Pay.UK to Launch an 8 Week Consultation to Implement ISO 20022

In early February seeking particpants’ views, Pay.UK is set to launch an 8 week consultation on how best to implement ISO 20022.

The Association of Independent Risk & Fraud Advisors (AIRFA) is an active Pay.UK guarantor. We also wish to draw your attention to their planned consultation in February 2020, an opportunity for all stakeholders to provide feedback on a major industry development.

The Standards Authority at Pay.UK is responsible for setting and maintaining these standards in the UK payments industry. More detail on their role can be found at

As part of the New Payments Architecture, industry is adopting the global standard ISO 20022. It enables payments to carry more associated data. This will provide greater insights, form the basis of new services and deliver better outcomes for all stakeholders.

Pay.UK will launch an 8 week consultation in early February seeking particpants’ views on how best to implement ISO 20022. This will ensure key standards defined for clearing and settlement capabilities of the New Payments Architecture will benefit the widest possible community.

Pay.UK consultation documents will be published on their website at

Pay.UK expect the findings to be published in the second half of 2020.

Watch the Pay.UK website for further information. If you have specific questions please contact Pay.UK at

For more information visit

Kevin Smith is a Senior Payment Services & Risk Management Consultant & Industry Advisor at Riskskill and permanent member of AIRFA.

What is FCA’s Position on Facebook Libra Crypto-Currency?

Facebook Libra Currency

Facebook has ‘let it be known’ in the USA to a House Financial Committee, that it has selected the Swiss Financial Markets Supervisory Authority (FINMA) to be Libra’s regulator. It stated that the Swiss were “best prepared to oversee the global market for digital currencies and privacy”.

This in itself shows a great naiveté on behalf of Facebook OR some extreme gall.

The currency will seemingly replace various fiat currencies in the jurisdictions in which it acquires customers. In the UK: the FCA (Financial Conduct Authority) has in recent days published its findings on its Digital Currency consultation in the form of its Guidance on Cryptocurrency (CP19/22). This makes it very clear that such currencies, if offered to customers in the UK, then the currency will be governed by UK legislation and will fall into the UK perimeter for FCA regulation.

This means that to operate and supply services (Libra) to people in the UK, then it must have a UK FCA licence; and must comply with UK legislation and regulations, even if some of these happen to be have common or shared laws with the EU.

Accordingly, this then means that Facebook et. al. are being either a) Extremely naive or b) Very ‘gung-ho’. In either case, we should be worried.

If they are being naive, and if they have not understood the FCA guidance and the UK regulations then perhaps we should be very concerned, as this may be an example of companies, such as Facebook, disregarding what their lawyers ought to be telling them. Or maybe they are doing this, in spite of what the lawyers say. Either way this does not appear professional, nor a company / consortium in which we should trust to manage our highly-regulated payment systems if they simply ignore the regulations.

Facebook ***may*** however, have even made a commercial decision (the ‘gung-ho’ position) to ‘press ahead’ with a ‘minimum viable product to disrupt the market’ and to then argue their position as having been a sensible alternative route not requiring the same regulations; i.e. when things go wrong and when the prosecutions arrive. They may have decided even, that the legal process involved in pursuing them might take long enough to start, for them to be impossible to stop by this time, so as to decide now to worry about the whole ‘consequences’ problem later. Maybe they also think that this worked for them for Facebook data protection law issues (remember the Cambridge Analytics case and Data Protection fine in the UK for £5billion last month) or for their tax jurisdiction selection.

Above all, FINMA in Switzerland do not have jurisdiction over, or authority to regulate across Europe: and if they did, I am not sure that the rest of Europe would be happy for them to do this, given the complete inability to get the Swiss financial system to release any data from ‘their clutches’ in relation to any matter (crime included), and where they banks routinely hide behind the Swiss secrecy laws. Seventy+ years on, people are still trying to uncover hidden assets from all sides from the 1940s that the United Nations demanded of them and has done consistently ever since.

The regulators in the EU (and globally) have a very good reason to be concerned. I am not sure that regulators really know how to deal with a company that believes that they can ‘do what they like’ and which tells them as the regulator what they must do.

