By Adam Atlas
Attorney at Law
It seems that card issuing is the next big thing in acquiring. For many years, ISOs and processors in the acquiring space paid no attention at all to card issuing. In the past, the issuing business was dominated by banks that issue cards with a view to earning interest on unpaid balances.
Lately, however, a new crop of issuing businesses have risen to become key players in the payments marketplace. The purpose of this article is to highlight some of the legal considerations pertaining to the new issuing models of interest to ISOs, merchant level salespeople and other professionals in the payments realm.
For now, technically, all issuers in the United States are still banks. In the UK, payment networks have licensed nonbank entities to become issuers themselves, but that is not the case over here. ISOs, called program managers, do all the work though. Just like acquiring ISOs, issuing ISOs undertake to solicit potential cardholders to offer them bank-issued cards.
The cardholder then enters into a direct contract with the issuer via the cardholder agreement. In most issuing models, the only entity to take possession of cardholder funds is the issuing bank. This lightens the burden on the ISO because taking possession of client funds is usually a regulated activity for which federal registration and state money transmitter licensing is required.
A program manager is another term for issuing ISO. The program manager contracts with an issuing bank to provide services in support of the bank’s issuing program. Example program managers include Mesh Payments, https://meshpayments.com, and Divvy, https://getdivvy.com.
Cardholders obtain and manage their cards through their program manager—much like merchants who obtain and manage their merchant accounts through acquiring ISOs. The term "program manager" is used to emphasize the fact that each card program is still a bank-controlled program but managed by an outside supplier. Program managers distinguish themselves by offering cards (of their banks) to specific niche markets and combining the cards with convenient expense management tools and integrations (for (Quickbooks, for example). Bank regulators, such as the Office of the Comptroller of Currency, require banks to supervise the activities of their program managers.
In addition to bank oversight, program managers are also often subject to oversight by federal and state regulators. Depending on the relationship between the program manager and the issuing bank, the program manager may be obliged to register with the U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN). FinCEN is the federal anti-money laundering regulator and requires that every card program be operated pursuant to an anti-money laundering program.
Responsibility for AML oversight is often shared between the issuing bank and the program manager, but one party has to lead. The objective of these requirements is, of course, to prevent bad actors from abusing the financial system for illegal or harmful purposes.
Acquiring ISOs and processors know a lot about issuer revenue; they collect it from merchants in the form of processing fees. The majority of interchange collected from merchants under merchant processing agreements is settled to the card issuing banks.
If you pay your credit card balance on time and in full every month, you might think your issuing bank is earning nothing from you. Not true. The issuing bank earns a healthy portion of all the fees merchants pay to accept your card. Some of those earnings are converted into air miles, points or cash-back programs, but a lot of them are simply revenue to the issuing bank.
Indeed, if the card is a debit card, for which there is no interest accumulating on unpaid balances, processing fees comprise basically all of the revenue for the issuer.
The money in issuing is in getting a taste of the issuer’s share of fees paid by merchants on their cards. As with any ISO program, issuing ISOs will seek to maximize their revenue per card and per transaction.
There are two areas in which issuing is harder than acquiring: technical systems and AML compliance.
Most issuing banks do not have a significant amount of in-house technology to support their issuing programs. They outsource processing to suppliers just like acquiring banks. Indeed, some processors manage data related to both issuing and acquiring. That said, some processors specialize in one or the other.
The issuing bank will rely on its issuing program manager/ISO to source an appropriate processor for a new card issuing program. The ISO needs to account for the cost of that processing service, which is always a substantial part of the start-up and operational costs of a card program.
What is more, the processor will often not have all the technology necessary for the entire card program, which requires the ISO to develop its own technology prior to launch—usually covering the "last mile" between the processor and the cardholder (for example, a card app). While program-manager-in-a-box offerings do exist, the cost is always significant.
AML compliance for classic acquiring ISOs usually consists of making sure names and IDs are collected from merchant owners. These are then scanned against OFAC sanction lists by their acquiring bank or a processor working with them.
On the issuing side of the business, banks expect much more from the ISO, including collecting cardholder information, scanning cardholders against OFAC sanction lists, and monitoring cardholder activity for illegal or suspicious transactions. For program managers that are FinCEN-registered, this would include submitting suspicious activity reports to FinCEN.
With virtual cards and powerful gateways, card issuing has become much more versatile in helping cardholders, especially businesses, with expense management, fraud control and security. Narrow margins in acquiring make issuing an opportunity to consider.
The barrier to entry in issuing can be high in terms of cost of technology and AML compliance, but it is a service that can be an excellent complement to traditional merchant services, opening doors to a new variety of value-added services for merchants.
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For further information on this article, please contact Adam Atlas, Attorney at Law via email at email@example.com or by phone at 514-842-0886.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next