Card payments: when the rule isn't clear, neither the judge nor VAR can solve it.

The card payment system was built on a silent assumption: that participants in the middle of the chain don't fail, or that if one fails, the loss will be small and minor. Recent liquidations of payment processors have shown that this assumption has limits, and it's worth examining it calmly, without acting as either accuser or defense attorney for anyone. I'll start with the most straightforward case.

Why should a participant's failure be a minor problem? Consider what happens when an issuer fails. On average, they receive payment from the cardholder around D+25 or 26, when the invoice is due, and pay the acquirer on D+28 (D being the date of the commercial transaction).

When it fails, the receivables are spread among thousands of cardholders who, sooner or later, will pay their bills. Aside from the relatively small amount of non-payment, the risk is diluted among a multitude of debtors. None of them, alone, brings down the system. It's a risk that the design absorbs.

By the same logic, a payment processor's failure should be a modest problem. I use "payment processor" throughout the text, but the reasoning is identical for a sub-payment processor; the concept applies to both. It receives payment from the issuer in about 28 days and pays the merchant in about 30 or 31 days.

In its purest form, the exposure covers only a few days of transactions. And the flag is not unarmed: it generally requires guarantees from each participant, in a volume equivalent to the exposed transactions.

In a clean flow, which starts at the issuer, passes through the acquirer, and reaches the merchant, everything is recorded and responsibilities are easy to see. If an acquirer is liquidated, the guarantees retained by the card network should cover the few days of outstanding balance.

What complicates things is a very Brazilian practice: the anticipation of receivables. When the acquiring company advances the merchant's payment, it reduces the merchant's exposure because they have already received it. The problem arises on the other side. To obtain competitive funding and offer this anticipation, the acquiring company sells, or pledges as collateral, the receivables it is due to receive from the issuers.

The investor who buys, generally a FIDC (Credit Rights Investment Fund) or a bank, assumes that the money will be used to pay the retailer in advance, since the so-called "transfer law" makes it clear that this resource belongs to the retailer. They price in the risk. But they don't control the cash flow.

And, since this investor is not part of the payment arrangement, the card network has no visibility into what happens between them and the acquiring bank, nor the authority to control that part. It happens outside of their reach.

If the flag cannot control, how far can it respond?

This leads to an honest question: to what extent is the flag responsible for a flow it doesn't control? Part of the answer has already been given.

Central Bank Resolution 522, in effect since the end of last year, is clear regarding the recipient: the payment processor, the card network, is responsible for ensuring payment to the recipient without exception, including using its own resources if the protections it has adopted prove insufficient, and cannot transfer this risk to the acquiring banks.

That's the rule, and it's fully recorded. The retailer receives payment from the card network, and that should be happening now.

What the regulation doesn't address is upstream financing and how to distribute the residual loss among so many legitimate claimants after the recipient has been paid. And here, a broad interpretation is needed, not a disagreement. The card network's liability falls to the recipient, the merchant, and whoever assumed their position, not to the investor who financed the acquiring company and was never part of the arrangement.

It makes sense for the flag to be responsible for the normal flow, the one it sees, governs, and for which it demands guarantees. However, the hole opened in the funding operation, between the credit card company and an external investor, is of a different nature: the lien of that investor is valid against the credit card company and its assets, not against the arrangement itself.

Charging the card network is asking them to be responsible for a risk that cannot be measured or avoided. Acknowledging this limitation does not weaken the protection for the retailer, who remains in business, and for the card network. It simply puts the funding responsibility in the right place.

It was at this point that the Central Bank signaled a path forward. At an event in São Paulo in June, celebrating the 5th anniversary of the registration of card receivables, Danielle Nunes, an analyst from the Central Bank's Financial System Regulation Department, explained that the institution is studying extending the registration to transactions called "upstream transactions." It's worth defining the term.

Currently, mandatory registration covers the final link in the chain, the downstream segment: the merchant who negotiates their own receivables with a bank or fintech company to anticipate cash flow. The upstream segments are the internal negotiations: the acquiring company that assigns its receivables against the issuer, the sub-acquirer that assigns its receivables against the acquiring company, and these have no registration whatsoever. That's where the money goes out of sight and control. The proposed registration is a necessary step forward.