RiskSkill provides Services for all Risks, Fraud and Compliance solutions for e-money, e-payment, internet payments, e-funds, e payment systems, online payment and digital cash’s safe transactions. RiskSkill is also a permanent member of AIRFA an independent and global risk and fraud advisors organization.

European Union Decides to Reduce Inter-Regional Card Processing Fees

Kevin Smith, Riskskill: What does the inter-regional interchange fee rate picture look like today and where is it moving to?

Card Payments

The European Commission is the first competition authority to take action against Visa and Mastercard for their excessive inter-regional interchange fees. With its experience and successes in reducing intra-regional interchange fees in Europe, this latest action and its positive impacts has set an interesting precedent. It is great news. The European Commission move addresses both regulator and merchant concerns about the unfair and extreme costs of processing non-European cards.

Since 2015, domestic and intra-regional consumer card interchange rates within Europe have been driven down significantly. Although the end result of these fee reductions should have been passed through from merchants to customers, it is not clear how or if this has occurred. Recent Payment Systems Regulator (PSR) attention and their UK industry consultation has shown that the merchant service charge (MSC) also contains many other scheme fees, acquirer fees and margins.

And let’s not forget the myriad of other organisations in the transaction processing flow, providing their services and expecting their fees.

European regulatory attention and merchant concerns should not be a surprise. Not when typical consumer card interchange rates within Europe are now at just 0.20% (debit) and 0.30% (credit) – where they are 1.20% and up to 1.97% for equivalent inter-regional POS transactions in Europe.

Most merchants in Europe, have more domestic card payments than other European card payments; and only lastly non-EU card payments. On this basis, most European merchants, do not experience or notice the impact of accepting cards issued outside of Europe.

However, for many European merchants with lots of international customers, their cost of accepting cards is exaggerated by these disproportionately higher inter-regional interchange fees.

The wide gap between domestic and intra-Europe interchange costs and those for inter-regional transactions makes us ask what the different costs are for processing these transactions, i.e. are there really any greater risks or costs involved with the inter-regional transactions?

Based on the rhetoric use by the European Commission, Visa and Mastercard strangely, did not fight for the status quo, so quickly led to the agreement of new and reduced fees.

So what does the inter-regional interchange fee rate picture look like today and where is it moving to?

Figure 1: Card Present Transactions acquired in Europe

Face-to-Face / Card Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.10% and 1.97% 0.20%
Visa Consumer Credit 0.30%
Mastercard Consumer Debit Between 1.10% and 1.98% 0.20%
Mastercard Consumer Credit 0.30%

Figure 2: Card Not Present Transactions acquired in Europe

Online / Card Not Present Transactions Inter-regional Interchange Fee – Today Inter-regional Interchange Fee – Pending
Visa Consumer Debit Between 1.44% and 1.97% 1.15%
Visa Consumer Credit 1.50%
Mastercard Consumer Debit Between 1.44% and 1.98% 1.15%
Mastercard Consumer Credit 1.50%

The European Commission argued that this reduction: “will lead to lower prices for European retailers to do business, ultimately to the benefit of all consumers”.

For those merchants with higher card acceptance from outside of Europe, the European Commission believe that the cost savings could be 40%.

The European Commission decision does not raise important further questions about other payment scenarios:

a) Now that the parties have agreed lower inter-regional interchange rates, when will these revised fees come into force?

The European Commission states: “Under the commitments, Mastercard and Visa each undertake to reduce the current level of inter-regional interchange fees to or below the following binding caps, within six months:”

NB: the scheme commitments will apply for five years and six months from the above date.

But when does this six-month period begin?

  1. The date from the which the European Commission made the scheme commitments legally binding under EU antitrust rules, or
  2. Is it from the date communicated by each scheme to its respective client issuers and acquirers?
  3. Or as reported by the BBC UK website on 29th April 2019, i.e. on 19th October 2019 for five years.

Scheme updates posted following the European Commission press release confirm that the effective date for the inter-regional interchange alterations is indeed 19th October 2019.

b) What about inter-regional debit and credit cards in mail order and telephone order (MO/TO) in Europe?

The European Commission only refer to online payments. Can we assume that MO/TO transactions, though not specifically mentioned, are included in the European Commission definition of Card Not Present transactions?

