As marketplaces have become digital and more technology platforms are integrating payment solutions into the customer experience, there has been increased interest among technology companies in potentially becoming money transmitters or partnering with regulated financial institutions (directly or indirectly) to embed payment solutions within their platforms or apps.
A company could embed payments into its software and user interface to combine transaction processing in a seamless, cohesive experience for its customers. For example, an online marketplace connecting lessors and renters could add new payments functionality. Embedding payment functionality in this way could serve as an additional revenue stream by offering payment services as an “add-on” or “value-add” service. This model stands in contrast to one where a company primarily engages in the business of payments, with payments services as a primary source of revenue, such as offering a peer-to-peer money transfer app.
Companies that wish to add payments functionality into their offerings should not add the payment rail first and think about regulatory compliance later. Platforms and marketplaces that rush to offer payment rails without first assessing the legal ramifications may find themselves subject to an enforcement action by a federal or state regulator, dropped by a strategic partner, or realizing too late that the resources needed to add payment functionality far exceeded their expectations or potential returns. Considering regulatory compliance too late, or not at all, could deter future investors, or derail a promising IPO, merger, or acquisition.
Drawing from our experience, below are key considerations for companies to strategically approach the threshold legal and business questions around offering embedded payments solutions, with a focus on the impact to the product’s design, necessary compliance resources, and potential revenue.
Regulatory Compliant Strategies to Embedding Payments
There are different ways to offer payment services and various legal and business considerations companies should think about when considering embedding payments functionality, consistent with regulatory compliance.
Top of mind, at the federal and state level, are money transmitter laws. Generally, a “money transmitter” is a person that accepts value from one person and transmits that value to another person or to another location by any means. In other words, money transmitters are persons who facilitate the transfer of value (fiat or crypto assets) between two consumers, a consumer and a business (or vice versa), or between businesses. A company that is licensed as a money transmitter with all relevant states and registered as a money services business (MSB) with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) is able to sit directly in the “flow of funds” or receive value in an account that it owns or controls from one person, and transmit that value to another person or to another location on behalf of the sender.
There are different approaches to embedding payments in compliance with applicable laws and regulations, including the following:
- the money transmission licensure model, in which the business obtains relevant state licenses and registers as an MSB;
- the partnership model, whereby a company contracts directly with a regulated financial institution to provide payment services (a variation, the banking-as-a-service API model, is where a company directly contracts with a technology company that already has a direct relationship with a regulated financial institution, such as a bank, to provide payment services); and
- the risk-based model, whereby a company relies on an exemption from money transmission licensure and MSB registration to provide payment services on its own.
The optimal approach varies by company, depending on the company’s business goals, risk appetite, and resources for regulatory compliance, among other important considerations. The following chart is an example of how these different considerations may point in favor of one approach over another.
For the most autonomy and unilateral control of the customer relationship, including on-boarding and risk assessments, registration and licensure may be the better path.
The regulated financial institution will oversee and ultimately control on-boarding and some parts of the customer relationship (e.g., required disclosures). But if losing some control is not a deal-breaker, then the partnership path may be the better solution.
If maximizing revenue from payments services is the company’s primary business, then licensure may be the better path.
If maximizing revenue from sources other than payment services, then the partnership path may be the better solution.
Available compliance resources
The payments industry is highly regulated. The result is federal compliance obligations, and state compliance obligations in up to 50 jurisdictions (including Washington, D.C.). Regulatory compliance will require resources.
If minimizing resources devoted to regulatory compliance is a priority, then the partnership path may be the better solution. Note that, as the authors recently discussed, regulated financial institutions may try to pass on some regulatory obligations by contract to the company.
The Licensure Path
Becoming a regulated money transmitter—registering as an MSB and obtaining state money transmitter licenses—is no small matter. While registering with FinCEN as an MSB is a fairly simple and straightforward process, state licensure is very time-consuming and cumbersome, and can be very expensive.
The general purpose of the state money transmission application process is to make sure the applicant has the financial capability, management, and business model in place to successfully operate a money transmission business. Among other requirements, state-level money transmitter applicants are required to submit a business plan, have a surety bond, undergo criminal background checks and fingerprinting, provide financial statements, and meet minimum net worth requirements.
If a company wants to offer money transmission services nationwide, the company must obtain a license in each state and coordinate the licensure process with state regulators. Every state has its own money transmission application, but many states have joined the Multistate MSB Licensing Agreement Program (MMLAP). With MMLAP, the multi-state money transmission application process is more streamlined and coordinated by a single state. The MMLAP application process consists of two phases: (1) review of the general license application requirements applicable to MMLAP participating states by a single state regulator and (2) review of state-specific license application information by other states in which the applicant is seeking money transmission licensure. Generally, the licensure process for a single state may take between six months and one year. If a company plans to go to market in the relative short term, the application processing time may ultimately be the deciding factor against licensure.
