Subscription Contracts Reform

The UK government is consulting on the detail of the new subscription contracts regime that is due to take effect in April  2026. The long lead time is a warning signal that there is plenty of devil in the detail... If you would like any legal advice on the potential impact of the new regulations and guidance, please get in touch.

Primarily, it's of course important to understand what is meant by "subscription contract". However: 

• Just because a contract does not meet the definition does not mean that it's unregulated, just that it likely remains regulated under the existing Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (CCRs).
• There is also a very long list of exemptions for contracts that meet the definition, but are regulated under existing regulatory instruments other than the CCRs.

Key obligations include: 

• consumer reminder notices at key points, including before a free or introductory trial comes to an end.  
• easy-to-use ways to cancel/terminate: 
• within an initial cooling-off period; 
• on expiry of any initial free or discounted period; and 
• if the contract renews for a period of 12 months or more. 
• implied contract terms imposing DMCCA compliance obligations on traders, breach of which gives the consumer a further statutory right to cancel the contract.

The latest consultation covers: 

• The consequences of cooling-off cancellation right, including consumer rights to a refund, the trader’s right to recover goods supplied; 
• Consumer rights to a refund after 'cancellation' for a trader’s breach of duty; 
• Timing of refunds; 
• Restrictions on contractual terms that might affect a consumer’s contractual right to terminate; 
• Information notices to be given by traders. 
• proposed guidance for traders on presenting pre-contract information and enabling consumers to easily exit subscription contracts.

If you would like any legal advice on the potential impact of the new regulations and guidance, please get in touch.

Commission Disclosure on Motor Finance Has Broader Significance

Please see my 'Keynote' on this topic.

Update on Buy Now Pay Later Reforms

Please see my 'Keynote' on this topic.

FCA Warns Payment Service Providers To Control Other Types Of APP Fraud

While there is now a mandatory reimbursement regime and other protections for authorised push payment (APP) fraud for consumer payments made within the UK in GBP using the Faster Payment System and the CHAPS system, the FCA has also told banks and other payment service providers that a combination of their obligation to guard against financial crime and their consumer duty means that firms must also offer the same protection in other scenarios where consumers may be tricked into making payments using their services, such as between payment accounts at the same service provider ('on us' APP fraud).

If you are planning to provide a lower level of protection to ‘on us’ APP fraud reimbursement compared to payments made through FPS and CHAPS, we ask you to contact us to provide an explanation of the steps you have taken to meet those obligations.

Of course, 'consumers' include 'micro-enterprises' (who employ fewer than 10 people and have a turnover or annual balance sheet of up to €2m) and small charities (who have annual income of less than £1m).

The FCA's letter to CEOs also sets out various expectations in relation to the mandatory APP regime, including a reminder on anti-fraud controls and the need to factor in the potential level of fraud reimbursement into firms' working capital calculations.

This post is for information purposes, please get in touch if you require legal advice.

The FCA Wonders Out Loud Whether UK E-money Is Really Redeemable at Par...

The 'decoupling drama' surrounding USDT stablecoins appears to be echoing in the UK e-money world amid news from the UK Financial Conduct Authority that it doesn't know whether UK e-money firms fully safeguard the cash corresponding to their customers' e-money balances. This bombshell comes with a commitment to change the safeguarding rules in ways that could bring further problems, casting serious doubt on whether UK authorities' really have a grip on the payments sector.

This post is for information purposes only. If you would like legal advice, please let me know.

Context

The FCA's consultation on proposed changes to the 'safeguarding' rules for non-bank payment service providers makes you wonder who's been responsible for supervising the 24 year old sector. The regulatory regime has been under the FCA's direct supervision since it took over from the beleaguered Financial Services Authority in 2013. The sector comprises over 1,200 firms and processed £1.9 trillion in payment transactions in 2023. Electronic money (basically prepaid stored value that's used for making e-payments to others) represents about £1 trillion of these volumes, issued by 250 firms. Some e-money balances, such as those relating to prepaid card programmes, are significant and held for long periods. 

E-money is supposed to be issued on receipt of funds, and to be 'redeemable' on demand, at 'par value'. So, if you pay £1 to the issuer, it should immediately credit your online payment account in its systems with £1 and that balance should continue to be 'worth' 1 GBP when you transfer, spend or withdraw it. You have the regulatory right to withdraw - or 'redeem' - your e-money balance on demand. 

But e-money balances (like other non-bank payment flows) are not subject to the deposit guarantee under the Financial Services Compensation Scheme that backs bank deposits (up to a limit of £85,000 for all your deposits with the one bank). Instead, the right to redeem your e-money at par is underpinned by a regulatory obligation on the issuer to safeguard the corresponding amount of cash in GBP in a designated bank account, separate from its own funds (or with insurance), so that the funds are available to pay out immediately on demand.

Other types of non-bank payment service provider (payment institutions) must also safeguard customer funds, but they're only supposed to hold funds for as long as it takes to execute/process the related payment order, rather than allow their customers to hold an ongoing balance, so the time during which the funds are 'at risk' of the PSP going bust or dissipating the funds should be shorter than for e-money balances.

What's the immediate problem (opportunity)?

