Payments View - January 2023

Welcome back to Payments View after what we hope has been a good start to 2023.

We have a bumper edition this month, particularly with the news that HMT is proposing to review the regulatory framework for payments services and e-money. Also covered this month is Open Banking, APP fraud and updates from our colleagues in Luxembourg and Ireland. If any of these topics spark further questions, please don’t hesitate to reach out to us.

Treasury proposes reform of payments and e-money regulations

HM Treasury have undertaken a review of the Payment Services Regulations (“PSRs”) and used this as a platform to launch a Call for Evidence on certain changes, as well as the broader development of UK payments regulation.

Key proposals include: the delegation of further payments regulation to the FCA, “rationalising” the distinction between payment institutions and electronic money institutions, reviewing the regulatory regime for PISPs and AISPs, and clarifying ambiguities in the Payment and E-Money Institution Special Administration Regime. The paper also reiterates previously identified initiatives on the adoption of cryptoassets (particularly stablecoins), the mandatory reimbursement of APP scams, and the future of Open Banking.

The primary focus has been on the assessment of the PSRs, which in HMT’s view “have fostered a strong, innovative, and competitive UK payment sector” but haven’t gone far enough on their own - citing the need for Open Banking initiatives and the pace of market change. The government has also identified certain deficiencies where the regulatory framework could be improved to better meet a revised set of objectives.

The government has therefore proposed what it sees as the appropriate objectives for their evaluation of the PSRs and as a guide to the changes discussed under the Call for Evidence (set out below). These broadly align with the purpose behind PSD2 but without the need for EU integration following Brexit so allow for a much greater emphasis on the UK.

A. Achieving agile and proportionate regulation, which facilitates the international competitiveness of the UK economy through growth and innovation in the UK payments sector

• The government will re-consider the balance between delegation to the FCA and statute when it comes to payments regulation, noting that there is a strong case for delegation to the FCA of firm-facing rules.

• The review raises a number of points on the future-proofing of the payments and data landscape in the UK, both in terms of working towards the adoption of certain asset classes (specifically referencing stablecoins) and reviewing existing regulatory frameworks.
• Proposed “rationalising and/or removing the distinctions in regulation between payment institutions and electronic money institutions” (alongside reviewing their authorisation requirements); reviewing if the regime for smaller institutions provides sufficient protection for consumers, and considering if the PISP and AISP regimes support competition and growth.

B. Ensuring appropriate trust and protection for consumers
The main thrust of the approach here is to clarify the “ambiguity” identified by the courts in the 2021 Payment and E-Money Institution Special Administration Regime, and transfer the responsibility for developing and delivering the safeguarding regime to the FCA (it also suggests that an FCA consultation is expected on this topic later this year).

• Various points are raised on the “clarity and fairness” of how firms can terminate services to consumers in light of concerns held by the government around “cancel culture” and freedom of expression.
• There are a number of points addressing the regulatory framework around preventing fraud. This includes the proposed legislative powers in the FSMB that will enable the PSR to mandate the reimbursement of APP scams for Faster Payments, but the Call for Evidence also proposes increasing the times for payment execution in some cases to enable enhanced customer engagement.
• The government also suggests that Strong Customer Authentication has led to excessive friction in relation to Open Banking and suggests an outcome-based approach might be more suitable; no further detail was provided outside of it working “more effectively and proportionately”.

C. Ensuring the resilience and integrity of the UK‘s payment market

• This captures the broad intention of creating a “comprehensive FSMA model for financial services, under which the regulators generally have responsibility to set technical firm-facing requirements and better keep pace with market developments” alongside more specific proposals, such as work to bring cryptoassets into the regulatory perimeter.

D. Fostering competition, in the interests of consumers

• Discussion on this objective is focused on the success of Open Banking with “over 6 million regular users of Open Banking products and services in the UK”. HMT confirmed that the JROC has committed to producing its final report in Q1 2023 which will incorporate the recommendations from the committee, supported by evidence from the Strategic Working Group.

