Modernizing the payments industry: a review into the global
initiatives and trends that are shaping the future of payments
The traditional role of payment service providers (PSPs) is becoming
outdated. New, digitally sophisticated market entrants are offering
consumers innovative, value-adding services that complement payments
execution and fundamentally shift consumer expectations.
Similarly, payments infrastructure is not agile enough or not developed
enough to fully capitalize on the benets of new technology. In countries
with highly developed nancial systems, payments structures have
become complex, inefcient and inexible as a result of decades of
incremental development. Conversely, countries with less sophisticated
nancial systems do not have architecture that is advanced enough to
meet consumer demand. These countries often also boast large populations
of nonbanked and newly banked consumers who may be excluded or
limited in the way they can use payment systems.
Continued on page 3
#payments
insights. opinions.
Volume 19
»
The global payments
landscape is undergoing
radical transformation.
We explore the effect that
regulators and industry
participants across the globe
are having on the payments
industry and analyze future
trends.
Modernizing the payments industry
A review into the global initiatives
and trends that are shaping the future
of payments.
Editorial
Dear readers,
As we have often discussed in this newsletter, the payments
industry is going through its most signicant transformation in
decades. In 2018, this is set to continue and indeed intensify.
When we look at global themes, we see the ongoing rollout of
immediate payment systems across countries and regions and
other major national infrastructure projects intended to make
payment systems t for the 21st century. We also see the era of
open banking unfolding, driven by regulators in some countries
and regions, and emerging through market appetite in others, as
we have discussed in previous newsletters.
The complexity increases when we consider other, adjacent
regulatory initiatives that need to be delivered, for example,
those related to security and privacy, such as the General Data
Protection Regulation (GDPR), which we cover in this edition.
This is, of course, all amplied by ongoing innovation, competition
and the deployment of emerging technologies such as articial
intelligence (AI) and blockchain.
In short, it is clear that 2018 is set to be a dynamic, exciting
and challenging year for the payments industry globally. We
believe it will continue to thrive thanks to collaboration between
those who deliver, those who use and those who govern payment
systems and that this will benet individuals and businesses that
depend on them.
Best,
Hamish Thomas
Partner, Ernst & Young LLP, EY EMEIA Payments Leader
3
9
How to achieve readiness
for GDPR compliance
Advice for non-EU nancial services
rms on how to comply with the EU’s
stringent privacy and data protection
regulations.
VC roundup
Continuation of the trend toward greater
payment segment diversication in
Q4 2017.
Transaction overview
M&A and VC
14
16
18
M&A roundup
Increase in deal activity in the fourth
quarter of 2017 with fewer large-scale
transactions.
#payments
3
Volume 19
Modernizing the payments
industry
Continued from page 1
In response to this evolving landscape,
we have seen signicant efforts from both
regulators and the payments industry
to modernize payments and close the gap
between capability and consumer needs.
Strategic change is being driven in several
ways:
• Industry-driven change: We have seen
unprecedented collaboration in the
payments industry in recent years. Banks
and other PSPs have recognized that
they need to drive change in order to stay
relevant to today’s consumers.
• Regulatory-driven change: Regulators
have taken a pivotal role in fostering
modernization in some jurisdictions by
creating new regulatory requirements
or acting as leaders and coordinators of
industry-driven initiatives.
• Individual innovation: Fintechs and other
disrupters have found ways to set a new
benchmark for payments.
1 “A Payments Strategy for the 21st Century: putting
the needs of users rst,” November 2016, Payments
Strategy Forum.
Throughout this article, we will explore
the effect that regulators and industry
participants are having on the payments
industry and analyze the trends that are
shaping the future.
Global initiatives: what activities
are being undertaken to transition the
payments industry to the future?
In this section, we will explore national
payment initiatives driven by regulators
and the payments industry.
UK
The Payments Strategy Forum (the
Forum) was established in October 2015
by the Payment Systems Regulator (PSR).
The Forum represented the rst time that
the payments entities in the UK worked
together to plan for a future that meets the
needs of its users. Specic objectives
include closing the needs gap, addressing
end-user detriments, and unlocking
competition and innovation opportunities.
The Forum identied ve challenges that
needed to be addressed (gure 1).
In November 2016, the Forum published
A Payments Strategy for the 21st Century
1
,
which put the needs of users rst, and sets
out a vision for the future of UK payments
to meet the needs of current and future
generations of payment service users. This
includes:
• Enabling simpler access
• Ensuring ongoing stability and resilience
• Encouraging greater innovation and
competition
• Enhancing adaptability and security
Figure 1: Key challenges in the UK payments landscape
1
Current UK
payments
landscape
• Meets majority of
our needs
• Secure
• Unnecessarily
complex
• Attractive for
innovators, but
access is inhibited
• Difficult to change
• Detriments to be
addressed
Future UK
payments
landscape
• Adaptable to user
needs
• Secure and resilient
against new threats
• Efficient, simple
and stable
• Encourages
innovation and
competition
• Easy to change
• Current detriments
addressed,
responsive to
emerging detriments
Challenge 1
Changing needs
of consumer,
business and
government end
users
Challenge 2
Growing
complexity across
multiple schemes
resulting from
evolving
technology and
regulation
Challenge 3
Increasing
sophistication
of financial
crime and fraud
Challenge 4
Increasing
demands to foster
innovation
Challenge 5
Requirement to
meet as-yet-
unknown future
needs
Modernizing payments
#payments
4
Volume 19
The UK‘s strategy compared with other initiatives is that
it isn‘t focused solely on new payments infrastructure
but also includes parallel initiatives to improve trust in
the payments system by collaboratively working to
prevent nancial crime.
Global initiatives and trends
A notable difference in the UK’s strategy
compared with other initiatives is that
it isn’t focused solely on new payments
infrastructure. Instead, it also includes
parallel initiatives to improve trust in the
payments system by collaboratively
working to prevent nancial crime.
As the work continued into 2017, a
draft consultation was published in July
proposing a blueprint for the future of
UK payments. Feedback was invited from
the payments community to nalize the
design and implementation approach for
a new payment system in the UK.
The blueprint recommended a design
based on a layered architecture with
a thin collaborative infrastructure to enable
competition and innovation. Adoption
of common, international standards
(ISO 20022) to enable access, innovation
and interoperability, and exibility was
built into the design to support a range of
new end-user services.
By the end of September 2017,
59 organizations had responded to the
66 questions in the consultation. The
responses were used to provide insights
and inform the development of the nal
blueprint.
At the end of 2017, the initiatives proposed
by the Forum were handed over to the
New Payments System Operator (NPSO)
and UK Finance, which are now carrying
forward the work started by the Forum.
Australia
Australia’s pursuit of payments
modernization was sparked by a strategic
review of the payment system, conducted
by the Payments System Board (the Board).
The Board identied a consumer need
for several developments in the payments
industry, with a particular focus on real-time
payments settlement and clearing. As a
result, the payments industry collaborated
with the Australian Payments Network to
create the Real-Time Payments Committee
(RTPC), eventually launching its New
Payments Platform (NPP) program in
June 2013.
The NPP program brings together
13 nancial institutions, with the objective
of delivering a leading payments
infrastructure that meets the needs of
modern consumers.
The NPP will introduce real-time payments
capability, a more exible payments
architecture, enriched payments data and
PayID — a feature that will allow users to
identify the recipient using memorable
information, such as a mobile phone
number.
At the time of writing, implementation of
the NPP is expected to be incremental, with
real-time payments becoming available at
the end of January 2018. End-user access
to the platform will be wide and will
continue to increase as bank and PSP
adoption increases.
Figure 2: Features of Australia’s NPP
2
1
New infrastructure separate from products
2
Open access platform
3
Data-rich payments
4
Conrmation of payee before payment
5
Real-time central bank settlement
6
PayID
7
Request-to-pay function
2 Katrina Stuart, “Introduction to the New Payments
Platform.” NPPA Webinar, © NPP Australia Limited
(accessed via www.nppa.com.au/wp-content/
uploads/2016/12/NPP-Webinar_July-2017-
Publishing.pdf, 10 January 2018).
Modernizing payments
#payments
5
Volume 19
Singapore’s Smart Nation payments strategy
is part of a wider government initiative to
foster innovation across all sectors and improve
standards of living in Singapore.
Global initiatives and trends
Canada
Canada is often recognized as a leader in
payment services. However, like many other
developed payments infrastructures, it
uses legacy systems that have become
outdated. In recognition of this, and in the
context of the evolving digital environment,
the Canadian Payments Association (CPA)
has published plans to modernize Canada’s
payments industry. It began by reviewing
the global payments landscape and assessing
its own stakeholders’ needs.
The CPA’s modernization strategy outlines
ve major pillars of development (see
gure 3), which will be delivered through
a series of infrastructure developments,
rules and guidelines and the introduction of
shared services and proprietary products
and services.
