Financial fraud is at the core of the Wirecard crisis, but legacy processes and culture in IT and finance departments exacerbated the problem, writes Oliver Werneyer, CEO of Imburse

What does the Wirecard scandal mean for the future of digital banking?

In the midst of the Covid-19 pandemic, right between the health crisis winding down and the fear of a second wave kicking up again, we witnessed another corporate scandal with far reaching implications, not only for the company itself, but also its subsidiaries, investors, employees, regulators, auditors and, most importantly, its clients. While there has been, and will be, a lot more good dialogue, debate and analysis on what exactly went wrong with Wirecard, there is a far broader problem that warrants discussion.  

As a result of the accounting fraud perpetrated by Wirecard, businesses that relied on its technology to process payments, including a number of UK firms, saw their payments frozen. These companies were unable to take any payments at a time when cashflow was already under severe pressure and new funds essential to their survival. The Financial Conduct Authority, based in the UK, froze e-money accounts and any payment transactions that were supported by Wirecard to safeguard its clients’ funds. While this action was taken to protect end clients, it also prevented merchants and small- and medium-sized enterprises from getting paid and consumers denied access to their funds.

And while Wirecard was down and companies unable to transact, there was no back up for them, there was no second vendor that companies had integrated with in case something like this happened. There was no plan B. And in most cases, there is never a plan B.

The Wirecard scandal has exposed again just how dangerous single-party solutions are, especially in key parts of your business. The old saying about eggs and baskets rings true: businesses need to tread carefully when only having one vendor solve for a key part of their business. Weather this is for payments, or other business critical areas. A lot of time is spent aligning service level agreements and making sure that vendor downtime is properly managed, with financial implications for when vendors are offline and interrupt their clients’ business.

However, seldomly is there a real solution to the unmanageable. What if your vendor suddenly stops trading all together? There should be an answer. And while companies understand this to be true, the problem that many are faced with is that their IT systems are old, complex or outdated, meaning that integrating vendors, across the business, becomes a complex, time consuming and expensive exercise. Because of this, even doing one integration can take an extortionate amount of time, leaving the chances of companies selecting multiple vendors in an effort to mitigate risk as pretty slim.

Companies are left with the unenviable trade-off between this risk mitigation on the one side, and effective resource utilisation on the other. They have multiple projects and problems that they are trying to solve for at the same time, often with the same resources and limited funds.

Countless companies are unfortunately being held hostage by the age or state of their IT systems and finance processes; ‘hostage’ meaning the sense that just daring to say the words “integration” or “work on the core system” is met with disdain, apprehension and anxiety within the companies. These issues are pervasive across almost all industries, including banking, travel, hospitality, utilities, services and insurance. The fallout from the Wirecard scandal should act as a wakeup call, that relying on single third-party providers for services as critical as payments could put them at significant risk of business disruptions and service outages in future.

Many in the broader industry are quick to dismiss that “everyone” has these payment risk problems, and that this is “par for the course”. That should scare us, because this scandal has shown us that no matter how big the vendor is, the risk remains and just gets more critical in nature. Companies, specifically insurers, banks, and large corporates, are expected to be immune to these types of problems, or at least have strategies to tackle them. When a payment provider goes down, for whatever reason, no customer will care why they cannot receive their claim in an emergency or have access to their funds, and regulators will have a dim view of any such developments. No customer will want to hear about integration difficulties or business trade-offs.

What does the Wirecard scandal mean for the future of digital banking

Oliver Werneyer, CEO of Imburse

What has been laid bare is that many companies are simply not ready for this type of problem and have massive amounts of operational and regulatory risks that have not been acknowledged. It is important for organisations to better classify and understand what the crucial capabilities and services are in order to make their operations more flexible and resilient.

Regulation surrounding payments was traditionally contained within the walls of the traditional banking industry and known payment service providers. Technology development and deployment was also very focused on this smaller group of entities, meaning writing regulation and controlling technological capabilities was simpler.

The market has seen a surge in new payment providers in recent years, especially targeting online and alternative payments, making it extremely difficult for policymakers to keep up and maintain relevant and applicable regulations. Digital payments have many benefits to customers and businesses alike, and with Covid-19 accelerating the preference for and adoption of digital payment methods, even more payments are taking place in this ‘new’ domain. The problem is that this is now largely outside the regulated perimeter of financial services that regulators and market actors have been comfortable with so far.

Now, more than ever, regulators will look into what happened, and act decisively to safeguard customers’ best interest. What new rules and operating procedures the regulators across the UK and Europe are likely to adopt is still open for discussion, however, it is safe to assume that companies will need to respond quickly, regardless of their own operational shortcomings.

Companies will need to look outside of their own organisation and traditional solutions to find new, innovative ways that will allow them to work with, rather than against their own outdated legacy IT systems, deliver multiple projects simultaneously, and manage costs. Requiring and managing multiple banking partners and payment service provider connections is extremely costly and time consuming, and so traditionally only used by large companies. Within fintech, we see the rise of companies and emerging technologies that bring multi-acquiring capabilities that are easy to implement and easily scale.

KPMG states that by 2030, traditional boundaries within financial services will disappear with a move towards ‘platformication’. Banks will let customers choose services from a range of different providers to personalise and tailor offers and experiences to their needs. Consumers will experience a reduction in the number of interfaces and services they need to individually sign up to access the services or products. Coupled with the adoption of open banking, more advanced banking players and neobanks, with greater access to data to support their business models and new propositions, will look to offer significantly differentiated services and experiences that will be, or could be, vastly different to the current offers in the market. The role of the regulator, to safeguard consumers, while not stifling innovation, will be critical in the coming years and they will be getting more involved.

We have all seen first-hand the impact the Wirecard scandal has had on companies, their employees and their clients, and we cannot emphasise enough how critical it is to not be a hostage to your own processes and systems—especially when there are solutions in the market that can address this issue. The urgent question for now is, are you exposed to risks like these and how will you urgently solve them? Simply saying “we are not clients of Wirecard” is unfortunately not going to be enough.