What are the legal requirements for issuing payment cards? How do licencing impacts card issuers? What do Mastercard and Visa require? This episode answers these questions and more, exploring the complex regulatory landscape of card issuing, from licenses and audits to user verification, transaction monitoring, and payment scheme compliance. Learn why staying on top of these regulations is essential for financial security and business legitimacy.

All right, everybody. Welcome back to the show today. We're going to do a deep dive on something that I know a lot of you have been asking about. It's something that can be pretty complex, but is super important if you are a FinTech thinking about getting into card issuing.

And that is the regulatory landscape. Yeah, absolutely. A very, very important topic. We have a fantastic expert here with us today to help unpack it all there from Verestro.

And they work with FinTechs every day to help them and navigate these waters. So without further ado, thanks for having me. Absolutely. So, you know, I think the best way to kind of kick this off is to just paint a picture for our listeners.

Like, you know, imagine your FinTech founder, you have this brilliant idea for a new card program. You're ready to go to market and then, damn, you hit a wall of regulations. Yeah. And licensing requirements.

And it's like, wait, what, what do we do now? It happens more often than you think. Right. You know, at Barestro, we see this all the time where, you know, FinTechs, they come to us with these really innovative ideas for card programs, but they might not always have fully grasped the complexity of the regulatory landscape. Yeah.

So let's talk about that. Like, what are some of the first things that you have to figure out when you're starting to think about, you know, issuing cards from a regulatory perspective? Yeah. You know, I would say one of the very first things that we always work with our partners on is is the licensing piece. You know, you can't just, you know, start issuing cards without the proper authorization.

Right. So like, what are we talking about here? Like, what kinds of licenses? Yeah. So there are, you know, a few different types of licenses that are relevant for card issuing activities, you know, in Europe, for example, you have the electronic money institution license that's, you know, more commonly known as the EMI license. You know, you also have like a full-fledged banking license and there can be some other, you know, variations depending on the specific country and what you want to do.

Right. And how do you even know which one is the right one for you? Yeah. That's a good question. You know, each license allows you to do different things.

So some will allow you to hold customer funds while others might only allow you to process payments. It really depends on what your business model is, you know, what are the specific activities that you're looking to do? So it's really tailored to your specific needs. Exactly. You know, at a restaurant, we work with our partners, you know, to analyze their needs and then, you know, we help them figure out, okay, what is the most suitable license for your goals? You know, what do you want to achieve with this program? And then what are the regulatory requirements that come with that? It's like finding the right fit.

Exactly. Yeah. It's like finding the right pair of shoes, you know, you don't want something that's too big, you don't want something that's too small. You got to find the perfect fit.

Okay. So you find the right license, you get all set up, but then that's not the end of the story. Is it like what kind of, you know, what comes along with that license? Like what are some of the things that you have to kind of keep in mind and be aware of? Yeah. It's, it's definitely not a set it and forget it type of situation.

You know, once you have that license, it comes with a whole set of responsibilities and ongoing obligations. Okay. Like what? Yeah. So, you know, we're talking about things like security protocols, KYC and AML procedures, you know, managing your liquidity, you know, making sure that your organizational structures is set up properly, you have to undergo regular audits, you know, there's a whole laundry list of things that you need to keep in mind.

Wow. It's like this, you said laundry list is like this constant checklist in the background. Yeah. Pretty much.

Making sure you're doing everything right. Exactly. So can you give us some concrete examples? Like how do these regulations actually impact the day to day operations of a FinTech? Yeah. Sure.

You know, just to give you a very specific example, let's say a restaurant, you know, we want to onboard a new partner or we want to outsource, you know, a certain activity. We can't just, you know, do that immediately. We have to actually register those contracts with the regulator. We have to get their approval before we proceed.

Wow. And, you know, that can take time, that involves, you know, back and forth communication, making sure that we're meeting all the requirements. So it's not just a one and done. It's a, it's a constant.

Exactly. There's this ongoing dialogue that needs to happen. Yeah. With the regulators, even for seemingly simple things like, you know, onboarding a new partner.