3
The pillars address consumer
needs, including the need for more
efciency, transparency, convenience, and
a platform for innovation.
The modernization plans will be implemented
over several years, with completion planned
for 2020.
Figure 3: Canadian payments industry initiatives
4
Figure 4: A New Era of Smart Banking: key initiatives
7
3 “Developing a Vision for the Canadian Payment Ecosystem,” 20 April 2016, The Canadian Payments Association.
4 “Industry Roadmap & High Level Plan,” 8 December 2016, The Canadian Payments Association.
5 “Digital Payments: Thinking Beyond Transactions,” PayPal website (www.paypalobjects.com/digitalassets/c/website/marketing/global/shared/global/media-resources/
documents/PayPal_Asia_Research_Report_Digital_Payments.pdf, accessed 16 December 2017).
6 “Singapore Payments Roadmap,” August 2016, KPMG.
7 “A New Era of Smart Banking,” Press Release, Hong Kong Monetary Authority website (www.hkma.gov.hk/eng/key-information/press-releases/2017/20170929-3.shtml,
accessed 18 December 2017).
Singapore
Singapore’s consumer trends are
considerably different from those of the
UK, Australia and Canada. In Singapore,
cash is the most popular way for individuals
to pay.
4
Recognizing this, the Monetary
Authority of Singapore (MAS) has focused
on encouraging adoption of its real-
time payments platform Fast and Secure
Transfers (FAST) at the heart of its Smart
Nation vision.
5
Singapore’s Smart Nation payments
strategy is part of a wider government
initiative to foster innovation across all
sectors and improve standards of living in
Singapore.
In addition to wide adoption of electronic,
real-time payments, the payments vision also
fosters competition and interoperability
and encourages efciency and security
and an enhanced, standardized consumer
experience.
6
Hong Kong
In September 2017, the Hong Kong
Monetary Authority (HKMA) announced
A New Era of Smart Banking, a vision of an
efcient, exible and safe payments
industry, founded on a convergence of
banking and technology. The initiative will
be led by the HKMA and will be achieved
through seven key initiatives.
7
The rst initiative focuses on the ability to
execute real-time payments, which will be
delivered in September 2018 through the
Faster Payment System. The subsequent
six initiatives focus on fostering innovation
and competition, developing technological
capability, and reducing friction between
regulation and digital offerings.
The New Era of Smart Banking is an
interesting shift in the context of
national strategies; while innovation
and competition are often key, they
are usually balanced with a fundamental
change in payments architecture.
Europe
The EU’s regulatory agenda is transforming
in the European payments industry. There
are a number of overlapping and sometimes
parallel regulations that PSPs are now
being asked to comply with, such as the
GDPR and the Competition and Markets
Authority (CMA).
In January 2016, the most substantial
payments legislation of recent years —
the second Payment Services Directive
(PSD2) — was published by the EU. The
directive expands the rules outlined
in the rst Payment Services Directive
(PSD1), which aimed to ease cross-border
payments, widen the choice of payment
services for customers, increase the speed
of payments and improve consumer
protection. For example, the directive set
out the legal framework for the Single
Euro Payments Area (SEPA). SEPA was
launched in November 2017 and introduced
a single euro payments market, offering
real-time payments execution.
1
A new core clearing and settlement system
to support new technology, such as
distributed ledger technology, and meet
regulatory requirements
2
Real-time payments capability, which will
execute transactions within 60 seconds
3
Enhanced automated funds transfer (AFT)
to operate along with the real-time
payments service
4
Alignment of the Automated Clearing
Settlement System (ACSS) with global
regulatory standards
5
Modernization of the rules framework in
relation to high value and retail standards
1
Introduction of real-time payments
2
Enhanced Fintech supervisory sandbox
3
Promotion of virtual banking
4
Banking made easy initiative
5
Open application programming
interfaces (APIs)
6
Closer cross-border collaboration
7
Enhanced research and talent development
Modernizing payments
#payments
6
Volume 19
Unrestricted, real-time payments processing
is undoubtedly one of the leading global
trends in the payments industry, with signicant
end-user benets.
Global initiatives and trends
PSD2 has a greater focus on promoting
the development of innovative electronic
payments solutions by creating a “level
playing eld” for new entrants into the
market. PSD2 will require banks to share
customer data with third-party providers,
rebalancing the power between new entrants
to the industry and bank incumbents. The
competitive landscape will be transformed;
consumers will be offered more choice and
convenience, and innovation will be key to
competitive success.
The deadline for European Economic Area
(EEA) countries to transpose PSD2 into
domestic law was January 2018. At the
time of writing, the majority of EEA nations
were targeting this deadline; however,
Belgium and the Netherlands have explicitly
stated that they will delay implementation
until April and June 2018, respectively.
Thus, while these EU directives aim to
promote a single, innovative payments
market across Europe, the reality of the
EU and EEA as an alliance of autonomous
nations remains a challenge.
Global trends: what does the future
payments industry look like?
In pursuit of a modern payments industry,
each jurisdiction has a different starting
point and will undertake a different journey.
However, many payments industry objectives
transcend jurisdictions and create a vivid
vision of what tomorrow’s payments
landscape could look like. In this section,
we review some of the prominent trends
that we are seeing in modernization
initiatives.
Real-time payments
There has been a huge emphasis on real-
time payments processing in recent
years. This is driven by consumer demand,
coupled with the availability of high-
speed data connections. The rst real-time
payments processing system, Zengin,
was adopted by Japan in 1973. Since then,
a number of other countries, including
the UK, South Africa, India, Singapore
and the US, have followed suit. Real-time
payments capability varies between
countries:
• The UK is one of the leading countries in
real-time payments capability. Such
payments are not only widely available,
they are also virtually unrestricted. For
example, the UK’s Faster Payments
Service is widely accessible, 24 hours a
day, 365 days a year, for values of up
to £250,000.
• Japan and Canada also have real-time
capability, but their services are subject
to cutoff times. Both countries have
outlined plans to move to an unrestricted
real-time payments model.
• Hong Kong does not currently have the
ability to process real-time payments.
Unrestricted, real-time payments processing
is undoubtedly one of the leading global
trends in the payments industry, with
signicant end-user benets. Individual
consumers benet from the exibility
of an immediate service. Whether they are
paying a friend or the deposit on their
rst home, immediacy is critical to their
experience. Similarly, businesses benet
from rapid services that improve their
ability to manage their liquidity position.
Promoting competition and innovation
It is widely acknowledged that competition
is critical to driving innovation. However,
there are signicant barriers to entry within
the payments industry that prevent new,
innovative entrants from accessing the
market. These barriers vary depending on
the jurisdiction, but include access to data,
access to settlement and clearing systems,
and the cost and complexity required to
navigate through different standards and
systems. Reducing these barriers to entry
and promoting competition is at the heart
of each initiative that we have explored in
this article.
While the end goal of enhancing competition
is shared across the globe, the strategy for
achieving this vision depends on the nature
of regulation, market barriers and payment
systems in each jurisdiction.
Modernizing payments
#payments
7
Volume 19
The global payments market is fragmented,
which makes it difcult to create value-adding
services that can be accessed across multiple
geographies.
Global initiatives and trends
For example:
• The UK has developed initiatives aimed
at providing both direct and indirect
accessibility to nonbank PSPs.
• Japan and Switzerland have recently
allowed a selection of nonbank
institutions — including PSPs — to access
payment clearing directly.
• Canada’s CPA plans to focus more heavily
on improving indirect access options and
interfaces via existing participants.
Interoperability
The global payments market is fragmented,
which makes it difcult to create value-
adding services that can be accessed across
multiple geographies. Historically, countries
have built their own payments infrastructure,
independent of one another. This creates
inefciency that hinders interoperability.
As a result, international payments lack
speed, efciency and transparency, and
their cost is too high. In addition,
international payments cause concern
for B2B payments, as they limit intraday
reporting and liquidity management due
to the lack of transparency in the cross-
border payments process.
In recent years, acceptance has grown
that some global commonality is needed
in order to further drive collaboration and
competition. As a result, ISO 20022 is
becoming the common real-time payment
messaging standard. There is already wide
uptake of the standard, with many more
countries planning to adopt ISO 20022.
Inefciencies arising from cross-border
fragmentation are also driving innovation in
Sources:
Japan and Singapore: “The ISO 20022 Adoption Initiatives Report,” ISO 20022 Registration Authority website (www.iso20022.org, accessed 18 September 2017).
New Zealand: “Payments Direction.” Payments NZ website (www.paymentsnz.co.nz/about-us/payments-direction/, accessed 18 September 2017).
Canada: In February, 2016, Payments Canada completed the multi-year development of new ISO 20022 payments messages, related rules and standards, and an adoption
strategy for its participant nancial institutions. Payments Canada website (www.payments.ca/resources/iso-20022-resource-centre/faqs, accessed 6 February 2018).