The Call for Evidence also noted that the government was keeping an eye on developments regarding:

• Cross Border Payments Regulation – where further changes might be made to enhance its transparency requirements.
• Payment and Electronic Money Institution Insolvency Regulations – where the government intends to publish a review within two years of the regime having come into force throughout the UK.
• Interchange Fee Regulation – where HMT have separately published its post-implementation review, concluding that the powers are necessary and enforceable but that, in future, when the interchange fee policy is reviewed more substantively adjustments may be required. HMT have also confirmed that they are looking to the results of the PSRs existing consultation covered in the previous edition of Payments View.
• Participation in the Single Euro Payments Area – where the government will continue to seek to “understand and monitor the impacts of regulatory change in the UK and EU on SEPA participation”.

The scope of the review and engagement with industry is welcome and gives a great opportunity to try and address some of the essential weaknesses and ambiguities with the current regulatory framework – safeguarding, acquiring, capital / liquidity requirements, SCA all immediately spring to mind – as well as influencing the approach to future developments.

We will be working on our own response to the call for evidence over the coming weeks so if there is anything you would like to discuss ahead of your own submission please do get in touch. The consultation closes on Friday 7 April.

CMA publishes decision on Open Banking Roadmap

The CMA has published a decision confirming the substantial completion of the Roadmap for the final stages of Open Banking implementation. Following a report from the OBIE, the CMA has determined that the six largest banking providers in the UK (Barclays, HSBC, Lloyds, Nationwide, NatWest and Santander) have now implemented all the requirements of the Roadmap, which is therefore substantially complete.

The decision notes that the OBIE will continue to ensure that these six banks maintain the required standards and will promote Open Banking to encourage industry adoption. In addition, the OBIE will continue its work to ensure that the remainder of the ‘CMA 9' (Allied Irish Bank, Bank of Ireland and Danske) implement the requirements as soon as feasible.

The CMA states that, together with the OBIE, it will continue to work with government and the other regulators to support a smooth transition of the work to a future entity. As covered in last month’s Payments View, a Joint Statement has been published covering their vision for open banking and emerging thinking on the design of the future entity. In addition, an open letter signed by the Coalition for a Digital Economy, FDATA and a group of 17 fintechs (including Monzo and Wise) was published at the end of last year calling for clarity on the future of Open Banking in the UK.

Open Banking will continue to be a significant development in the UK market (and beyond) over this year. If you had any questions or concerns, please do reach out.

TSB urges rethink on authorised push payment proposals

TSB has urged the Payment Systems Regulator to reconsider the proposed ‘de minimis’ exclusion from the mandatory reimbursement under the proposed overhaul to address authorised push payment (“APP”) fraud. The proposals, covered in the October edition of Payments View, mean that PSPs will be required to reimburse victims of APP fraud where payment is made over Faster Payments and with a minimum threshold for reimbursement of £100.

Whilst TSB submitted evidence to the PSR’s consultation on the changes which largely welcomed the proposals, the bank called for the £100 threshold and potential for a £35 excess fee to be reversed. TSB said that their concern was that the proposals could leave up to one in four people affected by APP fraud denied their money back. Chris Hemsley, managing director of the PSR, has previously told MPs during a committee hearing that this £100 threshold marked around 25 per cent of APP frauds in the UK, but that they were proposed to be excluded as they only equated to about one per cent of frauds by value. Chris Hemsley also said that the PSR’s proposals would not stop firms using “sensible discretion”, such as reimbursing amounts below the £100 limit.

The consultation on the changes closed this month – if you had any questions on the proposals or want to be kept updated on this matter, please do reach out.

FCA board minutes consider new ‘competitiveness’ objective

Earlier this month the FCA published the minutes of their board meeting from November 2022 where the FCA board discussed operationalising its proposed, new ‘secondary international competitiveness and growth objective’ (referred to in the minutes as "SICGO") for both the FCA and the PRA. The SICGO is one of the new measures included within the Financial Services and Markets Bill (which has reached the Committee stage of the House of Lords).

