Open Banking and prevention of fraud

The failure of German payment processor Wirecard raises questions for the fintech sector and the regulator on both sides of the channel. Within Germany the regulator BaFin had started criminal investigations into the early reports of potential fraud at Wirecard. Wirecard is one of a number of different sorts of accounting frauds and one would have thought that EY Germany would have learnt something from what happened at Enron. It was said by some that Wirecard had more red flags than a communist rally. However, there were still some shareholders who were surprised as the price dropped from just under £89 to £12 on the revelation that approximately £1.49 billion had gone missing. Wirecard had been the darling of many analysts as the main fintech success story to come out of Germany. With an annual turnover of the order of £1.5 billion, finding that £1.49 billion is not just missing, but may never have existed is quite a major shock. The effect of the Wirecard insolvency in Germany was felt by the UK fintech industry. For a while the FCA forced the UK subsidiary Wirecard Payment Solutions to stop offering services. This prevented many UK fintechs such as ANNA, Curve and Pockit who were using Wirecard from supporting their customers who were trying to make payments. This was a surprise to many UK fintech executives as they thought the independence of the subsidiary would enable business to be transacted at least until the point at which they could transfer to a different payment provider. The FCA is in a difficult position in this situation. The question is whether the action they took in stopping all payments was necessary to enable the safeguarding of the balances in the client accounts associated with the UK fintechs. The balances held in those accounts (not held by Wirecard as a bank) were in a form of client account. I would personally have thought it would have been practical to monitor the payments from those accounts without stopping all payments. However, that is a matter that will have to be analysed over time. In the meantime the UK fintech industry has moved on. However, it does raise questions about how people manage the risks of single points of failure when payments are being made on a 24/7basis. ANNA, for example, offered to fund its customer base from its own funds, but found that even doing that would take over a week to implement. Open Banking does provide the technical interfaces that enable different systems to integrate in order to make payments. However, the PISP model does still require Anti-Money Laundering Know Your Client Diligence to be performed which limits the circumstances in which it is cost effective. It is not just a question of connecting computer systems and enabling them to process transactions. Wirecard also raises questions about single points of failure of checks and balances. The German structure of multiple boards still enabled a multi-billion Euro black hole to grow in the accounts over a number of years without it being spotted until 2020. Otherwise perhaps the main lesson to learn from Wirecard is that the fintech sector has failed to learn lessons from the previous similar situations. There are obviously changes afoot in the world of audit, but whether that will ensure that the difficult questions are asked when they should be remains to be seen. By John Hemming MA(Oxon) FRSA