Payments Resilience: Lessons from Wirecard

Autumn has begun in Europe but nevertheless there is one piece of news from this summer that continues to surprise us with new turns: the Wirecard scandal. Far from being a “FinTech-only” problem, there are a few lessons from this fall out that are critical for both nonbank financial institutions and regulated banking organisations to protect their customers from the next Wirecard.

The Wirecard Scandal Explained

Wirecard is a German payment processor and financial services provider. Within the financial services industry, they sit in the banking as a service space, helping non-banking regulated companies to provide financial products.  In the UK, Wirecard was a pillar of the fintech ecosystem, supporting companies like ANNA Money, Curve, Pockit, Revolut, and even Monzo in their early days.

On the 18th of June, a major accounting scandal involving Wirecard burst into the limelight. Following initial delays, Wirecard’s annual report exposed a €1.9 billion hole in their balance sheet. After that, it was a domino effect! Their Chief Executive Officer quickly resigned and was arrested. Their former Chief Finance Officer was added to the Interpol list. Wirecard filed for insolvency in Germany and, shortly after, the Financial Conduct Authority (FCA) ordered the British company branch to cease all regulated activities in the UK. As a result, the customers of the Fintechs supported by Wirecard saw their money being frozen with no warning.

While new details are revealed almost every week, the company has been dismantled and sold to several successful companies including Railsbank in the United Kingdom, Change Financial in Australia and New Zealand, and PagSeguro Digital in Brazil.

Operational resilience must be at the centre of a business strategy

The summer saga has brought to the light one fundamental lesson for both nonbank financial institutions and regulated banking organisations, namely the need to operate in a state of “permanent readiness”. In practice, this translates into the need for prudence, due diligence and a multipronged approach to operational resilience, especially in the areas of strategic partnership and third-party risk.

As Karl Kiarie, Head of Strategic Transformation at RedCompass Labs, explained: “to be successful, organisations need business strategies that are rooted in the 3 pillars of operational resilience:

• Avoid customer harm
• Safeguard firm’s viability
• Ensure the financial ecosystem’s stability

While this may sound logical and simple, it is quite complex to execute. It requires, among others, to have a robust recovery strategy, test the systems for the unexpected, vet partners through consistent and dependable criteria, identify critical business services provided under the partnership and set impact tolerances for these services.

It is also worth bearing in mind that not every company can afford to maintain fall out solutions and that not every payment processing company will have the resources to maintain back-up solutions on a 24/7 basis. Therefore, having an overall response to severe but plausible scenarios is critical to build agility. A particularly successful exercise that our Strategic Transformation team has adopted to test the Operational Resilience across our client’s critical Payments operations is running “War Games” simulations.

A strong testing framework is paramount in a customer-focused ecosystem

In an attempt to minimize the impact to their customers after the FCA’s decision, Curve completely moved its operations off Wirecard’s platform over a single weekend. Within the current ecosystem, where many partners are involved in the full supply chain, the risk of service disruption for the customer has never been higher. Being able to quickly replace a part of the end-to-end flow while guaranteeing no customer impact is paramount. But how can organisation be sure that their plan works?

The answer is testing. For customer-centric organisations, testing is a necessarily critical part of the end-to-end process. Banks must have mechanisms and processes to quickly check a change, identify and address potential impact for the customers before going live while making sure that their costs do not spiral.

Standard test automated frameworks, however, do not fit in this new environment. They are not processing enough data and the data used is often not fully production-like, which makes it harder to understand the customer’s impact when implementing significant change. They also lack agility and maintaining them is often a massive headache! Investing in a NextGen testing solutions is a no brainer. They allow companies to rapidly test and analyse production like scenarios, using machine learning. At RedCompass Labs, for instance, we have developed and implemented a Quality Assurance as a Service offering that leverages this technology and allows our clients to rapidly process millions of scenarios using data analytics.

Let’s face it, Curve’s great management of the situation sets a precedent, which over time will become the new norm and therefore part of customers’ expectations. Only companies with robust processes backed by technology, able to truly guarantee 24/7 services, in every single circumstance will survive in this new payments world.