Skip to main content

Podcast

Episode 8: The Road Ahead for Buy Now, Pay Later Compliance Professionals Pt. 2

Ashley Cianci
July 29, 2022
This COMPLY Podcast episode is part two of a conversation had between John Zanzarella, VP of Sales here at PerformLine and Gary Stein, US Chief Product & Compliance Officer at Opy.

Episode Description:

Today’s COMPLY Podcast episode is part two of a conversation had between John Zanzarella, VP of Sales here at PerformLine and Gary Stein, US Chief Product & Compliance Officer at Opy. Gary previously led policy-making efforts and a team of subject matter experts for the CFPB – covering consumer deposits, emerging and legacy payment systems, consumer-authorized data sharing/aggregation, small-dollar, and other consumer lending products. 

John and Gary’s discussion revolves around key topics such as:

  • When it comes to protecting the consumer – what do you think the future holds in terms of regulation in this space?
  • What can buy now, pay later firms do today to get ahead of this regulation to come?
  • Gary’s process for handling merchant monitoring and his advice for others in the space to ensure merchants’ behavior aligns with company brand parameters.
  • The difference in US regulations of BNPL firms versus those authorities abroad.
  • Some of the separators for those buy now, pay later companies who will continue to grow and evolve and those who will not. 

Show Notes:

Subscribe to COMPLY: The Marketing Compliance Podcast

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Ashley:
Hey there COMPLY podcast listeners. Today’s episode is part two of the conversation had between John Zanzarella, VP of Sales here at PerformLine and Gary Stein, US Chief Product & Compliance Officer at Opy. As a reminder, prior to joining Opy, Gary previously led policy-making efforts and a team of subject matter experts for the CFPB – covering consumer deposits, emerging and legacy payment systems, consumer-authorized data sharing/aggregation, small-dollar and other consumer lending products. As for all of our part two episodes – if you haven’t had a chance – we suggest you go back and listen to our previous episode for part one of this conversation.

But today, John and Gary’s discussion revolves around key topics such as: When it comes to protecting the consumer – what do you think the future holds in terms of regulation in this space? What can buy now, pay later firms do today to get ahead of this regulation to come? Gary’s process for handling merchant monitoring and his advice you’d have for others in the space to ensure merchants’ behavior aligns with your company’s brand parameters. The difference in US regulations of buy now, pay later firms versus those authorities abroad. And some of the separators for those buy now, pay later compaines who will continue to grow and evolve and those who will not

Thanks for listening and enjoy the show!

John:
I remember you talking about prior to coming to Opy, you were having conversations while at the Bureau within the buy now pay later industry. And then if we look at a more recent timeline in December the CFPB opened an inquiry into buy now pay later, as part of that, they asked five key players to provide data intended to clarify some of those risks. Those firms submitted information on March 1st, separately, but worth noting, I think is that in April, the CFPB invoked the dormant authority to examine non-bank companies, posing risks to consumers. And you know, I guess maybe a good place to start is when it comes to protecting the consumer, what do you think the next few moves might be from the CFPB, based on what they’ve done so far?

Gary:
You know, it’s a good question in this area. I do think they’ve helped to highlight a number of areas where they see potential consumer vulnerabilities in the marketplace. I can tell you from being there, and I was on the policy making side, you know, first of all, the Bureau doesn’t have unlimited bandwidth, rule writing is not easy. So they have to figure out what’s the best way to apply corrective action in a market, or to do that. Some of these early steps they take to collect information and the questioning they take, provides, it’s not, you know, a legal regulation, but it provides some hint to the marketplace about how they’re thinking about things and that alone can help drive, you know, industry in the right direction. I think we all want an efficient marketplace, and regulation can tax on that. But if we can, if regulators can work with the innovators and be of like mind and do things that can go a long way.