US: “Industry Perspective,” April 2017, The Federal Reserve Financial Services website.
(frbservices.org/assets/news/fedfocus-fedash/fedfocus-archive-april-latest-iso-20022.pdf, accessed 5 December 2017).
Brazil, Denmark, Switzerland: “Flavours of Fast,” May 2015, FIS. © 2015 FIS and/or its subsidiaries.
Poland: “Poland, an Eastern European country at the cutting-edge of payment technologies,” December 2016, The European Payments Council website,
(www.europeanpaymentscouncil.eu/news-insights/insight/poland-eastern-european-country-cutting-edge-payment-technologies, accessed 5 December 2017).
China: “CIPS Accelerates the Internationalization of the RMB,” SWIFT MI Forum October 2016, SWIFT website
(www.swift.com/sites/default/les/resources/swift_news_mi_cips_accelerates_internationalisation_rmb.pdf, accessed 6 December 2017).
Australia: Katrina Stuart, “Introduction to the New Payments Platform,” NPPA Webinar, © NPP Australia Limited .
(www.nppa.com.au/wp-content/uploads/2016/12/NPP-Webinar_July-2017-Publishing.pdf, accessed 10 January 2018).
UK: “A Payments Strategy for the 21st Century: putting the needs of users rst,” November 2016, Payments Strategy Forum.
India: “Adoption of ISO 20022 messaging standard in new RTGS System,” 20 December 2013, Reserve Bank of India Press Release.
(rbidocs.rbi.org.in/rdocs/notication/PDFs/AMSI201213SC.pdf, accessed 6 December 2017).
Canada
✔ ISO 20022 capable
Figure 5: The diagram below shows ISO capabilities across the world, highlights some of the key payments hubs and outlines whether they have ISO 20022
capability for commercial transactions.
Poland
✔ ISO 20022 capable
Denmark
✔ ISO 20022 capable
India
✔ ISO 20022 capable
Singapore
✔ ISO 20022 capable
Australia
✔ ISO 20022 capable
New Zealand
✔ ISO 20022 capable
China (mainland)
✔ ISO 20022 capable
US
No, but its real-
time payments will
use ISO 20022
messaging once
implemented
Brazil
No, but an intention to
move to ISO 20022
announced in 2010
UK
No, but plans in
place to adopt
ISO 20022 across
payment systems
Switzerland
No, but plans
in place to enable
capability by
mid-2018
Japan
No, but intends to
implement capability
in 2018
Modernizing payments
#payments
8
Volume 19
By 2020, the competitive environment will
have been redened; new services, providers
and systems will create a very different
industry from the one we know today.
Global initiatives and trends
Heather Clarke
Olivia Jeavons
Hamish Thomas
payments. Distributed ledger or blockchain
is one emerging technology that is
increasingly being seen as a potential
alternative in this space.
Enriched data and user control
Today, electronic payments include a very
limited amount of information. In the new
world of payments, consumers will be able to
attach enhanced data to their transactions.
This data could be a string of characters, a
link to a page or document or, in the most
ambitious plans, a document attached to the
payment.
This enriched data will enable agents to
get more information and payment
information to become a real data asset,
opening up scope for innovation to create a
marketplace of propositions. For example,
users will be able to request payments from
others, and payers can be given control over
how and when they would like to respond.
In addition, enriched data will support
improved reconciliation capability.
Simplied payments addresses
Payments initiatives ubiquitously put users
at the heart of their plans. Users commonly
express a preference for being able to make
payments with nonbank details to improve
ease and accessibility. It is, therefore,
unsurprising that countries such as Canada,
Australia and India have committed to
substituting traditional identication details,
such as sort codes and account numbers,
with more user-friendly identiers.
A common substitution for these traditional
identication details is a mobile phone
number.
India’s central payment authority, the
National Payments Corporation of India,
has addressed this barrier by removing
the need for users to hold a bank account. It
has introduced a payments ecosystem to
support the use of various virtual addresses
via a central Unied Payments Interface
(UPI). This allows users to send and receive
payments using national ID numbers,
mobile phone numbers, and unique numbers
provided by PSPs or other addresses.
Importantly, it enables users to send and
receive money without the transaction
touching a bank. Since its launch in 2010,
mobile payments have grown in popularity,
with over 76 participating banks now
offering the service.
8
Flexible architecture
The strategies outlined in this article
largely depend upon a scalable, exible
architecture that not only meets today’s
needs, but is agile enough to adapt to
tomorrow’s evolving demands. The way
that this is being achieved in Australia and
the UK is by creating a layered architecture,
with payment system built in layered stacks.
Each stack can be isolated from the others,
making it possible to make discrete changes
without compromising other components
of the system. The actual transfer of funds
is carried out in a separate layer as an
overlay service. These overlay services
allow PSPs to develop distinct propositions
without changing the underlying message.
Conclusion
The transformation that is taking place
in the payments industry is remarkable.
By 2020, the competitive environment will
have been redened; new services,
providers and systems will create a very
different industry to the one we know today.
Current market incumbents can remain
central to the industry, but only if they pay
attention to what is happening and develop
a meaningful understanding of what it
means to them and their consumers. The
coming years will require PSPs to become
more adaptable, innovative and
technologically astute in order to thrive in
tomorrow’s competitive landscape.
8 “Flavours of Fast,” May 2015, FIS. © 2015 FIS and/or its subsidiaries.
#payments
9
Volume 19
How to achieve readiness
for GDPR compliance
Starting on 25 May 2018, any rm with
ties to EU residents will have to comply
with the requirements of the EU’s GDPR.
Despite the imminent deadline, there are
still several common misconceptions about
the GDPR’s impending requirements. To
dispel these misconceptions, here are the
rst things you’ll need to know:
• It’s not a simple change. For affected
rms, GDPR will cause signicant
changes to operations, including data
management, third-party relationships,
outsourcing contracts and even entire
business models.
• It’s not just a problem for EU
operations. For non-EU rms, GDPR
compliance will require signicant
cooperation and collaboration between US
and European operations, as well
as with relevant third parties.
• It doesn’t just cover European
addresses. GDPR also covers EU
residents, and so at a minimum, you
will have to identify the EU residents
in your customer base.
• It’s not just for retail, consumer-facing
businesses. Small and medium-sized
business as well as large business-
to-business (B2B) rms that control or
process personal addresses, tax IDs
or national security numbers of EU
residents will also need to comply with
the GDPR, regardless of whether they
serve B2B or business-to-consumer
(B2C) marketplaces.
• It’s not a one-and-done exercise. Firms
need to be able to demonstrate GDPR
compliance on an ongoing basis or risk
regulatory penalties or class action suits.
Much more than an extension of existing
EU data protection requirements, the
GDPR covers several new aspects of privacy,
any of which would be challenging to
implement on its own. Given the broad scope
of requirements for GDPR compliance,
even EU-focused organizations are having
difculty meeting the May 2018 deadline.
For non-EU organizations, the challenge is
compounded by having rst to identify
EU customers for whom the GDPR applies.
Moreover, the GDPR differs signicantly
from the privacy rules of the Gramm-Leach-
Bliley Act (GLBA) in the US. Under the
GLBA, by default, rms can share
information unless consumers specically
“opt out.” By contrast, the EU’s consumer-
focused GDPR starts from the premise
that consumers own their information and
are therefore, by default, protected from
sharing or disclosure unless they “opt in”
and provide their consent. Data processing
activities that would be permissible under
the GLBA may not be acceptable under the
GDPR without signicant process changes
and additional privacy protections.
Consequently, many non-EU organizations
covered by the GDPR have not yet made
sufcient progress toward compliance.
Provisions of the GDPR include:
• Data protection impact assessment
(DPIA): Organizations are to conduct
impact assessments for all process
operations, identifying the most effective
way to comply with their data protection
and privacy obligations.
• Data privacy governance and account-
ability: Firms must establish proactive moni-
toring of privacy standards, ensure internal
adherence to GDPR privacy principles and
demonstrate compliance to examiners.
#payments
10
Volume 19
• Condition for processing: For any given
data processing activity, rms must
demonstrate a legitimate reason, which
can include the individual’s consent,
contractual necessity, legal obligation,
regulatory requirements or public
interests.
• Data protection ofcer: Firms
that conduct large-scale systematic
monitoring of EU residents’ data, or
that process large amounts of sensitive
personal information, must appoint
a data protection ofcer (DPO) who
reports to the highest level of
management.
• Privacy by design: Organizations will
be required to design policies, procedures
and systems that follow “privacy by
design” principles at the outset of product
or process development, as opposed to
privacy controls layered on after
deployment.
• Right to erasure: Individuals may
request the deletion or removal of
personal data where there is no
compelling reason for its continued
processing.
