By Adam Atlas
Attorney at Law
Recent news concerning failed German payment processor Wirecard resounded across the fintech world: financial irregularities, CEO steps down, CEO arrested, operations suspended, bankruptcy — all within a few days. This happened after auditors revealed they could not find $2 billion on Wirecard's balance sheet, and the company subsequently admitted the funds might be "missing."
What legal lessons can we learn from a disaster that befell what was perhaps the greatest European ISO and processor? Following are six to remember.
From their vantage point, ISOs might imagine processors are flush with cash. This is often not the case. Like ISOs, processors borrow money to grow their businesses. Investors in that growth are hungry for results. Thus processors, like many borrowers, are greatly tempted to impress their investors with numbers that are something other than the truth.
When a processor is leveraged, the ISO is put at risk because processor insolvency can result in an interruption, reduction or complete elimination of ISO residuals. In the event of insolvency, the trustee in a processor's bankruptcy has a vested interest in continuing to pay ISO residuals, but the legal obligation to do so may drop away, leaving the ISO completely without recourse.
Like Wirecard, U.S. processors carry enormous debt that is serviced by the hard work of ISOs and other revenue sources. ISOs negotiating contracts with processors should consider what would happen to their residuals if a given processor were to become insolvent or bankrupt. Can ISOs secure rights in respect of their residuals in the event of that outcome? Most ISOs do not have the bargaining power to achieve special rights in the event of a processor bankruptcy, but some ISOs and super-ISOs may have the ability to do so and should consider pursuing this option.
It is too early to tell whether any shenanigans took place concerning Wirecard merchant reserves. However, one classic example of processor or large ISO wrongdoing is to treat merchant reserves as if they belonged to the processor or ISO.
Merchant reserves, of course, are funds that rightfully belong to merchants and should not be commingled with processor funds. In fact, the payment network rules generally require acquirers, processors and ISOs to keep merchant reserves at the acquiring bank and not allow them to be held elsewhere or used for purposes other than protecting the acquirer and its sponsored entities from merchant losses.
The hole in Wirecard’s balance sheet appears to have related to certain third-party processors that were processing for merchants in foreign jurisdictions where Wirecard was not itself licensed as a domestic processor. In my experience advising international super-ISOs, it is highly unusual to leave processing revenue overseas.
If the auditors of Wirecard had sufficient experience in the processing industry, they would have found it peculiar early on that substantial amounts of revenue from third-party processors in certain foreign countries stayed in those countries and were not repatriated to the parent company in Germany.
The norm in international processing is for the parent company to repatriate most of the revenue earned by foreign subsidiaries or foreign partners, leaving only enough money in country to cover local tax obligations and pay local down-line agents and acquirers.
In every payments business of consequence an inevitable and healthy tension exists between business interests on the one hand and compliance interests on the other. Business interests seek to maximize processing volume and the quantity and variety of merchants. Compliance interests rightly seek to limit the quantity of transactions and the type of merchants so as not to result in the company aiding and abetting illegal activity, such financing of terrorism, money laundering, or other illegal or risky actions.
Where business wields too much power over compliance, the results can be catastrophic. Evidently, had Wirecard's internal audit compliance standards been more rigorous, the catastrophe might not have occurred. Conversely, had internal audit compliance been stronger, Wirecard would not have become such a (seemingly) valuable stock.
A business does not need to be the size of Wirecard to establish a healthy balance between business and compliance. The smallest ISO should experience the tension of wanting to grow the business as quickly as possible, while at the same time not wanting to submit false information or merchant applications that do not meet compliance standards.
Yes, it could. .S. processors are increasingly international and rely on large international auditing firms, like the ones used by Wirecard, to ensure that their domestic and foreign operations are properly supervised. Payments and processor financing are ever more international.
I am not aware of imminent risk to any U.S. processor, but the Wirecard example is eye opening for domestic ISOs, because they carry the financial risk of the processors that pay them. Before accepting a new ISO, a processor usually puts the ISO through a rigorous due diligence process. Why not turn the tables? ISOs should take the time to understand the financial soundness of the processors for which they wish to sell so they, too, can assess the risk of their most important business partners.
Most ISOs rely on a single processor for the majority of their revenue. ISOs should invest in secondary relationships that generate meaningful residuals so that if one processor disappears, the others will be substantial enough to continue the ISO's operations.
The first step in diversification for ISOs is to ensure that each of their processing relationships is nonexclusive, thereby allowing ISOs to create secondary relationships without putting themselves in breach of their ISO agreements.
Comparison of a typical U.S. ISO to Wirecard is perhaps like comparing the turtle and the hare. Hopefully, the steady, tireless effort of a typical ISO, although slower than fintech sensations, will pay off in the long run. There is no better expert at generating processing revenue than an ISO experienced in soliciting individual merchants. 
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For further information on this article, please contact Adam Atlas, Attorney at Law by email at atlas@adamatlas.com or by phone at 514-842-0886.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
