Payments View April 2024

Before we dive into this month's Payments View, we wanted to let you know that we will be at Money 20/20 in Amsterdam in early June and hope to see a number of you there. If you're attending, do let us know. In the meantime, we have a packed edition of Payments View covering:

• FCA Perimeter Report update: NPA, Open Banking and Access to Cash changes
• The latest on the PSR’s mandatory reimbursement requirement for APP scams: data, reporting and compliance
• High Court considers novel APP fraud “retrieval duty” claim against both sending and receiving PSPs
• FCA anti-greenwashing rule
• Reflections from the PSR’s Head of Supervision and Compliance Monitoring
• NPA – letter from PSR to Pay.UK on delay, investment and expansion
• Design for the Future Entity proposed by JROC
• Update on the ‘FCA priority’ of Big Tech
• Crypto, sanctions and monitoring changes to Financial Crime guidance proposed by FCA
• Dear CEO letter on Motor Finance Discretionary Commission
• FCA Handbook update: Financial difficulty - protections for consumer credit and mortgage borrowers
• PSR Annual Plan and Work Plan published
• Money remittance firms fined £150,000 by FCA on competition grounds

As always, don’t hesitate to reach out to us if you would like to discuss any of the developments in this edition.

FCA Perimeter Report update: NPA, Open Banking and Access to Cash changes

Earlier this month, the FCA updated its annual Perimeter Report which made changes to how the regulator sees the scope of its jurisdiction and the key initiatives that it wants to flag to the market. From a payments perspective, the most interesting changes were those made by the FCA to its sections on the NPA, Open Banking and Access to Cash:

• Following the December 2023 pause to the NPA’s work, the FCA has removed much of the language on what the NPA is intended to achieve (replacing retail interbank systems, taking place over a single infrastructure, and providing better value and fraud detection). Instead, the FCA shifts the focus to the role of Pay.UK in delivering the NPA and notes that (as part of the work on the National Payments Vision) “the role of the NPA will be considered”.
• On Open Banking, it is clear that the regulator sees a move towards more products, smarter data, and the potential for the Future Entity being established in an “interim state” as being their priorities.
• Access to cash has seen a substantial addition to reflect the FCA’s ongoing work in this area – with a Policy Statement following the FCA’s consultation expected in Q3 this year. Whilst the new section does make clear that the FCA “does not have powers to require firms to provide particular banking services”, the regulator does set out a slight broadening of its guidance in this area, stresses the overlap with the Consumer Duty, and calls on firms to consider the impact of any changes on customers, particularly those with characteristics of vulnerability.
• Finally, whilst there were some minor changes on BNPL, there is still no indication of whether the previously proposed regime will be taken forwards.

The FCA doesn’t provide a summary of changes but we have run a redline of the new text against last year’s Report so please do let us know if that would be helpful.

The latest on the PSR’s mandatory reimbursement requirement for APP scams: data, reporting and compliance

While the core of the APP scam reimbursement requirement was finalised earlier this year, firms had previously been left in the dark about the operational implementation of the Faster Payment inter-firm communication and the data reporting.

The PSR has now published a consultation paper on compliance and monitoring requirements. Weighing in at 100 pages, the proposed regime will require substantial engagement from firms and includes a number of operational deadlines.

Subject to the PSR's approval, the compliance monitoring regime itself will be published by Pay.UK by 7 June 2024. Highlights include:

• A specific requirement for all (direct and indirect) PSPs to register to use the proposed technical solution (the ‘RCMS’) by 20 August 2024.
• Requirements for firms covering data collection, retention, review, and monthly reporting to Pay.UK. One point we think is useful to note is that these requirements are extremely broad and, at times, cover “any consumer issue that may potentially be within the scope of the FPS APP scams reimbursement requirement”.
• Specifically, the PSR proposes two standards of data collection, following a phased approach with full details set out at Annex 1. The ‘lower’ standard (Standard A) would be effective from the reimbursement requirement’s start date, 7 October 2024.
• That PSPs will need to “assure themselves” of the accuracy and quality of the reported information and respond in a timely manner to RFIs from Pay.UK. Whilst there are some restrictions on the use of the information received, from May 2025 these restrictions are significantly loosened.
• Whilst this section seems closer to a consultation proposal than fixed policy at this stage, the PSR does suggest requirements on how PSPs communicate the reimbursement requirement to its consumer customers which, if adopted, would likely require changes to firms’ T&Cs.