• Consent and notication: Individuals
must freely give their specic, informed
and unambiguous consent to an
organization processing their personal
data. Furthermore, breach notications
must be made within 72 hours of
the organization becoming aware of the
breach.
• Data portability: Individuals may obtain
and reuse their personal data for their
own purposes, and organizations must
provide methods to move, copy or
transfer their personal data easily from
one IT environment to another in a
safe and secure way, without hindrance
to usability.
The GDPR represents the most
comprehensive privacy regulation
in the marketplace today.
The GDPR applies to any organization,
regardless of geographic location, that
controls or processes the personal data of
an EU resident in a prescribed way. The
relevant terminology is dened as follows:
Controller: A body (alone or jointly with
others) that determines the purposes and
means of processing personal data
Processor: A body that, on behalf of the
controller, processes personal data, which
can include collecting, organizing, storing,
disclosing, using, etc.
Personal data: Any information (single
or multiple data points) relating to an
identied or identiable natural person
such as name, employee identication
number or location data
Noncompliance can attract a ne of up to
€20 million, or 4% of the organization’s
total global revenue, whichever is greater.
Ready for the GDPR?
Also, individuals represented by not-
for-prot organizations have new rights
to bring class-action lawsuits for privacy
violations against data controllers or
processors. In sum, the GDPR’s broad
provisions, broad-based applicability rules
and the high potential for nes place
an enormous responsibility on nancial
institutions based beyond EU borders.
How to implement the GDPR
First, determine the extent to which
the GDPR applies to you
The GDPR applies to any organization
or service provider, either located
in the EU, offering goods or services in
the EU or operating as a processor or
controller in the EU. It may also apply to
organizations that process data of EU
citizens who reside in the US. In addition,
knowledge of the regulations is relevant
for entities with plans or aspirations to
do business in the EU in the future.
Figure 6: Three key questions to assessment applicability
* Note: The responses to these questions should be evaluated based on the facts and circumstances in your
organization and discussed with legal counsel.
Source: EY analysis of the General Data Protection Regulation, EU regulation 2016/679, adopted 27 April 2016,
effective from 25 May 2018.
Are you or your service provider a
processor or controller that offers
goods or services in the EU (e.g., do
I offer payment services in the UK)?*
Are you or your service provider
a processor or controller that
monitors behavior in the EU
(e.g., am I a third party that monitors
credit card balances in France)?*
The GDPR applies The GDPR may apply
No, I do not have any entities,
subsidiaries or affiliate organizations
residing within the EU.
No, I do not have any business activities
in the EU, including those of third
parties.
No, I do not monitor behavior or process
data of anyone residing within the EU.
Questions to consider include
(but are not limited to):
• Do I have any plans or aspirations to
do business in the EU in the future?
• Do I process data of EU citizens who
reside in the US?
2
3
Are you or your service provider
a processor or controller located in
the EU (e.g., do I have an affiliate
organization in the EU)?*
1
No
No
No
YesYesYes
#payments
11
Volume 19
Second, conduct a risk-based assessment
Beyond just a legal assessment of the bare
requirements, we recommend that you
conduct a fact-based, documented review
of operations, including contracts with
third-party providers, to ascertain whether
you access, store or monitor data related
to EU residents. Your review should also
consider your rm’s strategy, growth plans,
risk tolerance, existing controls and
capabilities, and other contextual factors.
The resulting assessment can guide your
organization as you take steps to comply
with the regulations.
Third, dene your target state using
a lines of defense model
The “three lines of defense” model is being
widely adopted across risk management,
and this model should be put into practice
for GDPR compliance as well. At each line
of defense, your organization should be
prepared to demonstrate readiness for
GDPR-compliant operations.
The rst line of defense includes business
lines, technology and operations. Business
lines will have to own the risks they
create and implement effective controls
throughout their operations and IT
solutions. Relevant areas to investigate
include customer relationship management,
marketing, product development,
procurement, human resources, training
and communications.
The second line of defense includes risk
management as well as compliance,
privacy and security functions working
with the designated DPO to validate the
organization’s privacy and data security
strategy. The compliance team will also
need to work with technology and
operations specialists (i.e., the rst line of
It’s not a one-and-done exercise. Firms need
to be able to demonstrate GDPR compliance
on an ongoing basis or risk regulatory penalties
or class action suits.
Ready for the GDPR?
defense) to evaluate third-party compliance
with GDPR requirements and obligations.
The third line of defense consists of
internal auditors, who will be responsible
for compliance monitoring, access review
and overall privacy framework validation.
Fourth, perform gap analysis and
remediation
Assemble a cross-functional remediation
team to traverse across a wide range
of people, processes and technologies to
embed GDPR-compliant practices for
privacy risk management into existing
business and IT contexts.
Given the interactions between the
numerous provisions of the GDPR, an
efcient approach to compliance must
address multiple gaps at the same time.
EY’s privacy risk management framework
provides a useful starting point for dividing
and organizing the workload.
Figure 7: EY’s privacy risk management framework
Source: EY analysis and framework
Privacy culture
Privacy process, risk and control framework
Privacy risk management
Risk appetite Risk identification Risk profiling Risk assessment Issue management
Program reporting, metrics and monitoring (e.g., ROPA)
Technology enablement
Privacy governance
• Policies and standards
• Roles and responsibilities (e.g., CPO, DPO)
• Organizational structure
• Board and stakeholder expectations
Business strategy
IT strategy
Focus areas
Assess
Data mapping and inventory
Appropriate data collection
and classification
Privacy impact assessment
Advice
Privacy and security by design
Data rights management
Use of data
Consent and privacy
notification
Cross-border
Govern
Accountability and compliance
Internal and external
assurance
Training and awareness
Integrate
Incident and breach
management
Records management
Third-party risk management
Data protection and security
Contract management
#payments
12
Volume 19
Data use case management or framework,
cloud discovery, high-value asset identification,
use of risk rating criteria, evaluation of data
processing on a large scale
Program design based on business model,
incorporating privacy and security into
systems development life cycle and new
product development
Third-party risk assessment, compliance
monitoring and data controls
Jurisdiction approval, enforceability
of legal remedies for data subjects,
documentation of transfers
Training to raise employees’ awareness
of privacy policies and standards
(responsibility of all employees)
Lawful and proportionate
collection of data;
classification into
categories for taxonomy
(e.g., financial, personal)
Internal and external data subject’s right to
access, correction, erasure, portability and
objection
Identify and access management,
technology selection, encryption strategy
Attachment of requirements to physical
files, electronic documents and emails
Freely given and explicit consent, right
to withdraw consent, privacy notices
Internal audit
assessment, third-
party attestation,
certification against
industry standard
Process risk and control,
data discovery (structured
and unstructured data),
system and repository
identification and risk
prioritization
Data collection for specific, explicit and
legitimate purpose; limits collection to
what is necessary
Assessment of service-level agreements and
internal or third-party contracts to identify
gaps or opportunities to strengthen language
Data incident response plan, 72-hour
operational effectiveness process
Privacy operating
model, tone
at the top, policy
development
The GDPR starts from the premise that
consumers own their information and are
therefore protected unless they “opt in” and
provide their consent to sharing or disclosure.
Ready for the GDPR?
Figure 8: GDPR requirements organized into focus areas
Source: EY analysis
General Data Protection
Regulation
Advice
Integrate
Govern
Training and
awareness
Assess
Privacy
impact
assessment
Cross-border
Records
management
Internal
and external
assurance
Privacy and
security
by design
Data
protection
and security
Appropriate
data collection and
classification
Use of data
Third-party
risk
management
Consent and
privacy
notification
Incident and
breach
management
Accountability
and compliance
Data rights
management
Contract
management
Data mapping
and inventory
#payments
13
Volume 19
It is critical to educate key
stakeholders, including the board
of directors, on GDPR.
Ready for the GDPR?
The EY privacy risk framework separates
desired outcomes into four distinct focus
areas: assess, advice, govern and
integrate. Within each focus area, specic
areas for remediation can be addressed
using similar concepts, toolsets and
methodologies.
A divide-and-conquer strategy based
on the EY privacy risk management
framework can help an empowered cross-
functional team to make rapid adaptations
leading to faster GDPR readiness and
compliance.
While it may be challenging for some
organizations to complete the entire range
of tasks required to be in full compliance
with the GDPR, it should be entirely feasible
to prioritize the most important and
achievable actions to take prior to the
May 2018 deadline.
In addition, forming a remediation team
should enable clear communication and
reporting of organizational responsibilities.
Documenting your GDPR risk decisions
and responsibilities will allow you to
demonstrate your risk-based approach
while reducing the risk of potential legal
exposure following an alleged privacy
violation. Further activities involving
organizational change and technological
change can be added to the road map for
future development.