Gary:
And I think some of those actions speak to that, you know, having said that there could be follow up actions, the Bureau could take, you know. So interestingly and, and I, one of the things about our model is that we partner with Cross River Bank. They are a lender of record as a depository, they are directly regulated, you know by federal regulators. And as their service provider, you know, we could always be examined as well as part of that. So the supervisory action, you know, might clarify and facilitate some steps, but the Bureau has had numerous avenues for being able to look at entities that might not be direct, you know, directly under their authority before. And so it may or may not change things dramatically in our space, there are frenemies of us out there, you know, that don’t partner with banks.

Gary:
And then those of us that, that do, and I can tell you having Cross River as a partner while there’s a cost to it, you know, it’s like having a personal trainer when you go work out, they’re gonna make sure you do it the right way. And so we have, you know, there, we can’t change our business model, put out marketing or anything without their review. They’re giving it the lens that they know their regulators are gonna give them. And they’re under scrutiny for working with FinTechs, but they’ve made a business model out of it. So that and what we’ve tried to instill in our business model, by being a responsible lender, you know, those things ensure, I think help to ensure I should say, that we’re gonna do this the right way other players in the marketplace by not having that by not taking on that relationship.

Gary:
Or maybe not hiring people that were former regulators to help set up their shop are gonna learn some things the harder way are gonna have to make some business adjustments, as a result of that. But, you know, I’ll just say not to cut you the what’s interesting about the Bureau looking at that is, and especially again, I’ll use the term land grab that we see going on there, like you said,  there’s been mergers, there’s fallout, there’s falling stock prices. God, we know it ourselves, that those economic pressures can do as much sometimes to change a marketplace as a regulator.

John:
Yeah, absolutely. And we’re seeing an interesting story unfold on both sides of that right now with the market and with the regulators. So I guess that would’ve been, my next question is you know, let’s say that you didn’t end up at Opy and, and maybe you became the chief compliance officer at a established buy now, pay later company that hasn’t really evolved their compliance program or is a little bit reactive as opposed to proactive or maybe an up-and-coming one who wants to be ahead of it. What are the first couple things that you would do if you took away that piece of it in your case where OpenPay in Australia had some things already set up?

Gary:
Yeah. So it’s a great question. First of all, like I like to say, I may have gone to the Bureau to atone for some past sins, but I don’t think I could have left and gone to an organization whose principles I didn’t believe in. But even then you’re right, there’s shades of gray and how well something’s adopted that. I, you know, I don’t think it would be that different than what I did at Opy, except for the fact that you’d have all right. The car’s already speeding around the track versus we’re in the pit trying to build it because like I said, we went through, we were with our outside council. I had good consulting partners that came in and helped us do kind of a head to toe evaluation of the platform and to look through things.

Gary:
And then I also hired excellent people. I had a former OTS and OCC attorney to come in and be my Head of Compliance. I had a former treasury and large bank BSA, AML expert to be my Head of BSA AML. And, you know, folks, we had done that before, and being on the policy side, I hadn’t been on the examination side. There’s a large difference between understanding the spirit of a regulation and having to attest to it and build the controls out to ensure that you’re meeting it on a day-to-day basis. And so we laid those groundworks and together with Cross River, we had a blueprint from this is what a comprehensive management compliance management system looks like. Here’s the elements and here’s the things you have to put in place. You know, if I were to do that at another organization and not have that kind of team around me or the opportunity to bring them in, I think there’d be a lot of trial by error and we’d learn more things the hard way.

Gary:
But if I was to go and do this again, number one, I, you know, have the, the two year, one and a half year to two years or whatever, you know, whatever the time it comes to experience of having gone through this and a little bit of a playbook. I think we’d go through that head to toe and look for those things, but it really starts, you know, there’s what you’re doing on a day to day basis. And then the compliance management system that you’re putting around there and all those elements.

