Payments View - February 2023

Whilst January is traditionally the time for reflection, resolutions and starting gym memberships that by March will be long forgotten, February (it seems) is the time for long-awaited reports on the future of payments regulation in the UK. Doing one better than the saying about buses, three have arrived at once – covering proposals for the Digital Pound, the future of Open Banking and incoming regulation of Buy-Now-Pay-Later (“BNPL”). There are also a number of updates on APP fraud, Consumer Duty and SCA, leading to a rather bumper edition!

If any of these topics spark further questions or if you know someone who might want to track these developments through the future editions of Payments View, please do let us know.

Digital Pound Consultation

In a key announcement for the digitisation of currency in the UK, HMT Treasury (“HMT”) and the Bank of England (“BoE”) have published an extensive consultation paper on a central bank digital currency. The paper itself is a hefty 116 pages and we have picked out the key points in our client alert from earlier in the month, which can be found here.

In short, the current proposal is that the Digital Pound would be issued by the BoE for retail use and sit somewhere between physical cash and card payments based on a platform model – the real-time ledger would be held and updated by the BoE with users’ wallets, which facilitate payment instructions and account information, accessing the ledger through APIs and being operated by third party providers such as banks.

The current consultation runs until 7 June 2023 and is accompanied by a Technical Working Paper.

Please do not hesitate to reach out to us on any questions and make sure to also subscribe to our sister Crypto View newsletter.

Open Banking: Future Development Report

Seemingly not wanting to be outdone by HMT on the size of their report, the Open Banking Strategic Working Group (“SWG”) has published The Future Development of Open Banking in the UK (the “Future Report”), clocking in at 195 pages. The PSR has briefly commented on the Future Report here.

Some of the key points to note are picked out below, but you can find our further analysis (and an update on the End of Implementation Roadmap report) in our Insights article here. Please do of course get in touch if you would like to discuss this further.

The Future Report builds on the sprints organised by the SWG (and covered in previous editions of Payments View) alongside almost 200 written submissions from stakeholders. These sprints undertook a gap analysis “between the current and a more optimal future state of the open banking ecosystem”. Interestingly, whilst the evidence from the SWG suggested there were a number of gaps, the Future Report notes that “these gaps and the perception of them are often contested, with stakeholders harbouring different views on their relevance or extent”.

Key points on the successor entity to the OBIE (the “Future Entity”) include the shape of a possible model in that its role could be limited to certain core services (i.e., standards development, MI collation and conformance monitoring), with other services being delivered in a variety of ways either by the Future Entity itself, by other entities, or via the market. The Future Report notes this as providing a “single focused, centrally governed and funded standards body which could be scalable into a centre of excellence for standards development”.

Some detail is also given on possible measures to address the gaps identified, with key priorities being split into (i) short-term (12-18 months), (ii) medium-term (18-36 months) and long-term (beyond 36 months) measures clustered around:

• balancing fraud and friction;

• improving ecosystem performance;

• expansion of VRPs beyond sweeping; and

• promoting further data sharing.

Open Banking will continue to be a significant development in the UK market (and beyond) over this year, coming as the number of consumers and SMEs actively using Open Banking powered services in the UK reaches 7 million. Further details on Open Banking can be found in our Insight article here.

Buy Now, Pay Later, Regulate Soon?

HMT have also published a consultation paper on the regulation of BNPL products and a draft version of the relevant order (the “Order”), following criticism last month on the speed of process on regulation of BNPL.

The consultation paper follows up on the June 2022 consultation response (covered in an earlier edition of Payments View) with the government's view being that regulation should broadly capture agreements currently exempt under A60F(2) of the Regulated Activities Order (“RAO”) where they are provided by a third-party lender (unless a specific exemption applies). The paper proposes doing so by amending A60F itself, as set out in the draft Order. These agreements will now be regulated, but the paper sets out that this should be proportionate to the (generally lower) risks of BNPL compared to other types of credit.

The effect of the proposed approach is that certain borrower-lender-supplier agreements for fixed-sum credit to individuals or relevant recipients of credit will become regulated. In particular, covered agreements are: interest-free, repayable in 12 or fewer instalments within 12 months or less, where the credit is provided by a person that is not the provider of goods or services which said credit agreement finances, and who are not otherwise exempt. Third-party lenders offering caught agreements will need to be authorised and regulated by the FCA.