Wow. And then I imagine like that also extends to how you monitor transactions and things like that. Absolutely. You know, we have to constantly monitor, you know, the payment activities that are happening, you know, making sure that everything is compliant, you know, with the regulations and that means that we need to be ready to, you know, block transactions or even freeze accounts or, or suspend, you know, cards, you know, at a moment's notice if we detect any suspicious activity.

It's like you're a financial detective in a way. It's very much like that, yeah. Wow. So it sounds like it's really important to find partners who really understand this landscape, like you were saying, you know, you work with FinTechs to kind of help them navigate all of this.

Yeah. You need someone who can, you know, not only build a fantastic card program, but also make sure that it operates, you know, within the boundaries of the law. Right. So finding those partners who are, you know, speaking the same language and on the same page with you in terms of compliance is super important.

Exactly. You know, at Verestro, you know, compliance is really in our DNA, you know, we make sure that all of our partners are, you know, on the same page, you know, we speak the same language and we work together to make sure that everything is running smoothly. You know, it's about building that trust and transparency throughout the whole ecosystem. All right.

Well, let's shift gears a little bit and talk about something that I know could be a particularly tricky area. And that is KYC and AML requirements. Yeah. Why is this so critical for FinTechs and why does it seem so complex? Yeah, you know, KYC and AML, you know, it's all about preventing financial crime, you know, things like money laundering, terrorist financing.

These are really serious issues and regulators worldwide have implemented very stringent, you know, requirements to combat these issues. And, you know, for FinTechs that are in the card issuing space, you know, it means that they need to go above and beyond just simple identity verification. So we're not just talking about, you know, checking a name against the database. No, it's much more than that.

Like what are we actually talking about here? Yeah. So we're talking about things like collecting and verifying user identity documents. So that could be, you know, things like passport selfies, even in some cases, videos, you know, we need to build this comprehensive profile of our users to really understand who we're dealing with and to minimize the risk. It's like you're putting together a puzzle almost.

Yeah, it's a bit like that. To really get a clear picture of who you are working with. Exactly. And, you know, if we get it wrong, the consequences can be pretty severe, you know, you can face, you know, hefty fines, you know, reputational damage, even, you know, their license could be revoked.

Yeah, the stakes are high. Absolutely. You know, that's why, you know, Verestro, we place a very strong emphasis on having robust KYC and AML procedures in place, you know, we, we don't take any chances when it comes to this. Now, I know, you know, Verestro is based in the EU, but you work with partners and users globally.

So does that create any complications when it comes to KYC and AML? Like it, it seems like you'd need to be fluent in regulations from all over the world. Yeah, that's a common misconception, you know, people think just because we're based in the EU, we can only work within the EU, but, you know, while our licenses are granted by European regulators, you know, we can work with partners and users globally. Wow. Pretty cool.

Yeah, it's really exciting to see that, you know, those boundaries are kind of blurring. Right. But at the end of the day, it all comes down to understanding, you know, the specific requirements of each jurisdiction and making sure that your processes are robust enough to handle, you know, the nuances of international transactions. Okay, so we've talked about licenses in KYC and AML, but there's another big player in this whole regulatory game, and that is the payments schemes themselves.

Absolutely. Yeah. So how did they fit into this whole puzzle? Yeah, you know, we can't forget about the big dogs like MasterCard and Visa, you know, FinTechs need to play by their rules as well, which adds another layer of, you know, complexity to the mix. So what are some of the specific requirements that we're talking about here? Yeah.

So, you know, first off, you have licensing restrictions based on geographical location. Uh-huh. You know, at Verestro, we focus primarily on the European economic area because that's where our licenses are valid. So if we wanted to issue card outside of that region, we'd need, you know, special approval from MasterCard, you know, or whoever the relevant, you know, payment scheme is.

So it's like they have their own territories, almost. Exactly. Yeah, it's like a world map, you know, divided up by financial influence. And then what else? You know, another big thing is sanction lists, you know, each payment scheme has their own list of individuals and entities that are prohibited from engaging in financial transactions, you know, these lists often exceed, you know, what's on national or regional lists.

So we have to meticulously screen, you know, every user, every beneficiary against these lists, you know, we're talking about OFAC, the US Office of Foreign Assets Control, the United Nations list, you know, there's a whole bunch of them. Like a whole other web of regulations on top of everything else. Yeah, it can get pretty complicated. Anything else we need to be aware of? Yeah, you know, technical requirements and system updates are also a major consideration, you know, payment schemes are constantly evolving their systems, their security protocols and fintechs need to be able to keep up with that.

