IMGCAP(1)]
This story appears in the September 2009 issue of Cards&Payments.
Credit card issuers are burning the midnight oil readying their systems for compliance with sweeping new credit card industry rules going into effect in February.
The Credit Card Accountability, Responsibility and Disclosure Act, passed last May, introduces new rules that require issuers to provide earlier notification of changes in account terms, mail statements earlier and give cardholders more-detailed account-payoff information. It also restricts issuers' ability to charge cardholders for late and over-limit fees (
The requirements are forcing most issuers to adjust their credit card prices and policies, analysts say. The new law also will require significant information-technology changes in issuers' back-office systems, observers say.
"For a lot of issuers, complying with the new card-industry regs is like coping with Y2K with less preparation time," says Brian Riley, research director with TowerGroup, an independent research firm owned by MasterCard Advisors. "The IT-driven part of this effort will consume a lot of costly programming hours to make all the necessary changes in a very compressed timeframe."
Issuers' top managers are closely involved in the process, too, huddling over strategic decisions related to compliance that analysts say likely will have far-reaching competitive and profitability implications.
One of the most-difficult aspects of their task is juggling budgets to cover compliance cost with staff and resources already strained by cutbacks from this year's poorer financial returns during the economic downturn.
Indeed, the logistics and challenges card issuers face in coping with the new card-industry regulations are "breathtaking," Richard Fairbank, chairman and CEO of Capital One Financial Corp., told analysts in July during the issuer's second-quarter earnings conference call.
Capital One will invest "tens of millions" of dollars and at least 200,000 hours of IT work in its compliance effort, Fairbank said. Issuers must change card-statement designs and make numerous back-office changes to accommodate new account terms-notification and statement-mailing deadlines. Compliance with the new rules generally requires "massive changes in communications with customers," he said.
Issuers with third-party processing partners are leaning heavily on those providers to lead them through the changes. However, issuers must stay closely involved in making strategic decisions throughout the compliance process. That is because no "one-size-fits-all" strategy exists for coping with compliance given the diversity of types of products and portfolios, says Patti Reynolds, MasterCard Advisors senior management consultant.
"Every issuer will feel the challenge differently," she says, noting each issuer typically receives a unique mix of services from its processor. She warns that issuers relying on third-party processors should pay particularly close attention to the intersection of in-house and outsourced functions throughout the effort to ensure nothing slips between the cracks.
To navigate through the process, each issuer should have a compliance team, led by senior executives, that involves representatives from the legal, finance, marketing, regulatory and technical departments, and a strict schedule of goals to meet the required deadlines, advises Andrew Dye, a consultant with U.S.-based Diamond Management & Technology Consultants Inc. "There is a lot of money at stake here, and if issuers don't move quickly enough on certain decisions, the clock will run out and they may be forced to accept less-ideal solutions."
One of the first compliance hurdles came last month, when the first provision of the new law went into effect. It requires issuers to provide cardholders with 45 days' notice of any changes in their account terms. Most issuers made the deadline, but not without some heartburn because the Federal Reserve and other regulatory agencies released "interim" specifications for complying with the new notification rule only five weeks before the Aug. 20 deadline, analysts say.
The short timeline posed challenges for many issuers, says Victoria Strayer, regulatory and compliance chief for card processor Total System Services Inc., which is closely involved in the compliance effort with hundreds of its issuer clients. "A lot of issuers were feeling uncertainty about how to proceed without specific guidance, and they called us for a sanity check," she says.
More To Come
The next major milestone comes on Feb. 20, when the majority of the other provisions in the new law go into effect. Regulators expect to release interim specifications for compliance with those rules in October, none too soon for most issuers and processors.
TSYS execs more than a year ago began studying similar regulation changes the Fed and other regulators proposed that were approved last year and originally slated to go into effect July 1, 2010, according to Strayer. "We provided extensive feedback to the regulators about the feasibility of the first proposed set of new card-industry regulations and passed our insights on to our clients in a series of regular communications," she says.
When Congress passed the more-sweeping card industry-reform law earlier this year, TSYS initiated a series of meetings and online Web seminars with its clients to help them through the compliance maze and plot changes needed.
"Our options- and rules-based computer technology allows us to make changes in clients' statement deadlines and other parameters relatively easily, so there is usually no need to develop new computer coding," Strayer says. "But issuers need to know exactly how the process changes will affect their business, and there are many strategic decisions they need to make within these process changes that will have long-term effects on their portfolios."
Transaction processor First Data Corp. also began studying the then-proposed card-industry regulations last year, keeping customers informed through diverse communication channels, including live and online meetings. When the legislation passed this year, First Data stepped up the effort, drawing as many as 600 participants simultaneously for certain live webinars outlining the act and its requirements, says Matt Kardell, First Data senior vice president of sales and services.
"We can provide issuers with the tools they need to become compliant with the new regulations and consulting on what is the best route for each issuer to pursue, but in the end it's the issuer's responsibility to take appropriate action and responsibility," he says.
The back-office technology changes that compliance requires are not necessarily onerous, says Glen Wordikamper, First Data vice president of operations services, thanks to the company's flexible processing platform and controls. But working out issuers' specific strategies can be complicated.
"Within the constraints of new rules, issuers have the ability to flip switches within their mix of products and their pricing and fee structures, and what they decide may have a major effect later on their profitability," Wordikamper says.
Issuers' processing and consulting expenses likely will rise somewhat because of the overall cost of compliance, analysts say. To meet the new requirement that cardholders' statements be mailed 21 days before their due dates, First Data says it must boost its own statement-mailing operations from six days per week to seven. But the company says its goal is to help clients through the compliance minefield, not to rack up extra service fees.
"Our goal is to help our clients get compliant on time, not to turn this into a revenue opportunity," Wordikamper says. "We see our role here as helping our customers get through this and survive so they have a viable program in the years ahead."
Indeed, "lots of potential profit on the table" exists for issuers and processors, says Diamond Management's Dye, noting processors might be driven to provide issuers "more standardized" alternatives given the deadline pressures. He suggests, however, that issuers plot their moves carefully based on the attributes of their card customers and products.
For example, one issuer may set new fees for receiving mailed statements or participating in a rewards program, while another may waive such fees for premium customers or those who routinely spend more or revolve a balance. "Issuers' actions surrounding compliance with the new rules must be specific to their products and portfolios, not cookie-cutter responses," Dye says.
The credit card industry's general contraction this year also may cause a relative increase in back-office and processing costs, says Brian Shniderman, a director with U.S.-based Deloitte Consulting LLP. As the constraints of the new regulations and the economic downturn force issuers to trim the accounts in their portfolios to reduce losses, cost ratios may shift, he suggests.
"Many third-party service contracts for processing or printing and mailing statements are written based on an issuer producing a certain amount of transaction or spending volume each year," Shniderman says. "This year, the overall base of credit business is shrinking, which means issuers must spread their costs out over a smaller universe."
'The Right Balance'
Larger issuers will have the advantage in working out better scale-based deals with third-party processors and other service providers, but Shniderman cautions that large issuers must avoid getting stuck with feet of clay because of their greater size. "The winners in the next round of this industry will be those that find the right balance of in-house and outsourced solutions, while maintaining flexibility and the room to innovate," he says.
Card issuers likely will spend millions to bring their IT systems into compliance with the new regulations. The largest may have an edge in spreading costs out over a larger customer base, but all issuers must consider how their decisions may affect future flexibility and profitability. CP
