Pento's job is to make payroll painless - we organise all the moving parts that underpin the payroll process to make our customer's life easier. One of the crucial moving parts of the payroll process – it probably goes without saying! – is making the payment.
Only organisations that are authorised by a financial regulator are permitted to carry out certain payment services including payment transactions. Because Pento is not authorised to process funds, we work with Modulr, a Payment Service Provider (PSP) – an organisation that is authorised – to do this part of payroll.
Our specialism is simplifying the overall payroll process. With Pento, the customer only needs to liaise with one point of contact and we deal with the rest. We keep all the various components and stakeholders in the payroll process working together smoothly in the background, so our customer can focus on other things.
How do Pento and the Payment Service Provider (PSP) work together?
How do Pento and the Payment Service Provider (PSP) work together?
Only organisations that are authorised by a financial regulator are permitted to carry out certain payment services including payment transactions. Because Pento is not authorised, we work with Modulr, a Payments Services Provider (PSP) – an organisation that is authorised – to do this part of payroll.
Pento acts as the messenger between our customer and the PSP. We deliver instructions on our customer's behalf (like who to pay, how much and when). If there are any issues with the PSP, we'll liaise with the PSP on our customer's behalf. Similarly, if our customer's chosen PSP wishes to communicate with our customer about their account, we'll liaise with our customer. We also collect anti-money laundering information from our customer on the PSP's behalf.
Pento is the processor for both our customer and their chosen PSP. We carry out their instructions and keep the relationship working seamlessly. The benefit is that our customer only needs one point of contact rather than having to juggle lots of relationships at once.
What is the difference between a processor and controller?
What is the difference between a processor and controller?
A controller is the decision maker when it comes to personal data. It is the organisation that decides, amongst other things, what data is collected and why the personal data is processed (e.g. collected, used, analysed, stored) and exercise professional judgement in the processing of the personal data.
In contrast, a processor is simply the doer when it comes to personal data. It does not make any decisions about the personal data; it must do as it is told (by the controller).
If a processor begins to make decisions about why it does something with the personal data or it does something with the personal data that it has not been told to do – under European and UK law, that means that organisation automatically becomes a controller and may be subject to sanctions for going beyond the instructions of the controller in respect of that personal data.
Under European and UK data protection law, there are only 6 reasons that a controller can legally justify why it is using personal data.
One of these reasons is legal obligation. It is where the controller must collect, use, store etc the personal data to comply with a law or regulation that the controller is subject to. Another reason is where the controller needs to process personal data to perform their contract and provide the product or service.
Why is the PSP a controller and not a processor?
Why is the PSP a controller and not a processor?
As we've said, any organisation that (1) makes decisions about why personal data is used and (2) makes decisions about the lawful basis justifying that decision is automatically a controller.
Financial regulators require authorised organisations (such as PSPs) to collect, use and store personal data to demonstrate that it uses funds and operates within the law. For example, they must carry out anti-money laundering checks to demonstrate that the funds do not originate from criminal proceeds and they must keep these records for a specified length of time so that they can be audited by the regulator.
The PSP must collect the personal data to comply with a legal obligation it has to its regulators, or as part of the contract it has entered into with the customer to provide the payment services.
Why does the Customer have to enter into a separate contract with the PSP?
Why does the Customer have to enter into a separate contract with the PSP?
Financial regulators require any organisations that provide payment services including accounts to have a direct contractual relationship with account holders. This means that our customers have to enter a contract directly with the PSP as well as Pento when they sign up to use Pento Services. Neither the customer nor Pento are under a legal duty to comply with the financial regulator.
The PSP has a legal obligation as an entity authorised by the financial regulator to enter into this agreement, and Pento cannot facilitate the payroll process without an authorised entity.
But don't worry, we've made our sign-up process as simple as possible and once the account is set up – our customer only deals with Pento. The PSP is one of the many moving parts of payroll that Pento keeps running smoothly in the background, to take the pain out of the payroll process.
Can Pento be used without a PSP?
Can Pento be used without a PSP?
If you do not wish to use a PSP to automate the payment process, we could also set you up with a different payment method. Please feel free to speak with your sales representative (if you are looking at using Pento!) or your Customer Success Manager (if you are an existing customer).
Pick best-in-class payroll with Pento.
With our dedicated onboarding team, joining Pento is a breeze!