Payments View - April 2023

Before we dive into this month's Payments View, we wanted to let you know that we will be at Money 20/20 in Amsterdam in early June and hope to see a number of you there. If you're attending, do let us know. In the meantime, however, this month's edition covers 'clarifications' on the UK depositor protection scheme, future planning from the PSR, JROC and FCA, as well as insights on the future of payments from UK Finance.

If any of these topics spark further questions, please don't hesitate to reach out to us.

Our response to PSR penalty statement consultation

The PSR has recently consulted on changes to its penalty statement. Having had experience of the PSR approach to penalties, our contentious regulatory team have responded to their proposals, highlighting the following suggestions: 

• Changes to relevant revenue calculation, where the PSR uses percentage of relevant revenue as a starting metric for the penalty calculation, the PSR is proposing to reduce the percentage scale to 0-20% (currently it is 0-60%) and use revenue realised during the entire period in which the compliance failure occurs (currently, the PSR uses revenue during the 1 year period prior to the PSR's final decision notice or termination of the relevant compliance failure, whichever is earlier). In the context of IFR breaches involving a firm's entire issuing/acquiring business unit, this is likely to result in the Step 1 figure being disproportionately high and the PSR having to apply a discretionary downwards adjustment at Step 2. Accordingly, we are proposing that the PSR applies a different (lower) percentage scale for IFR breaches involving a firm's entire issuing/acquiring business unit (as the FCA does for its CASS penalties), or makes greater use of alterative metrics to revenue.
• Meaning of deliberate and reckless, the PSR proposes to introduce a new objective element to the assessment of whether a compliance failure was reckless, to capture what a firm ought to have known. We are pushing back on this proposal on the basis that the test for recklessness in existing case law (as applied in the context of FCA investigations) is a subjective one (i.e. based on what an individual actually knew) and the PSR should not depart from this.
• Meaning of gross revenue, the PSR intends to continue to take relevant revenue as gross revenue derived from the business activity in the UK to which the compliance failure relates, but the PSR has provided no further clarification as to how gross revenue should be calculated. We are asking the PSR to provide this clarification. For example, in the context of the IFR, guidance on the treatment of pass-through fees (i.e. fees that an entity is contractually required to collect from a customer and pass on to third parties) would be welcomed.

Depositor Protection Scheme - changes post SVB and ipagoo

Thresholds and payout

The Bank of England ("BoE") has published new proposals to address practical concerns surrounding FSCS depositor protection, following the developments last month which raised concerns over how the scheme works in practice. Two key concerns discussed over the last few weeks are (i) whether the threshold remains appropriate (£85,000 per institution for eligible customers) and (ii) the speed at which FSCS protection is supposed to 'kick in' and return funds to customers. The BoE's new suggestions aim to address the latter and include:

• an online portal which would enable depositors to provide alternative account details for covered funds to automatically be transferred replacing cheques as the primary means of payout under the scheme. The BoE makes the point that whilst an FSCS pay-out is underway, eligible depositors may experience a period in which they temporarily lose all access to their funds despite being covered;
• potentially utilising the infrastructure for the sharing of payment information and redirection of payments (e.g. when a customer moves banks) in order to enable the transfer of certain payment information, such as direct debits and standing orders (although the BoE has not provided any further detail on this proposal); and
• exploring better operational support and capacity at receiving banks, especially where there are challenges to opening a current account for the depositor.

Whilst these proposals go some way to addressing the potential practical gaps in the scheme (which protects up to £85,000 of the deposits of an 'eligible customer'), the BoE has confirmed that it is also working with other UK authorities to develop "as quickly as possible the most innovative, cost-effective, and efficient solution to reduce payout times and reduce operational risk".