The FCA admits in its consultation paper that it does not know whether firms are failing to fully safeguard funds corresponding to the payment transactions they process or the e-money they issue. Worse, it reveals that in the 5 insolvencies of e-money institutions from 2018-2023 only 20% of funds were available and it took over 2 years on average time for an administrator to distribute the first round of customers' balances...

This seems to echo what happened when the value of  Tether's USDT 'stablecoins' - which aim to trade at parity with the USD - de-pegged from the USD. The scenario presented traders with an arbitrage opportunity: some borrowed amounts in a rival stablecoin and bought USDT at a discounted rate, betting that if USDT returned to its 1:1 peg, they could sell their USDT at parity and repay their loans at a profit.

In principle, there may be little difference between a right to redeem an 'e-money' balance in an online account and a 'fiat-backed stablecoin'. Indeed, the EU regulates fiat-backed stablecoins in the same way that it regulates e-money, while the FCA suggests they should be regulated differently, as recently discussed on LinkedIn.

Could there be an 'arbitrage opportunity' between balances issued by different e-money issuers, based on the extent of their safeguarding and availability of the balances?

Why Doesn't the FCA Make Firms Reveal How Much is Safeguarded At All Times?

Alarmingly, the FCA says the problem arises from firms not understanding how to safeguard, as well as "challenges in supervision and enforcement": 

33. In some firm failures there has been evidence of safeguarding failings which put client funds at risk and resulted in shortfalls. The current light-touch regime around [FCA!] reporting requirements means that supervisors have insufficient information to identify firms that fall short of our expectations. This then prevents the FCA from being able to prioritise resources, be that support or enforcement, on firms that pose the greatest risk to clients prior to insolvency. 

34. In particular, we are concerned about 2 areas. First, regulatory returns do not contain sufficient detail to assess whether firms are meeting their safeguarding obligations. Second, the safeguarding audits provided for in the Approach Document do not have to submitted to the FCA, further limiting our oversight. 

35. Furthermore, the lack of clarity and precision in current provisions leads to difficulties in enforcement as firms may be able to contest findings. This can undermine the credibility of enforcement as a deterrence.

Begging the question: in such circumstances, should the market continue to believe that UK issued/FCA-regulated e-money is really on par with GBP? 

New Rules...

The UK authorities' proposed remedy is to bring in more detailed rules, in two phases: supplementary rules under the current regulations "to reduce the incidence and extent of pre-insolvency shortfalls" (why so late?) and moving the e-money/payment services safeguarding regime under the FCA's wider 'client asset rules' (CASS) regime "to improve the speed and cost of distributing funds post-insolvency" - suggesting that the last attempt to improve the insolvency regime for non-bank payment service providers failed.

The interim rules will only echo current requirements, however, with only monthly reporting on the amount of e-money issued and corresponding cash safeguarded. Will the market be told? Even stablecoin issuers publish the amount of backing assets they hold (to prevent a 'run' on their stablecoins and a crash in the value). Maybe e-money issuers should start doing that, too? 

Among the eventual CASS rules will be an obligation to hold safeguarded funds under a statutory trust in favour of their e-money holders. This reflects the FCA's frustration at having already lost the argument in the case of Ipagoo in the Court of Appeal, which held that there is no statutory trust in favour of e-money holders under the E-money Regulations. The FCA is also pressing for a statutory trust over the cash which 'backs' fiat-backed stablecoins (while the EU has not). 

The statutory trust idea, in particular, raises a number of issues. 

The first issue is whether an e-money holder could have property rights in two distinct assets: the e-money balance (or the right to redeem it at par) and the beneficial interest in the pool of cash held by the issuer in the statutory trust (equating to the par value of e-money held)? If so, does the e-money holder simply have double the value of their e-money balance and/or could the value of these interests diverge?

Secondly, if the e-money itself gives the holder rights in the underlying cash in the statutory trust, why isn't e-money an investment instrument of some kind (the very thing that stablecoin issuers have structured their offerings to avoid, for fear of creating a regulated 'security')? Could it be traded on an exchange (or 'multi-lateral trading facility'), for instance? 

Thirdly, the requirement for the corresponding cash to be held in trust is no guarantee that an adequate amount will be held, or that the issuer won't somehow subvert the trust by, for example, failing to deduct 'own funds' (such as amounts owed in fees). What would such a failure mean for the value of the e-money balance itself (or the right to redeem it at par)?

There are likely other issues, such as those arising where an e-money holder has somehow granted an interest to a third party in either the e-money balance or the beneficial interest in the statutory trust. Currently, only the e-money issuer may have an interest in corresponding cash that is safeguarded. 

None of this is to suggest that there aren't answers in each case. The point is that the new concept of a statutory trust over the cash corresponding to e-money balances raises fresh uncertainty where the situation already appears grave under simpler rules; and without really solving the fundamental problems of potentially safeguarding too little and slow distribution on insolvency. 

More transparency and closer supervision would seem to be preferable.

Conclusion

The potential for new safeguarding rules is an almighty distraction from the critical uncertainty surrounding the integrity of the non-bank payment sector today.  

