People of WePay: Abby Chaffatt, Deputy Chief Compliance Officer
Why did you choose WePay? What drew you to the company and compels you to stay?
When I started looking for new opportunities a little over a year ago, I did so primarily because I was looking for career growth. I spent the first 5 years of my career learning the black letter laws and regulations associated with anti-money laundering and sanctions compliance, and I was looking for the best opportunity to put what I’d learned to use. At WePay, I’ve done just that; I’ve had the opportunity to develop a compliance program that is differentiated in the industry and one that continues to evolve each day.
What is something that makes the compliance program at WePay unique?
Our compliance program aims to be creative in the manner in which we implement controls, while ensuring substantial compliance with anti-money laundering and sanctions regulations. Our compliance program supports underwriting at multiple points during the customer relationship, rather than requiring all the information up front. This difference allows our merchants to start accepting payments quickly, which is an aspect of our product that both our merchants and our partners greatly value.
What aspects of your role enable WePay to effectively delight its customers? Or at the very least help WePay to make its customers businesses better?
The impact of our compliance program is not often top of mind for our partners or merchants. While the impact of fraud is widely understood and apparent, the risks associated with money laundering and terrorist financing are not as easily discernible or quantifiable. I consider myself a silent helper to our customers and partners that aren’t necessarily thinking about these risks. They can focus on all of the other aspects of their business, while I make sure that the risks of financial crimes are appropriately mitigated.
How do you see your role making an impact at WePay and the different divisions in WePay?
My biggest task internally is educating our teams about the risks associated with money laundering and terrorist financing so they are able to identify red flags and escalate suspicious activity to compliance as necessary.
What metrics do you keep tabs on in your role? Or maybe a better question is how do you measure success on the job?
Compliance successes and failures are difficult to quantify in an absolute sense because we either stop the bad guys or we don’t. However, we do monitor for suspicious activity and file suspicious activity reports with the US Government when we identify potentially criminal behavior. So, I do track how many cases our compliance risk team investigates and reports.
What advice can you offer startups or businesses working on protecting themselves from exposure to risk and fraud?
Building compliance into your product from the very start is important. When you are building a financial services product, due to lack of understanding, people get ahead of themselves. So, being aware of the regulatory hurdles along the path of bringing your product to the market is critical.
What threats or challenges do you see SaaS businesses facing in the near future?
Innovations around online/digital identity verification will be transformational for the industry and make a really big impact in developing countries and communities. Why is that important? There are millions of people who can’t produce physical identification. That doesn’t mean that they shouldn’t have access to the financial system. There are, in fact, societies where getting identification is a huge hindrance to getting access to all kinds of things, not just financial services, but also access to basic needs like healthcare.Innovations around online identity verification will make a big impact in developing countries and communities.
What tools help you the most to get the job done?
I rely most heavily on our risk engine and our risk analysts. Our risk engine helps filter and catch suspicious activity with the rules that we develop, which is the at the base as an essential aspect of our program. In general, risk management is a team effort. We have risk analysts who review suspicious accounts and transactions; we have risk engineers who manage our tools and build the signals that powers our risk engine; and we have compliance management who set policy. All of these pieces coming together contributes to our success as a team and getting the job done for our partners.
Can you tell me about something unusual that you do in your work? Can you elaborate on that? Maybe share a specific example?
We’ve seen an individual attempt to raise money to free sex slaves from ISIS. It is one of those causes that pulls at your heartstrings, but we can’t allow it because that would technically be funding terrorism. We’ve also seen a person from a transnational criminal organization try to make donations to random crowdfunding campaigns. If you can imagine a cause or odd situation, our risk team has reviewed it!
Can you describe the international aspect of what you do? What challenges or practices do you identify in your role?
Each country has its own set of compliance rules and regulations. When we expand internationally, as a best practice, we should maintain a record of, and policies that are in line with, each jurisdiction’s requirements. The challenge will be being prepared to meet the compliance standards of every new jurisdiction that we enter before we launch.