Scheme updates posted following the European Commission press release confirm that Card Not Present transactions are all transactions other than card present transactions, so MO/TO transactions are included in the planned fee reduction.

c) A trustee will be appointed by the Commission to monitor the implementation of the commitments. Who will be monitored?

  1. Will they monitor Visa and Mastercard and whether they enforce the fee reductions in line with the agreement?
  2. Or will they monitor individual merchant acquirers and their agents to see if they deploy lower pricing within the agreed timeframe?
  3. Or will they monitor individual merchants to see if the lower costs lead to lower consumer prices?

d) How will EU card issuers justify and defend their continued receipt of higher interchange rates for card usage outside of Europe – i.e. the reverse of this agreement?

Will similar regulatory and merchant pressure outside of Europe lead to reduced interchange fee costs elsewhere and therefor reduced income for European issuers for non-EU based transactions?

As with previous interchange fee rate reductions, we should expect unexpected and unintended consequences?

e) If a South African-issued card accepted in Europe incurs the new lower interchange rate, what does that mean for the same card accepted in Australia or the US?

This is not a matter for the European Commission, but clearly, they will provide essential guidance and advice to other national payments and competition regulators around the globe to challenge Mastercard and Visa further.

International merchants with a presence in Europe and in other regions and countries around the world will increasingly question why they are incurring very different interchange fees across different regions and markets.

Is this the ‘beginning of the end’ for over-inflated and higher global inter-regional and local interchange rates?

f) What about the three-party model?

Inevitably, such schemes will be forced to revisit their merchant pricing to ensure any merchant preference or favour for such brands.

g) Will lower interchange fees, mean increases in other card processing fees?

In the UK most noticeably, and across the rest of Europe, we have witnessed that lower interchange rates have been offset by increases in acquirer pricing, such that the positive pricing effect does not pass through to the end customers.

Are we going to see a similar offset of inter-regional interchange fees with poorly explained increases in scheme fees for inter-regional transactions and corresponding acquirer processing fees?

h) What about non-EEA countries? The European Commission press release on 29th April 2019 states that the inter-regional interchange rate reduction will positively impact transactions acquired in EEA countries.

Effective April 2019, Visa no longer treats Israel, Switzerland and Turkey as part of their EEA market definition. This means that transactions into and out of these countries, for example the UK or US, are now treated as international for interchange purposes and scheme fee levels.

i) So what does this mean for commercial cards and any other programmes? These have been excluded from regulatory pressure on interchange reimbursement fee reductions.

Inter-regional commercial card transactions do remain a very small percentage of total card expenditure for many European merchants.

Commercial card interchange rates are typically between 0.20% and 2.10%.

Small Business, Commercial and Corporate Card Transactions Inter-regional Interchange Fee – Today
Visa Commercial Debit Between 0.20%+ GBP 0.01 (according to Visa Business Immediate Debit) and 2.00%
Visa Commercial Credit
Mastercard Commercial Debit Between 0.20% (according to Mastercard debit Government payments) and 2.10%
Mastercard Commercial Credit

So how long will it be before commercial debit and credit cards are included in the regulatory challenges to reduce interchange fees?

The changes and this agreement are all great news and positive developments, but the implications and implementation still need to be better understood and defined, and there remain many questions and some big issues there-in.

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring. At Visa, Kevin headed acceptance and acquiring development and was instrumental for changing how Visa viewed payment acceptance, acquiring and retailers in Europe. Kevin also led fraud and compliance management functions at a senior level at Visa. Kevin has worked in retail management for a major UK retailer, and for a major UK high street bank in its retail banking cards and acquiring development business; in senior roles at Switch, the original UK domestic debit card scheme; as well as in Visa Europe and Visa International in the US.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy, with an impressive international track record of helping payments businesses to find and mitigate payments challenges and risks. The firm works with clients to put in place strategies and programmes of work to make payments businesses or functions more profitable, less susceptible to losses, risks and regulatory issues and compliance problems. is a global GARS Reviewer for Visa and a member of AIRFA, the Association of Independent Fraud and Risk Advisors

For further information, please contact: Bill Trueman or Kevin Smith at and

Riskskill to Support Web Shield at RiskConnect Conference 2017 in Frankfurt

RiskSkill to Attend RiskConnect Conference 2017 Frankfurt

Riskskill is proud to be supporting Webshield at their conference – RiskConnect 2017, in Frankfurt, later this month. The networking conference for risk and compliance professionals takes place at the Hilton Hotel next to the airport at Frankfurt am Main on 23-24 November 2017. RiskConnect a networking conference is organised by Web Shield, which provides on-boarding, underwriting and monitoring solution.