Responses are due by 28 May 2024, so do let us know if it would be helpful to discuss.

High Court considers novel APP fraud “retrieval duty”

Stepping away from the future of APP fraud and back into the present, we wanted to highlight a particularly interesting High Court case which touches on the obligations owed by receiving PSPs following a fraud.

As most PSPs will already be aware, the PSR's reforms (due to come into force in October) create a regime for mandatory APP scam reimbursement. This regulatory scheme is intended to address the present position, which is considered to be unsatisfactory because APP scam victims will rarely have a right to reimbursement on the basis that:

• Authorised payments which are induced by fraud do not trigger any reimbursement right for victims under the PSRs;
• Following the decision in Philipp v Barclays, PSPs will not owe a Quincecare duty to protect individual customers from APP fraud scams; and
• Receiving PSPs will generally not owe any duties to the APP scam victim (since the victim is not the receiving PSP's customer).

The new decision in CCP Graduate School Ltd v National Westminster Bank plc & Anor [2024] EWHC 581 will therefore be of concern to PSPs as it suggests that receiving PSPs may owe a tortious duty to APP scam victims to take reasonable steps to retrieve or recover the sums paid out as result of the APP fraud (i.e. a “retrieval duty”). The Court in this case refused to strike out a claim against the receiving PSP that it had failed in its "retrieval" duty of care to the victim and decided that, on balance, there was some uncertainty as to whether the retrieval duty could be owed by the receiving PSP. We understand that the receiving PSP has been given permission to appeal the Court's decision.

The decision therefore gives rise to the possibility of an APP scam victim having a right to pursue the receiving PSP and, in this respect, is similar to the FCA's DISP rules which have, since 2019, given the FOS jurisdiction over the receiving PSPs in APP scam cases.

This cuts-across the PSR's reimbursement scheme, which is intended to provide a holistic solution to the problem of APP scam reimbursement of the kind envisaged by the Supreme Court in Philipp. In this case the Supreme Court stated that the reimbursement model for APP scam victims is a question of social policy for regulators and the government (and not the Courts). The PSR's regime is based on the victim seeking compensation from the sending PSP and the sending PSP splitting liability with the receiving PSP. Accordingly, there is considerable scope for complexity and confusion if victims have the ability to also pursue the receiving PSP.

FCA anti-greenwashing rule

The FCA has published its finalised guidance on anti-greenwashing (AGW) which applies to all sectors of the UK financial services industry. It is not limited to the asset management sector (unlike the rest of the FCA’s sustainability disclosure rules). You can access the final AGW guidance here, and we hosted a client webinar on Wednesday which you can access here.

The AGW rule applies to all FCA regulated firms, when they refer to the environmental or social characteristics of products or services, in any client communication to UK clients or financial promotion to UK persons. The AGW rule requires firms to ensure that their sustainability claims are fair, clear and not misleading. The headline AGW rule is fleshed-out with detailed guidance on how to ensure that these claims are correct, clear and complete, and that comparisons are fair and meaningful. The AGW rule applies to both retail and professional communications, including business-to-business as well as business-to-consumer communications.

We expect the impact of the AGW rule on PSPs and EMIs to be limited, however we have seen instances where it applies to deposit aggregators and expect other business models will be in scope. Both the AGW rule and guidance come into force on 31 May and there is no implementation / transitional period to become compliant. In case you are looking to develop any products or services that would be in scope of the AGW rule, it is important to consider how you will comply given the 1 month timeframe.