The GDPR represents the most
comprehensive privacy framework in
the marketplace today. By efciently
complying with the GDPR, nancial
institutions can continue to serve not
only EU residents, but also residents
of other countries and regions that will
eventually follow the EU’s approach
to privacy and data protection.
Immediate next steps
• Educate key stakeholders, including
the board of directors
• Risk assess (including legal applicability)
whether the GDPR applies to your
organization
• Establish cross-function and cross-
business governance structures for
assessing the GDPR’s applicability
to business operations and evaluating
the readiness and management of
your overall GDPR remediation efforts
• Conduct a privacy impact assessment
with a strong focus on high-risk data ows
of business processes
• Analyze GDPR gaps, with a particular
focus on governance, policies, technology,
external dependencies (e.g., vendors),
existing data ows (high risk) and
processing operations
• Design and execute a prioritized
implementation plan to address gaps
based on risk tolerance, risk priorities,
resources and investment
A modied version of this article appeared
in Compliance Week magazine.
John Doherty
Mark Watson
To learn more visit:
ey.com/fsGDPR
#payments
14
Volume 18
M&A roundup
M&A activity and deal characteristics
A total of 42 M&A transactions were
announced in the fourth quarter of 2017.
This level of activity is slightly above the
38 deals recorded in Q3 2017. The nancial
terms of 20 transactions were disclosed
in the nal quarter of the year, amounting
to a total volume of US$9.7 billion. This
represents a threefold increase over the
deal volume in the last quarter of 2016,
11, 12
but a strong decline on the US$26.0 billion
worth of deals in Q3 2017.
The deal volume in Q4 2017 was driven
primarily by one large transaction within
the payments security market. Trade
buyers drove the deal activity in the nal
quarter as they acquired new targets,
while some private equity funds sold off
companies in their portfolios but were
less active on acquisitions. The largest
The fourth quarter of 2017 saw an increase in deal activity related to payments as the
number of transactions increased from 38 in Q3 2017 to 42 deals in the last quarter
of the year (Q4 2017). However, based on a transaction value of US$9.7 billion, the
last quarter of the year fell short of the US$26.0 billion worth of deals in Q3 2017 as
there were fewer large-scale transactions. The acquisition of Gemalto, a Netherlands-
headquartered provider of digital security solutions, by French defense giant Thales
stands out. It is by far the largest acquisition in the fourth quarter at US$6.5 billion,
demonstrating the importance of digital security in relation to payments.
9
The largest deal of a merchant acquirer was the acquisition of Cayan, a US-based
payment processing business, by TSYS. This deal conrms the importance of small
and medium-sized enterprises (SMEs) as a way to drive the protability and growth
of merchant acquirers.
10
The transaction will add to TSYS’ merchant sector scale
and improve distribution capabilities and reach in the SMEs segment, which is a core
growth area for TSYS.
deal of the quarter, which amounted to
65% of the total transaction volume, saw
major French defense rm Thales acquire
Gemalto, a leading European digital
payments security provider. This acquisition
values Gemalto at an implied enterprise
value of US$6.5 billion, a last-12-month
(LTM) revenue multiple of 1.8x and an
LTM earnings before interest, taxes,
depreciation and amortization (EBITDA)
multiple of 11.9x. This transaction is
expected to help transform Thales into a
global leader in digital security covering the
payments sectors among others. Thales
paid €51 per share for Gemalto, which
represents a 57% premium per the closing
price on 8 December.
13
The second largest deal of the quarter was
the acquisition of Cayan by TSYS at an
implied enterprise value of US$1.05 billion.
9 Source: Reuters (www.reuters.com,
accessed 10 January 2018).
10 Source: TSYS (www.tsys.com,
accessed 10 January 2018).
11 Sources: EY analysis, Bloomberg, Capital IQ,
company websites, Mergermarket.
12 Deal volume is based on the implied enterprise
value as recorded by Capital IQ or other publicly
available sources.
13 Sources: EY analysis, Bloomberg, Capital IQ,
company websites, Mergermarket.
Figure 9: Targets by segment (in percentage)
Payment acceptance
devices plus software
Processing
Issuing
Alternative payment
systems
Money transfer
Acquiring
Data analytics
Couponing and loyalty
Other includes security,
ATM and commerce
2017
Q4
12
5
26
2017
Q3
29
12
14
7
Sources: EY Innovalue, Capital IQ, Mergerstat M&A
Database, company websites.
Figure 11: Median enterprise value multiples
EBITDA multiple
Revenue multiple
16x
14x
12x
10x
8x
6x
4x
2x
0
2013 2014 2015 2016 2017
3.7
14.5
2.8
14.7
3.5
13.1
2.3
10.6
3.2
14.4
Figure 12: Targets by region (in percentage)
North America
Europe
Asia
Middle East and Africa
Oceania
South America
2017
Q4
7
36
17
36
2017
Q3
2
2
Figure 10: M&A market development
Number of transactions
Disclosed value (in US$ billion)
30
25
20
15
10
5
0
50
40
30
20
10
0
2016
Q4
2017
Q1
2017
Q2
2017
Q3
2017
Q4
3.4
19
5.5
45
4.0 26.0 9.7
46
38
42
#payments
15
Volume 18
Cayan was owned by Parthenon Capital
Partners, a US-based private equity fund,
14
and has a large network (70,000) of
small to medium-sized enterprises to which
it provides technology-led acquiring
services in the US. The business provides
acquiring and acceptance solutions as
well as processing for ofine merchants.
15
For TSYS, the transaction is another
strategic step toward an increased focus on
SME merchants’ needs and strengthening
its market position in the US. According to
TSYS, Cayan will enhance the group’s
commerce solutions to jointly offer value-
add products and services to their partners
and merchants in the US.
Q4 transactions were heavily geared
toward trade buyers since none of the
top 10 largest transactions was a private
equity buy-side deal. Beyond Parthenon
Capital Partners’ sale of Cayan, the second
largest private equity sell-side deal was
TA Associates’ sale of BluePay, a US-based
payment processer operating in the US
and Canada, to First Data.
16
TA Associates
acquired BluePay in 2013 and completed
ve complementary add-on acquisitions.
Beyond the acquisitions, TA Associates
supported BluePay in reorganizing its
sales and marketing organization and
strengthening its partnership model, which
resulted in robust organic growth.
17
The deal values BluePay at an implied
enterprise value of US$760 million.
According to First Data, BluePay brings
best-in-class integrated card-not-present
solutions and a cutting-edge independent
software vendor product suite.
18
The median EBITDA multiple for all deals
year-to-date increased from 10.6x in
2016
19
to 14.4x in 2017. The median
revenue multiple for the same period
increased from 2.3x to 3.2x.
20
Investors
are expected to continue to look at new
disruptive and growth opportunities in the
evolving payments sector. In particular,
the impact of open banking regulation
in the UK and neighboring European
The deal volume in Q4 was distributed
across a variety of business segments
with a fair share of processing, active
portfolio management and acceptance
acquisitions.
countries is expected to result in a rise
in the establishment and in acquisitions of
new payments companies such as account
information service providers and payment
initiation service providers.
21
In Q4 2017, 17% of the targets were based
in Europe, with 36% in North America and
36% in Asia. The four largest deals of the
quarter involved North American targets,
while the third quarter was dominated by
transactions in Europe. We expect a further
consolidation trend in Europe, which will
support the M&A agenda of trade players
and private equity funds over the next
quarters.
Andreas Habersetzer
Markus Massem
M&A roundup
Erik Mostenicky
14 Source: TSYS (www.tsys.com, accessed 10 January 2018).
15 Source: Cayan (www.cayan.com, accessed 10 January 2018).
16 The Nilson Report, issue 1105, March 2017. According to the report, First Data processed US$19.8 billion in transactions in 2016.
17 Source: TA website (www.ta.com, accessed 10 January 2018).
18 Source: First Data (www.rstdata.com, accessed 10 January 2018).
19 Includes all deals in 2017.
20 Transaction multiples are based on implied enterprise value, EBITDA and revenue data sourced primarily from Capital IQ.
21 Sources: EY analysis, Bloomberg, Capital IQ, company websites, Mergermarket.
#payments
16
Volume 19
Funding activity
The fourth quarter of 2017 saw 56
companies raise a total of US$1.2 billion
in funding, all of which was equity
funding. There were an additional
12 deals announced in the last quarter,
up from 44 in Q3 2017, while total
investment value increased by 16% in
Q4 2017, reecting stronger investment
activity in early-stage companies.
22
Q3 2017 was characterized by an
increasing number of initial coin offerings
and a strong focus on alternative payment
systems and security solutions. Activity in
Q4 2017 continued the trend from earlier
in 2017, where overall investment activity
was more diversied as investors looked to
extract value across the entire payments
value chain.
In geographic terms, investment activities
picked up in Asia compared to the
previous quarter (based on the number
of transactions), while the number of deals
in North America and Europe remained
relatively at compared to Q3 2017.
