The Wirecard scandal highlights issues with embedded finance that regulators need to address.
Open an application today — on your phone, your tablet or your laptop — and in many cases you will find it includes some sort of financial service. Payment services, credit services and investment offerings complement an application’s primary features. This is the realm of embedded finance.
Consumers love embedded finance because it gives them new levels of convenience. Application developers benefit because they can offer financial functionality without having to undergo rigorous regulatory registration processes and financial institutions can expand their transaction network.
But recent events, in particular the Wirecard scandal, have highlighted issues with embedded finance that regulators must address to ensure it is both secure and reliable in the future.
Embedded finance is a key component in the evolution of fintech. Fundamentally, it involves the integration of financial services — including banking-as-a-service, investment opportunities and insurance — into non-financial applications and environments.
In embedded finance applications, there is a direct link between the base application and a financial service provider, typically through an application programming interface. This allows non-financial companies and application providers to offer financial services that complement their own application, without subjecting themselves to the rigorous and highly complex processes involved in registering as a financial services provider.
Consumers, in turn, get the convenience of having a bundle of features and services available in a single location. They can also use more modern and user-friendly interfaces than have typically been available from traditional financial institutions.
Opportunities and issues
Embedded finance is present in a variety of applications. Short-term payments in e-commerce is the most common example of embedded finance. Financing options for payments, direct debits from banking institutions and account-to-account payments are also widespread.
Financial planning is another key area for embedded finance because it allows users to aggregate and interact with information from a range of financial institutions.
The list of applications goes on. Consumers can access home loans through real estate websites, car loans or insurance through a dealer’s website, and travel insurance through their airlines. Businesses are also looking more closely at how embedded finance can facilitate business-to-business interactions.
Embedded finance is, however, not without its concerns. While the transition between the application provider and the underlying services provider is seamless and invisible to the consumer, questions remain as to where responsibilities to the consumer lie.
For embedded finance to operate smoothly and effectively, application developers, financial services providers and regulators will need to work together
The collapse of fintech Wirecard last year occurred due to large-scale fraud at the company, which regulators failed to identify. Over several years, Wirecard systematically inflated profits and cash balances. It was only by accident that an auditor discovered the associated accounting irregularities, which amounted to €1.9bn that did not exist. The fraud’s exposure led to interruption of payment processing services in the EU, left creditors owed around $4bn and raised concerns about the lack of fintech regulation.
Instead of spotting the issue beforehand, regulators appeared to be a part of the problem. The German financial regulatory organisation, BaFin, was accused of ignoring and even facilitating Wirecard’s fraud. Following Wirecard’s collapse, German finance minister Olaf Scholz highlighted regulatory issues, stating, “It’s clear that the state supervisory and regulatory structures are not adequately equipped for an attack.”
Safeguarding the future
An important question, therefore, is how to ensure that consumers and service providers can continue to benefit from embedded finance without allowing another Wirecard-level incident to occur. Many countries are now promoting the adoption of embedded financial services while also seeking to ensure services are properly regulated. The EU and the UK, in particular, are providing models for future regulation of embedded financial services.
It is somewhat ironic that the Wirecard scandal involved a German fintech, as the EU has had its eye on fintech regulation for several years. In 2015, the EU implemented the revised Payment Services Directive (PSD2) to promote and regulate electronic payment systems and service providers in the EU.
PSD2 recognises the need to protect consumers who use embedded finance, and provide both transaction security and data security, using features such as multi-factor authentication (MFA) for transactions. It also explicitly recognises the need for transparency in payment systems.
For embedded finance to operate smoothly and effectively, application developers, financial services providers and regulators will need to work together to develop trust, both between each other and with consumers. Achieving trust will, in turn, require focus on three aspects of embedded services: reliability, security and transparency.
The Wirecard collapse raised important questions about payment network reliability. Companies and consumers were blindsided by the shutdown of payment processing services when the scandal broke. And even though the shutdown was temporary, it diminished trust in the system.
Ongoing regulation of embedded financial services must address reliability in the event of disruption, whether resulting from intentional corporate misconduct, criminal conduct by hackers or any other major service interruption.
PSD2 sets a baseline for considering how future fintech regulation should address security, both transaction security and the security of post-processing data. But security means more than requiring MFA for online transactions. Security must address every step of the embedded service, from the link between application and financial services providers to data storage following an embedded transaction.
A key factor contributing to the Wirecard collapse was a lack of transparency. The difficulties in uncovering the problems at Wirecard have highlighted the need for more transparency around the operation of fintechs, financial institutions, and application and service providers. Therefore, as government institutions consider regulation of embedded financial services, transparency must be at the front of their minds.
Embedded finance will survive the Wirecard scandal and continue to grow. It is a convenience that consumers will not easily relinquish. But to avoid future disruptions of the underlying systems and the resultant damage to consumer trust and organisational reputation, the industry needs to work towards a broadly applicable regulatory framework that protects both consumers and service providers.
Francois Moreau is a financial data scientist based in Paris.