If you would like to hear more from our team of experts on ESG regulation or discuss how we can support you with AGW compliance, please let us know.

Reflections from the PSR’s Head of Supervision and Compliance Monitoring

Six months into the job, Oliver Hanmer reflects and shares his views on the regulation of payments and the approach of the PSR to supervision and compliance monitoring following the establishment of the division. In line with the FCA, the focus is on “delivering good outcomes for consumers through pragmatic and reasonable regulatory interventions”.

Hanmer notes that compliance monitoring is a useful tool for assessing whether regulatory requirements have been implemented and adhered to in the way that the PSR and other regulators intended. When assessing compliance with its directions the PSR does not intend to take a prescriptive approach and will focus on whether the right outcomes are being achieved. Therefore, Hanmer encourages firms to consider compliance monitoring as part of a policy evaluation framework. Where there are compliance failings, the PSR is minded to take a collaborative approach so long as firms are proactive, otherwise it will use its more stringent regulatory powers.

Similarly to other financial services regulators, the PSR will use its supervisory powers for building effective, ongoing relationships with those it regulates. Hanmer wants to create more opportunities for informal and regular dialogue to foster collaboration. To that end, the PSR is proposing a more structured approach to financial / regulatory reporting that will better inform its decision-making process and has just published a call for views on its approach to supervision.

NPA – letter from PSR to Pay.UK on delay, investment and expansion

Following (as noted above) the pause in the NPA programme, the PSR has written to Pay.UK “in recognition of regulatory processes being ongoing, the uncertainty and delay created by the government announcing its intention to consider the NPA’s role as part of the National Payments Vision and Pay.UK’s subsequent decision to pause the NPA programme”.

The letter is a masterclass in skating around the difficulties that have faced the NPA in recent months (which have made HS2 look like assembling a small child’s trainset) and all but confirms that Pay.UK will be unable to meet its Specific Direction 3 deadline of 1 July 2026.

Whilst next steps will clearly depend on the direction that the National Payments Vision goes in (with HMT currently making the rounds with industry to scope this out), the PSR make clear that it expects Pay.UK to discuss with Vocalink both additional resilience-related investment and potential options for increased capability. The PSR also expects an update from Pay.UK on a number of areas, including key milestones (and timings), scope and costs, the potential impact of the procurement of a new Central Infrastructure as recommended by the Payments Strategy Forum, and industry reaction.

Design for the Future Entity proposed by JROC

The Joint Regulatory Oversight Committee (“JROC”) published its proposals for the design of the Future Entity for UK Open Banking, as well as more detail on the proposal (floated previously) for an Interim Entity which will progress the parts of the non-CMA Order JROC workstreams currently being carried out by Open Banking Limited (“OBL”).

In April 2023, JROC published its recommendations for the next phase of Open Banking in the UK and these proposals set out recommendations on the design of the structure, governance, and funding of this Future Entity. Specifically, the proposals reflect the Future Entity’s proposed primary purpose of supporting the development of new Open Banking propositions whilst also ensuring the maintenance and improvement of existing services, including facilitating existing and new payment capabilities.

In the meantime, the proposals also give more colour to the Interim Entity (which JROC is consulting on being established immediately as a subsidiary of OBL). JROC intends that the Future Entity will, in time, take over the functions of the Interim Entity as well as the Order workstreams carried out by OBL and overseen by the CMA.

One point that is helpful to pull out is the importance placed by JROC on the role that the Smart Data scheme will play – with HMT publishing its ‘2024/5 Roadmap’ across seven sectors, including banking and finance.

Update on the ‘FCA priority’ of Big Tech

In the spirit of the importance of data, the FCA have published their Feedback Statement from the November 2022 Call for Evidence on the role of Big Tech (previously covered in Payments View). Whilst the Feedback Statement does make interesting reading, at this point it acknowledges that it and the broader state of the market raise more questions than answers – particularly on how potentially valuable consumer data could become.