In general, proposals will mean that:

• all advertising and promotions of newly regulated agreements would fall within the financial promotions regime (including those offered by unauthorised merchants, see below). As you might be aware, the FCA is separately consulting on the introduction of a gateway for firms who approve financial promotions (and this consultation paper specifically touches on BNPL) and so we expect changes in this area;
• the small agreement exemption (i.e. those below £50) would be disapplied and these agreements may be regulated;
• certain provisions in the Consumer Credit Act would be disapplied in relation to newly regulated agreements, particularly those relating to the provision of detailed pre-contractual information;
• the Financial Ombudsman Service would have jurisdiction over these newly regulated agreements;
• merchants would be exempt from FCA regulation where they simply offer newly regulated agreements as a payment option – with the paper suggesting that categorising merchants as ‘credit brokers’ for doing so would be disproportionate. This comes as the FCA has published an article on ‘cracking down on misleading credit brokers’;
• however domestic premises suppliers that carry on credit broking activities will be subject to the FCA's full permission regime; an

• a temporary permissions regime (designed to enable firms to transfer into the new FCA regulatory regime) has been proposed and the FCA are expected to publish a further consultation in due course.

The paper also summarises proposed carve-outs relating to the current regulatory exemptions, agreements financing contracts of insurance, employer/employee lending, agreements offered by registered social landlords to tenants and leaseholders, and agreements under A60F(3) (which are currently predominantly used in relation to charge cards).

The consultation closes on 11 April 2023 with an intention to lay legislation during 2023 (when Parliamentary time allows).

APP Fraud Updates: criticism from MPs, consultation on data required from PSPs and speech on collaboration

Committee Report

The Treasury Committee has issued a scathing report on what they see as the “fundamentally flawed” approach by the PSR in addressing Authorised Push Payment fraud (“APP fraud”). The report criticises the speed of implementation and objects to proposals of handing responsibility to Pay.UK, an industry body that MPs see as being “inherently conflicted”. The report also alleges that delegating this responsibility to Pay.UK would allow the “banking industry to slow down the implementation of the reimbursement plans, which have already been unacceptably delayed until 2024”.

MPs have also been busy with letters to a range of regulators. In a direct letter to the PSR, the Treasury Sub-Committee on Financial Services Regulation have questioned why scams under £100 will not be refunded, and in correspondence with the Financial Ombudsman Service, (“FOS”) the Sub-Committee asks whether the slow resolution of reimbursement disputes by the FOS could undermine the proposals. Letters have also been written to the Bank of England and FCA – in the letter to the Bank of England MPs have questioned why high-value transactions made through CHAPS, such as house purchases, are not included under the reimbursement requirement and in the letter to the Financial Conduct Authority, the Sub-Committee asked whether transactions within the same bank will miss out on mandatory reimbursement protection.

The Treasury Committee report states that mandatory reimbursement must be fully implemented by the end of this year.

The PSRs response to the Select Committee explains that “the most effective way to make sure victims of APP scams are reimbursed is by using our statutory powers to require changes to Pay.UK’s rules. This would mean if any financial firm wants to use the Faster Payments system, they will only be able to do so by adhering to the system rules, including around APP scam reimbursement” and that the report “does include a misinterpretation of our proposal on how our powers can be used to require this. We have provided clarification to the TSC on this matter.”

This has been quite a dramatic, and very public, exchange on the future of addressing APP fraud in the UK and we will keep you updated in future editions of Payments View. It is important to note, however, that the mandatory reimbursement protections are clearly just over the horizon and will be an important change coming to the UK payments network in 2023/24.

Data Requirement Consultation

Separately, the PSR has finished consulting on guidance for those PSPs who will be required to publish data on their performance on APP scams. The proposed scope of data covers:

• the proportion of APP scammed customers who are “left out of pocket”;
• sending PSPs’ APP scam rates, as a measure of fraud incidence at the PSP; an

• receiving PSPs’ APP scam rates (not including any money that has been returned to the victims).

This would fulfil ‘Measure 1’ from the PSRs November 2021 consultation, in requiring 14 of the largest PSPs in the UK to publish a balanced scorecard of data. The data provided by PSPs will be collected and published on a six-monthly basis, with the first submission by firms due in May. The PSR will collate and publish an initial report by October.

The PSR will publish a policy statement in March on any responses received, together with the final version of the reporting guidance and template.

Chris Hemsley’s Speech to Counter Fraud Conference on Collaboration

Chris Hemsley (Managing Director of the PSR) has given a speech on the importance of all parties – both within and outside of financial services – taking action to tackle fraud (specifically APP fraud). The speech highlights three key areas that the PSR aims to focus on:

• greater transparency, particularly on how well social media firms are managing the risks caused by their platforms;
• bringing all payment firms into these arrangements, so that all firms “face sharper incentives to take action to prevent fraud” – both in terms of the “financial incentives” of the reimbursement plans, but also with heavy emphasis on reputational factors for those who the PSR see as ‘letting customers down’; and

• informing and empowering customers to make good decisions.

These three areas work towards a “whole ecosystem approach”, i.e. looking holistically at the source of fraud (primarily identified as social media platforms), making sure payments firms manage fraud risks appropriately, reviewing generic warnings to customers and calling for effective law enforcement.