These two days conference will be attended by the though leaders of industry experts for discussing the newest challenges faced by the industries. Relevant knowledge and necessary solutions will be discussed which can be used in daily risk assessments of the industry. RiskConnect is the independent platform where risk and compliance experts can share their knowledge and broaden their horizon over the topic so that they can remain ahead of all others over the issues.

Kevin Smith of Riskskill stated “Riskskill is pleased to be supporting Webshield at this event, an organisation that has done so much to shake-up the approach to enhanced risk management.”

He added.., “Riskskill is also honoured to be presenting along side a wide range of influential organisations, including senior risk management representatives from both MasterCard and Visa.”

Other speakers include: Thomson Reuters Special Services, the Internet Watch Foundation, the Malta Gaming Authority, Vendorcom, HSBC, Latham & Watkins, FCNB, Manitoba Securities Commission, Minerva Partnership, Verifi Inc.,

Riskskill encourages interested risk and compliance professionals to look for last minute places at this event.

Further information on this event is available at

Kevin Smith is a highly experienced specialist in Mobile Payments, Wallet payment, Payment Systems, Payment Technology, Payment Fraud Prevention, Risk Review and Due Diligence Investigation Services. Kevin is also a member of AIRFA, and associated with RiskSkill and UKFraud.

Further information will be published on Riskskill……………

QR Code Fraud Growing Fast in China

I am so very surprised:

a) This did not happen long ago.

b) China had adopted this so widely with AliPay and put everything into QR so readily given the risks / exposures that are starting to emerge here.

c) That there are still strong proponents of the QR code (anywhere).

It will be interesting to see if this is the beginning of the end of QR codes in payments now that the fraudster community has (finally) woken-up on the possibilities. It will be interesting to see how easily and how quickly the Chinese payments and AliPay in particular migrate to something else. My money is upon a world-class mobile solution.

In the interim, they ***may*** just limp along with a ‘closed-loop’ APP development that has limited execution of ‘QR code’ code.QRCode

For more information visit here.

This article was originally published by Bill Trueman at

Risk-Based Approach for Due Diligence in Anti-corruption Issues

Points of Discussion in this Article

1. Importance of due diligence in corporate transactions
2. Framework finalized in U.S. Jurisdiction
3. Aim of Diligence
4. Risk Profile

1. Precis

Transactions related to investment and acquisition pose significant risks concerning anti-corruption affairs. Although there is huge financial opportunities in the corporate business but it comes along with a set of corruption risks, that, if ignored, can bring consequential risks to the company. So, the corporate sector is now moving ahead under the wave of anti-corruption due diligence that will mitigate risks in the corporate transactions. This stream might not guarantee 100% security but it will definitely find the compliance vulnerabilities and structural risks, provided the execution of diligence process is courteous, well programed, and well accomplished.

2. U.S. Jurisdiction

A framework has been drafted and rooted by U.S. Department of Justice and U.S. Securities and Exchange Commission for probable liability. Its requirement arose due to the high risks involved in corporate transactions, specially amidst the international boundaries. The drafting and confirmation of this framework is done under the Foreign Corrupt Practices Act (FCPA). For details, click here.

3. Aim of Diligence

The framework finalized in U.S. Jurisdiction covers successor liability and in line with this, there are several aim of the transactional diligence. These are given below:

Investigation of risks that might result in liability. These risks include weakness in control, inaccuracy in accounting entries, or suspicious payments. Satisfaction of acquirer in terms of it undertaking suitable steps for identifying the potential risk. Before the transaction, there might not be any risk. However, in case a risk is faced later on, the procedures of due diligence will help in ensuring that there is no liability imposed at the completion of transaction.

