The Role of Compliance and Ethics in Today’s Payments Companies

By Dr. Heather Mark, CCEP

Aristotle wrote that ethics is the habituation of right action.  Essentially, we don’t know what’s right out of the starting gate.  The virtue of ethical behavior is one that we acquire through example and guidelines.  We become ethical, or as Aristotle would have it, virtuous, through practice.  The more we practice right action, the more innate it seems to become.  It’s not an inherent knowledge, it’s a learned trait.  This discussion from Aristotle’s classic work Nicomachean Ethics is a great description of the important interrelatedness of compliance and ethics, particularly in the Payments industry.

The payments industry is highly complex and highly regulated.  It’s unlikely that a person new to the industry would walk in and be able to identify right from wrong, speaking in regulatory sense.  The lattice of regulation created by the card brand rules, state and local laws, as well as federal regulation, and potentially international laws, can cause confusion even among well-entrenched payments professionals.  If you were to overlay that with the development of new business models, such as payment facilitators and marketplaces, the landscape quickly becomes treacherous.  This is where a robust Compliance[1] and Ethics program comes into play.

As Aristotle says, a good government will attempt to legislate virtuous behavior to help its citizens learn to act “virtuously.”  Eventually, its citizens learn to extrapolate that virtuous behavior beyond those circumstances contemplated by law, and simply behave in a “right” manner.  Leaving behind for the moment arguments about legislating morality, let’s focus on the notion that laws act as a guideline for behavior in the absence of an inherent understanding.  The compliance program acts as that guideline for the uninitiated.  Without long experience or an inherent understanding of the potential pitfalls of non-compliance in the payments space, the compliance program acts as the framework for what’s right and wrong, in a regulatory context.

Virtue, or to use the word that is more familiar to us, ethics is, according to Aristotle, what makes something perform well.  So it follow suit then, that an ethical company would perform well. It’s in the best interest of the company, then, to ensure that its team members are inclined to act in a way that is ethical.  That means enabling merchant, service providers, and partners to conduct their business in a way that complies card brand rules. That also means recognizing that simply because we can do something, it doesn’t mean we should.  We’ve seen this play out in the rise of Fintech.

Fintech is an exciting wave of innovation that has been transforming the payments space over the course of the last ten years.  Agile, creative companies have been developing new ways for merchants to engage with their customers.  Things that we already take for granted, such depositing paper checks from our phones, or paying our friends back for lunch through text messages, are just some of the examples of the innovations borne of the Fintech revolution.  But there were some downsides to that rush to the payments space, too.  While the vast majority of new Fintech players took the time to learn the payments space, to understand the regulatory environment, and to play according to those rules, there were a few players that saw an opportunity to cash in on the changing industry.  Software developers without an understanding of the complexities of the space made decisions, which in retrospect, were not founded on a complete understanding of the risk involved, or of the impact it might have on the end user. With a robust and mature compliance program in place, it’s possible that those companies may have avoided those missteps.

In organizations with a mature program in place, compliance is “business as usual,” baked into product development.  The compliance team scopes out potential regulatory roadblocks so that the product and development teams can design with those regulatory requirements in mind.  Additionally, it serves as a learning opportunity, as those teams begin to acclimate to the regulatory environment in which they operate.  They incorporate those requirements as they evolve that product set or the feature set for particular verticals.  They learn the questions to ask when a new project comes along.  The regulatory requirements become just a fact of life, doing things the right way.  In Aristotle’s words, they become habituated to it.  Compliance serves as the touchstone on which companies and organizations can build an ethical culture.

Ethics, then, derives from the repeated practice of doing the right thing, such that when a specific guideline doesn’t exist, one can still determine the right course of action. Eventually, Aristotle says, people will reach a state in which they do the right thing because it is the right thing, not because the law mandates it.  Ethics programs are natural extensions of compliance programs, as companies should empower their staff and contractors to do the right thing, even when it’s difficult. Ethics programs are designed to allow employees to report, without fear of retribution, actions that they genuinely feel violate the organization’s Code of Conduct or Compliance policies.

The importance of having an ethical culture can’t be overstated.  It is what keeps employees invested in the organization and what maintains relationships with clients and partners.  As a side benefit, it helps companies to avoid potential violations of regulatory mandates.  Those violations can result in monetary fines and penalties, compensation to affected parties, and government oversight.  Ethical and compliance violations also lead to lost revenue as a result of reputational damage.  Clients and prospective clients will be reluctant to sign a contract with a company with a demonstrable track record of ethical issues.

What does all this mean to the payments industry?  The industry is predicated on what can be a quickly shifting foundation of the intersection of technology and regulation. Maintaining an operational understanding of the relationship between the two is a vital requirement in any partner or service provider in the industry.   That means that companies that aren’t willing or able to make an investment in maturing their Compliance and Ethics programs are at a competitive disadvantage.  Between card brand regulations, state laws on money transmission, data security and privacy, and federal laws, it quickly becomes imperative for companies to choose a service provider that can help them navigate the compliance landscape, while staying on the forefront of payment technology.  It’s a delicate balance.  What’s more, it’s important to work with a company that can practice some foresight with respect to the potential impact of forthcoming legislation.  Again, this is something that ethics can help accomplish – often doing what’s right to start with can help head off potential issues with future legislation.  An example can be found in the use of mobile payment applications.

Installing an application on a mobile device can provide the software manufacturer with a wealth of information – contacts, geolocation, app and device usage.  All of this data is incredibly useful for marketing purposes, but collecting that data without the express consent of the end-user is problematic, to put it mildly. A number of mobile payment providers were collecting this information and using “big data analytics” and sharing it with third parties.  In fact, that practice led to a number of Congressional hearings on the matter.  This is why users now have the option to turn off location services and apps now disclose what they track.  This same issue is still playing out in the Cambridge Analytics issue with Facebook.  These issues could have been avoided with the adoption of a mindset that says, “Just because we have the technology to do something, that doesn’t mean that we should do it.”  This, again, derives from ethical culture and transparency to both end-users and partners.

Sphere is dedicated to the proposition that a payments company cannot be successful without a strong Compliance and Ethics program.  Since its inception, Sphere recognized the unique position and responsibility that it has to maintain an environment that fosters ethical behavior.  To do so, it is necessary to develop and maintain a Compliance program that serves, not just Sphere, but its clients and partners, as well.  At the end of the day, developing such a program is just another way that we serve our clients.

[1] For the purposes of this discussion, I include security requirements in the compliance discussion.