Are Issuers Giving Up Too Much Control to Their Processors?
Lately, I've been thinking about program management in card issuing. And one question keeps surfacing — who actually controls the business? Whose logo is on the card? Who carries the credit risk? Execution can be delegated. Control cannot — at least, not without meaningful long-term trade-offs.
Lately, I've been thinking a great deal about program management in card issuing. And the more I think about it, the more one question keeps surfacing — who actually controls the business? Whose logo appears on the card? Who carries the credit risk? Who underwrites the loan? Who owns the member or customer relationship? Who ultimately defines the experience?
These questions may sound straightforward. But operationally, the answers are often more complicated than many institutions initially realize. Over time, a large number of regional banks and credit unions have outsourced substantial portions of card-program execution to processors and third-party program managers. There are understandable reasons for that — speed-to-market, operational efficiency, scale advantages, staffing constraints, compliance complexity, and infrastructure requirements. For many institutions, outsourcing became the practical default.
To be clear, I'm not arguing that every issuer — especially smaller institutions — should attempt to build a massive internal card operation from scratch. That is neither operationally realistic nor economically efficient in many cases. But there is an important distinction that increasingly feels strategic rather than operational. Execution can be delegated. Control cannot — or at least, not without meaningful long-term trade-offs. Because when institutions relinquish too much control over product configuration, lifecycle management, underwriting flexibility, partner relationships, servicing models, or data visibility, they may also gradually lose control over differentiation, strategic agility, member experience, and portfolio direction itself.
The industry context helps explain how we arrived here. The United States still contains thousands of banks and credit unions, many of which historically lacked the scale necessary to support fully internalized card infrastructures. Outsourcing became normalized because it solved real operational problems. But common practice does not automatically make something strategically optimal. And increasingly, the surrounding environment is changing.
Regulatory guidance consistently reinforces an important reality — outsourcing operational functions does not outsource accountability. Institutions still retain responsibility for credit risk, compliance, operational integrity, and portfolio performance. At the same time, many processors are fundamentally optimized around scale, standardization, operational efficiency, and repeatability — not necessarily around helping issuers maximize product differentiation, configurability, strategic flexibility, or member-centric innovation. That distinction matters more today because the issuing environment itself is becoming significantly more dynamic.

Modern card programs increasingly involve embedded finance, lifecycle orchestration, configurable lending structures, real-time servicing, fraud coordination, loyalty integration, network partnerships, and increasingly sophisticated digital engagement. Research from firms such as BCG, Accenture, EY, and industry analysis from organizations like PYMNTS consistently suggests that modernization is no longer purely an efficiency initiative. It is increasingly tied to value creation, adaptability, portfolio control, and long-term strategic positioning.
Which raises a deeper question. If institutions are modernizing their infrastructure, exploring greater issuing flexibility, considering sponsor-bank models, or competing against increasingly agile fintech environments — why would they willingly cede the very functions that define control, risk ownership, strategic direction, and customer experience? Perhaps the answer is not fully internalizing everything. Perhaps the future is more hybrid. Operational execution may remain distributed. But strategic authority increasingly feels like something institutions may want to reclaim.
Ultimately, the conversation around program management is no longer simply operational. It is becoming architectural. Strategic. And increasingly tied to institutional identity itself.
Execution can be delegated. Control cannot.
Franco Di Pietro
The Payments Corner
30+ years across payments, fintech, banking, and financial infrastructure. Operator-level perspectives on the systems that move money.
Related Insights
Memory shortage, rising consumer prices, and the issuing stack's modernization imperative
AI-driven memory scarcity is already pushing consumer hardware prices higher—forcing banks and issuers to choose between modernizing their origination and decisioning infrastructure or ceding the financing layer to faster competitors.
Authorization in agentic payments shifts from moment to chain
As AI agents execute transactions on behalf of consumers and businesses, the payment industry must move beyond narrow technical authorization to operationalize legal and regulatory proof of delegated authority. The question of what a user actually authorized an agent to do—and who is liable when outcomes diverge from intent—will determine whether agentic commerce scales.
Visa's Sixty-Year-Old Playbook for Agentic Commerce
Visa's announcements at the Payments Forum apply its sixty-year-old tollbooth playbook to agentic commerce: don't pick the AI winner, become the trust layer every transaction has to clear through. The standards for agent-driven commerce are being written this week — with you at the table or without you.