These proposals come after comments from both Andrew Bailey and the Chancellor, Jeremy Hunt, on the need for some reform of FSCS. Mr Bailey has confirmed that "the [BoE is] considering improvements to our approach to depositor payouts for smaller banks which do not have eligible liabilities [protections]". The Chancellor also recently commented that "we need to look at deposit insurance and keep that under review" but that the fixed level of deposit guarantees had 'been "carefully thought through" to give confidence to retail investors. There have also been murmurings of a shift towards a US-style pre-funded pool (rather than the current system of ad hoc contributions), but no official news on that as of yet.

Safeguarding

The PRA has also been looking at issues related to payments and e-money firms specifically what happens to safeguarded funds in the event of the safeguarding account bank going bust.

Prior to the decision in the ipagoo case - covered on numerous occasion in Payments View - the PRA had apparently viewed payment service users and e-money holders as having an absolute entitlement to funds held in a segregated safeguarding account. The Court of Appeal's decision has required the PRA to adjust its position and introduce new rules that extend the scope of FSCS protection.

Following the recent Policy Statement from the PRA, 'eligible' customers of PSPs will benefit from FSCS protection in the event of the insolvency of a PRA (i.e. UK) authorised safeguarding bank. Other customers (e.g. authorised firms, which often make up a significant number of PSP's customers and who don't qualify as 'eligible' for FSCS protection) will still be exposed. This should significantly reduce the risk involved for retail customers at the safeguarding bank level which will hopefully be factored in to the FCA's approach to safeguarding more generally. Looking forwards, the FCA has already announced plans to consult in the first half of this year on strengthening the requirements for safeguarding customer funds following the enhanced rule-making powers incoming under the Future Regulatory Framework Review. We are expecting final rules around the end of 2023 or early 2024.

If you had any questions or concerns about your specific operations, please do reach out as this has, unsurprisingly, been quite an area of focus recently for us and other clients.

Greater focus on supervision and compliance - Payment Systems Regulator annual plan for 2023/24

The PSR has set out their annual plan and budget giving detail on their key aims, activities and expected costs for the year 2023/24. A key development is the regulator's 'evolution' of its approach through the creation of a new division, Supervision and Compliance Monitoring, where there is a specific focus on the regulator increasing its work on PSPs' non-compliance.

Key points of focus in the plan include the PSRs aims to address:

• APP fraud. The PSR will publish data showing the performance of PSPs on APP scams and will work with UK Finance and Pay.UK to improve scam detection. As covered in previous editions of Payments View, plans are ongoing to implement new rules leading to greater reimbursement for APP scam victims and the PSR will work with other authorities on "additional measures" to prevent fraud in the wider payments ecosystem.
• Developments in the New Payments Architecture ("NPA"). The PSR will review Pay.UK's proposed NPA design, funding model, business case and infrastructure contract, and monitor how Pay.UK develops its strategy on the future of Bacs. The PSR will also engage with Pay.UK and its chosen central infrastructure services provider on how they intend to comply with the PSR's regulatory framework.
• Its ongoing review of card fees. The PSR will continue to progress two market reviews with interim reports and a final report on cross-border interchange fees, assessing the state of the market and proposing remedies where relevant, both expected in due course. We have covered the recent steps for these in previous editions of Payments View.
• Digital currencies and cryptoassets. The PSR has noted that they will continue to monitor developments in domestic and international cryptoassets market and contribute to wider developments around cryptoassets, stablecoins and a potential digital pound. For those interested in such developments, you can find our thoughts on the Digital Pound here and make sure to also subscribe to our sister Crypto View newsletter. 

A reminder that the PSR's Annual Plan event is also scheduled for 9 May. If you had any questions on next steps for the PSR, please do reach out.

