Payments View - October 2023

It had looked like a slightly quieter month for Payments View after the recent deluge of consultation papers, proposed reforms and letters from regulators but we've managed to catch the most recent updates on the proposed stablecoin regime and APP fraud data. 

This edition also covers:

• The FCA findings on money mule review for payment account providers;
• A "Final warning" to payments firms around the cryptoasset financial promotion regime;
• Developments affecting payment services contracts;
• Highlights from a number of BoE and PSR speeches;
• New UK legislation addressing business crime and its potential impact on the payments sector; and
• Updates from our Dutch colleagues on consultations for supervisory boards and intra-group governance.

As always, please don't hesitate to reach out to us with questions and thoughts on any of the below.

APP scam data published plus further key publications

For those tracking APP scam reimbursement updates, there have been further developments this month.

Firstly, the public 'scorecards' on the Measure 1 reporting have been published this morning and can be found here. These cover the first reporting cycle which started on 1 April 2023 and relate to the two reporting periods: January to June 2022 and July to December 2022. Certain firms will be required to publish this data and their position in respect of other PSPs.

UK Finance has put out a short statement noting that the reimbursement proposals "present significant challenges for financial institutions preparing for the far-reaching reform". The statement highlights key practical difficulties faced by firms and the need to balance the proposed new requirements with other legal requirements. UK Finance is also repeating its call for financial institutions to engage with the consultations at this critical stage and emphasises that financial institutions should be pressing the Government to undertake systemic reform given that tech companies account for over 85% of all scams and in order for reforms to be effective they must address the root cause of APP fraud.

The PSR has also published an open letter responding to certain consumer groups, which makes interesting reading for those grappling with the balancing act between implementing the extensive consumer protections proposed and the practical difficulties and moral hazard they present.

We expect this topic is a top priority for firms at the moment and we would be keen to discuss the various challenges you are facing. Please get in touch if it would be useful to discuss.

HMT on the 'future regulatory regime for cryptoassets' - of interest for payments firms

For those covering the incoming regulation of cryptoassets in the UK from a payments perspective, yesterday HMT published three publications that may very well be of interest because of their focus on stablecoins, namely:

• Their response to the consultation on the future financial services regulatory regime for cryptoassets alongside a call for evidence;
• Their response to the consultation on managing the failure of systemic digital settlement asset firms;
• An update on plans for the regulation of fiat-backed stablecoins.

The first is an extensive paper setting out the future of the UK position - covering the definition of cryptoassets, the legislative approach, and the proposed regulatory outcomes across a number of to-be regulated activities. Those interested in any aspects of the future regulatory UK position (in both the short and longer term) will want to take a look at the 90-odd page report. For immediate headlines, Crypto View published a special edition today covering the key elements of the proposals that you can find here.

The second and third papers are, thankfully, shorter affairs covering (i) the government's response to the consultation that ran last year on the proposed application, with amendments, of the Financial Market Infrastructure Special Administration Regime to systemic systems that use 'digital settlement assets' and (ii) the government's proposals to bring the issuance, custody and payments flows relating to certain UK stablecoins within the scope of UK regulation (being 'Phase 1').

FCA findings on money mule review for payment account providers

The FCA has published its findings following a review of payment account providers' systems and controls to tackle money mule activity - widely treated as the use of a third party's account to launder money.

The findings are specifically being shared so other firms "can learn from them" and the FCA "expects payment account providers to consider their own organisation's arrangements, systems and controls against our findings. It is vital that firms have a proactive approach to identifying and swiftly remedying any weaknesses identified in their anti-fraud systems and controls".

Examples of good practice, areas for improvement, and how firms can manage the risks of money mule accounts in a proportionate way are provided - with specific issues identified on strengthening controls during onboarding and improving transaction monitoring and the speed of reporting.

The FCA also advises that the Home Office is due to publish a money mule action plan in the coming weeks which we will look to cover.

"Final warning" to payments firms supporting cryptoasset firms on the new financial promotion regime

As covered in depth by our 'sister publication', Crypto View, the new financial promotion rules that apply to cryptoasset firms marketing into the UK are now live. Just before it came into force, the FCA sent a "final warning" to the industry on the need to "get ready for this regime".

Specifically included in this warning were firms who the FCA believes are "supporting" unregistered firms in marketing to UK consumers, calling out "payments firms [who] enable consumers to invest money with these firms." The FCA says that they "expect these firms to play their part in ensuring that illegal financial promotions are not communicated to UK consumers by unregistered cryptoasset firms" before making exceptionally broad comments on the need to ensure compliance with legislation on the proceeds of crime and money laundering. It doesn't take a leap of the imagination to see that the FCA will take an indirect route to deprive crypto firms of their fiat on- and off-ramps if necessary.

If of interest, you can also find our webinar on the topic here.

