Consumer Duty

The FCA has now published a second Consultation Paper (CP 21/36) on the proposed Consumer Duty, which would apply to electronic money institutions, payment institutions and RAISPs. The Consumer Duty will “set higher expectations of firms driving a cultural reset which leads to enhanced confidence in financial markets and future gains from innovation”. This cultural reset aims to encourage firms to reconsider how they deal with information asymmetries and consumer cognitive and behavioural biases.

The key takeaway from the latest CP is the introduction of the new Principle (#12) requiring that firms “must act to deliver good outcomes for retail customers”, which will result in the disapplication of Principles 6 and 7 when it applies.

At a practical level, the Consumer Duty will give rise to the need for firms to re-look at all of their UK products and services aimed at retail customers, and at all of their communications with the same group. Firms will also need to design appropriate data-gathering and management information as the FCA expects a firm’s board (or similar body) to consider whether it is acting to deliver good customer outcomes. The FCA has been clear that it is now a “data-led” regulator and it is likely to look at this Management Information carefully as part of its assessment of whether firms have implemented the Consumer Duty in the way the FCA intended.

The proposed implementation period is 9 months, giving firms until 30 April 2023 to implement the new Consumer Duty. There is, however, also a suggestion that implementation could be “iterative” with the FCA giving further guidance as it sees firms take steps to implement the Duty, which is likely to complicate implementation further.

We are hosting a webinar on 27 January to help firms with understanding how the FCA’s higher expectations for the standard of care will translate into practical steps. Our panel will include Simmons specialists and Ian Searle, Head of Payments, Crypto and Consumer Policy at the FCA. You can find out more and register for the event here.

Safeguarding

The FCA’s approach to safeguarding has long involved an attempt to force payment and e-money institutions to acknowledge the creation of a trust in favour of their customers – regardless of the difficulties caused with safeguarding banks. This position was supported by a first instance decision in relation to APIs (Supercapital) but the same approach was not taken under the EMRs in the recent Ipagoo case. The FCA is appealing the decision – expected to be heard in early February - but changed the temporary guidance to remove some of the references to trusts, together with providing a new form of template bank confirmation, in policy statement PS 21/19.

While the position on trusts remains uncertain, it is clear that the FCA will continue to focus its attention on safeguarding practices over the coming year and firms should be prepared for this area of their business to be scrutinised in detail.

Behavioural biometrics

With the (many times delayed) implementation of strong customer authentication for e-commerce approaching this March, there seems to be a renewed focus on the use of behavioural biometrics (eg The Times article on how Bank apps can stop you walking into a scam).

In another step towards UK divergence from the EU, the FCA confirmed in policy statement PS 21/19 that a wide range of behavioural biometrics could be used to meet SCA requirements, as reflected in its updated approach document. This is more permissive than the EBA Opinion which only includes biometrics linked to the body, eg fingerprints, keystroke scanning, and not eg a user’s spending patterns.

Any decision to use of behavioural biometrics should of course be properly tested and fully documented, both for the FCA and the ICO (the latter which confirmed last year in a letter to UK Finance that using data in this way would be permitted if data controllers can show (1) it will better protect customers when compared with other SCA methods, and (2) how (and how widely) it will benefit the public).

Please let us know if you would like to discuss your SCA implementation plans with us – and we’d be interested to hear if this is a factor you will be using come March.

Temporary Permission Regime

On 5 January 2022, the FCA updated its webpage on cancelling a temporary permission to provide information for payment services and e-money services firms in the temporary permissions regime (TPR) or the supervised run-off (SRO) regime. The FCA has set out the various implications and requirements for EU firms that have closed or will close their UK business and want to exit the TPR or SRO and also for those firms that want to exit the TPR but do still have UK business to run off. New notification forms for notifying the FCA are included in the update.

CoP and APP

In December the PSR ran a consultation on ending dual running of Phase 1 (the rules and standards for existing CoP PSPs) and Phase 2 by 30 April 2022.

This supports the expansion of CoP to all PSPs by creating just one technical environment for sending and responding to CoP messages and common rules and standards. The PSR is keen to end dual running in a timely and coordinated manner so that the greater protection CoP affords to payment users from misdirected payments and APP scams can be realised.

Assuming the PSR issues a direction for access to the Phase 1 environment to end on 30 April 2022, it plans to do so in early February 2022. Consequently, PSPs operating in the Phase 1 environment should consider preparing for a move to the Phase 2 technical environment and arranging compliance with the rules and standards.