Also of interest: PSR speech on its strategy

Following on from this, the PSR's Kate Fitzgerald, Head of Policy, has given a speech reflecting on "the next evolution that we want to see in our payment systems". Key points include those on:

• Open Banking. With the JROC recommendations published this month (see our piece on this below) setting out what the PSR sees as an ambitious roadmap towards the greater development of new Open Banking solutions. Ms Fitzgerald particularly flagged working towards "commercial and liability frameworks for lower risk use cases, like non-sweeping VRP" as well as working towards the implementation of a "multilateral rulebook which enables account-to-account to compete with other retail payment types" by the end of 2025. 
• PayM and the need for more "efficient and commercially sustainable" payment systems. Reflecting on the recent closure of PayM a few weeks ago, including "that PayM did not have a regulatory mandate or offer banks a viable commercial model", Ms Fitzgerald highlighted that Open Banking will need to be "sustainable economically", and it needs a stable supportive regulatory environment. Further details on this in the JROC recommendations and, we imagine, in future editions of Payments View.
• Consumer protection.Here confirmation of payee was singled out as having prevented "millions of pounds of fraud and the CRM code has seen thousands of victims reimbursed. But this isn't enough, and we need to do more", referring to the incoming plans for mandatory reimbursement. The PSR acknowledges that they 'have to get the right balance' but also recognise that "frauds would happen less often if there were greater controls in the payment system". There is an expectation that firms will be able to use current and expanded anti-fraud processes to avoid the need for reimbursement, by preventing the fraud from happening in the first place. Interestingly Ms Fitzgerald also talked to the fact that the protection afforded to a direct debit payment is very different to that provided by s.75 on credit cards and that "if we want Open Banking payments to work well for different types of payment, then we need to ensure that the right protection is in place to support the right level of confidence and trust for people and businesses". We'll see if the PSR takes any further steps in this area.
• Competition, access and choice.Where the PSR is repeating its interest in expanding the usage of account-to-account payments so these forms of payment methods can compete against existing retail payment options. The PSR also referenced their ongoing market reviews on Mastercard and Visa card fees (see above). The speech also flagged that as cash use declines, the PSR wants to make sure that digital payments generally are meeting the needs to people and businesses.   

JROC Open Banking recommendations published

The Joint Regulatory Oversight Committee ("JROC") has published its recommendationsfor the next phase of Open Banking in the UK which build on previous thinking in this area thinking of the Trustee, SWG, CMA and others (summaries of which can be found in the February and January editions of Payments View.) The JROC's recommendations contain a roadmap of priorities over the next two years, covering five key themes:

• levelling up availability and performance - particularly on the data collection framework for the relevant APIs;
• mitigating the risks of financial crime - where the FCA's current work on APP scams seems of particular relevance;
• ensuring effective consumer protection if something goes wrong - with this focused on the dispute process with consultations from the FCA/PRA expected on this if deemed needed;
• improving information flows to third party providers and end users - where the current error codes and messages are under review, with a desire for consistent and definitive messaging regarding payment statuses; and
• promoting additional services, using non-sweeping variable recurring payments ("VRP") as a pilot  - with a discussion paper expected this quarter on principles for commercial frameworks for premium APIs. Non-sweeping VRPs has repeatedly been picked out as a focus for the future of Open Banking and so this will be a key area to watch.

The recommendations also cover plans for the future entity, the transition from the OBIE and the underpinning principles of the future "long-term regulatory framework", which the recommendations confirm the Government is intending to legislate for. Specifically, the recommendations propose:

• that, in line with the possible reforms of the PSRs, that Open Banking requirements will capture a "broader set" of data holders who will need to at least meet the compliance standard that currently applies to the ASPSPs subject to the Order;
• engagement with the governments (revised) smart data scheme under the Data Protection and Digital Identity (DPDI) Bill;
• secondary legislation that would enable government to empower the FCA to oversee data sharing (read and write) requirements applying to firms who hold or receive data or offer services within the scope of a smart data scheme for open banking.

We are expecting a number of updates (at Figure 1 on pages 7-9 for those who are interested) to take place Q2 2023 and we will keep you updated as these emerge. The JROC intends to monitor progress against all roadmap actions regularly and will provide a first progress report (as well as the communication of its "refined views" on the design of the future entity) in Q4 2023. Proposals on the entity's funding are also interesting, such as the comment that the "liability model needs to evolve from the model in place today, to represent the breadth of actors within the ecosystem" and that this model "will evolve so that revenues are not solely drawn from membership fees, but [are] supplemented by the provision of additional services (for example, advisory services) to the market and international counterparts."