HM Treasury policy statement on payment service contract termination rule changes

HMT has published a policy statement on the implementation, timings and next steps for payment service contract termination rule changes. This follows the announcement in July (covered in the Summer edition of Payments View) that the notice period for the termination of a framework contract would be extended from two months to 90 days, as well as adding a new requirement for providers to give a clear and tailored reason for the termination.

HMT is not prescribing the information that should be provided to a customer. Instead, and in line with the current regulatory approach from the FCA, the focus will be on the outcome of the communication. This means assessing whether the customer clearly understands why the contract was terminated based on the information provided. The policy statement also confirms that HMT is considering the extent to which PSPs will have limited flexibility not to provide 90 days' notice of account closures or a clear and tailored reason for such (or both) where this would bring the provider into conflict with other legal requirements or regulatory obligations.

A draft statutory instrument will be proposed by the end of 2023 with the relevant amendments to be made to the PSRs 2017 as soon as Parliamentary time allows.

E-money firm gives undertaking on its customer terms to FCA under the CRA

The FCA published an undertaking given by an EMI under the Consumer Rights Act 2015 concerning the terms in its customer contract.

The undertaking relates to three terms that the FCA considered to be potentially problematic:

• Exclusion of liability. A term excluding the firm's liability as a result of account suspension which the FCA said could result in the firm refusing to pay compensation to consumers even where the loss was due to the fault of the firm.
• Limitation of compensation. Where the FCA said that compensation should align with the actual loss, not just what the consumer paid.
• Exclusion of commitments that may be implied by law. Here, a term excluding commitments that may be implied by law was potentially insufficiently transparent as consumers were unlikely to understand what it meant in practice.

This approach is very much in line with the increased engagement the FCA is having with the industry since the implementation of the Consumer Duty and is a trend we expect to continue.

'Facebook's Libra was a "black ships" moment for global payments' - BoE speech by Sir Jon Cunliffe

As a parting shot in the last week of his term as the BoE's Deputy Governor for Financial Stability, Sir Jon delivered an interesting speech on the direction of travel for global payments and the systemic changes that he foresees.

The speech also sets out helpful updates on:

• the G20 roadmap to improve cross-border payments - touching on RTGS renewal, ISO 20022 and a call to pursue "more effective, coordinated regulatory frameworks for cross-border payments, and remove unnecessary regulatory frictions";
• the Bank of England's exploration of the Digital Pound - indicating that a detailed response to the consultation is proposed "in the coming months", a wider consultation is proposed to spark "national conversation", and the BoE intends in the meantime to work more intensively with the private sector to explore possible use cases; and
• the regulation in the UK of systemic payment systems using 'digital settlement assets' like stablecoins -noting that the Bank expects to issue a Discussion Paper "very soon" setting out its proposed regulatory regime for systemic retail payment systems using stablecoins.

Chris Hemsley's speech at the Payment Leaders' Summit

As the mid-point of the PSR's five-year strategy approaches, Chris Hemsley gave a speech which highlighted that, in the shift to digital payments, the PSR is taking the following action to ensure that the transition happens in a manner that protects people and promotes effective competition:

• Renewing the RTGS infrastructure to provide "richer payments data, greater capacity and new and easier ways for firms to connect to the system".
• Improving digital payments for retail businesses through increased competition, unlocking the potential of Open Banking in retail payments and investigating cross-border interchange fees (although see the next item below).
• Investing in the digital ledger space, for example the Sterling Fnality payment system (which we covered in the September 2022 edition of Payments View).
• Realising the potential of Variable Recurring Payments. Hemsley cites this as "one of the biggest opportunities in Open Banking" and that "it's increasingly clear that a single set of central rules are likely to be needed to unleash the next phase of open banking payments" - we are interested in seeing what the PSR propose here.

On the need for central rules in payment systems more generally, Hemsley sees this as key to establishing the trust critical to success.

In regard to APP fraud, Hemsley comments that by the end of this month, over 99% of Faster Payment transactions will be covered by a Confirmation of Payee ("CoP") check and that CoP has already improved outcomes.

On the incoming reimbursement rules (summarised in our September edition) it was noted that they are already having a positive impact on the market as there is greater investment in fraud controls but that there is more to be done, with recipient banks call out as needing more robust fraud controls that take care of customers.

Inevitably, no link was made between CoP and the proposals for the 'consumer standard of caution' under the APP fraud reimbursement rules. CoP might be a means of preventing fraud but, as they currently stand, the rules, it will rarely provide grounds for refusing reimbursement for APP scams on its own which beggars the question why the PSR bothered using CoP as the industry standard in the first place.

PSR speech on 'next stage' of Open Banking

Kate Fitzgerald has given a speech on the future challenges and opportunities for Open Banking, focusing on unlocking greater competition in payments which the PSR says "sits at the very heart of our strategy, and today we see Open Banking as the most likely means of achieving this".  