The FCA therefore commits to further analysis on Big Tech and proposes to “work to identify and pilot ‘use cases’ to empirically test whether Big Tech firms’ data from their core digital activities could be used to improve competition and innovation in financial markets”. If the FCA’s analysis finds Big Tech data is valuable in financial services, it confirms it will look to incentivise more data sharing with financial firms through Open Banking. However, if the FCA finds potential risk or harms it will also look to develop proposals for the CMA to consider when they are given powers to regulate designated firms’ digital and data conduct, expected via the Digital Markets, Competition and Consumers Bill.

Crypto, sanctions and monitoring changes to Financial Crime guidance proposed by FCA

The FCA are currently consulting on changes to their Financial Crime Guide (the “Guide”) following extensive engagement with industry (over 170 firms were contacted). This also comes alongside the ongoing work required for Annex 1 firms (following the Dear CEO letter) and the proposed changes from HMT to the MLRs; both covered in last month’s Payments View. One of the main point from the CP is that the FCA proposes to draw specific attention to cryptoassets and specifically set an expectation for crypto firms registered under the MLRs to take into account the Guide when designing their financial crime systems and controls. Other changes focus on expanding the guidance that firms need to take into consideration as part of their systems, controls and risk assessments, covering proposals on:

• Sanctions and PF: reflecting the FCA’s findings from its assessment of firms’ responses to the invasion of Ukraine as well as ensuring that Proliferation Financing is explicitly referenced. These changes focus on the high-level systems and controls across MI & senior management oversight, updates to good and bad practices, as well as specific new guidance on assessing and reporting sanctions breaches.
• Transaction Monitoring: on how firms should implement and review their transaction monitoring systems – particularly if they are seeking to involve more complex processes, such as AI. This includes new self-assessment questions, examples of good and poor practice (particularly in evaluating the effectiveness of the system itself and setting appropriate triggers), guidance on switching monitoring systems, and further points on the importance of oversight, resources and expertise. For firms looking at updating their business risk assessments, it also proposes a substantial refresh of the TM self-evaluation questions which firms should take into consideration.
• Consumer Duty: that firms should specifically consider whether their systems and controls are “proportionate and consistent with their obligations under the Duty”, with all the complexities this could raise.

The FCA’s working assumption is that a “gap analysis will generally not be required” but we would suggest that firms need to start considering the expanded good and bad practices on transaction monitoring to help benchmark, as well as the proposed (more specific) requirements on policies and procedures that firms should have in place for frozen assets, reporting breaches, and screening. There’s a relatively long lead in time for this one (comments are being accepted until 27 June 2024 and it is unclear when a resultant policy statement would be published) so do let us know if useful to have a quick chat on what your firm is doing.

Dear CEO letter on Motor Finance Discretionary Commission

While the probe into discretionary commission in motor finance continues the FCA have taken the opportunity to remind firms in a Dear CEO letter that they should plan for additional operational costs from increased complaints and, where applicable, to meet the costs of resolving those complaints. The FCA reminds firms that they will be monitoring this through ongoing reporting.

At this stage firms do not know what the outcome of the FCA’s review will be; however it is clear that there is an expectation of an increase in complaints activity and that firms must take an independent view of what this means for their redress costs.

This is no easy task: firms will need consider what they expect the FCA’s approach will be before the FCA have announced the findings of their probe. Assumptions can be made about potential increases in complaints activity based on that seen as a result of the media coverage to date, but this could be impacted enormously by the findings of the probe and the resulting press coverage (including whether the FCA decide to bring about the return of the head of Arnie!).

The bigger risk at the moment is likely to be the approach taken to determining how much should be provisioned in relation to redress payments. Without knowing the FCA’s findings there is a risk of adopting an internal approach which goes further than the regulator will ultimately expect – and which could then prove difficult to move away from.