Access to cash

The Payment Systems Regulator (PSR) and the FCA published a response to the Cash Action Group (CAG) announcement that retail banks and building societies will create an independent body to assess the needs of local communities and direct cash solutions. The regulators’ current assessment is that most people have reasonable access to cash, but they are committed to protecting this access, particularly for vulnerable customers, and will use what they learn from the CAG’s initiative to inform any work on the proposed future regulatory regime (consulted on by the Government in July 2021). The FCA and PSR reiterate that it is the responsibility of individual firms for ensuring that their own customers are treated fairly and their needs are met, which includes considering the FCA guidance on branch and ATM disclosures together with the FCA's guidance on the fair treatment of vulnerable customers.

PSR strategy and report on access and governance of payment systems

Following last year’s consultation, the PSR has proposed its final five-year strategy for ensuring payments and payment systems work well and that there is fair competition and access to payments for all. As expected, the new strategy emphasises the need for customer access and protection together with a greater focus on promoting competition between the UK’s payment systems and the marks they support.

The PSR has also published its postponed report on access and governance in relation to the UK’s interbank payment systems (Bacs, Faster Payments, CHAPS and the cheque Image Clearing System (ICS)) over 2019 and 2020.

The report describes:

• Continued growth in direct participation in interbank systems and also details those leaving direct access (including Ipagoo following its entry into administration).
• A doubling of the number of indirect access providers (now 8), including Modulr and LHV Bank.
• The 4 new entrant indirect access providers (which includes Clearbank and Starling) significantly increasing their share of PSP customers by reference to established IAPs.

The PSRs’s Strategy, Analysis and Monitoring division will be taking forward monitoring impact and developments in the interbank systems.

Santander “festive” bank errors

It was widely reported over the Christmas period that Santander accidentally deposited £130m into 75,000 accounts on Christmas Day. Payments from 2,000 business accounts were made twice into accounts with other banks. The second payments were said to be “the result of a scheduling issue” which was quickly identified and rectified.

Santander will have been seeking to use the Credit Payment Recovery process to try and recover Bacs and Faster Payments sent in error, including standing orders. Had the duplicated payments been made using customer funds, the bank would have been required to pursue a process of recovery taking into account regulation 90 of the PSRs and make customer whole. In this instance it is reported that the payments made by Santander did not cause loss to its clients, having reduced Santander’s own reserves. To our knowledge the PRA and the FCA have not publicly commented on the mistakes. However, it is widely expected that the errors will result in regulator focus on the adequacy of the bank’s risk and control systems and processes and systems for scheduling payments.

Amazon vs. Visa

In November, Amazon announced that it intended to block UK Visa credit card payments on 19 January 2022. Amazon’s rationale, Visa’s charges for processing transactions prevented Amazon from offering customers the best prices. Visa’s rebuttal, declining to accept UK Visa credit cards would limit consumer choice. The proposed block did not include Visa debit cards.

On Monday, Amazon released publicly that the block would not be effective on 19 January 2022 but that discussions were still ongoing and they were working with Visa on a possible solution.

We expect to include more commentary on this clash in future editions of Payments View, particularly as the PSR’s strategy is focused on promoting competition and it has already voiced concern over the dominance of Visa and MasterCard.

Key topics from 2021 to look out for in 2022

Financial Services Future Regulatory Framework Review: HMT launched a consultation in November to consider how the regulatory framework should be adapted following the UK’s exit from the EU. HMT’s proposals focus on new responsibilities and freedoms for the regulators, methods for scrutinising their decisions and additional objectives and principles for the sector (eg sustainable growth).

The consultation closes on 9 February 2022. Let us know if you are responding to the consultation and we would be happy to discuss or advise you on this.

The FCA’s New Approach: The FCA published a review of its new approach in 2021 to regulating the financial services sector. The assessment of its approach includes examples of actions it has taken against each limb of its mission statement which tie in with recommendations from independent investigations for it to be more innovative and assertive. Notably the FCA has taken away approval from 176 firms which have not carried on regulatory activity in the last 12 months showing there is teeth in its “use it or lose it” approach designed to protect consumers.

CBDC Taskforce: The BoE and HMT created a CBDC Taskforce and are set to launch a consultation on a potential UK CBDC in 2022. See our previous editions of Payments View and Crypto View for more commentary on this.

SCA Deadline: The deadline for SCA implementation for e-commerce transactions was extended to 14 March 2022

BNPL Regulation: HMT launched a consultation on the regulation of BNPL which saw huge growth in 2021 as a method of payment. The consultation closed on 6 January 2022 and we expect HMT’s response will take several months.

If you are interested in any of our other Views, including EU View, SMCR+ View, Crypto View and Markets View, please let us know.