Beyond obtaining initial state licenses and registering with FinCEN, licensed and registered money transmitters have important ongoing federal and state regulatory obligations. At the federal level, the purpose of money transmission laws is to combat money laundering and terrorist financing. Money transmitters registered with FinCEN are required to implement and maintain an anti-money laundering (AML) program, report suspicious and large transactions to FinCEN, and comply with recordkeeping and other AML requirements.
In contrast to the purpose of federal money transmission laws, in a large majority of states, the purpose of money transmission laws is generally consumer protection. State-licensed money transmitters are subject to ongoing supervision, such as examination by the state regulator, and quarterly and annual reporting. Oftentimes this requires at least one individual or, in many cases, multiple individuals to be responsible for creating and overseeing the company’s regulatory obligations.
As with other regulatory licensure regimes, there are exemptions from MSB registration and money transmission licensure. However, the exemptions are not uniform and vary from federal to state, and state to state. For example, a company may be exempt from federal MSB registration, but not state licensure. Or, a company may be exempt from licensure in one state, but not in another. If a company ultimately decides to rely on an exemption, the company should consult with outside counsel to understand the legal risk of relying on that exemption.
The Partnership Path
While the money transmission licensure process may be long and cumbersome, that does not necessarily mean that the partnership path is less resource intensive. First, the company must find a partner that is willing to offer its services based on the company’s business model. Each regulated financial institution has its own risk appetite, and a company’s business model may simply be too risky for the regulated financial institution. Further, the commercial partnership agreement negotiating process takes time, and, depending on the partner, there is no guarantee that it will be faster than obtaining state money transmission licensure.
In addition, generally speaking, a company that pursues the partnership path will lose some autonomy. While a company that partners with a regulated financial institution may avoid some direct regulatory scrutiny, the regulated financial institution is subject to federal and/or state oversight and may be liable for the activities of its partner. This means that the company will face constraints and scrutiny from its regulated financial institution partner over its platform and services offered, such as customer on-boarding. Similarly, if the regulated financial institution is not willing to provide a payment service to a certain customer or class of customers, then the company likely cannot offer the service to those customers through its partnership.
The partnership model may also impose additional onboarding or marketing restrictions on a company. Some of these restrictions may arise from the regulated financial institution partner’s own regulatory and risk-management obligations. For example, if the regulated financial institution partner requires certain information to be collected from all customers during on-boarding, it may contractually require the company to collect that information. Similarly, the regulated financial institution may contractually require the company to seek its approval for all marketing materials before they are disseminated, or that certain information or other terms are included in the company’s terms of service or user agreement.
For these and other reasons, partnering with a regulated financial institution does not necessarily guarantee a lighter regulatory burden. Oftentimes, in fact, the regulated financial institution will pass down some of its regulatory compliance obligations to the company. For example, the regulated financial institution may require the company to develop compliance policies that are subject to approval by the regulated financial institution, and implement those compliance policies. Alternatively, the regulated financial institution may provide the company with its compliance policies and require the company to adopt and implement them. Depending on the company’s business model, this may result in multiple compliance policies that must be created or adopted, and followed and managed. Similar to the licensure model, this may require an individual, or multiple individuals, to oversee the company’s contractually required compliance burden. As it relates to compliance risk, the primary difference between the licensure path and the partnership path is the shifting from regulatory risk to contractual risk.
There are also potential financial drawbacks to the partnership model. In the partnership model, the regulated financial institution will usually take a percentage of each transaction it processes. Further, there may be mandatory minimum usage requirements. While these are both business points subject to contractual negotiation, bargaining power is a huge limiting factor on a company’s ability to negotiate such terms. If a company is a small start-up, a larger regulated financial institution partner may not be willing to budge on the usage commitments or the percentage of each transaction that the regulated financial institution partner retains, i.e., its fees for providing the service.
Regulatory compliance should be a primary consideration in the development of embedded payments functionality. Whether regulatory compliance sits with the company as a regulated financial institution (the licensure model), or through its contractual relationship with a regulated financial institution (the partnership model), understanding payments regulatory compliance and the accompanying legal framework on the front-end may ultimately improve business performance, time to market, and strategic relationships.
This article discusses only a few threshold business and legal considerations and risks associated with embedded payments. Companies that plan to enter the payments space should consider, with experienced legal counsel, all of the legal and business considerations before applying for licensure or partnering with a payment service provider.
As used in this article, the term “regulated financial institution” means a financial institution that is registered, licensed, and/or authorized by the appropriate federal and/or state regulator to perform payments services. ↑
A “money transmitter” is a type of MSB. ↑
As previously mentioned, a “money transmitter” is a type of MSB. ↑