The PSR notes that they see "real opportunity in developing Open Banking payments beyond the CMA Order" and that it is "increasingly clear that central payment system rules setting out the functional requirements, consumer protections and commercial model are likely needed to unleash the next phase of open banking payments". This follows the PSR's work earlier this year with JROC on its recommendations for the next phase of Open Banking and the paper on principles for commercial frameworks for premium APIs - covered in Payments View in June.

This is a developing area for the PSR (although one that they are clearly focused on), with Ms Fitzgerald's speech highlighting that:

• there must be other alternatives to the current card-dominant model for businesses wanting to accept non-cash payments;
• risk mitigation and consumers safety needs to be facilitated through greater real-time data collection and sharing;
• strong security must enhance, rather than diminish, the customer experience and access to open banking services;
• clearer dispute processes and escalation routes are needed; and
• a "charging model, contractual structure, and sufficient coverage to drive network effects are the foundations of a sustainable commercial model". 

This year the PSR plans to unlock 'quick wins' where there is broad industry consensus (like improving data) with a greater set of payments use cases unlocked next year (including lower risk VRP use cases). A full set of open banking payments, including the retail use cases, particularly commercial non-sweeping VRPs, are proposed for 2025.

Economic Crime and Corporate Transparency Act has received Royal Assent

While not exclusively targeted at PSPs, the Economic Crime and Corporate Transparency Act has the potential to impact a lot of businesses operating in the payment space. The Act brings a number of significant developments to addressing business crime in the UK including:

• Companies House reform, including identity verification for all new and existing registered company directors, People with Significant Control, and those delivering documents to the Registrar.
• The introduction of a failure to prevent fraud offence. This will impose a criminal liability on a 'large organisation' (which has a specific definition that excludes SMEs) which fails to prevent fraud intended to benefit the organisation. It will, however, be a defence for the organisation to show that, at the time of the fraud, it had "reasonable procedures" in place or that it was not reasonable in the circumstances to expect such procedures to be in place - further guidance is proposed to be published by the government on what "reasonable procedures" means.
• A change to corporate criminal liability through expanding the class of persons whose conduct can be attributed to the company. An organisation will be guilty of an offence where a "senior manager ... acting within the actual or apparent scope of their authority commits a relevant offence". Unlike the new failure to prevent fraud offence, the changes to corporate criminal liability are not limited to large organisations and the Act focusses on the roles and responsibilities of the relevant senior manager, rather than their job title.
• Providing for specific exemptions to Defence Against Money Laundering Suspicious Activity Reports - intending to reduce, "the reporting burden on businesses and enabling greater prioritisation of law enforcement resource by expanding the types of case in which businesses can deal with".

Whilst there is no current date set for the changes to come into force, they will result in a significant change to the compliance frameworks of many businesses - please do reach out if you'd like to speak with our specialist financial crime team on the topic.

Delay to publication of the cross-border interchange fees market review interim report

The PSR has confirmed, in a brief update on its website, that its market review into cross-border interchange fees will be delayed to the end of this year. The update notes that "this change will ensure that we can satisfactorily explore all avenues towards a positive conclusion of this market review."

As part of this review, the PSR is looking to understand the reason for certain post-Brexit fee increases as well as engage with businesses to better understand how the increases are impacting them - more detail in November 2022 edition of Payments View.

Dutch consultations on supervisory boards and intra-group governance

Our Dutch colleagues have highlighted two consultations from the Dutch Central Bank (De Nederlandsche Bank, "DNB") specifically of interest to payment and e-money institutions on:

• the establishment of a supervisory board; and
• good practice on intra-group relations.

For the former, the DNB has published a Q&A for public consultation on the circumstances in which payment institutions and electronic money institutions should establish a supervisory board. According to the DNB, the following non-exhaustive list of circumstances are relevant:

• where the corporate structure involves a director-major shareholder (directeur groot aandeelhouder) or a dominant shareholder (e.g. a shareholder with a majority interest or a substantial minority interest in the institution or certain special rights);
• if the internal management organisation is sub-optimally arranged (e.g. when various internal risk control functions are fulfilled by one individual); and
• where the organisational structure or control structure is complex.

On the second, the DNB is consulting on a draft version of the meaning of Good Practice. The DNB notes the following three principles that should be taken into account in such design:

• having in place an appropriate internal policy framework;
• the mitigation of financial risks; and
• adequate intra-group legal arrangements.

The consultations end 27 November and 17 November respectively.

News Flash

• We understand that Bulgaria has been added to the FATF 'grey list' of countries subject to increased monitoring - with the Cayman Islands and Panama having been removed. The latest list can be found here.
• The Financial Stability Board have published a consolidated progress report for 2023 on the G20 roadmap for enhancing cross-border payments.
• Elon Musk expects the social media site formally known as Twitter to launch a suite of comprehensive financial services by the end of 2024, capturing "someone's entire financial life" including "money or securities or whatever".