23
Investment trends
Across the board, Q4 2017 saw more
diversied investor interest in terms of
payments segments, although payment
acceptance, alternative payment systems
and money transfer solutions attracted
the most interest.
24
Two key investment themes we observed
over the quarter were mobile-based
payment solutions driven by nontraditional
payments players entering the market and
frictionless instant cross-border payment
solutions driven by the continuous strong
growth of cross-border e-commerce.
The interest in mobile payments prevailed
in 2017, and it is likely to continue into 2018
where large players both inside and outside
of the traditional payments ecosystems are
implementing new services, such as money
transfers and bill payments (e.g., Facebook,
Nordea and Nets have formed a partnership
to implement a bill payment service
25
). This
trend is creating additional opportunities
for providers of innovative solutions,
particularly in data analytics and payments
VC roundup
22 Sources: EY analysis, Crunchbase.
23 Sources: EY analysis, Crunchbase.
24 Sources: EY analysis, Crunchbase.
25 Sources: EY analysis, Crunchbase, The Paypers.
Figure 14: Investment by region (in percentage)
North and Central America
Asia
Europe
Middle East
and Africa
Oceania
2017
Q4
18
23
43
2017
Q3
Figure 15: Deals by funding stage (in percentage)
5
2
4
2017
Q1
2017
Q2
2017
Q3
2017
Q4
7
9
23
14
11
7
9
7
29
14
27
25
12
23
16
16
26
22 36 23 34
Funding stages
Other C A
D/E B Venture seed
Figure 13: VC deal
Number of investments
Disclosed value (US$billion)
2,000
1,750
1,500
1,250
1,000
750
500
250
0
60
50
40
30
20
10
0
2017
Q1
2017
Q2
2017
Q3
2017
Q4
753 1,938 1,006 1,168
40
44 44
56
#payments
17
Volume 19
security, to help provide more engaging
and secure services. In this quarter, we
saw Accel Partners lead the series B
funding round with a total investment of
US$25 million in Simility,
26
a fraud
prevention provider with big data analytics
and visualization capability that enables
more efcient and secure mobile payments.
Looking forward, investors are likely to
continue to be active in this space, but
as funded businesses develop and industry
standards start to be dened, investors
are likely to be more stringent with their
investment requirements; therefore, we
expect the majority of investment activity
to shift toward later-stage funding rounds.
Partially driven by increased mobile
penetration, global e-commerce activity
had another strong year in terms of
growth, and the current momentum does
not look like it is slowing down any time
soon. Within e-commerce, cross-border
e-commerce continuously drove demand
for more innovative and efcient payment
solutions and future cross-border growth
will likely outpace domestic transactions.
In Q4 2017, China Broadband Capital
spent US$270 million on an investment in
Payoneer, a cross-border multi-currency
payments platform that connects
businesses and individuals from different
countries. On the smaller end of the scale
was Square Peg Capital’s US$22 million
investment in Airwallex, which aims to
simplify B2B cross-border transactions
through machine learning. As the nature of
e-commerce is becoming ever more global
and dynamic, the need for fast settlement,
seamless and secure payments has
become more important for merchants
and consumers alike. Interestingly, many
solutions tend to focus on one side of the
e-commerce relationship, i.e., either the
merchant or the consumer, and it is rare
that both are given equal consideration.
In Q4 2017, one of the biggest investments
was led by La Caisse de dépôt et placement
du Québec, with a total investment of
US$292 million in Lightspeed POS,
25
an
online and ofine commerce payments
acceptance provider. This combined with
the other funding deals closed in the
last quarter of the year demonstrates that
investors still have ample appetite for
e-commerce-themed investments.
Looking ahead to 2018, we expect the
broader themes of mobile and e-commerce-
driven investments to continue and some
of the efforts made in the past few years to
start to make a real impact on the industry,
in particular, in the Internet of Things (IoT)
and mobile segments. In terms of new
trends, we expect more cross-regional
partnership types of investments to come
to market, driven by increased cross-
regional payments activity both in the B2C
and B2B space.
Cross-border transaction volume growth is likely
to outpace domestic transactions in the future,
providing ample investment opportunities in
cross-border payments solutions.
26 Sources: EY analysis, Crunchbase, The Paypers.
VC roundup
Andreas Habersetzer
Markus Massem
Dawei Wang
Figure 16: Investment sectors
2017
Q1
2017
Q2
2017
Q3
2017
Q4
12
27
36
20
7
24
11
14
20
9
7
7
11
13
17
16
14 14
33 30 18 23
Money transfer
Security
Alternative payment systems
Payment acceptance
Other
Processing
Issuing
5
2
5
5
2
#payments
18
Volume 19
M&A
Transaction overview
Q4 2017
Date
announced
Target company Market Target company industry Buyer(s) Market Transaction
value (US$m)
1
6 Oct. 2017 Anypay Service Thailand Offers electronic payment processing services V.I. Capital Thailand 0.2
2
10 Oct. 2017 TBE for Payment
Solutions and
Services
Egypt Operates as an electronic payment solution provider BPE Partners, M.M.
Group for Industry
and International
Trade
Egypt 8.8
3
10 Oct. 2017 AnchorOps US Develops electronic payment solutions for media buyers FastPay US Not disclosed
4
10 Oct. 2017 bKash Bangladesh Provides a mobile money platform for the low-income
mass in Bangladesh
Undisclosed buyer Not
disclosed
Not disclosed
5
17 Oct. 2017 Wepay US Provides online payment gateways and payment
solutions
JPMorgan Chase US Not disclosed
6
20 Oct. 2017 BluePay US Provides payment processing for merchants and
suppliers in North America
First Data US 760
7
26 Oct. 2017 Planet Payment US Provides international payment and transaction
processing
Fintrax Group Ireland 260.2
8
27 Oct. 2017 InPlat Russia Owns and operates a mobile payment processing
platform
Mail.Ru Group Russia 9.6
9
30 Oct. 2017 QUO CARD Japan Provides issuing, maintenance, encoding and sale of
prepaid cards in Japan
T-Gaia Corporation Japan 199.0
10
31 Oct. 2017 Stone
Pagamentos
Brazil Operates as a merchant acquirer for point of sale (POS)
and online businesses in Brazil
DLP Pagamentos
Brasil
Brazil 69.9
11
31 Oct. 2017 SmartCentric
Technologies
International
Ireland Provides a secure payments and transactions system The ai Corporation UK Not disclosed
12
1 Nov. 2017 MC Payment Singapore Operates as a merchant acquirer for POS and online
businesses in Southeast Asia and Australia
Artivision
Technologies
Singapore 44.4
13
3 Nov. 2017 Wall Street
Finance
India Engages in foreign exchange and money transfer
businesses in India
Spice Mobility India 7.5
14
7 Nov. 2017 Phoenix Group US Distributes POS equipment to merchants in North
America
Ingram Micro US Not disclosed
15
7 Nov. 2017 Cantaloupe
Systems
US Provides a cloud-based cashless vending solution for
accepting card and mobile payments, such as Apple Pay
and Android Pay
USAA Technologies US 86.6
16
7 Nov. 2017 MPOS Global Vietnam Provides nonbank mobile payment acceptance terminals
and nancial solutions for individuals and businesses
GHL Systems Bhd Malaysia 3.3
17
8 Nov. 2017 ABC Financial
Services
US Provides health club software and billing services to the
tness industry
Thoma Bravo US Not disclosed
18
8 Nov. 2017 Evokio India India Provides digital payments for ofine retail merchants Cashless
Technologies India
India Not disclosed
19
15 Nov. 2017 Kartuku Indonesia Provides electronic payment processing solutions Go-Jek Indonesia 50
20
16 Nov. 2017 Westcliff
Technologies
US Operates bitcoin automated teller machines Northsight Capital,
Inc.
US Not disclosed
21
16 Nov. 2017 SunGard Kingstar
Data System
China Provides processing solutions for nancial services,
higher education and the public sector in China
Shanghai Zhongping
Capital Co., Ltd.
