Regulatory and license impact on card issuing

Legal issues related to regulatory or payment scheme rules often arise in questions we receive from our partners and clients. In this article I would like to summarize key dependencies, limitations and rules that have a very important impact on payment accounts opening, card issuing and also acquiring or money transfer activities.

When you are launching a payment institution, you have several areas to cover. One of the most important of them is a legal and rules area. Usually this impact can be divided into three main groups of activities: legal requirements, anti-money laundering requirements (which is a specific type of legal requirements) and payment scheme rules. Let me deep dive into each of them.

Legal requirements

To operate payment activities, almost in any country you need to get a payment license. There are various types of payment licenses depending on the country, so here I would like to summarize the most important details. In many cases you can hear about EMI (Electronic Money Institution license), Bank (Banking license), Credit Institution, Acquiring Institution etc. These requirements are usually connected with operational activities that the company needs to fulfill to perform payment operations for other entities. They consist of:

Regulatory requirements in the areas of security, Know Your Customer, AML, liquidity operations, organizational structure etc.
Audits performed by regulator
Risk of penalties for both the company and sometimes persons involved in payment companies
Outsourcing activities compliance
Local laws that forbid processing customer or transaction data outside of the country
etc.

It is important to understand details of such requirements and to follow changes of law and rules on a regular basis.

From the business point of view those requirements force us to :

Officially register contracts with various partners at the regulator
Get an approval for particular actions outsourced to partners
Perform regular monitoring of payment activities done with cards issued for users of our partners
Follow the national and EU sanction lists
Being ready to block any transaction, account or card at any time

For our partners - just make sure that you follow the rules we inform you about. They are critical for our activity, licenses, so in fact they are securing your business.

AML and KYC requirements

AML (Anti-Money Laundering) and KYC (Know Your Customers) are part of legal requirements but it is worth presenting them as a separate group because they usually have the biggest impact on operations. The main goal of these rules is to ensure that payment organizations are not used to launder money, support terrorist or illegal activities. They also allow governments to monitor a payment activity area which may be helpful in fighting crime activities.

Key areas of impact of those requirements can be summarized as follows:

Payment institution is obliged to perform KYC requirements as defined by the regulator - usually consisting of collected proofs of user identity verification (documents, videos, selfie, talks, and other measures)
In case of business customers and business accounts, not only Board Members but also Beneficiaries of the companies need to go through a KYC and sanction list screening. Beneficiary is defined usually as a person with above 25% shares
At any moment a payment institution must be ready to present these documents to the regulator
Persons and entities placed on sanction lists cannot use services of a payment company
Active monitoring of payment transactions for all users is required
Sometimes proofs of income can be required

It is interesting that AML and KYC requirements do not block us from issuing cards or opening payment accounts for partners located outside the European Union with our payment companies licensed in the European Union. We are allowed to perform payment activities for Brazil, US, China citizens, as well as the Polish, German or French ones.

Make sure that you collect user documents and provide them during the user registration to us to fulfill those requirements.

Payment Scheme requirements

Payment Schemes (Mastercard, VISA or others) have separate requirements that must be followed by their partners and licensees. These requirements are similar to the previous ones but not always the same. Key requirements that do have impact on business are:

We are licensed for a particular country or region. In our case it is the European Union countries (in fact the European Economic Area, which is a slightly different area). It means that with our European licenses we can issue cards for people residing, having addresses or working in the European Union. In case we would like to issue cards for people or entities from outside the European Union we have to get special Mastercard approval which is not impossible but may be difficult to achieve.
We must follow payment scheme requirements on sanction lists and scan users and beneficiaries against OFAC (US Office of Foreign Assets Control) and United Nations sanction lists.
We must be ready to follow Mastercard technical and rules requirements that sometimes may have impact on technical setup and use cases of your users
In case of mandates we need to be ready to implement on time necessary system updates to reach compliance with the Mastercard network

Problematic areas

Usually problems in a business discussion come in the following areas:

Can we issue cards for non-EU citizens? Answer: generally yes, but sometimes there may be problems, the majority of your business must be in Europe, your user addresses or office should be in Europe etc.
What documents do we need to transfer to you during registration? Answer: selfie, international passport is usually a minimum

Following regulatory, AML and payment scheme rules is critical for payment companies. We do not have a choice. This is part of the game of card issuing and we must follow requirements. However, it is good that such rules exist. They make our customers' money safer and minimize much bigger risks of running or supporting illegal activities.

Thanks for reading.

Payment schemes

Ranking of card issuing companies

Card issuing - financial details

Example of Profit & Loss Calculation in card issuing

Regulatory and license impact on card issuing

KYC and KYB requirements in card issuing

PCI DSS & other security requirements

Master balance and collateral in card issuing projects

Pay with Rewards, Pay with Points

Multicurrency cards - 3 implementation options

Customer Service and User Claims in Card Issuing

How to prepare for a card issuing project?

How Can I Reload Payment Account or Card?

Card Lifecycle Management

VISA or Mastercard ?

Card Benefits in Card Issuing Projects

Pre-paid, debit or credit cards ?

Tips to avoid problems when implementing card issuing

Know Your Customer – in-house or outsourcing

Reverse solicitation – marketing & promotion of card issuing in multiple countries

Payout to Cards

Currency Management in Payouts to Cards

KYC requirements in Payout and Money Transfer projects

Various forms of money transfers

Payouts, eCom Transactions or Card-to-Card Payments?

Issuer Wallet and ApplePay / GooglePay - Differences

NFC on iPhone/iOS

Pay by Account - NFC from bank account

On-device tokenization in India

Regulatory and license impact on card issuing

Legal requirements

AML and KYC requirements

Payment Scheme requirements

Problematic areas