It's like a never-ending race to stay on top of things. Exactly. You know, a good example is mandates, you know, these are directives from the payment schemes that require specific, you know, technical implementations or changes. So we have to be prepared to adapt our systems quickly, you know, to meet these mandates and maintain compliance.

It sounds like a lot to keep track of. It definitely is, you know, but it's all part of, you know, playing in the space, you know, the regulations are there for a reason, you know, they're designed to protect, you know, both the fintech company and its customers, you know, it's about fostering trust and stability within the financial ecosystem. Right. So it's not just about, you know, red tape and bureaucracy.

It's actually about making sure that things are done properly and everyone is protected. Exactly. It's about finding that sweet spot, you know, that balance between innovation and security. And, you know, speaking of that balancing act, and we, you know, we've touched on it a little bit, but this idea of, you know, fostering innovation while also ensuring compliance, it feels like it's like this constant tight rope walk for fintech.

It is. It's a constant juggling act. Like how do you, how do you balance those two things? Because, you know, on the one hand, you have this drive to be innovative and disruptive. Yeah.

From the other hand, you're operating in the very highly regulated space. Yeah, it's about having a deep understanding of the regulatory landscape, you know, building robust compliance systems and fostering a culture of compliance within your organization. You know, it's not just about taking boxes and following rules blindly. Right.

It's about understanding the why behind the regulations and proactively seeking ways to innovate within those parameters. So it's about being smart about it. Exactly. You know, it's about flipping the script and seeing compliance as an enabler of innovation rather than a roadblock.

Right. Like turning that weakness into a strength. Precisely. And, you know, that's what we help our partners do at breast row.

You know, we empower them to push the boundaries of gets possible in the fintech space while ensuring that they remain, you know, firmly grounded in compliance. It sounds like you guys are the Sherpas, you know, guiding these fintechs through this mountainous terrain. We try our best. And, you know, I keep thinking about this balancing act, you know, as we're talking, it's like you're always teetering on the edge, you know, trying not to fall off on either side.

Yeah. You hit the nail on the head. So how do you find that equilibrium? Like how do you, how do you embrace that innovation without sacrificing the compliance aspect? You know, I think it's important to remember that these regulations, while, you know, sometimes they can seem complex and demanding. They ultimately serve to protect everyone involved.

You know, they create a level playing field. They prevent bad actors from exploiting the system. And they build trust among users. So it's really about, you know, creating a healthy ecosystem.

Exactly. You know, a well regulated fintech ecosystem benefits everyone. You know, it allows innovation to flourish while ensuring that it happens responsibly and sustainably. Okay.

So we've explored this license, labyrinths. We've delved into the complexities of KYC or AML. We've even wrestled with the demands of these payment schemes. And it's clear that, you know, launching a fintech card program successfully, it requires a deep understanding of this regulatory landscape.

Absolutely. But before we wrap up this part of our deep dive, I want to talk about some of the common challenges that fintechs face. And when they're trying to navigate this base, sure, because, you know, we've kind of lay out the groundwork, but now let's get into some of the nitty-gritty. Let's do it.

Like, what are some of the things that you see fintech struggling with? And what are some of the, the solutions that you found? Yeah. You know, one question that comes up all the time is, can we issue cards for people outside the EU? You know, it's a natural concern for fintechs that are looking to scale their card programs globally. Yeah. It seems like geographical restrictions would be a constant roadblock.

Yeah. And, you know, it's not a simple yes or no answer, unfortunately. Okay. It's a bit more nuanced than that.

But generally speaking, yes, it is possible to issue cards to people outside the EU, even with a European license. Okay. So there's hope. There is hope, but there are some caveats, you know, the majority of the business needs to be conducted within the EEA, you know, the European economic area, and users outside the EU need to provide, you know, specific documentation, like an international passport, a selfie, you know, as part of the KYC process.

So it's not a free for all, but there is a pathway. Exactly. It's about understanding, you know, those intricacies and working with partners who can help you navigate those complexities. Right.