John:
Yeah, absolutely. And, and we’ve seen it get more complex for some of the reasons that you’ve talked about, right? Like companies who use PerformLine today, you know, they used to generate reports for regulators. Now they’re generating reports for regulators and for bank partners and in some cases, multiple bank partners. And so the, the data becomes really important. The process like you just talked about becomes really important to be able to have something to show, but I will ask a, a little bit more of a specific question. So in that, you know, ecosystem of compliance, you have this one unique thing, in the buy now, pay later space. And the idea is of merchant or partner monitoring, where you’re trying to ensure that your merchant’s behavior aligns with your company’s brand parameters. It aligns with your bank partners brand parameters. Tell us a little bit about your process for handling, monitoring those merchant merchants and also your mindset around, Hey, even if they’re not a official merchant of ours, if they’re marketing our product in any way, we need to know what we need to act on.

Gary:
Yeah, it’s a great question. And I should add, you know, one of the things that I left out of the story that really helped us is that to get to where we are for Coss River and Goldman Sachs or any of our partners, FIS, to partner with us, we had to go through substantial due diligence. And the first time we went through that, like we had a policy library in Australia, but it’s nothing like what we had to put together in the US. And that also forced, it was like building the frame of the house that we had to do that. And as part of that would be things about our customer assessment strategy, our risk strategies, our vendor management strategies. You make a great point. What’s really interesting about this industry is this concept of the merchant partners.

Gary:
You know, it’s, you know we consider them customers of ours because they pay us fees for the loans that we originate with them. But they’re not like the end consumer, who’s the borrower, they’re not a customer in that regard. We have vendors that we pay for services and those sometimes they kind of appear like that, but they’re not really a vendor either. And so that framework, I think is one, honestly, I feel is still evolving, but you’re absolutely right. Like, especially for us, we’ve been live in the US for less than a year. You know, our reputation is going to be defined, not just by who we are, but by whom we partner with. And if we go in with, and we’ve had some interesting ones come across, you know the desk, with merchants, that we, you know, we call ourselves a responsible lender, but merchants that might not adhere to the same types of principles in their business.

Gary:
That’s gonna sully our reputation and kill us before we start. And so part of that starts with the industry verticals, you know as I said, we identified healthcare and we’ve gone into dentistry and veterinary and auto servicing. The non-discretionary parts of this helps when it starts to get elective. You know, we see both credit risk from a consumer standpoint and we see risk from a merchant standpoint. We have always intended to go into home improvement, but there’s gonna be certain verticals there that will go after and others where either the economics don’t work or again, the risk of what’s being delivered. And education is another one we’ve had. We had a education partner come through with that sold certification programs some up to $20,000. And it just wasn’t anything that as an organization, we could get behind and feel confident that this wasn’t going to be something with a high consumer complaint rate and everything. So we have to look at all those things. And obviously, how part of that is not just underwriting the business and doing web searches. It’s keeping tabs on how they’re communicating with their customers, which is obviously something that you help us stay on top of.

John:
Yeah. And, and that’s, you know, the interesting thing of it is that it’s complex enough to understand where your brand is being represented by your merchants and in what capacity, but now you’re talking about doing it across multiple communication channels, right? The merchants are on the web. They all have social media pages. And yeah, you know, we’re grateful for the opportunity to get to partner with companies like yours, where we can help automate some of that oversight, but really provide more data to you to understand, hey, who are our riskiest merchants, who are the ones that might be putting our brand reputation at risk, and then you could always act accordingly, but ou’ve mentioned a couple times, you know, regulations globally versus regulations here in the US. On this call we have people tuning in from all across the globe. And now we’re starting to see more of companies who are in the UK, who are in Australia, coming to the US and vice versa. How do you see YS regulations of buy now, pay later compared to maybe the FCA or maybe the regulatory authority in Australia?

