Raj Aji, SVP, General Counsel & Chief Compliance Officer, Bill.com
How did you initially get involved in this practice area?
Like all good things in life, I got into this practice area by chance, by being at the right place at the right time and grabbing the opportunity when it presented itself.
After having worked in SF Bay Area for a number of years, in 2009, I was on a sabbatical and living in Asia when Obopay, a Silicon Valley based company, and a pioneer in mobile payments reached out to me. The use of cell phones was growing rapidly around the world and Obopay was introducing mobile payment services in countries where there were “more phones than bank accounts”. Obopay wanted their General Counsel to be based in India, closer to their markets. While I had worked in regulated industries, like telecom, working at the intersection of payments, telecom and technology in those early days was fascinating.
At Obopay we introduced innovative payments products in India, Kenya and other countries in Asia and Africa, to consumers that did not have access to banking services, while operating under a framework of laws that were written for a different purpose and sometimes helping influence new mobile payments regulations. Since then, I have enjoyed working at Intuit and Bill.com, introducing innovative, regulated, technology-driven, financial services such as B2B payments, payroll, lending and insurance.
Tell us why you love this area of the law?
I like working in payments and fintech because it is an industry in which lawyers add unique insights and strategic value by building trust and enabling businesses to bring innovative, regulated products to market.
Payments companies operate in an ecosystem which includes banks, regulators, payment networks and other businesses and consumers. Building trust with each of the participants in the ecosystem is critical and foundational to a payments business’ success. Your customers and partners trust you with their money and some of their most sensitive data. As legal and compliance professionals, we help our businesses build trust in many ways, working with product teams on designing products which are innovative and customer-centric and comply with complex financial services regulations; promoting the responsible use of customer data; and having transparent terms in our marketing and contracts.
What are the most interesting developments in the financial services sector for eCommerce, online and offline payments?
I think one of the most interesting developments is the increased use of cloud-computing environments and the use of artificial intelligence/machine learning technology in consumer and business payments to enhance user experiences, improve efficiency and make payments more economical and frictionless. The actual settlement of a payment is the culmination of a number of complex processes such as identify verification, checkout, payment processing, risk management, tax payments, escrow, compliance operations, invoice generation and processing, and recordkeeping and reporting.
The migration of data bases and applications and business processes to the cloud and use of AI/ML allows for increased data availability, sophisticated shared services and the automation of several of these processes including back office tasks such as invoice processing; management of risk models; identity verification and monitoring for financial crimes.
What are the risks currently facing technology companies regarding payments?
The biggest risks facing payments companies is the flip side of the benefits from the increased use of cloud environments and AI/ML. Increased data availability and use of shared services means that payment companies are increasingly reliant on third party services and more service providers have access to consumer and business data which amplifies data security and privacy risks if not managed right. These risks could expose payment companies to significant legal liabilities and financial losses as a result of fraud and other crimes. Security breaches and privacy violations also erode customer trust in ecommerce and other online services.
As payments and more broadly fintech companies, increase their reliance on complicated AI/ML models for risk management, asset allocation and to monitor for financial crimes, there are greater risks as a result of decisions which are made based on incorrect or misused models, coding errors and use of incorrect data. In addition to financial losses, the incorrect use of AI/ML models and applications could expose fintech companies to enforcement actions, litigation and adverse publicity.
What are the next steps in the development of federal and state regulations in payments?
With the exponential growth in the collection, usage and processing of personal and business data and increase in highly visible security breaches and privacy violations across all industries we are likely to see more federal and state regulations related to data privacy and cybersecurity which will impact payments companies. We are also likely to see more regulations related to the usage of AI/ML models while providing financial services.
Financial regulatory systems in the U.S. are siloed. The cost and time it takes to get licenses in various states and comply with applicable federal and state laws creates considerable uncertainty and regulatory burden for fintech companies. In the next year or two we are likely to see more clarity around the viability of the federal OCC bank charter for fintechs. In the meantime, groups such as the Conference of State Banking Supervisors (CSBS) are working with state regulators on standardizing payments and other financial services regulations across all states.
Finally, as payment systems evolve to include faster payments and payment methods, regulations and payment network rules will have to adapt to those changes.