People of WePay: Susan Dunn, General Counsel
For those not aware, what are the responsibilities of a General Counsel at a technology-driven company?
My principal responsibility is product compliance. Financial services are a highly regulated industry, and there are a lot of laws that apply to our business. WePay touches the largest number of people through our product, so this is where good legal advice is most leveraged. In addition to serving as product counsel, I assist WePay in its contracts with vendors, distributors, and customers.
What aspect of your role really impacts how we are able to delight our customers?
WePay has two sets of customers: platform partners who integrate our payment services, and their merchants who use them. WePay tries to make compliance dead easy and so seamlessly integrated into our product that it doesn’t feel like a separate list of tasks to comply. If a platform partner implements the WePay API according to best practices and accepts our defaults regarding receipts, notifications, and the like, the platform partner and its merchants will be in compliance with applicable payments laws.
How does WePay make compliance seamless for its customers?
WePay makes compliance an engineering project instead of a G & A project. Rather than use lengthy contracts to list compliance requirements, and then try to monitor and enforce them on an ongoing basis, we design compliance into our APIs so that they will be implemented as a matter of course. In most cases, there is no downside to doing things right. For example, it is no more costly or time-consuming to collect the right information from a customer and to show the right disclosures, than it would be to collect the wrong information or show the wrong disclosures. WePay brings technology to bear on executing electronic payments cheaply, quickly, and without error. WePay also brings technology to bear on achieving compliance with implementation standards that nudge platform partners into the right path without threats, penalties, and conflicts.
You’ve been the general counsel at numerous technology-driven companies. What would you point as the single most important attribute of success?
For the company, I would say that the most important attribute of success is to deliver value to your customers. I live by the ‘keep it simple’ mantra. In my experience, being too clever or looking for shortcuts is less successful than identifying a market need, shipping a service that you are proud of, solidifying your delivery advantage, and following through on what you promised.
It is a unique opportunity for this place and time that advances in technology make it possible to build simple businesses with lots of integrity. In more mature businesses, there is not as much opportunity in differentiating yourself. All of the simple stuff has been done. Whereas in Fintech, the simple stuff has not been done yet — or has not been done as well as it could be. You can do really well by doing simple stuff and doing it well. This may not be a universal rule for all industries, places, and times, but within the tech sector in the last 20 years or so, it has been a winner.
For a General Counsel, an important attribute of success is being a good client as well as a good lawyer. By that I mean, you need to exercise judgement. The General Counsel should understand the whole business and all of its legal exposures, including its touchpoints with customers, vendors, employees, contractors, and the city in which the office building is located. All of these points of contact present some kind of risk. To be successful, a General Counsel must be aware of all of these areas of risk and exercise good judgement about how to apply scarce legal resources to mitigate the risks that are most significant. For example, I might retain outside counsel to advise on protecting WePay’s trademarks. I am making the judgment that the value of WePay’s brand could be diluted unless WePay takes action to protect it. Once I make that determination, it is primarily outside counsel who provides legal advice on where to register and how to describe covered services. That is what I mean by being a good client as well as a good lawyer.It’s a unique opportunity that advances in technology make it possible to build simple businesses with integrity.
What are the common legal challenges that surround the payments space?
In payments, you need to get the mechanics right and satisfy everybody’s expectations – both payers and payees. This is more challenging than it sounds because nobody wants to be bothered. They all expect that the payments provider will satisfy their intentions regarding how much money to pay to whom and when, regardless of whether those intentions are clearly expressed or not. WePay moves huge sums of money in exchange for very small fees. Small things can make a huge impact, because of the scale of what we do.
The second common legal challenge after operational accuracy is consumer disclosure. It’s crucial to make it very clear when a payment is authorized, what fees are are charged, and what recourse a party has if they change their mind. In most cases, it’s common sense. One advantage of working in a consumer-facing company is that we all have personal experiences every day that make us good judges about what WePay should do. Our own daily online financial activity gives us context for what our customers are experiencing and what they expect.
For me, the esoterica of payments laws is a trailing third legal challenge. For example, exactly how should WePay’s customers consent to use electronic, rather than manual, signatures? WePay’s customers are digital natives who take the binding nature of their online activity for granted. Of course, WePay “checks the box” on electronic signature disclosure. But, I am not particularly concerned that the particular language of our electronic signature disclosure could cause our customers concrete harm, or disappoint their legitimate expectations.
What are some metrics you look at in your role?
WePay, like any other payment processor, is obligated to make a certain IRS tax filing with respect to customers who receive over $20,000 in more than 200 transactions in a calendar year. We have a process to make sure that we are collecting accurate data for this filing and that we are making the filing on time. We measure on an ongoing basis the number of customers who approach the filing threshold and whether we have validated their data with the IRS.
I also monitor WePay’s responses to inquiries from law enforcement and other government agencies. These agencies are aware that WePay has payment data that can be valuable in detecting and prosecuting crime. They can request this data through warrants or subpoenas. If the requests are appropriate in scope, WePay provides the data.
What SaaS business do you admire and why?
I am very interested in “RegTech” which brings technology to bear on regulatory compliance activities. As a lawyer, I see a lot of time spent on repetitive tasks, such as completing lengthy insurance applications or negotiating indemnity clauses. In many cases, these tasks could be automated. Think of how TurboTax has used software to simplify personal income tax filing, for example.
In my opinion, the compliance dimension of WePay’s payment service is RegTech. Although moving money is WePay’s principal function, we are also enforcing anti-money laundering regulations, making disclosures regarding parties who initiate transactions, and providing compliant transaction reporting. It is hard to imagine – or remember – how burdensome it would be to fulfill these requirements without automation.
What corporate law case/statute do you see yourself referencing or reading over and over again?
The European Union is updating the General Data Protection Regulation effective May 2018, so I have been spending time to prepare WePay to comply. Beyond that, I look at the Card Network Rules and at our own vendor contracts frequently. I also keep in mind “plain vanilla” rules prohibiting all sorts of consumer deception. The Federal Trade Commission enforces an important standard called “UDAAP” (Unfair, Deceptive, or Abusive Acts or Practices). In an extreme case, WePay could be held liable for a UDAAP violation by a party for whom we process a payment. That is an interesting boundary to watch out for.
What is your favorite legal film?
I watched The Social Network twice. It is unusual for me to watch a movie. It is very unusual for me to watch a movie twice. I was astonished by the behavior of the attorney who represented FaceBook in its negotiations with Eduardo Saverin, Mark Zuckerberg’s co-founder. It appeared that the attorney misled him about the contents of the documents he signed. According to rules of professional ethics, an attorney should obtain a waiver before negotiating with an adverse party who is not represented by counsel. Sometimes it isn’t clear who is an adverse party. For example, an employee of a corporation has some interests in common with the corporation and other interests that are adverse. In this case, there was little question that Facebook’s interests were adverse to Eduardo’s interests because the transaction substantially diluted Eduardo’s equity ownership in Facebook. This wasn’t just a legal technicality. It was a matter of fundamental fairness that anyone, trained lawyer or not, should have perceived. I understand that Eduardo eventually obtained compensation through the courts. But, within the time period covered in the movie, he appeared to suffer a grave injustice at the hands of a lawyer who should have known better.