Gary:
Well, first that’s a great question. I mean, the approach is different, right? The FCA is all about competition, kind of takes an FTC angle and with Rohit now at the helm of the CFPB, it’s interesting him being a former commissioner and a former colleague of mine. You know, we see some inklings of com competition being at least a legal arrow in the quiver that the Bureau might pull out. But, you know, it’s really interesting, our business touches a lot of regulation in and of itself. And so there’s already a framework. I mentioned TILA before, you know, we, we are providers, we charge consumer finance charges. We provide an APR, a TILA disclosure, you know, some of the pay-in-fours do not. And I think there’s a transparency gap there that, you know, the marketplace and regulators will one day close, but there’s other things, you know, that don’t always jump out the FCRA, the FTA, you know, things about how we can collect repayments from consumers and collect their consent for payments.

Gary:
You know, how we communicate with consumers about pulling their credit and, you know, if we don’t approve them or don’t approve them fully about, you know, adverse decision making and so forth. And, you know, the interesting thing about some of those are very specified and regimented, like, you know, there is just no leeway. Was looking at a marketing piece this morning, if we mention this, we must provide this disclosure, like it’s very clear. But by and large, you know, what I was trying to do is think about the spirit of what’s trying to be done there. And it really provides a guidepost for things. So if you’re, you’re pulling credit for somebody and you’re not gonna give them credit, you know, you have to tell ’em why, and if you are relying on an ecosystem, like, you know, Vantage or FICO scores that consumers have some awareness now of, but they don’t know it’s a black box.

Gary:
Like they know largely that these things contribute to scores and other things, but, you know, the FCRA says on the adverse action notices, you have to provide, you know, which we do with our partner experience, the underlying reasons for those things, because the whole point is to a consumer, we need to explain to you why you can’t have this credit or the credit you asked for, and you gotta give ’em some actionable path to do something about it. And so it’s, a lot of it is much more specified. I think, you know, it’s a double edged sword for industry on one hand, it’s like, okay, we have to do it this way, the law is black and white. On the other hand that specification often provides much clearer guiderails for what it means to be responsible. And that’s why I think some of the things we do about like capturing consumer consent for auto pay and other stuff are things that we’ve seen, “Yeah, that kind of does make sense in the US, maybe we ought to look at that in other countries and so forth”, or providing somebody with the terms of their deal before they consent. Like I get where that’s coming from, you know? And so I do think that a lot of the spirit of that can be adopted. It’s just, if they don’t have the specific regulations, then you know, there’s more leeway, but maybe more gray area if they’re doing something right.

John:
Yeah. No, absolutely. It’s very helpful. And, and I think we have time for a couple more questions. The next one, you know, everyone who’s tuning into this webinar is a hand raiser that they want to get better at preparing their company for the regulations to come and being compliant, but not all of their organizations have leadership like you and Brian who sort of lead with that culture of compliance. And so if you were someone working in the buy now, pay later space who is maybe more on the day-to-day or managerial level, what are some of the things that you could do internally to help make the case for more resources or more budget to stay ahead of some of these regulations?

Gary:
You know, it’s a great example, it’s a great question. And I think, you know, luckily there’s enough guidance from the regulators about what makes for a sufficient compliance management system and how to do this, that again, with a bank partner who kind of dictates, you must have this, it makes it even easier for us like, hey, these are non-negotiable. But it’s, it’s easy and you can provide all those things. And here’s the expectations we could get audited at any time by a state or the federal. And so we need to be able to show documentation of these. We need to have a record of capturing consent. We have to have, you know, a complaint management system and all those things. And you know, if you’re not gonna bring in somebody that’s done it before, you’re gonna stumble to build it all out.

Gary:
And even we can’t say like, we’re done, you know, at this point. But laying all that out early is important. One key element of that CMS is board training, you know, and management training and, and taking them through what the requirements are, you know? And that becomes at least a forced communication of laying all those requirements out. One of the things that we’re doing at Opy and I wish we had it yesterday as still taking time is putting together a marketing playbook. You know, all the time one of the areas that we have among the greatest debate about is how can we, you know, we wanna get this message across, our competitors suck, we’re the greatest, right. You know, and there’s certain things you can say, and you can’t say, and there seems to be a very heightened focus, especially on substantiation of statements and things.