And that's where for estro comes in. That's where we come in. Yeah. You know, we have the experience and the expertise to help fintechs reach their full potential while staying compliant, you know, every step of the way.

You know, another question that pops into my head is, you know, thinking about this whole onboarding and verification process. It seems like it could be a little bit clunky, you know, having to provide all these documents and jump through all these hoops. So how do you guys at Vestro make sure that that process is as smooth as possible for users? Yeah. That's a great question.

And user experience is paramount, you know, we understand that nobody wants to spend hours, you know, uploading documents and waiting for approval. So we've invested heavily in technology to streamline that whole onboarding and KYC process. Okay. So we use things like, you know, AI powered identity verification tools, you know, automated risk assessment algorithms, you know, all these things to try to make things faster and more efficient.

So it's about finding that balance between security and user friendliness. Absolutely. You don't want to make it so secure that it's impossible to use. Exactly.

You got to find that sweet spot. Right. But you also can't compromise on the security. Right.

Now, speaking of challenges, you know, I know we've touched on this before, but this constant balancing act between fostering innovation and ensuring compliance. It's like, you're always teetering on the edge, trying not to fall off on either side. You're absolutely right. It's a constant juggling act.

So how do you, how do you find that equilibrium? How do you embrace innovation without sacrificing compliance? Yeah. You know, I think it all comes down to having, you know, that deep understanding of the regulatory landscape, you know, building those robust compliance systems and fostering that culture of compliance within your organization. You know, it's not just about ticking boxes. It's about understanding the why behind the regulations and proactively seeking ways to innovate within those parameters.

So it's about being smart about it. Exactly. And it's about flipping the script and seeing compliance as an enabler of innovation rather than a roadblock. Right.

Turning that weakness into a strength. Precisely. And that's what we help our partners do at for us, you know, we empower them to push the boundaries of what's possible in the Fintech space while ensuring that they remain firmly grounded in compliance. That's a really powerful message.

Thank you. It's not about choosing between innovation and compliance. It's about embracing both. Yeah.

You got it. And finding that harmony. Absolutely. And that's what ultimately foster structures, a healthier, more sustainable Fintech ecosystem for everyone.

Okay. So we've talked about licenses. We've talked about KYC AML payment schemes. We've even talked about the challenges of balancing innovation with compliance.

But what about those creative strategies that Fintechs can employ to navigate this complex landscape? What are some, you know, out-of-the-box solutions that you've seen work in practice? Yeah, that's a great question. And, you know, one approach that we've seen gain a lot of traction is what we call regulation as a service. Okay. I like that break that down for us.

Yeah. So, you know, imagine a world where instead of manually reviewing every single transaction, you know, for suspicious activity, you have an AI-powered system that's doing that for you in real time. Wow. You know, that's just one example of how technology can be used to streamline and automate compliance processes.

So it's about using technology to take the heavy lifting out of compliance? Exactly. And it frees up, you know, Fintechs to focus on what they do best, which is innovating and developing those game-changing products. Right. And it's not just about automating tasks.

It's also about using data analytics to gain insights into customer behavior, you know, identify potential risks, and proactively adapt compliance strategies. You got it. It's like having a crystal ball that helps you predict and prevent compliance issues before they even arise. Right.

It's not magic, but it's pretty close. It's pretty close. Yeah. And it's just one example of how Fintechs can really leverage technology to their advantage in this regulatory landscape.

It sounds like the future of Fintech compliance is really about embracing these cutting-edge technologies. Absolutely. And at Verestro, you know, we're at the forefront of this movement. We're constantly developing and implementing new technologies to help our partners stay ahead of the curve and navigate this ever-evolving regulatory landscape.

It's been incredible having you on the show today. It's clear that this is a complex world. It is. But, you know, with the right knowledge and the right partners, it's definitely not insurmountable.

Absolutely not. And thanks for having me. I hope this conversation has, you know, helped to demystify this world a bit and, you know, empowered Fintechs to approach compliance strategically. Absolutely.

To our listeners, we hope this deep dive has given you a better understanding of the challenges and the opportunities that come with entering this space. Yeah. And remember, knowledge is power. So keep learning, keep exploring, and stay in form of other latest developments in the world of Fintech.

We'll be back with more insights and deep dive soon until then. Happy innovating. Yeah, happy innovating.