When uk banking-app customers were locked out of their accounts in june, few would have heard of the company responsible for their troubles.
As holders of e-money licences, the providers of curve, pockit, fairfx and other uk digital accounts used wirecard card solutions, an uk subsidiary of german payment processor wirecard, to help process their payments.
But when wirecard collapsed and its uk division was forced to cease regulated activities for three days, millions of uk customers were unable to access their accounts.
For many, the potential consequences were serious. some relied on their app to cover direct debits and receive payments.
The financial conduct authority (fca) responded with new measures to protect users of payment services. but with the digital payments market expanding rapidly, regulators are under pressure to review their approach to the sector.
The events around wirecard and the subsequent impact on uk firms and customers showed that there is a regulatory gap to address, says charlotte crosswell, chief executive of innovate finance, an independent body representing the uk global fintech community.
More consumers are relying on fintech solutions for everyday use as they fill a gap that traditional banks are often unable to service, but regulation does not fully reflect this increasing trust and reliance on the sector.
According to research company the paypers, the uk has 91 licensed merchant services providers or payment services providers.
Wirecard filed for insolvency after admitting that some 1.9bn was missing from its accounts, following an investigation by the financial times.
The accounting fraud scandal also highlighted gaps in the regulation of payment services. wirecard was regulated as a technology company rather than a financial services operator.
The european banking authority (eba) estimated in 2017 that some 31 per cent of fintech firms in europe were not subject to eu or national regulation, a third of which were payment services providers.
Wirecards collapse also underlined the vulnerability of firms dependent on third-party payment services to weaknesses in the fintech infrastructure.
A wide range of start-up banks and neobanks were using wirecard to execute their payments, resulting in a large concentration risk emerging, which became clear following their collapse, says alexander mcgill, financial services expert at pa consulting.
As a provider of payment services that could be fulfilled by another provider, and which did not hold client money or engage in lending, wirecard was not considered particularly risky from a regulatory perspective. its risk was hidden in its interconnectedness across the market.
Regulators are acutely aware of the challenge. the operational resilience regulation being introduced next year by the fca and the bank of england will require companies to understand and take more responsibility for their supply chain.
Regulators have the unenviable task of piecing together this complex ecosystem and identifying future concentration risks which may emerge, says mr mcgill.
That will demand much greater global co-ordination in the supervision of fintech, given the complexities of regulating relatively small, but globally spread financial groups, mr mcgill says.
Each regulator has responsibility for the part of the business in its own sovereign domain and its own regulatory perimeter, rather than the whole global company. this means there can often be little incentive for international regulatory collaboration given the finite resources available to each regulator.
Regulators are also playing catch-up with a fast-moving industry. the regulation of fintech was initially concerned primarily with its impact on the rest of the financial services industry, before evolving into a more interventionist approach that recognised the risks to consumers and to financial stability.
Regulators must now become more sophisticated in their oversight of innovation, according to agne selemonaite, deputy chief executive at connectpay, a banking service provider for online businesses.
Since supervisory institutions oversee a wide range of businesses, regulators could use this knowledge to identify patterns, systemise them and build best practice models for risk management to be shared among the market players, she says.
Authorities should also encourage open-data policies for real-time monitoring, and make sure operators and regulators talk to one another, says ms selemonaite.
So far this seems like the only option to prevent such situations in future. of course, a wider range of regtech solutions is inevitably needed for this to be accomplished.
But nikhita hyett, managing director, europe, at global payment technology company bluesnap, believes regulators responsible for wirecard may have been blinded by the newness and possibilities of fintech.
Government and regulators were keen to get behind this homegrown technology leader, and overlooked some of the rules and regulations that were in place.
She says many of the rules necessary to avoid a repeat of the scandal are already there. if you apply the rules as you would for any company you should be able to pick up on things like this.