China Not disclosed
22
16 Nov. 2017 1Linx Blockchain
Technologies
Corp
US Operates a blockchain authentication platform and
provides a suite of blockchain security services
that caters to meeting the regulatory requirements of
blockchain money services companies
Global Remote
Technologies
Canada 1.5
23
17 Nov. 2017 EML Payments
Limited
Australia Operates as a cards issuer in Australia, Europe and
North America
Undisclosed buyer Not
disclosed
Not disclosed
#payments
19
Volume 19
Date
announced
Target company Market Target company industry Buyer(s) Market Transaction
value (US$m)
24
20 Nov. 2017 MatchMove
Indonesia
Singapore Provides end-to-end enterprise mobile wallet and payment
card solutions to help businesses increase revenue
M Cash Integrasi Indonesia Not disclosed
25
20 Nov. 2017 Ariett US Offers online payments and invoice services AvidXchange US Not disclosed
26
28 Nov. 2017 Ensenta US Provides innovative enterprise-wide SaaS solutions for
mobile and online deposits and payments
Jack Henry and
Associates
US Not disclosed
27
28 Nov. 2017 Money Forward Japan Provides mobile payment solutions in Japan Undisclosed buyer Not
disclosed
Not disclosed
28
30 Nov. 2017 Blockimpact UK Provides full end-to-end cryptocurrency blockchain
solution including wallets
Glance Technologies Canada 1.1
29
30 Nov. 2017 Best Pay
Software
UK Provides technology and payment solutions Jeton Venture UK Not disclosed
30
5 Dec. 2017 Swift Prepaid
Solutions
US Operates as a cards issuer in North America Bain Capital
Ventures and
Silversmith
Capital Partners
US Not disclosed
31
7 Dec. 2017 Airlink Taiwan Provides value-add services to payment companies
in Northeast Asia
Ingenico France Not disclosed
32
7 Dec. 2017 Novo Mundo
Corretora
de Câmbio
Brazil Offers foreign exchange services TTT Moneycorp UK Not disclosed
33
14 Dec. 2017 Plastc US Designs and develops a digital wallet and mobile
payment device
EDGE Mobile
Payments
US Not disclosed
34
15 Dec. 2017 Kartuku, Mid-
trans and Mapan
Indonesia Provides payment processing services PT Go-Jek Indonesia Indonesia Not disclosed
35
17 Dec. 2017 Gemalto Netherlands Provides digital security services worldwide Thales France 6,521.4
36
18 Dec. 2017 Cayan US Provides payment processing services in the US Total System
Services
US 1,050
37
19 Dec. 2017 Intermex Wire
Transfer
US Provides remittance services in the US and
Latin America
FinTech Acquisition
Corp. II
US 350
38
19 Dec. 2017 PCS PayCard
Service
and Simplepay
Germany Provides solutions for cashless payments at retail
points of sale
ConCardis Germany Not disclosed
39
19 Dec. 2017 Walmart Chile
Servicios
Financieros
Chile Issues credit cards for making payments in Walmart
stores and afliate stores
Banco de Crédito e
Inversiones
Chile 148
40
21 Dec. 2017 Paynova Sweden Provides online payment solutions in Sweden David Larsson Not
disclosed
Not disclosed
41
21 Dec. 2017 POS business of
Banco BPI
Portugal Operates as cards issuer in Portugal Comercia Global
Payments Entidad
de Pago
Spain 71.3
42
22 Dec. 2017 Comviva
Technologies
India Offers products to banked and unbanked consumers to
save, borrow, transfer and spend money using their mobile
Tech Mahindra India 51.3
M&A
Transaction overview
Q4 2017
#payments
20
Volume 19
VC
Date
an nounced
Market Market Round Financial
volume
(US$m)
Total
funding
(US$m)
Lead investor Market
segment
Description
1
3 Oct. 2017 Fawry Banking &
Payment
Technology
Services
Egypt N/D 20.4 ResponsAbility
Social Investment
Services, Private
Equity Arm
Other Operates an electronic bill presentment and
payment platform in Egypt
2
4 Oct. 2017 Taulia US N/D 20.0 75.0 Other Provides businesses with payment, e-invoice and
invoice discounting solutions
3
4 Oct. 2017 These Basic
Transfer
South
Africa
Venture Newton Partners Alternative
payment
systems
Provides e-wallet services
4
5 Oct. 2017 Anypay Service Thailand N/D 0.1 0.1 V.I. Capital Co.,
Ltd.
Processing Offers electronic payment processing services
5
6 Oct. 2017 Pundi X Indonesia N/D 84.0 Payment
acceptance
devices and
software
Provides POS to accept, sell and buy
cryptocurrencies
6
10 Oct. 2017 Payment Rails Canada Seed 1.1 1.1 Money
transfer
Designs and develops an application programming
interface payouts platform that allows companies
to send fast and low-cost payouts to on-demand
workers, suppliers and employees globally
7
12 Oct. 2017 Omniway US A 12.8 14.3 Nyca Partners Payment
acceptance
devices and
software
Offers branded mobile payment and currency
systems that reduce payment costs
8
13 Oct. 2017 Epesos Mexico Venture 6.0 6.0 Santander
Innoventures
Alternative
payment
systems
Operates as an online payment system to
pay bills to any person or institution through
Facebook, a mobile phone or email
9
16 Oct. 2017 Finnovation
Tech Solutions
India A 8.0 10.0 Shunwei Fund Other Provides nance solutions that help college
students to purchase products online via exible
monthly payment plans
10
16 Oct. 2017 Midpoint
Holdings
Canada N/D 1.0 5.1 Alternative
payment
systems
Operates a peer-to-peer international currency
matching and payments platform that offers
mid-market foreign exchange rates through its
patented matching technology
11
17 Oct. 2017 Feedzai US C 50.0 76.1 Sapphire
Ventures
Data
analytics
Provides business intelligence applications for small
and large organizations in telecommunications,
banking and utility markets
12
17 Oct. 2017 Lightspeed
POS
Canada D 166.0 292.0 La Caisse de
dépôt et
placement du
Québec
Payment
acceptance
devices and
software
Provides point-of-sale and e-commerce solutions
for retailers and restaurateurs to manage their
businesses
13
17 Oct. 2017 Paygevity US Debt 1.5 Processing Provides technology-driven payment processing
and vendor management
14
17 Oct. 2017 Dejamobile France Venture 2.9 2.9 Payment
acceptance
devices and
software
Provides HCE and NFC mobile payment platforms
15
18 Oct. 2017 Finja Pakistan A 1.5 2.5 Vostok Emerging
Finance
Alternative
payment
systems
Provides payment solutions in Pakistan
16
18 Oct. 2017 Tpaga Colombia Seed 2.2 2.3 Green Visor
Capital
Management
Alternative
payment
systems
Operates a digital wallet that allows users to
make payments through mobile phones
Transaction overview
Q4 2017
#payments
21
Volume 19
Date
an nounced
Market Market Round Financial
volume
(US$m)
Total
funding
(US$m)
Lead investor Market
segment
Description
17
18 Oct. 2017 Hash Lab
Solucoes
Pagamentos
Brazil Venture Canary
Foundation,
Endowment Arm
Payment
acceptance
devices and
software
Develops an online payment platform for
enterprises
18
19 Oct. 2017 Paykey Israel B 10.0 16.0 MizMaa Payment
acceptance
devices and
software
Develops a mobile application that allows users
to make payments in various social network chats
19
23 Oct. 2017 Zero US A 8.5 11.0 Eniac Ventures Issuing Issues debit cards with rewards of a credit card
20
23 Oct. 2017 Abra US B 16.0 30.0 Foxconn
Technology
Group
Alternative
payment
systems
Provides a digital wallet that supports bitcoin and
other at currencies
21
24 Oct. 2017 Fattmerchant US B 5.5 7.8 Fulcrum Equity
Partners
Processing Provides online credit card processing services
22
24 Oct. 2017 Tremus US Venture 12.0 26.4 Accel Partners Issuing Provides credit cards and other nancial
products to international students in the US
23
24 Oct. 2017 Cringle Germany Venture 0.7 1.4 Investitionsbank
Berlin
Money
transfer
Develops a mass transaction platform that
allows users to send money to any cell phone
throughout Europe
24
25 Oct. 2017 Current US A 5.0 8.6 QED Investors Issuing Provides a mobile, digital-rst payments platform
25
27 Oct. 2017 Millennial Card
Technologies
India Seed Incubate Fund Issuing Offers micro credit card services with a dynamic
limit of up to INR20,000
26
27 Oct. 2017 NetCents
Technology
Canada Venture 3.9 5.2 Alumina
Partners
(Ontario)
Processing Provides electronic online payment services
27
31 Oct. 2017 Remitly US D 115.0 215.0 PayU Money
transfer
Enables users to make person-to-person
international money transfers from the US
28
31 Oct. 2017 LALA World Singapore Venture 2.0 2.0 Alternative
payment
systems
Owns and operates LALA Wallet, an online
money transfer platform
29
1 Nov. 2017 Finch Australia Seed 2.3 2.3 Money
transfer
Provides an app to pay bills and split money
30
2 Nov. 2017 TransferWise UK E 280.0 396.4 Old Mutual
Global Investors
Money
transfer
Provides international money transfer services
31
6 Nov. 2017 OnEMI
Technology
Solutions
Private Limited
India Venture 10.0 12.0 Fosun
International
Payment
acceptance
devices and
software
Provides equated monthly installment
