness of their own risks, and a strong mitigation framework to be put in place.

Interestingly, many customers we see are doing exactly the right thing in looking at their business objectively and trying to identify and mitigate their risks, often engaging expert professional opinions on those. Yet, when it comes to compliance, they often feel nervous and worry they are not doing the right thing.

Zero risk businesses are extremely rare, so having gone through the process, it is not necessarily an issue that some risks remain. What is important is to be transparent and objective about their likelihood and impact, and to have taken remedial steps where possible.

When onboarding our clients, a lot of our time is spent on this subject so, as a customer, you don’t have to have all the answers. If you feel in the dark about compliance, we’ll be able to help you find the light at the end of the tunnel.

Compliance is here to help in making sure you’re not caught off-guard, it is not something to be scared of as long as you’re happy to be transparent and have a responsible approach.

留言


E: contact@lerextech.com
T: 020 3422 2223

Lerex Technology
3 Waterhouse Square
138-142 Holborn
London EC1N 2SW

Cards provided to EEA residents are issued by Transact Payments Malta Limited and cards provided to UK residents are issued by Transact Payments Limited pursuant to licences by Mastercard International. Transact Payments Malta Limited is duly authorised and regulated by the Malta Financial Services Authority as a Financial Institution under the Financial Institution Act 1994. Registration number C 91879. Transact Payments Limited is authorised and regulated by the Gibraltar Financial Services Commission.

Mastercard is a registered trademark and the circles design is a trademark of Mastercard International Incorporated.

Your Accounts are provided by Moorwand Ltd. Moorwand is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 [register reference 900709] for the issuing of electronic money. Any communications in relation to the account can be sent to Moorwand Ltd, Fora, 3 Lloyds Avenue, London, EC3N 3DS, United Kingdom. 

* UK Safeguarding Explanation - Whilst Electronic Money products are not covered by the Financial Services Compensation Scheme (FSCS) funds will be held in one or more segregated accounts and safeguarded in line with the Electronic Money Regulations 2011.

Ready to find your solution?

bottom of page