4. Risk Profile

An approach which is risk-based is highly preferable to due diligence – this is confirmed by seasoned and reputed regulators. The diligence resources lay complete focus on high-risk interactions with government, regulators and customers. Risk profile is impacted by various factors such as the corporate constitution of parties, suitable geographies, industries and history of compliance. Herein, there are a couple of possible scenarios with multinational transactions. There are many due diligence firms which are operating globally and provides corporate due diligence services. Such firms can really help you save you from going into a loss and fraud deal.

First is the parties are looking to emphasize on anti-corruption reviews along with undertaking due diligence of heightened level on their subsidiaries and affiliates that are globally operational. Second is parties engaged in various industries must be accountant to the possible regulatory scurrility which making the risk profile. Herein, the said parties might already be focused by anti-corruption authorities.

Second is parties engaged in various industries must be accountant to the possible regulatory scurrility which making the risk profile. Herein, the said parties might already be focused by anti-corruption authorities.

While creating the profile, the acquirer must calculate whether imposing of required steps will result in loss, license or some asset.

While creating the profile, the acquirer must calculate whether imposing of required steps will result in loss, license or some asset.

Some other high risk areas are:

A target whose profit are dependent mainly on big government contracts.

A target whose major part of assets depend on government concessions (in past or present).

Such cases can be oil fields, mining rights etc.

Businesses that are extremely regulated. For instance, where timely inspection approvals are required by local authorities.

Organizations that rely on instruction and demonstration of a product

5. Are due diligence procedures helpful?

It is imperative to implement Risk-Based Approach for Due Diligence in Anti-Corruption Issues from the beginning as it helps in reducing the chances of risks. These procedures can be done along with the standard financial postulations of due diligence. Remember that in this case, the access to information will be restricted and so you should scan multiple sources to compile exhaustive data. You can try various sources to gather the information such as assessment of financial ledger, interviews, material of data room and public sources (direct parties or indirect sources).

At this point if you wondering whether due diligence procedures are helpful for your business, then its answer is clear YES! Their implementation will help you reduce the risks and hence safeguard our company’s reliability and credibility in the industry. When we talk about risks, then its types should be trekked in the following areas:

1. Discipline of employees in terms of breaching the policies or norms of anti-corruption.

2. Investigations that are in process or complete (internal as well as government)

3. Policies, training, auditing and topics that can be exposed by whistle blower. All these falls under the control environment of an entity.

4. Side agreements, payments through cash and faulty commissions. All these falls under the tenders / contracts of an entity.

5. Unfavorable findings in the internal or external audits

6. Other Areas of Risk Finding under Due Diligence Procedures

Regulatory relationship of an entity is also one of the main areas, wherein auditing should be done. Herein, important points or resources that should be assessed are approvals like permits and licenses. These can be further elaborated to cover benefits like gifts, expediting payments, fees etc. provided to government inspectors. Another such area is the expenses related to marketing processes such as gifts, travel, entertainment etc. While working on diligence in this area, one should investigate the expense records, conference attendance and trips details. Other areas are:

1) Entity’s relationship with various intermediaries and third parties such as sales agents, distributors, consultants and others. Emphasize must be given on those individuals who directly engage with the government’s clients and regulators. Herein, there are 3 sub areas that require assessment:

(i) Whether an entity is following procedures to review and approve the contracts

(ii) Whether an entity needs written consulting agreements and if these are needed to be

included in various legal clauses viz compliance, audit.

(iii) Whether an entity needs to authorize payments after the completion of documentation.

2) Entity’s teaming arrangements such as its involvement in joint ventures etc., wherein government regulations must be followed.

7. Due Diligence Procedures and their Timing – Both are Important

The discussed anti-corruption procedures are effective only when they are done at the correct time. An entity must discuss the timing part with the other party to implement it before the signing of deal or after it. In most of the cases, parties prefer anti-corruption due diligence procedures to be implemented after the contract signing. One key jeopardy with this timing is that in case a risk is detected after deal- signing, then it might result in price negotiation and/or disclosures at some level, thereby delaying or preventing closing.

For more information on Due Diligence and Due Diligence Service one can contact Bill Trueman a highly experienced specialist in risk review and due diligence. He is permanent member of AIRFA, and director of RiskSkill and UKFraud.