payment digital platform
32
8 Nov. 2017 AdvicePay US Seed 0.5 0.5 Goodworks
Ventures
Processing Compliant retainer billing payment processor for
nancial advisors
33
15 Nov. 2017 PayStand Inc. US A 6.0 8.0 BlueRun
Ventures
Processing Cloud-based billing and payments platform for
B2B companies
34
23 Nov. 2017 Paytm
Payments Bank
India N/D 18.8 28.2 Alternative
payment
systems
Operates a mobile and internet-based wallet
35
27 Nov. 2017 I-pay South
Africa
N/D 0.7 0.7 Kalon Venture
Partners
Payment
acceptance
devices and
software
Develops an online payment gateway for both
buyers and merchants that allows instant
payment on all mobile and desktop devices
36
27 Nov. 2017 ChargaCard US N/D 2.7 2.7 Processing Develops a P2P payment processing network
using blockchain and cryptocurrency technologies
VC
Transaction overview
Q4 2017
#payments
22
Volume 19
Date
an nounced
Market Market Round Financial
volume
(US$m)
Total
funding
(US$m)
Lead investor Market
segment
Description
37
28 Nov. 2017 Ayopop Indonesia A 1.0 Finch Capital Money
transfer
Develops and provides a mobile application that
provides bill payments
38
29 Nov. 2017 Apexx Fintech UK Seed 4.0 4.0 Forward Partners Other Acts as a payments-as-a-service platform,
combining all the world's acquirers, gateways,
shopping carts and alternative payment methods
in a single integration point
39
30 Nov. 2017 FinTecSystems Germany B 5.3 5.3 Reimann
Investors
Data
analytics
Provides banks, nancial services companies and
payment processors with real-time data to make
nancial decisions
40
6 Dec. 2017 Payoneer US N/D 270.0 China
Broadband
Capital
Money
transfer
Operates a cross-border payments platform that
connects businesses, professionals, countries
and currencies worldwide
41
6 Dec. 2017 BitPay US B 30.0 62.5 Aquiline
Technology
Growth
Alternative
payment
systems
Provides payment processing services for the
peer-to-peer digital currency, bitcoin
42
7 Dec. 2017 WorldRemit UK C 40.0 187.7 LeapFrog
Investments
Money
transfer
Operates an online service that allows people to
send money to friends and family living abroad,
using a computer, smartphone or tablet
43
7 Dec. 2017 Nu
Pagamanetos
Brazil Venture 75.9 252.3 Credit Rights
Investment Fund
Other Provides issuance, administration, transfer and
payments services related to post-paid payment
instruments
44
8 Dec. 2017 Mishipay UK Seed 1.9 1.9 Nauta Capital Alternative
payment
systems
Provides a retail payment technology, which
allows shoppers in retail stores to use their app to
simply pick up a product they want to buy, scan
the barcode with their phone and pay within the
phone
45
11 Dec. 2017 BitGo US B 42.5 54.5 Valor Equity
Partners
Security Offers an enterprise-grade, multi-signature,
multi-user bitcoin wallet, as well as API access to
its underlying security platform
46
12 Dec. 2017 Simility US B 17.5 24.7 Accel Partners Data
analytics
Helps companies prevent fraud and abuse in real
time with machine learning, big data analytics
and data visualization capabilities
47
13 Dec. 2017 iZettle Sweden E 47.0 2 27.2 Fourth Swedish
National
Pension Fund
Payment
acceptance
devices and
software
Develops mobile payment services and
applications for businesses and individuals
48
14 Dec. 2017 Colu Israel B 14.5 26.6 IDB Group Money
transfer
Develops and provides an open source technology
protocol based on blockchain technology that
allows for direct exchanges of digital cash
49
14 Dec. 2017 Airwallex Australia A 6.0 22.0 Square Peg
Capital
Money
transfer
Offers integrated solutions to businesses for
cross-border transactions
50
15 Dec. 2017 Loot United
Kingdom
A 3.0 8.3 Portag3
Ventures
Issuing Provides a banking (via a prepaid Visa card) and
money management app for students
51
19 Dec. 2017 HomeSend Belgium Venture 11.8 23.0 Payment
acceptance
devices and
software
Facilitates the integration of mobile wallets or
money transfer systems from senders to
receivers
52
21 Dec. 2017 WE Pay Singapore N/D 0.1 0.1 Accrelist Payment
acceptance
devices and
software
Provides online payment gateways and e-wallet
payment solutions
VC
Transaction overview
Q4 2017
#payments
23
Volume 19
VC
Transaction overview
Q4 2017
Date
an nounced
Market Market Round Financial
volume
(US$m)
Total
funding
(US$m)
Lead investor Market
segment
Description
53
21 Dec. 2017 Appetize
Technologies
US Venture 7.3 7. 3 Payment
acceptance
devices and
software
Provides point-of-sale solutions
54
24 Dec. 2017 Aman.Network Egypt N/D 1.1 1.1 Money
transfer
Offers money transfer and e-payment services
55
27 Dec. 2017 MoneyOnMobile US N/D 3.4 67.8 Alternative
payment
systems
Provides digital payment services in India
56
28 Dec. 2017 Robot Payment Japan N/D 1.8 1.8 Payment
acceptance
devices and
software
Provides a service that manages, integrates and
automates billing and collection operations and an
internet payment service that realizes payment
collection including credit card payment, account
transfer and convenience store payment for
customers' online businesses and intercompany
transactions
This publication contains information in summary form and is
therefore intended for general guidance only. Although prepared
with utmost care this publication is not intended to be a substitute
for detailed research or the exercise of professional judgment.
Therefore no liability for correctness, completeness and/or
currentness will be assumed. It is solely the responsibility of the
readers to decide whether and in what form the information
made available is relevant for their purposes. Neither [Full company
name of the EY member responsible for publication] nor any
other member of the global EY organization can accept any
responsibility. On any specic matter, reference should be made
to the appropriate advisor.
www.de.ey.com
Diese Publikation ist lediglich als allgemeine, unverbindliche
Information gedacht und kann daher nicht als Ersatz für eine
detaillierte Recherche oder eine fachkundige Beratung oder
Auskunft dienen. Obwohl sie mit größtmöglicher Sorgfalt erstellt
wurde, besteht kein Anspruch auf sachliche Richtigkeit, Voll-
ständigkeit und/oder Aktualität; insbesondere kann diese Publi-
kation nicht den besonderen Umständen des Einzelfalls Rechnung
tragen. Eine Verwendung liegt damit in der eigenen Verant-
wortung des Lesers. Jegliche Haftung seitens der [vollständige
Firmierung der herausgebenden EY-Mitgliedsrma] und/oder
anderer Mitgliedsunternehmen der globalen EY-Organisation
wird ausgeschlossen. Bei jedem spezischen Anliegen sollte ein
geeigneter Berater zurate gezogen werden.
www.de.ey.com
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax transaction
and advisory services. The insights and quality
services we deliver help build trust and condence
in the capital markets and in economies the
world over. We develop outstanding leaders who
team to deliver on our promises to all of our
stakeholders. In so doing, we play a critical role in
building a better working world for our people,
for our clients and for our communities.
EY refers to the global organization, and may
refer to one or more, of the member rms of
Ernst & Young Global Limited, each of which is a
separate legal entity. Ernst & Young Global
Limited, a UK company limited by guarantee,
does not provide services to clients. For more
information about our organization, please visit
ey.com.
© 2018 EYGM Limited.
All Rights Reserved.
EYG no. 01697-184GBL
GSA Agency
SRE 1803-020
ED None
This material has been prepared for general informational
purposes only and is not intended to be relied upon as
accounting, tax or other professional advice. Please refer
to your advisors for specic advice.
ey.com
Kai-Christian Claus
Partner and Managing Director,
EY Innovalue
Germany, Hamburg
Tel: +49 163 413 1363
kai-christian.claus@ey-innovalue.de
Christopher Schmitz
Partner, EY
Germany, Frankfurt
Tel: +49 160 939 13545
christopher.schmitz@de.ey.com
Hamish Thomas
Partner, EY
UK, London
Tel: +44 7967 176 593
hthomas@uk.ey.com
Andreas Habersetzer
Associate Partner, EY
UK, London
Tel: +44 795 735 8698
ahabersetz[email protected]y.com
Sean Viergutz
Executive Director, EY
US, Atlanta
Tel: +1 404 817 5537
sean.s.viergutz@ey.com
Sara Elinson
Principal, EY
US, New York
Tel: +1 212 773 8139
sara.elinson@ey.com
Jan Bellens
Partner, EY
Singapore
Tel: +65 9329 6192
jan.bellens@sg.ey.com
James Lloyd
Executive Director, EY
Hong Kong
Tel: +852 9666 4747
james.lloy[email protected]y.com
Jeroen van der Kroft
Executive Director, EY
Netherlands, Amsterdam
Tel: +31 6 2125 1175
jeroen.van.der.kro[email protected]y.com
Contact