High Court rejects claim against receiving bank in APP fraud case

Finally, we have published an Insight article on Tecnimont Arabia Ltd v National Westminster Bank Plc, the first case of its kind, where the High Court rejected claims against a bank which received proceeds of an APP fraud.

If you’d like to discuss any of the above, please do get in touch.

Consumer Duty: Dear CEO Letter

The FCA has published a Dear CEO letter to payment and e-money firms on implementing the Consumer Duty. This builds on the FCA’s previous payments webinar (covered in the November edition of Payments View). The letter notes that meeting the Duty “will require a significant shift in culture and behaviour”, with “poor financial crime controls” (especially with regards to APP fraud) and an adverse reliance on online chat platforms (in light of the new requirements on the Duty’s Consumer Support outcome) flagged as particular concerns. The letter also provides further guidance on how the Duty applies to payments firms and key things for firms to consider.

Please do reach out if you had any concerns on the implementation of the Duty or check out our sister-newsletter specifically on the implementation of the Duty.

EBA Clarifies Application of Strong Customer Authentication

The European Banking Authority (“EBA”) has published further guidance on strong customer authentication (“SCA”) to digital wallets under PSD2, in the form of three new Q&As (5622, 6145 and 6464). These Q&As build on the previous three response documents (4047, 4827 and 6141) and aim to clarify (i) the application of SCA to the enrolment of a payment card to a digital wallet and (ii) outsourcing of the application of SCA to digital wallet providers.

Key clarifications to note include:

• The unlocking of a mobile phone with biometrics (e.g. a fingerprint) or with a PIN/password cannot be considered a valid SCA element for the purpose of adding a payment card to a digital wallet, if the screen locking mechanism of the mobile device is not a process under the control of the issuer.

• That issuers may outsource the provision and verification of the elements of SCA to a third party (e.g. by concluding contractual arrangements with the third party), such as a digital wallet provider, in compliance with the general requirements on outsourcing, including the requirements of the EBA Guidelines on Outsourcing arrangements. However, the responsibility for compliance with the SCA requirements cannot be outsourced and issuers remain fully responsible for the compliance with the requirements in PSD2 and the Regulatory Technical Standards.

• When it comes to the initiation of electronic payment transactions, Q&A 5622 clarifies that the initiation of transactions with the digitised version of the payment card also requires the application of SCA under Article 97(1)(b) of PSD2, unless one of the specific exemptions from the application of SCA set out in the RTS on SCA&CSC applies.

The greater detail given on these points opens up the possibility for greater divergence from the UK approach post-Brexit – if you had any questions, do get in touch.

PSR Thought Piece on Understanding Digital Barriers

The PSR has published a thought piece by Kate Fitzgerald (Head of Policy) on understanding digital barriers, drawing together the regulator’s initiatives on making sure that there are digital payment services that cash-reliant consumers can and want to use.

This article includes further detail on the main reasons why the PSR believes some consumers prefer cash over digital payments, further detail on the account-to-account work that the PSR is investigating and a short summary of the regulator’s roundtable discussion held last November. It is an interesting counterpoint to the vision of the payments ecosystem seen in the Digital Pound consultation above.

The November discussion focused on prepaid cards, how in some cases they could be a ‘near-cash’ bridge to people using digital payments, and the barriers to their use, including:

• people not being able to get instant information about their spending and card balance;
• the need for online or smartphone access to get the full benefit of many prepaid card services;
• charges for using prepaid cards; and

• a lack of awareness and understanding of prepaid card services and their benefits among people on low incomes who rely on cash – and the need for banks and payment providers to communicate with them more effectively.

News Flash

• Aidene Walsh has been confirmed as chair of the Payment Systems Regulator.

• The PSR has published two papers as part of its card scheme and processing fees market review, on:

  • a call for evidence on initial stakeholder feedback that the PSR has received on the competitive constraints that Mastercard and Visa face when setting these fees; and
  • the regulator’s proposed approach to analysing the profitability of Mastercard and Visa’s UK card businesses.

• The OBIE has published its Open Data Service Quality Indicators.

• The BoE has published its Roadmap for the Real-Time Gross Settlement service beyond 2024.

• The BoE has also published its policy on outsourcing and third party risk management for Financial Markets Infrastructures.

• Quarterly complaints data has been published by the Financial Ombudsman Service, with the regulator upholding 35% of complaints in the consumers’ favour.

• The FSB has announced its work priorities for 2023, focusing on: non-bank financial intermediation; crypto-assets and decentralised finance; and cross-border payments. A G20 Roadmap for enhancing cross-border payments has also been published detailing the specific actions that will be taken under the FSB’s three priority themes (Payment system interoperability and extension; Legal, regulatory and supervisory frameworks; and Cross-border data exchange and message standards) to move forward the Roadmap and achieve its targets by 2027.

• Finally, SWIFT turns 50 this year – an interesting year for the payments network as new developments emerge.