If useful to discuss any of these proposals, please do reach out.

UK Finance on the future of payments and chief exec insights

Following a series of events held in March, the banking and financial services trade association, UK Finance, has set out their main insights across five key priority areas (Transitioning to net zero, Preventing economic crime, Delivering a high growth economy, Supporting consumers and businesses, and Enabling digital innovation) as well as more specifically on the future of payments following the PayTech Strategy Day.

Thinking from the PayTech Strategy Day covered a range of areas, including cross-border payments, digital wallets, CBDCs (where, interestingly, UK Finance notes that countries making up 95% of the world's GDP are now looking into developing such digital currencies), BNPL, embedded payments and Open Banking.

More broadly UK Finance's Chief Executive offers interesting insights on the work being done for the FSMB (which is heading for the Report stage following a series of debated amendments in the House of Lords), the Consumer Duty (where the scope of 'good outcome' is a key question of the trade association), and an update on the reworked Data Protection and Digital Information Bill.

EBA updates on de-risking, safeguarding and potential causes of consumer harm

A brief detour to Europe, where the EBA has published a set of updates on considerations around vulnerable customers and potential causes of consumer harm which make interesting reading in light of similar considerations in the UK for the Consumer Duty.

On vulnerable customers, the EBA Guidelines are intended to ensure that customers "have access to the financial services they need to fully participate in society and that they are not denied this access on unsubstantiated Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) grounds or without valid reason" - with the disparity between how quickly accounts are frozen and the time taken for providers to investigate and unfreeze them, a point that UK regulators have previously raised concerns around.

In respect of potential causes of consumer harm, the EBA's new list of 11 'retail risk indicators' aim to improve "the monitoring of the banking markets across the EU by measuring the risk of detriment arising to consumers from the misconduct of the institutions, and from wider economic conditions" and cover a wide variety of different types of products in the EBA's remit (e.g., mortgage credit, consumer credit, or payment accounts).

If you had any questions or concerns, please do reach out.

Open Banking Impact Report

In the February edition of Payments View we covered the Future Development Report published by the Open Banking Strategic Working Group and mentioned the continuing growth in the use of Open Banking by consumers and SMEs - now reaching up to 7 million users. This growth has been emphasised by the Impact Report published by Open Banking Limited ("OBL") which also set out the following interesting points:

• there is a greater use of Open Banking by SMEs (16%) in comparison to consumers (11%) despite there being a greater number of products on offer to consumers;
• the majority of SMEs tend to use Open Banking to consolidate their accounts and give insights on information such as cash flow and forecasting, whereas consumers tend to use Open Banking for budgeting;
• it is expected that Open Banking payments will continue to be a significant growth area as major companies are now offering these options to retail customers; and
• there has been an increase in services being offered by agents of third-party providers as this gives agents a faster and more profitable route to market.

Weare seeing this trend play out in the market as the combination of tech and regulation is driving embedded payments and expanding use cases.

PSR speech on innovation (AI, APP fraud and A2A)

Aidene Walsh (PSR Chair) has given a speech on how the regulator sees the ongoing innovation in the payments space, specifically calling out:

• Artificial intelligence and digitalisation, where a "constant flow of headlines" shows to the PSR the growing "interlock between data and payments" in relation to blockchain, QR codes, digital ID, smart contracts and Open Banking. The PSR is seeing a morphing between technology, payment providers, banks and commerce to deliver multiple solutions for payment services; an interesting perspective in light of the FCA's focus last year on the impact of Big Tech's role in the financial services industry (covered in our November edition).
• Authorised push payment ("APP") fraud, with the changes to mandatory reimbursement "incentivis[ing] all players in the payments ecosystem to take responsibility for addressing the issue" as well as the PSR's work with various groups and organisations outside the payments sector to address the 'root cause' of these scams.
• Vulnerability and leaving customers behind, with Ms Walsh noting that innovation can run the risk of leaving customers behind - particularly in relation to access to cash and the newer concern of 'Access to Digital'.
• Account-to-account payments, including those initiated within Open Banking, which the PSR sees as potentially providing competition to card payments and realising the potential for new ways of paying that offer customers greater levels of control.

