The recent collapses of Silicon Valley Bank (SVB) and Signature Bank have led to the winds of change blowing through the financial industry, particularly in payments compliance.
Regulators keen to avoid a repeat of these disasters have tightened oversight and introduced stricter requirements to make payments more transparent.
However, this may cause big problems for payment providers struggling to interpret evolving compliance guidelines, not to mention grappling with the cost of implementing the necessary changes quickly.
Time is another big factor. 40% of organizations spend over 5,000 labor hours a year on compliance, according to a recent survey from compliance platform Drata, with payments making up a large part of this.
The time demands of meeting compliance (per year)
Source: Drata
Companies that can reduce this time burden by dealing with unexpected shifts in the compliance industry may find they gain a competitive edge.
This article will explore the top 5 payment processing compliance changes that financial institutions and payment service providers need to keep in mind over the coming months.
Struggling to keep up-to-date with payment compliance? Contact Berkeley Payments today to discover how our payment systems and APIs can protect your company from costly financial mistakes.
What are the three types of payments compliance to be aware of?
Payments processing regulations vary across different jurisdictions, but there are three widespread types of compliance that financial services providers should be aware of.
1. Regulatory Compliance
This area covers legislation like the California Consumer Privacy Act (CCPA) in the United States, and the GDPR and PSD2 in Europe. It also includes anti-money laundering (AML) regulations built around payment fraud prevention.
Banks and payment method providers must meet tough regulatory requirements, including safeguarding customer data, to avoid costly fines and sanctions.
2. Corporate Compliance
Companies must establish internal compliance standards to manage risk assessments, secure sensitive data, and perform regular audits.
The aim is for the best risk management possible so that the threat of non compliance is kept low, and payment systems and processors can continue to run smoothly.
3. IT/Technical Compliance
Securing payment infrastructure is crucial and meeting PCI DSS standards is central to this. These include protecting consumer data and guarding against data breaches during payment processing.
Strong customer authentication (SCA) and multi-factor authentication add layers of consumer protection to today’s transactions, particularly digital payments and e-commerce transfers.
Compliance requirements are probably tougher than they have ever been, but organizations reap the benefits of meeting them. They experience higher customer trust and are more likely to operate their payment networks smoothly than companies that cut compliance corners.
What is Payment Card Industry Compliance?
Payment Card Industry compliance, also known as PCI compliance, refers to a set of security standards set up to ensure that companies handle PCI credit card transactions securely.
These standards are set by the Payment Card Industry Security Standards Council (PCI SSC) and apply to all organizations that store, process, or transmit cardholder data, including debit and credit card information.
Payment Card Industry compliance requirements include maintaining strong firewalls and security measures, regular network monitoring and testing, and mandatory employee training on security policy.
Only by following these to the letter can companies consider themselves PCI compliant.
5 ways payments compliance has changed this year
Companies that already have extensive compliance procedures to deal with probably don’t feel ready for significant changes to sweep through the industry, but the more efficiently they can weather them, the better their short-to-mid-term prospects will be.
Here are five notable recent events that executives should be aware of.
1. Resolution planning to expand to large and regional banks
The recent bank collapses outlined above have prompted the Federal Reserve to demand that large and regional banks (those with at least $250 billion in assets) have detailed plans for winding down operations if they fail. These plans, known as "living wills," are designed to prevent a bank's collapse from causing wider financial chaos.
Resolution planning has already been in place for systemic banks since the 2008 financial crisis, but this expansion is a significant step for regulators.
Their reasoning is that even non-systemic banks can pose a systemic risk if they fail. Regulators want to ensure that a bank's demise doesn't hurt customers or the broader economy.
The new payment rules and regulations focus on the financial health of large and regional banks, including their capital and liquidity capabilities. They stress the importance of maintaining access to payment, clearing, and settlement services for customers in the event of a crisis, as well as an ability to protect customer data.
While this enhanced regulatory scope aims to protect the financial system, it also brings higher compliance costs that may drive up outgoings for both banks and customers.
2. Mid banks must issue around $70 billion in long-term debt
In a further move to protect the financial system in case of non-systemic failures, the Fed has also signed off rules for banks with at least $100 billion in assets to issue long-term debt as a protection mechanism should the worst happen.
The amount, thought to be around $70 billion, will shift the burden of insolvencies aways from depositors and onto bondholders, thus reducing pressure on the FDIC’s Deposit Insurance Fund (DIF).
The move will help banks meet payments compliance and project long-term stability but they might be required to raise interest rates to attract bondholders as a consequence. This could also cut into their profits and lead to higher costs for consumers.