To ensure market confidence, e-money and payment firms may need to resort to publishing their safeguarding position on a daily basis, regardless of the FCA's requirements.

And new FCA rules will prove futile if the level of supervision remains the same.

This post is for information purposes only. If you would like legal advice, please let me know.

A New Role In Ireland!

I'm pleased to say that I've been welcomed into a new consulting role in Dublin with Crowley Millar, a boutique in the financial district that prides itself  on 'pragmatic expert advice' - apt for someone whose other blog is Pragmatist! 

Huge thanks to Hugh Millar and the other partners for agreeing to take me on, and to Bryan Sweeney who led the charge on the very kind recommendation of a mutual client.

So it wasn't the beach that's kept me from these pages. In fact, it's been such a frantic summer I've had to restrict myself to posting on LinkedIn and occasionally Mastodon while absorbed by an almighty due diligence exercise and various other things. Fortunately, the change in UK government meant a pause on the consultation front.

At any rate, I've resurfaced, both here and in Dublin, so stay tuned...

If DAOs Are Really Autonomous, They Could Be Regulated As AI Systems Under the EU's AI Act...

Two recent publications - that of the EU's Artificial Intelligence Act and the UK Law Commission's 'scoping paper' on whether and to what extent Decentralised Autonomous Organisations should be granted legal status - got me thinking about this, because both AI systems and DAOs will tend to be global or 'borderless' in nature. It seems to me that the EU may have granted certain DAOs a form of legal status already - as AI systems - while focusing responsibility and liability on only some of the roles involved... If so, we can add this to other examples of sector-specific regulation in areas where DAOs might be established to operate, which could also have significant implications for the DAO and its participants. Please let me know if you require legal advice in these areas.

Defining AI systems and DAOs

‘AI system’ means [with limited exceptions] a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments;

The Law Commission uses the terms "DAO" very broadly to describe:

a new type of online organisation using rules set out in computer code. A DAO will generally bring together a community of (human) participants with a shared goal – whether profit-making, social or charitable. The term DAO does not necessarily connote any particular type of organisational structure and therefore cannot on its own imply any particular legal treatment.

As to what is meant by "autonomous" the Law Commission found that:

In the context of a DAO, “autonomous” has no single authoritative meaning. Some suggest that “autonomous” refers to the fact that the DAO has (a degree) of automaticity; that is, it relies in part on software code which is capable of running automatically according to pre-specified functions. Others suggest that “autonomous” is a broader, descriptive term used to encapsulate the idea that DAOs are capable of operating in a censorship-resistant manner without undue external interference or internal (or centralised) control. In this paper we allow for both meanings.

To merge the two concepts: a DAO's governance or decision-making could be automated 'with varying levels of autonomy' using codified 'smart contracts' that operate automatically in certain circumstances, to infer from the inputs received how to generate recommendations or decisions that influence the DAO or some other virtual or physical environment. 

Whom would this affect?

The AI Act applies to any person who supplies an AI system (or GPAI model) on the EU (read EEA) market (wherever they may be located) and anyone located outside the EU who provides or deploys an AI system outside the EU, if the output of the AI system is to be used in the EU. 

The AI Act encompasses a range of roles or actors who might - or should - have responsibility/liability in connection with the risks posed by an AI system, each of whom qualifies as an "operator":

‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge;

‘deployer’ means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity; 

‘authorised representative’ means a natural or legal person located or established in the [EEA] who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation; 

'importer’ means a natural or legal person located or established in the [EEA] that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country; 

‘distributor’ means a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the [EEA] market; 

When we think about who might be involved or 'participate' in a DAOs, the Law Commission has grouped them as follows (though the roles may not be mutually exclusive):

1. Software developers 
2. Token holders of the tokens that enable governance or other types of participation 
3. Investors/shareholders (where DAOs use recognised legal entities such as limited companies). 
4. Operators/contributors in connection with the DAO's tokens (miners/validators), software, management etc. 
5. Customers/clients, where the DAO offers an external service.

However, it is clear that these roles don't readily 'map' to the AI Act's concepts of responsibility for managing risks associated with the establishment, deployment and ongoing operation of DAOs.

This is not unusual when it comes to sector-specific regulation, which tends to focus on certain activities that some legal person or other must be conducting in the course of developing/establishing, deploying, operating and winding-down/up (although perhaps a lot of this type of regulation tends to be more limited in its territorial application).

Conclusion

Of course it's important to think of DAOs in terms of being an 'organisation' of some kind with legal implications for the participants depending on the actual type (Chapters 3 to 5 of the Law Commission's paper). 

However, it's also critical to consider the potential impact of sector-specific regulation that governs the activities of developing/establishing, deploying, operating and winding-down/up certain types of services or products. This type of regulation tends to be more limited in its territorial application, so requires a country-by-country (or even state-by-state analysis in countries like the US or India or regional trade arrangements, like the EU). Significant examples of this type of regulation that may have very grave implications for the liability and responsibilities of DAO participants include anti-money laundering requirements, financial regulation and tax (Chapter 6 of the Law Commission's paper), and we can add the AI Act as a more recent example. 

Please let me know if you require legal advice in these areas.