We have covered all of these developments in previous editions of Payments View, so do say if you'd like to speak more on the trajectory of any of these.

FCA Business Plan 2023/24

Earlier this month, the FCA published its Business Plan 2023/24 which outlines its priorities for the next year. It is centred around the themes published in the FCA Strategy last year of reducing and preventing serious harm, setting and testing higher standards and promoting competition and positive change.

With regard to payments, the Business Plan contains a specific aim to decrease the growth in APP scams and investment fraud in the UK. The FCA intends to achieve this by starting and continuing certain key activities this year including:

• increasing the volume of proactive assessments of firms' anti-money laundering systems and controls;
• using a data-led approach to proactively supervise firms' sanctions systems and controls; and
• ensuring it has effective oversight of firms communicating and approving "financial promotions including qualifying cryptoassets when they are brought within the financial promotion perimeter and that firms only do so if they have the relevant competence and expertise".

There is no doubt this area will continue to be a significant concern for the FCA (as well as the PSR) considering the ongoing work on APP scams more generally and we will be watching out for the first set of results against the Strategy outcomes which will be published later this year.

If you had any concerns about the above, please do reach out.

News Flash

Payments Infrastructure

• The BIS has had a particularly interesting month with successful tests for two payments projects. First the completion of year-long tests (overseen by the Bank for International Settlements Innovation Hub in Singapore) that provided cross-border instant payments via mobile phones. Second, an experiment (carried out by the BoE and BIS Innovation Hub London Centre) demonstrating 'synchronisation settlement' using DLT and the RTGS for housing transactions. The UK-focused synchronisation settlement test ('Project Meridian') promises to digitialise the workflow for property purchases, with reserved funds for a single transaction (or even for a whole chain of transactions) automatically moving in synchronisation and at an agreed date and time. Immediately following, digital deeds are issued, and instructions are sent to HM Land Registry to update the register. Whilst the immediate project is focused on UK property, the potential for Project Meridian to streamline payments across sectors is one to keep an eye on.
• The BoE has also published a statement on the renewed Real-Time Gross Settlement service. In the statement, the BoE confirms that the renewed service will take effect from June 2024 and will deliver benefits - from increased resilience to wider interoperability.
• Swift is partnering with central and commercial banks to investigate a CBDC interoperability solution, with recent "successful testing in a sandbox environment".
• Eurosystem's T2 wholesale payment system went live on 20 March.

AML

• A damning report from the Public Accounts Committee has warned that the UK risks being seen as "haven for fraudsters". Illustrating the changing of the mood music that we have seen in relation to APP scam reimbursement, the report notes that "the Home Office is dependent on the banking, technology, telecoms and retail sectors to fight fraud, but will continue to be sluggish and outmanoeuvred if it relies on purely voluntary charters with these sectors."  
• The Times has reported on the fight against fraud by the 'new breed' of UK banks.
• The European Parliament has approved its negotiating mandates on AML Regulation, MLD6 and AMLA Regulation

Wider Updates

• The BoE has published its thematic findings from the 2022 cyber stress test. The Bank expects that firms will draw on the test's key findings and incorporate this thinking into ensuring that their important business services can remain within impact tolerances in severe, but plausible scenarios, by March 2025.
• Tech Nation has published its final report ahead of the growth hub shutting down following the announcement that the UK government was terminating its funding.
  The Financial Ombudsman Service has published its Feedback Statement on its outcome reporting consultation.