How Due Diligence Can Reduce Third Party Corruption

Due Diligence Investigation Advantages

It is a common practice for businesses to implement internal policies and established a positive and goal-oriented team in order to safeguard their practices from corruption. However, one loophole that still exists and is often overlooked is the outside factors, such as those people, who have a different ideology than that of businesses. This can also be understood as the unethical practices of the 3rd parties that can negatively impact the company’s existence and credibility in the industry. In line with this, UK introduced the Bribery Act 2010 in July 2011 with the aim of combating frauds and corruption related to 3rd parties. One odd concern with this act is that it holds the principal organization fully accountable for the corruption. This has been condemned by Neil Swift, who works for Peters & Peters Solicitors. He cites that even if the main organization is not involved, still they could be held liable for it.

International Corruption Data

Transparency International published The Corruption Perceptions Index (CPI) 2015. Herein, all the countries are rated on the scale of 0 to 100, maximum rating meaning that the country is very clean in terms of corruption.


  • On the rating scale, 53% of G20 Countries acquired less than 50 points.
  • EU and Western Europe scored an average lower than 50 points
  • Denmark scored 91 points
  • UK scored 81 points
  • India scored 38 points
  • China scored 37 points
  • North Korea and Somalia scored 8 points

The publication must be considered by businesses, who desire to expand overseas. Less CPI score does not means that business in those countries should be altogether avoided, it just tells that one should take extra measures while expanding their businesses.

Businesses Should Improve Diligence on Third Parties

By now, it should be clear to you that there is no such foolproof method that guarantee that the third parties would comply with your business-related procedures for corruption and anti-bribery. However, it is important to implement due diligence irrespective to the reputation of third party. If you are not expert in due diligence then it will not be expensive if you take Corporate Due Diligence Investigation Services by any reputed due diligence companies. Here, we will mention some good practices for the same:

1. Risk Assessment to Find Amount of Due Diligence

Here, note down the possible points (make a checklist) that can make the third party risky. For instance, their ranking by CPI (personally owned or open to communication with government entities), their commercial terms etc.

This checklist can help you in the identification of potential risk areas. So, whenever you decided to make a deal with that third party, make sure to consider it.

2. Questionnaire on anti-corruption guidelines

As a business organization, you should prepare a questionnaire for third parties asking whether they have drafted a policy in concern with bribes or not. In addition, you may include questions that relate to the types of reporting systems they follow.

In case, you are not satisfied with their answers (satisfaction can be related to inconsistency, absence of details or indirect replies), you can just pull out of the deal.

3. Provide Suitable Training to the third party

If you have made the decision to undergo a business contract with a third party, then first thing you should do is to give them training on policies related to anti-bribery and corruption. This will make you both on the same level on this aspect. In addition, the importance of training is increased manifolds as every country has a different set of attitudes and laws concerning the corruption. Therefore, it is important to be at par all those guidelines while doing business overseas.

4. Vetting and Auditing

You should take enough time in accumulating information and verifying the reliability & credibility of the third party, as a part of your due diligence process. Some decisive constraints to consider in vetting and auditing process are:

  • Reputation
  • Public records resources
  • Payment of contract
  • Financial background
  • Competency of the third party
  • Beneficial Ownership

Once you are in contract with the overseas business, then you should NOT rest on ones laurels else you might end up in a difficult situation. There are always risks related to third party, even after the contract is finalized. You can develop a framework, wherein you should keep an eye on the performance of the third party via inspections/reviews, site visits, and consistent contact.

Bill Trueman and Kevin Smith are eminent due diligence experts who provide their consultancy services to card issuers, banks, corporates and business organizations globally; and help in comprehensive appraisal of a business/organization before undertaking by a prospective buyer to evaluate its commercial potential. They are chief executives of RiskSkill, & UKFraud and full time member of AIRFA which is a worldwide known independent organization of risk and fraud advisors.

After Ban PayPal Halts Operation in Turkey

paypalIn a strange sequence of events, we read that Paypal has been unsuccessful in securing a payments processing license in Turkey. This means that it will not be able to send or receive money for Paypal customers in Turkey. Furthermore, existing payment funds will have to be paid back to Turkish bank accounts. This does not bode well for Paypal, other global payments systems or the cross-border processing of payments in Turkey and Europe overall.

