WePay’s Aberman On Why Compliance Capability Is Better Bought Than Built

Sending a payment looks easy from the front end  so easy, in fact, that it can be hard to believe how complicated something like moving funds electronically from a customer to a merchant can really be at the back end. Among other things, being in the middle of those payment flows means a firm must comply with regulations wherever it operates, along with the rules established by the payment networks that authorize, clear and settle those transactions.

It’s a lot to bite off, WePay Co-founder Rich Aberman told Karen Webster during their latest Unscripted podcast. In a world in which commerce is expanding rapidly, compliance related to payments and financial services is getting harder to navigate, not easier. For some firms, Aberman noted, taking on those challenges is absolutely worth taking on that responsibility, risk and liability.


“If you look at online, like Uber or Airbnb, and the experiences they have been able to build from day one, controlling that payments experience was an absolute requirement,” Aberman said. “What they were offering was a frictionless experience for both sides of the platform, where payments are processed natively and seamlessly — and they have control over the information collected.”

However, he noted, the world is quite different from the early days of these platforms — and FinTech firms like WePay, Adyen, PayPal and Stripe can give the Ubers and Airbnbs of tomorrow a chance to “have their cake and eat it, too.” They can deliver a seamless user experience without having to necessarily manage all the compliance requirements that are necessary to deliver them, because compliance these days, Aberman said, is now a back-end service that can be bought instead of a core capability that must be built.

Picking A Payments Destiny

While WePay offers compliance in Payments-as-a-Service (PaaS) for businesses, Aberman noted he isn’t necessarily advocating that there is one right answer to be pursued. Different businesses have different needs, and needs can even vary within a business, depending on the service one is talking about.

eBay, for example, launched its payments platform and began its new life as a merchant of record, now sitting squarely in the middle of that payments flow.

“It’s acceptable for eBay to say they want to take on more risk or lower margins because they are trying to build more favorable policies for their users,” he said.

Aberman added that, for eBay, mediating payments can offer the company a better experience, the chance to leverage what it already knows about its customers and the ability to use that information to make better decisions, with less friction around those experiences. A third party, Aberman said, might not give that context.

Contrast that, he said, with more recent eBay news, namely that eBay and Square are partnering to provide loans to eBay sellers. For that, Aberman said the value prop is not profoundly different: eBay is providing access to financing for its sellers much in same the way it provides access to payment services for those same sellers. Using Square means that, most likely, eBay will not be as active in managing regulatory requirements that go along with lending — because Square is providing the service and managing compliance.

There isn’t a right or wrong answer here, just different go-to market strategies.

What’s important to note, Aberman emphasized, is that the market for the services provider is rapidly evolving. FinTech firms and software providers are opening up the provisioning of Compliance-as-a-Service (CaaS) and new value proposition for those businesses. That way, those businesses can now “have their cake and eat it, too” — build the user experience they want while being shielded from the risks of regulatory exposure.

The Tipping Point

Getting businesses to feel comfortable in leveraging CaaS capability, Aberman noted, falls on providers like We Pay to build the right products. Merchants and platforms should feel like they are only giving away the hassle of managing complex regulatory and compliance environments, rather than giving away control of their destiny.

However, he noted, circumstances and the rapidly changing world, in this regard, are also going to play a large part. He referred Webster to the early days of WePay when he encountered a firm that was charging — what he thought to be at the time — an exorbitant fee for DDoS protection. He didn’t see the point of paying that fee, as WePay was a small firm, pre-scale, and was unlikely to get hit with a DDoS attack anyway.

That all changes, of course, when a company gets that phone call in the middle of the night about an attack.

Outsourcing compliance to a third-party player, he said, has something of a similar plot. Things are going fine until the firm gets a letter from a state regulator wondering where its money transmitter license might be, or the networks tell a company it is no longer playing by the rules and shut it down.

At that point, the once-not-so-compelling CaaS proposition becomes very compelling.

“Going forward, I don’t think firms will build this infrastructure in-house anymore because it won’t make sense to,” Aberman said, “The same ways you don’t see companies buying server farms in FinTech anymore, because they can buy it as a service from AWS.”

What’s Next

New industries, where payments and compliance are particularly complex, are going to spring up — the latter-day flourish of online gaming was one example Webster and Aberman discussed. These industries will push this even further, because the benefit of handing off compliance in super-complex and high-risk environments, like gaming, is just obvious.

Online poker firms want to build the best possible online poker room, he said. They don’t want to fall into the weeds of managing a legally ambiguous space like online gambling, where state-to-state requirements can be esoteric and confusing.

However, more than the special-case businesses, where payments and other financial services are a particularly thorny compliance puzzle, the reality of the world means that regulation is always going to be a moving target. There are forces of divergence: different localities with different processes, a host a regulatory regimes worldwide, new technological offerings, new patterns in fraud — the list goes on. Things that seem utterly senseless from the U.S. point of view will seem perfectly rational in a Southeast Asian payments context.

There are also forces of convergence. FinTech firms are looking for national charters that make their governance federal, so as to avoid the state-to-state complexity issues, he noted. U.S. firms are complying with the General Data Protection Regulation (GDPR) because it is better to have a “consistent system than a divergent one running globally.”

These are opposing forces running at once, he noted, and the pendulum will likely continue to swing between them. The goal of FinTech firms, in an era when compliance can be offered as a service, is to basically help firms stop from having to swing along for that pendulum ride, while still trusting they are in the driver’s seat.

“The onus is on us in this business to really offer up the best of both worlds, where you as a merchant or platform can deliver the experience you want and avoid being on the hook for managing compliance,” Aberman said.



About: Accelerating The Real-Time Payments Demand Curve:What Banks Need To Know About What Consumers Want And Need, PYMNTS  examines consumers’ understanding of real-time payments and the methods they use for different types of payments. The report explores consumers’ interest in real-time payments and their willingness to switch to financial institutions that offer such capabilities.