Regulatory Scrutiny of Business: Unavoidable

By Mabel Wilson, CCO, Blackhawk Network

Mabel Wilson, CCO, Blackhawk Network

Evaluating Trends and Determining Impacts

Compliance professionals face many challenges that keep us on our toes, not the least of which is the ever-changing regulatory landscape. Emerging challenges that I see in Blackhawk Network’s industry include the increasing applicability of credit/debit regulation to prepaid products. Whether we’re looking at Regulation E. or other consumer protection requirements, prepaid products are slowly, but surely being made subject to regulations that started with traditional credit/debit products. I also see increased information sharing between regulatory bodies on the state-to-state and state-to-federal levels. This means that if you run afoul of one regulator, the others will find out sooner than if they didn’t have these cooperative agreements. And the regulators are using IT systems very effectively in this data sharing effort. Then there is the blurring of the lines between expectations for fraud and money laundering detection and prevention. This is increasing the need for a new type of versatile resource that understands the regulatory environment and is skilled enough in data design and analysis to pick up fraud and money laundering trends.

Blackhawk Network has a strong team of compliance and risk personnel who work closely with product owners to evaluate these trends and determine their impacts. One thing that worked in our favor is that most of our processes are built on stringent expectations from our issuing banks so we already have in place many of the requirements from these regulations that are now migrating to prepaid products. We’re also continuing to expand our search pool for talent when filling our compliance positions.

Regulations: A Permanent Element in Business

The compliance function will always carry a policing characteristic with it because it requires operators to adhere to certain predefined rules. Especially in the prepaid retail environment, there is a natural tendency to question why prepaid cards should be subject to such regulatory scrutiny.

Blackhawk Network does not shy away from regulation—we see it as a permanent element in our business development efforts and we explore tactics that mitigate the operational impact to our partners.

The primary regulation that ties Blackhawk Network to its distribution partners is the Bank Secrecy Act (BSA), which manifests itself in the Four Pillars of Anti-Money Laundering (AML) programs. There is also the more recent FinCEN Prepaid Access Rule that carved out some exemptions for the sale of prepaid products. Alongside these federal requirements are the state specific regulations that apply to Blackhawk Network because its affiliate is a licensed money services business (MSB) in several states. These federal and state regulations form the basis of all compliance programs that we share with our distribution partners. The approach we have taken at Blackhawk Network is to develop and execute a multi-pronged compliance program that ensures we are meeting our goals using different risk-based methods, which also recognize the different sophistication levels of our network participants. For example, we provide comprehensive documentation that outlines regulatory requirements at the time we sign a new distribution partner, we create our training using different formats such as online learning management systems, PowerPoint decks and webinars, and we offer innovative approaches that help our partners be ready for any type of regulatory inspection, announced or unannounced.

Intersection of Compliance and Business Activities

As is the nature of compliance, inserting it into business activities, such as IT, has to be a collaborative effort with the affected operators. A couple of methods have helped to bridge the gap between compliance and technology. The first is the coverage and depth of our employee training program. Blackhawk employees are trained to understand that Blackhawk operates in a regulated environment. As a result, our technology team has learned the fundamentals of the business and is supportive of compliance initiatives. The other is having employees on the compliance and risk teams who are knowledgeable in IT processes and who have the ability to translate compliance regulation into actionable IT business requirements. For example, we worked with the IT project management team to place a compliance requirement for risk assessment early in the development of a product or service so that there are no surprises later at the IT development stage. By conducting the risk assessment earlier in the project lifecycle, compliance requirements are identified as part of the business requirements. It is much easier to get technology’s support if they understand Blackhawk Network’s needs and if the requirements are well articulated.

Advice to Fellow CIOs

There are several skilled professionals in the compliance field and I have personally learned quite a bit from many of them. One piece of advice that guides me, and that I would share with my fellow Compliance Officers is to strive to educate and be educated. Our role as compliance officers is such that we need to educate both internal and external stakeholders. Training employees is fundamental to any business endeavor. Policies and procedures don’t do any good if they are nice and pretty, but nobody knows about them; we must train our employees as dictated by the Four Pillars and also as a sound business practice. We already talked about partners and how we create and maintain a critical link to them. One opportunity that is often overlooked is our regulators. We learn a lot by listening to them and working with them. While regulators make the rules, we also try to seize any opportunity we have to provide feedback and communicate how our products and programs operate, so that there is broader understanding. Sometimes, we can even demonstrate how some perceived risks are exaggerated. The flip side to training others is that compliance officers must not stay static in our knowledge of the regulations that govern our business. The regulatory environment is dynamic, and we must stay on top of changes to be effective and relevant leaders in our organizations. We should continue to build professional relationships and seek opportunities to discuss our challenges with fellow Compliance Officers because what may be a problem to one may already be solved in another program.