Why is this? It seems that the BDDK (, i.e. the Turkish Banking Regulation and Supervision Agency introduced a law (June 2013) that required Paypal and others to base their IT systems in Turkey.

We all recognise the need and support for individual markets to protect themselves with appropriate controls, particularly in processing ‘sensitive data’, but requiring all operators to process and retain all data ‘locally’ in Turkey, seems overly reactive and more of a deliberate way of preventing international players from operating in the Turkish market. This will force ‘new’ international entrants to the market to take a more local presence in Turkey – both for governance and for where the IT systems are based. And what about other existing non-compliant entities?

It appears that Paypal have been very gallant and relatively quiet publicly about this situation in commentary since the decision; so it begs more questions:

a) With Turkey’s ambitions to join the EU (negotiations started in 2005), is this really going to help in the spirit of economic collaboration and delivering global commerce?

b) Turkish authorities have enough bigger challenges – so can they really want this to further hinder their campaign?

c) Who else will this impact? Will other and existing companies that are not complying with the same requirements be required to leave the country if they do not meet the requirements that IT systems be located in Turkey?

d) Did no one at Paypal see this coming?

e) Has no-one in the European monolith raised this as an issue with Turkish authorities and explained to them how far away from the spirit and intent of the EU marketplace this really is?

Kevin Smith, author of the news is Joint Chief Executive at AIRFA, and director of RiskSkill. He is highly experienced and independent payment services, risk management and compliance consultant. For more information visit website

Source: Banking

RBS Announces Trial of Cryptocurrency

Royal Bank of Scotland has just announces that it is trialling its own cryptocurrency – which of course, will resonate on the news-lines significantly.

But let’s stop and work out why they are doing this and why they are announcing this?


With around 1000 cryptocurrencies globally and with the market leading cryptocurrency being 100s times bigger than all the others, it seems like a strange thing to do from a marketing, sales, competitive basis. RBS have certainly not said that they intend in any way to ‘corner the market’ or to be a ‘world leader’ in this area – so this is not their motivation. So let’s not get hung up on this, or expect them to start sending you and me application forms any time soon.

Will RBS be creating a gateway for audited and trackable payments to its correspondence banks and across its own network? Maybe. However it is unlikely that it will be replacing its very lucrative payments transmission businesses, but there is an option for it to reduce the costs and increase the audibility of its own internal ‘group’ payments – as it has stated that the trial that it has been progressing with have involved its different banks within the group.

So if it is not going to sell me and you (as customers) a new payments service at lower costs, and it is not going to compete in the alternative currency markets, then we have to read this move by the RBS as follows:

We are a big bank and government run; but we want to demonstrate that we are forward-thinking and are reviewing seriously ALL the new and latest ideas and technologies.

Blockchain and Crypto-currency media gets a good reading and positive reactions from the public so we need to be announcing this to the world.

It is really just work that we are doing in our own laboratories within the RBS group. We are testing these things so that we understand all about them and can then work out where we can use them and where we can adopt them.

So, if this is the case, we can simply read this with interest and forget it; until RBS then follow this with a notification of how they are going to use it in the ‘real world’ – and then we can start to think harder.

In the meantime, it is worth noting that there are so many things that can be done with the Blockchain technology and so many great new business start-ups that are using the technology to evolve real-world business solutions that the banks that will survive in the next 10 years will be those that embrace the new, take the best of what is on-offer and move forward as if they are small agile businesses rather than the big banks that they are.

RBS are seemingly doing the right things in the market (or starting to do so), but this is nothing that we need to get excited about or worry about as consumers. Not just yet.

But this should worry all the banks that are not doing these things.

For further information, please contact Bill Trueman or Kevin Smith (eminent risk and fraud specialists) both are member of AIRFA.

Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

I read with interest that news in Finextra and elsewhere that the banks have been given the go-ahead to sue Target for $30m for the reissue costs associated with the data compromise in 2013. This puzzles me, as I then want to know how the figure of $1200 per card is calculated.

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

To read more visit here