Doug Sandberg – FirstView Financial

Part of the (payment) solution

If you’ve watched even an hour of television in the last decade, you’re probably familiar with the formula for pharmaceutical ads: 10 seconds to tell you how great the drug is; another 40 to run through the side effects; and 10 more to say you might be eligible for subsidized coverage.

According to Doug Sandberg, general counsel for FirstView Financial, that last part is about to experience a massive shift—one that could result in huge savings for millions of patients with hard-to-treat conditions.

“What we’re doing is helping pharmaceutical companies come up with better ways for patients to pay for drugs—and receive benefits,” Sandberg says. “So for example, instead of checks or coupons, which are how companies traditionally gave out rebates, people will have virtual or physical prepaid cards that they can use at pharmacies to obtain expensive specialized medication.”

Pushing out the paper

Based in Atlanta, FirstView specializes in software-based payment technology solutions that make it easier for customers—mostly pharmaceutical companies—to send and receive payments.

In the past, patients eligible for discounted prescriptions would have to request a paper rebate or check. Now, thanks to FirstView’s technology, those customers can use a prepaid card to pay for their drugs—often at a discount. The goal, Sandberg says, is to reduce the costs and facilitate patient acceptance and adherence to otherwise expensive specialty medications—and provide a seamless and auditable financial platform to accommodate those transactions.

But while the technology has helped create more seamless access, the compliance demands faced by Sandberg and his team are anything but simple.

“The payment card industry is a whole different animal when it comes to compliance requirements,” Sandberg says. “You’re talking about a lot of cardholder data that needs to be protected.”

A high bar

The Payment Card Industry Data Security Standard (PCI DSS) represents one of the company’s highest compliance hurdles. Created in 2004, the standards were designed by the nation’s leading card brands (VISA, MasterCard, American Express and Discover) to prevent fraud by putting the onus of protecting cardholder data on the organizations handling the transactions (processors like FirstView, third party service providers and merchants who take payments).

To that end, in addition to performing ongoing self-assessments, the company must submit to annual PCI audits in order to validate its compliance with PCI DSS. Sandberg works closely with his technology team and qualified security assessors to demonstrate that the company is in compliance with PCI mandated safeguards: appropriate firewalls, encrypted data, limited access to data, physical security, and so on.

“We provide system access to our customers—pharma and their service providers—through our ProXe360© Portal so that they can manage their programs,” Sandberg explains. “However, all of the critical cardholder data resides on our system. The idea is to give our customers an easy way to access data, but that data lives with us. We handle the PCI compliance so our customers don’t have to.”

Keeping tabs

Health care isn’t the only industry where FirstView’s tools are being used, however. With the rise of cryptocurrencies like Bitcoin, the company has customers in the alternative financial services sector, and issues prepaid cards to customers of cryptocurrency conversion companies. In the U.S., once the currency is converted to U.S. Dollars, funds can be loaded onto cards issued by FirstView and sponsored by their customers.

Here, as with other alternative financial or general purpose reloadable (GPR) card products—like payroll cards, for example—Sandberg and his team are focusing on the know-your-customer (KYC) and anti-money-laundering (AML) components of the 2001 USA Patriot Act, which—among other things—sought to deter organizations from doing business with terrorists, money launderers and specially designated nationals (SDN) identified by the Office of Foreign Assets Control (OFAC).

As part of the effort, all of FirstView’s GPR cardholders are checked against both an identity verification platform and OFAC screening to validate two things: they are who they say they are; and they don’t show up on OFAC’s list of SDN (with whom U.S. citizens and companies are prohibited from doing business).

“Because it’s decentralized, Bitcoin has become an attractive vehicle for nefarious actors looking to funnel money around the world,” Sandberg says. “As we grow that part of the business, it’s imperative that we continue to pay close attention to who our cardholders are.”

Down the pike

With the issue of data privacy looming larger by the day, propelled by headlines about hacks and breaches, Sandberg says the department is scrutinizing new and emerging laws—both in the U.S. and around the world.

In the wake of the European Union’s General Data Protection Regulation (GDPR) which lays out sweeping rules for how organizations send and receive information belonging to EU citizens, FirstView has kept a close eye on privacy legislation on the horizon within the U.S.—like in California, which recently adopted a GDPR-like privacy statute.

More broadly, as part of the American Transaction Processors Coalition (ATPC), an organization representing more than 70 companies in the financial services sector, Sandberg and his team are able to keep abreast of prospective legislation—federal, state and otherwise.

“Between the ATPC and a team of trusted outside firms, we feel we have a really good handle on where the shifts are happening with respect to data privacy, and that’s a testament to both the ATPC and our amazing outside counsel,” Sandberg says. “The rules are only going to get more stringent, so we have to be ready to meet them.”

Part of the solution

Where others see a thicket of paperwork and process reviews, Sandberg has come to view the country’s growing emphasis on data privacy as a potential boon—rather than a burden—to FirstView’s business model.

The goal, he says, is for the company to be “so embedded as a financial platform within these industry ecosystems,” that working closely with FirstView will be a critical step in meeting more robust data privacy standards.

““We need to be in the business of compliance and technology solutions,” Sandberg states. “At the end of the day, pharmaceutical companies need to be paid for their products, and patients need an easy way to pay for their medications. If we can do it in a way that’s both compliant and helps drive costs down, that’s a win for everyone.”

Published on: December 7, 2019



Showcase your feature on your website with a custom “As Featured in Vanguard” badge that links directly to your article!

Copy and paste this script into your page coding (ideally right before the closing tag) where you want to display our review banner.


As promised in advance, my feature in Vanguard has increased my visibility within the profession and prompted more than a few people I have not communicated with recently to reconnect. One of the Italian law firms I have used in the past is now in the process of interviewing me for an article on their website and tweeting out the feature story. Activity and the number of people connecting with me on LinkedIn has soared, which is great. The Vanguard writers and editorial staff were great to work with—highly professional and made the effort to make the experience both fun and rewarding (they were also respectful of the time pressures and demands all lawyers face). I was very pleased with the experience and the final outcome. Needless to say, I have been very pleased. All in all working with Vanguard has been a very positive experience which generated good publicity for both Shawcor and myself. My sincere thanks.
– Tim Hutzul, General Counsel, ShawCor Ltd.
I was honored to be the subject of an article. I enjoy reading Vanguard articles and seeing how other attorneys got to their positions and see their jobs. It's also interesting to see how different law firms partner with the subjects of the articles.
– Henry Marquard, in-house counsel, Stanley Consultants Inc.
It was a great honor to be featured in Vanguard Law. Working with every member of the team, from the initial interview with Erin Clark, through production with Victor Martins, writing the article with Taryn Plumb and creating the final content with Dave Gushee, was a true pleasure. Everyone was very professional, enthusiastic and supportive, and their creative approach and positive attitude clearly came through in the final product.
– Kevin C. Rakowski, Senior Vice President, Deputy General Counsel, Compliance with Radian Group Inc.
The piece highlighting my company, Bob Baker Enterprises, Inc., came out fabulous. Our company is in the new and used car sales and service industry. Everyone was great to work with and extremely professional. They produced a high-quality product and have provided expert assistance and guidance post-production of the article.
– Wade Poulson, General Counsel, Bob Baker Enterprises Inc.


Summer I 2024



  • * We’ll never share your email or info with anyone.
  • This field is for validation purposes and should be left unchanged.