Gary:
And what’s interesting about it is while there are dos and don’ts from a regulatory standpoint, we also have dos and don’ts because we wanna make our value proposition ring out clearly to consumers. And if we’re not disciplined about how we’re talking about that, then, you know, we may not violate a law, but we’ve confused the marketplace too. And so this is something I think like I said, we’ve been wanting for a long time. And, and in the meantime, it’s kind of like, well, we can’t say that, let’s say it this way. Or let’s, you know, we try to be, you know, everybody meets halfway as we try to do all this stuff, but to really provide advanced understanding and not with, you know, Brian and I was talking about this, we don’t necessarily need the history of TILA, we just need to know the rules of the roads. And like, you can’t say this, but if your intent is to do this, here’s what you can do. And there’s lots of paths forward there. So that’s an example of something that we’re trying to do to provide folks, you know advance understanding. So they’re not looking at it, like I used to is, oh, I gotta get this through the compliance gauntlet. You know, it’s like, I, I know going in the right way to message this.

John:
Yeah, absolutely. Cool. And we’ll end with this one, and you mentioned the mortgage collapse back in ’07 and ’08 earlier. And, you know, I don’t know that it’s exactly the same, but the last two years, plus some of what’s going on now, just feel like it’s another time where there’s opportunity for innovation and for growth, right? Because some of those FinTech companies that were born in 2010, 2011, 2012, are the billion dollar unicorns that we see today. With regards to the buy now, pay later space, what do you see as some of the separators for the companies that are gonna continue to grow and evolve, and maybe some of the ones who aren’t?

Gary:
Yeah. So I’ve talked about the economics. If you’re giving it away, it’s gonna be hard because you really have no path back. You know, like I said, we’ve tried to embrace the principles of what the Bureau’s done even before that was at this for months, before the Bureau put out their inquiry, you know, we’re not selling debts, we’re not selling data. We provide a Truth-in-Lending disclosure, you know, we will report back to the Bureaus, very soon we’re underwriting and assessing ability to pay on consumers. And so we’re doing this, what, you know, what we’re not doing is de-risking onto the consumer. What you see with a lot of models as they evolve is like, okay, you know, whether it’s real-time payments, you know, you can send me a payment instantly. If you make that too streamlined so that you sit on your phone and you send me, you know, something with a couple of extra zeros on it, you can’t tell the consumer, oh, so sad, too bad.

Gary:
You know your problem, right? You can’t, de-risk onto the consumer. Same thing. If you’re lending out money, you know, obviously if you’re lending out money and people aren’t paying you back, that’s what I mean by the economics, and the frauders are gonna kill you first. But you can’t say here, here’s a rope, some of you will hang yourself, some of you will pull yourself up, it’s up to you to figure it out. That’s a recipe for disaster. So by taking on the risk responsibility of underwriting, the merchants, underwriting the consumers and providing anything transparently, I think that’s, what’s gonna separate most entities, going forward. And we will see a 2.0, but I will end with this. You know, what we’re not gonna see is the elimination of point of sale financing, because the ability to make those decisions is here.

Gary:
And you know, again, credit cards aren’t gonna die. And we see the spending picking back up, but just in time, financing has a purpose. And I see it today. We made a loan for $6,000 for somebody in a vet. And, and my first thought was like, I hope the doggy is okay. You know, we’ve had, we’ve seen these things at 1:00 AM for, you know, 24 hour veterinary hospitals. People, you know, have emergency things. And they, they want to know with peace of mind that they can pay this off. And being able to tell somebody, this is what your cost is gonna be, your obligation gives them debt. And, and I don’t see the tenants of that framework ever disappearing.

Ashley:
That’s it for this week’s episode of the COMPLY podcast. We hope you enjoyed part two of the conversation between John and Gary on the road ahead for Buy Now, Pay Later compliance professionals. For additional insights into all things marketing compliance, you can head to performline.com/resources, and be sure to check out the links and resources in the show notes. Thanks again for listening and we’ll see you next time!

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.