Compliance activity in payment systems has always been a requirement, and it is essential to engage adequate resources with the international card schemes.
However, while these schemes remained membership associations, the arrangements put in place to introduce new operating regulations, implement programme reporting requirements and agree introduction timelines consisted of various advisory boards and committees, over which individual members held a high level of influence - but this pattern is now changing.
Scheme Compliance
As both Visa and MasterCard convert to fully commercial entities the governance structure will change and the executive will have more control and the ability to negotiate locally, at a regional level, or as an individual member will be significantly reduced.
All this is happening at a time when more programmes than ever are being introduced, or reinforced, to meet the market requirements of the Single Euro Payments Area (SEPA), or to ensure security is managed in accordance with the Payments Card Industry - Data Security Standard (PCI-DSS).
What is the impact of these changes?
These changes mean that members of the international card schemes need to make sure that they have a dedicated compliance and scheme management function, reporting at the executive or board level. Without such a unit in place, members could find that they are facing extremely heavy financial penalties for non-compliance. These financial penalties could run into millions - a direct hit on the P&L.
How can Accourt help?
At Accourt, we can help you make sure that you are protected and are able to operate safely in the new environment. We will ensure that you have the correct functional job specifications in place and employ the right individuals at the appropriate level. We will help you to define a logical information flow that can be managed to cover the following key points of interaction:
- Bulletins and Members' Letters - in a single year you will typically receive over 500 letters covering the technical, financial and operational requirements that must be followed at a country, regional and international level. Each needs to be reviewed and implemented and any non-compliance fines or penalties clearly highlighted. Impact assessments must be prepared, covering merchants, bank-owned and retailer-owned PoS equipment, central processing and certification requirements.
- Card Scheme Rule Changes - many bulletins and members' letters will contain proposals for new programmes, or outline changes to existing programmes. It is critical that input from all internal stakeholders is centrally co-ordinated and an agreed response prepared for senior management. This response may be submitted to the card schemes to allow refinement or restructuring of the final operating regulations prior to their endorsement.
- Query Management - adequate channels must also be in place to ensure that internal card scheme-related queries from across the business units (cards IT, retailer account management, risk etc.) are managed via an agreed process with the card schemes. Without such a process all units within the bank will typically establish their own informal relationships with the schemes and the ability to prioritise issues commercially will be lost.
Accourt is well placed to assist financial institutions to successfully manage the complexity of compliance.
What is SEPA?
The Single Euro Payments Area (SEPA) will enable individuals, companies and other financial institutions to make and receive payments in euros, whether between or within national boundaries, under the same basic conditions, rights and obligations and regardless of location. SEPA will work as a single domestic payments market in which everyone will be able to make payments as easily and cost effectively as in their own market. SEPA compliance for bank account credits and direct debits is already coming into play, and similar requirements for card payment transactions are fast approaching.
How can Accourt help?
At Accourt, we have already undertaken numerous assignments for central banks, as well as a number of well known card schemes and European issuers and acquirers. As a specialist consulting company we can tangibly help you to define your strategic approach to SEPA, particularly in terms of payment card revenue growth, either when developing an initial strategy or when looking to complement an existing one.
www.europeanpaymentscouncil.eu
What is PCI-DSS?
The PCI (Payments Card Industry) Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. Its mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards across the international payment card schemes.
The Payments Card Industry - Data Security Standard (PCI-DSS) is a versatile security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
How can Accourt help?
At Accourt, we can develop programmes and procedures to enable you to effectively manage the requirements of the PCI-DSS standard, across either your card issuing or acquiring operations. We will also make sure that you are engaging with the international card schemes, that you can track progress to the required level and that you have the necessary risk management framework in place should a breach occur. Effective control and management of the various stakeholders is crucial in order to minimise potential losses and/or scheme fines.