Finding the right balance between keeping operations running smoothly while adhering to these new compliance standards is likely to become much more complicated but ultimately worth the effort for the affected banks and financial institutions.
3. The Basel Committee’s have released new capital standards for dealing with crypto assets
The Basel Committee's new capital standards for banks dealing with crypto assets, especially stablecoins, are set to shake up payments compliance in several important ways.
These standards require institutions to hold higher capital reserves and maintain better liquidity in the face of increasing crypto adoption. More specifically, this involves maintaining a 1:1 capital requirement for stablecoins and higher risk weights for other crypto assets.
In other words, for every dollar of stablecoin issued, banks must hold an equivalent amount in capital reserves.
Banks must also enhance their liquidity management practices to ensure they can quickly respond to market fluctuations and potential liquidity crises.
The result may be that banks become more cautious about offering crypto-related services or start to charge higher fees to cover the increased costs.
The need to invest in more robust compliance frameworks may also lead to shifts in how they structure their real-time payments offerings and interact with clients in the growing digital asset market.
4. Key AML Developments are impacting Payments Compliance
Anti-Money Laundering (AML) measures have been a major requirement for financial companies ever since the United States passed its Bank Secrecy Act in 1970. They can, however, be hard for bank and fintech leaders to keep up with.
“The struggle against illicit gains has been a constant in finance.” Lissele Pratt, Capitalixe co-founder
2024 has seen a flurry of significant developments in AML and Know Your Customer (KYC) requirements for banks.
These changes are set to have a profound impact on payments compliance, forcing financial institutions to adapt their strategies and invest in robust new frameworks.
Here’s a rundown of these changes.
- Expanding coverage of the Bank Secrecy Act (BSA)
One of the most notable developments is the proposed expansion of BSA coverage to certain residential real estate transactions and investment advisers.
This means that these sectors will now be subject to stricter AML requirements, including reporting obligations and enhanced customer due diligence.
- New AML/KYC program requirements
New program rules aim to modernize existing regulations and ensure that AML/KYC onboarding programs are more effective and risk-based.
This will likely require banks to invest in new technology and training to meet the increased compliance demands, such as more thorough identity verification.
- The Corporate Transparency Act (CTA)
The CTA, which came into effect in January 2024, introduces new transparency requirements for businesses.
This will have implications for payments compliance, as financial institutions may need to conduct more thorough due diligence on their customers to ensure compliance with the CTA.
- Increased focus on emerging threats
Regulators are also paying closer attention to emerging threats, such as cryptocurrency-related activities mentioned in the previous article, environmental crimes, and elder exploitation.
Financial institutions are asked to be vigilant in identifying and reporting suspicious activity related to these areas.
With money laundering and financial crimes on the up, these measures are a central component of electronic payments compliance in 2024.
5. A critical shift in BOI reporting in time for 2025
One area in which the banking crisis has likely added momentum is in Beneficial Ownership Information (BOI) reporting.
Although FinCEN introduced a reporting obligation for BOI when the Corporate Transparency Act passed in 2022, these high-profile failures have brought systemic risks to the forefront, making transparency in ownership structures even more critical for regulators.
Regulators are now focusing on compliance measures like BOI reporting to ensure transparency. BOI reporting requires companies to identify their beneficial owners by verifying the individuals who directly or indirectly control operations.
For payments compliance, this means many financial institutions and payment service providers must update their reporting practices. Companies that existed before January 1, 2024 have until January 1, 2025 to file their initial BOI reports, which is a significant shift in compliance requirements for many US businesses.
Berkeley Payments: Grow revenue with fully compliant real-time payments
As compliance requirements tighten and become more complex, many payment providers are feeling the strain of staying on the right side of AML and KYC requirements for corporates.
Berkeley Payment recognizes how time-intensive and costly this is, which is why we’ve built a real-time payments platform with built-in KYC and CDD compliance. We use AI and machine learning to extract data from customer documents, slashing the risk of errors and time spent on compliance.
A single API connection grants access to a robust KYC infrastructure, opening up real-time transaction monitoring and risk assessment, even amid changing regulations.
As financial institutions and payment service providers prepare for 2025, Berkeley's solutions not only guarantee compliance but also build customer trust and drive revenue growth.
By partnering with Berkeley Payment, business can turn compliance from a burden into a competitive advantage in a rapidly changing payments market.
Grow your business by being fully compliant AND build revenue at the same time. Sign up with Berkeley Payments to find out how our real-time payments platform can help you do this.