But it's important not to confuse what it does. Making the transfer visible doesn't prevent the acquiring company from diverting the funds, and it doesn't return a cent to the merchant once the diversion has already occurred. Seeing isn't controlling, and controlling isn't covering the loss. The record is the system's VAR: it shows the play in slow motion and helps to see what happened. But it doesn't change the rule that decided the play, nor does it restore the goal.

Outside, the design barely creates that hole.

It's worth seeing how other markets handle the same flow, because the difference is revealing. In much of the world, the merchant is paid around D+2. There is no interest-free installment plan, extremely rare outside of Brazil, nor a receivables anticipation market with the scale and institutionalization it has here. The merchant's money barely reaches the acquiring company. And where it does, it usually stays in accounts dedicated to this flow.

In the United States, the entity that holds and liquidates these funds is a member bank, the sponsor of the flag access, and non-members cannot even touch this money. In the United Kingdom and the European Union, the approach is a segregated account, with increasingly stringent reconciliation and auditing rules. The British regulator even proposed a trust regime, in which the institution would hold the client's funds as a fiduciary, but postponed this step; what came into effect in May of this year was a reinforcement of segregation, not a trust. In all these designs, the exposure to failure of a participant is, by design, small.

Here comes the uncomfortable part. Even with accounts that, in theory, were protected, one of the biggest recent collapses in the sector showed that protection was a promise, not a safe. Wirecard , in Germany, was a payment processor, among other activities: licensed by Visa and Mastercard, with many merchants and the obligation to settle their funds. When it went bankrupt in 2020, approximately €1.9 billion declared as held in trust accounts under a trustee never existed: it was fabricated revenue, not diverted merchant cash.

The lesson, however, still applies, because the audit validated for years the promise of a safe that no one ever opened. This was no exception: among the British payment institutions that went bankrupt, the average shortfall in the funds that should have been protected reached 65%, and customers waited years to receive a fraction of it. In all cases, the protected account was empty precisely when it needed to be opened.

The outcome abroad is what matters most to our discussion. In these cases, merchants and customers suffered losses, and no card network contributed a single real to cover them. Protecting the recipient was never the responsibility of the card processing system; it was delegated to the segregation of the payment flow, which failed in the only detail that mattered: being present.

Returning to the Brazilian puzzle

And here's the crux of the matter: the situation we're experiencing now doesn't have an easy solution, because there are too many people with legitimate claims to the same money. It's worth looking at the whole puzzle, piece by piece. On one side is the retailer, who sold, delivered, and, by the rules, should receive the money from the sale. Next to him, with the same right, in my opinion, are the FIDCs (Investment Funds in Receivables) and banks that advanced these funds directly to the retailer, because they assumed his position. Then come the investors who advanced the funds to the acquiring company.

They have no stake in the arrangement, but their argument is not frivolous: they are bona fide third parties, with a registered lien and a clause stipulating the allocation of the funds, who priced in the risk based on the rule of repayment. The weakness of this position lies with the recipient of the charge, because the right they purchased is against the acquiring company and its assets, not against the card network, which was never their counterparty.

And then there are the payment processors, which demanded guarantees from participants and are responsible for the normal flow of payments, but which, in my view, should not be responsible for the relationship between the investor and the payment processor, of which they were never a part. Added to all this is a settlement entity without access to the payment system, facing a decision that, so far, has not been made, and each week of waiting prolongs the impasse.

Separating each of these pieces and determining who owns what requires an in-depth understanding of payment methods, and even those who do will have their work cut out for them. It's a puzzle that's difficult to solve without a lengthy legal battle. We've seen this movie before: the bankruptcy of Banco Santos, declared in 2005, took about 14 years to pay its creditors, and even the recovery of just over 50% was considered a record for a bank failure in Brazil.

Hopefully, the Central Bank will take the reins. If it can't interfere in the current case, it should at least better define the rules of the game to prevent future occurrences before politics decides to get involved. In the end, what's at stake isn't the money from one case. It's trust in the card system, and that can't be rebuilt by decree.

* Edson Santos is the founder and partner of Colink, a consultant, advisor, and angel investor with over 26 years of experience in payment methods and financial services. He is the author of *From Barter to Financial Inclusion* and co-author of *Payments 4.0 — The Forces Transforming the Brazilian Market*. His new book, *Brazilian Payments Manual*, is in press.