The FCA stressed that the SICGO is a secondary objective and that it should not outweigh or disproportionately dilute the FCA's primary objectives, with clear and consistent communication needed on this point to “re-emphasise” the hierarchy of the FCA's objectives. Existing mechanisms, such as its annual report and finding synergies with existing guidance, were identified as the board’s preference in identifying next steps on adoption.

The proposed objective has proven to be a controversial component of the FSMB (albeit less so than the, now ditched, ‘call in’ power) and it will be interesting to see how far this new objective will affect the focus of the regulators over 2023 and beyond.

Further clarity on government plans to revoke retained EU law

HMT have published a further policy statement on the government’s plans to repeal and, where appropriate, replace retained EU law relating to financial services and markets. The 40 “core files” of retained EU law will be reviewed in three tranches on a "file-by-file" basis, with individual files composed of retained EU law relating to an individual EU directive, regulation or clustered around a common theme. The government expects “to make significant progress on Tranches 1 and 2 by the end of 2023” with no word yet on Tranche 3

Files that are in Tranche 2 which may be of particular interest to readers of Payments View include:

• Capital Requirements Directive and Regulation
• E-Money Directive
• Payments Accounts Directive (but in respect of consumer information rules only)
• Payment Services Directive

The following files are also of interest, but are not in either Tranche 1 or 2:

• Consumer Credit Directive
• Cross-border Payments in Euros Regulation
• Interchange Fees Regulation

We hope to keep you updated through future editions of Payments View of any further proposals on this as the UK’s payment regulation framework adapts to a post-Brexit world. If these plans do raise any questions in the meantime, please do get in touch.

Need for CBDC is an “open question” says BoE

Andrew Bailey has told MPs that it is an “open question” whether a wholesale digital central bank currency is needed at this stage and had similar questions on the retail use of a digital pound.

"I think it's an open question whether a wholesale digital central bank currency is needed because we've got a wholesale central bank money settlement system with a major upgrade," Bailey said, referencing the Bank’s current work updating its real-time gross settlement system (“RTGS”). In relation to retail payments, the governor commented that "we have to be very clear what problem we are trying to solve here before we get carried away by the technology and the idea."

Similar questions have been raised by European ministers who have backed continued preparatory work currently being undertaken by the ECB. Ministers noted that a digital euro should complement, and not replace cash and that an "offline functionality" should be explored to serve a wider range of uses and contribute to financial inclusion.

Digital central bank currencies are likely to be a key development over 2023, if you had any questions, please don’t hesitate to reach out to us and make sure to also subscribe to our sister Crypto View newsletter.

EU Insights

The EBA publishes peer review on authorisation under the Payment Services Directive.

The EBA has published its periodic peer review on the authorisation of payment institutions and e-money institutions under the revised Payment Services Directive. The report covers the competent authorities from all EU Member States and two European Economic Area States and assesses their supervisory practices regarding authorisation.

The review covers the period from 1 January 2019 to 31 December 2021 and generally found that there has been an increased transparency and consistency of the information required in the authorisation process. However, it also identified significant divergences in competent authorities’ assessment and the degree of scrutiny of applications. For example, the average duration of the overall authorisation process varies significantly across competent authorities, ranging from 4 to 20 months or more. Certain follow-up measures are also proposed, including targeted measures for specific competent authorities as well as general measures on authorities:

• reviewing their authorisation resources and processes to ensure that they remain adequate to scrutinise applications within a reasonable timeframe;
• ensuring that applicants have a ‘three lines of defence’ model that includes the functions of risk management, compliance and internal audit, where the nature, scale and complexity of their activities makes this appropriate; and
• ensuring that applicants are effectively managed and controlled from the jurisdiction in which they seek authorisation.

