Mobile payments are taking off, and by 2017, consumers worldwide are likely to be using the technology to spend $700 billion or more annually, according to Forrester Research. But as technology companies look for ways to participate in that growth, they may find risks that they haven’t anticipated.

“This is an evolving field, and there is currently no new mobile-specific regulatory framework addressing mobile payments,” says Obrea Poindexter, a partner at Morrison & Foerster who leads the firm’s Mobile Payments Group. Instead, mobile payments in the U.S. fall under a variety of regulators, such as the Treasury Department, the Consumer Financial Protection Bureau, and the Federal Trade Commission, which can make compliance complicated. At the same time, the mobile payments infrastructure typically involves an ecosystem of partners, such as financial institutions, payment card networks, merchants, and technology companies. This web of partnerships can blur the lines between companies, which in turn can lead to increased exposure for technology companies.

Mobile payment providers could fall under regulations that typically apply to banks. “When non-banks such as mobile payment providers are involved in things like money transmission or currency exchange, they can be classified as ‘Money Services Businesses’ and be subject to the Bank Secrecy Act or state money transmission laws,” says Poindexter. In that case, the company may need to register with the Treasury Department’s Financial Crimes Enforcement Network, file reports on suspicious financial activity, and have anti-money laundering programs in place. “That can be quite an obstacle for tech companies, especially new entrants,” she says.

To help avoid such issues, contracts need to clearly delineate responsibilities. “It’s key to define who is actually offering the product or service, and who is in charge of X, Y, and Z in the payments process,” says Poindexter. It is not always easy to capture this up front, but “the regulators will look at how these relationships and products are structured to determine what regulations apply and who is responsible for compliance.”

In general, Poindexter says, “U.S. regulators are sensitive to the idea that too many new laws and restrictions could impede innovation in mobile payments.” But as mobile payments evolve, she says, regulators “are going to want transparent disclosure about the terms and conditions and any costs or liabilities associated with mobile payments.” And with an infrastructure that can involve several technologies and partners, “they will want it to be clear who is actually responsible for the product, so that consumers know whom to contact when there are problems.”

In sum, Poindexter says, companies that shape agreements with partners in the mobile payments arena should learn to “think like a regulator.”