FCA Handbook update: Financial difficulty - protections for consumer credit and mortgage borrowers

Following the pandemic and seemingly unending increases in the cost of living, the FCA, unsurprisingly, continue to be concerned about the treatment of borrowers in financial difficulty. As a result the FCA has consulted on whether aspects of its coronavirus Tailored Support Guidance should be incorporated into the FCA Handbook in order to strengthen protections for borrowers in financial difficulty. Following CP23/13 in May 2023, the FCA have made changes to CONC and MCOB which come into force on 4 November 2024.

The changes are fully described in Policy Statement 24/2 and cover a number of areas of customer treatment and cover credit and mortgage products. A key change is broadening the scope of the rules to provide protection to customers approaching arrears as well as those who have fallen into arrears – and for overdrafts identifying repeat use as early as possible and developing repeat use strategies.

Firms may already have some, if not all, of the new rules embedded within policies and processes but given the introduction of this guidance, this is a good time to review the overall approach to arrears and forbearance to make sure it not only meets the new requirements but is also delivering good outcomes for customers as well as the firm.

PSR Annual Plan and Work Plan published

The PSR has also published a number of corporate documents over this month, with its Annual Plan and Work Plan (modelled after the FCA’s Regulatory Initiatives Grid) being particularly helpful. The Work Plan itself is structured around the PSR’s main initiatives over the next year, specifically:

• A review of the PSR’s Strategy
• Market reviews of (i) cross-border interchange fees and (ii) scheme and processing fees
• Work on ATMs and digital payments
• Authorised push payment scams
• Unlocking account-to-account payments
• Supervision and compliance monitoring

The last of these is particularly interesting as the PSR moves towards a more active role in the market and engaging with industry to address compliance with requirements. Also of interest is the PSR’s shortly upcoming Stakeholder Event on 9 May.

Money remittance firms fined £150,000 by FCA

The FCA has recently fined three international money remittance service providers, for violations of competition law. The firms were found to have coordinated on exchange rates and transaction fees for money transfers from Glasgow to Pakistan between 18 February 2017 and 31 May 2017, thereby apparently fixing prices for consumers. Online services or services to countries other than Pakistan were not implicated in the anti-competitive conduct.

The case serves as a reminder for firms to independently decide their prices, avoid communication that could lead to anti-competitive behaviour, and understand that competition law applies regardless of a firm's size or location. It also highlights that a firm can infringe competition law by facilitating other firms to engage in anti-competitive conduct, even if it is not directly involved in the relevant market.

News Flash

• PSD3 update – we’ve seen another step in the (long) road to PSD3/PSR1 with the European Parliament adopting a new set of proposals which, much like the regulatory mood music from the UK, focus on preventing fraud, strengthening access to cash and adapting to emergent payment structures. Work will be followed up by the new Parliament after the 6 - 9 June European elections, so we are still a way away, but we’ll keep you updated of developments in future editions of Payments View.
• The FCA is coming under increased pressure from industry, ministers and the House of Lords on the plans to ‘name and shame’ firms at a much earlier stage of their investigatory/enforcement process. If you would like to contribute to these discussions, the Simmons team are preparing a specific consultation response – do let us know if it would be useful to discuss.
• The PSR’s Final Report on its market review into cross-border interchange fees is delayed and expected to be published in Q2 2024. You can see our comments on the Interim Report published in December.
• The NCA published a number of Suspicious Activity Reports (SARs) Portal resources on the:
  • SAR Portal FAQs
  • SAR Portal Overview
  • SAR Portal: How to register
• UK Finance has published an interesting report on commercial variable recurring payments (VRPs) model clauses.
• The BoE, PRA, FCA and PSR reviewed their Memorandum of Understanding in relation to payment systems in the UK. Revisions were made to accommodate stablecoin regulation, embedding reforms from FSMA 2023 and enhancing the sharing of information and data between the authorities. Not wishing to be left out, HMT have also published an updated Memorandum of Understanding between the FCA and the BoE (exercising its prudential functions).