Luxembourg

There have also been plenty of payments updates this month from our Lux colleagues, who you can reach out to with any further questions here.

AML/FT Guidance for agents of payment institutions and electronic money institutions

The CSSF have published a new guidance addressed to agents and e-money distributors acting on behalf of payment institutions (“PIs”) and electronic money institutions (“EMIs”) established in other Member States and aims particularly to promote the understanding of ML/TF risks as well as the professional obligations with regards to AML/TF. This guidance follows the publication of the Luxembourg National Risk Assessments which assessed that residual risk exposures to money laundering and terrorist financing risks in the Luxembourg money services business is medium.

This guidance is also a useful document for PIs and EMIs established in Luxembourg and supervised by the CSSF for use in their oversight of the agents and e-money distributors they are using in other Member States.

Please see the CSSF guidelines here and see the CSSF Press release here.

New form for payment service providers

The CSSF have published Circular 22/828 which amends Circular CSSF 20/750 on requirements regarding information and communication technology (“ICT”) and security risk management and introduces a new form regarding the updated and comprehensive risk assessment of the ICT and security risks related to payment services provided by PSPs, and provide further information on the objective, the scope and the submission process and deadline related to this form.

This new form should be used for the first time concerning the calendar year 2022 and submitted by PSPs to the CSSF no later than 31 March 2023. The form is published in the CSSF’s eDesk portal.

For more information please click here.

Ireland

Our Irish colleagues have also highlighted the below updates as of interest this month. If you had any questions, you can reach out to them here.

Revolut Bank establishes Irish branch

Revolut has announced the establishment of an Irish branch of Revolut Bank UAB, its Lithuanian credit institution. The branch will enable the provision of Irish IBANs to Irish resident customers, the stated purpose of which is to mitigate IBAN discrimination. IBAN discrimination is prohibited by Article 9 of the SEPA Regulation, which has been in force since 2012. However, IBAN discrimination continues to persist and presents a sticking point for Irish resident customers who wish to use Revolut as their principal banking provider as there can be technical issues in the use of non-Irish IBANs such as the payroll systems of Irish employers not facilitating the use of non-Irish IBANs.

Revolut has previously applied to the Central Bank of Ireland (the “CBI”) for both a MiFID investment firm licence and e-money licence but each application was subsequently withdrawn with Revolut choosing to adopt a single entity model relying upon its Lithuanian credit institution.
The announcement is a notable and welcome development at a time when other credit institutions are exiting the Irish market.

CBI – Dear CEO Letter to payments firms

The CBI has issued a Dear CEO Letter to Irish payments firms, including both EMIs and payment institutions, setting out supervisory findings and expectations dated 20 January 2023. The most prominent request arising out of the Dear CEO Letter is a request for an auditor’s opinion with respect to whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSRs/EMRs on an ongoing basis which is to be submitted by 31 July 2023. The Dear CEO Letter also establishes expectations in relation to safeguarding; governance, risk management, conduct and culture; business model, strategy and financial resilience; operational resilience and outsourcing; and AML/CFT.

The Dear CEO Letter should be read alongside the CBI’s previous Dear CEO Letter to payments firms dated 9 December 2021 which was issued shortly after responsibility for the authorisation, and supervision from a prudential and conduct perspective, of payments firms was transferred from the Consumer Protection Directorate to the Credit Institution Supervision Directorate of the CBI.

News Flash

• The text of DORA and the text of the related Directive have been published in the Official Journal of the European Union. Both entered into force on 16 January 2023.
• The FSB published their Global Monitoring Report on Non-Bank Financial Intermediation 2022, presenting their annual monitoring exercise assessing global trends and risks in non-bank financial intermediation.
• The Financial Ombudsman is currently consulting on its draft budget for 2023/24. Further details on their final plans and budget are expected to be published by 31 March 2023.
• The ESAs has published a thematic report on national financial education initiatives on digitalisation, with a focus on cybersecurity, scams and fraud.