Search This Blog

Thursday, 7 December 2017

Are UK Retailers Ready for The Ban On Payment Charges To Customers?

As mentioned previously, UK retailers won't be able to charge their customers a fee for using most forms of payment from 13 January 2018, and must refund any charges that violate the ban or limit. Certain surcharges within the scope of the regulations will remain permissible, but must not exceed the actual costs incurred in accepting the relevant payment method.

Customers will have teeth. Any contractual term requiring payment of a problem fee will be unenforceable to the extent of the excess charged, and will be treated as requiring the excess to be repaid. These rights can be enforced in the courts or alternative dispute resolution schemes. Customers might also initiate chargebacks for the excess amounts via their card issuer (or make a claim against the issuer under section 75 of the Consumer Credit Act).

Local Trading Standards authorities will have to consider complaints they receive from payers concerning prohibited charges, and must then decide whether to apply for an injunction or any other appropriate relief or remedy against the relevant payee or to accept undertakings to avoid court action. They must also notify the Competition and Markets Authority of any undertakings or the outcome of proceedings taken, which will be publicised for their reputational impact.

In addition, the authorities may seek enforcement orders under the Enterprise Act 2002. Where there is collective harm, the court can restrain continued or repeated conduct. 

I should add that the above restrictions apply to any "payee", not just retailers, as well as to bank transfers and direct debits in euros. They also cover business “payers”, not just consumers. However, excluded from the ban are charges for using commercial payment instruments - issued to businesses, public sector entities or the self-employed and limited to use for business expenses where the payments are charged directly to their account. But charges for using those must only cover the cost to the retailer of using that specific payment instrument.

The restrictions have been introduced in The Consumer Rights (Payment Surcharges) Regulations 2012 by the Payment Services Regulations 2017.

Update on 15.12.17: The government has now published its revised guidance on the Regulations, taking into account the ban introduced from 13 January 2018, as well as how to calculate appropriate surcharges where they are expressly permitted.

Wednesday, 22 November 2017

FCA Launches PSD2 Navigator

The Financial Conduct Authority has always led its EU counterparts in explaining its approach to regulating payment services, and continues to do so in spite of Brexit. 

The FCA had already published its "Approach" document for the new Payment Services Regulations 2017 (incorporating its approach to supervising the Electronic Money Regulations 2011) and has now launched a higher level web page to help navigate the impact and benefits of the new regulations.

This will be of most help to firms offering the new "account information services" and "payment initiation services", as well as retailers operating loyalty programmes that transact over €1 million in any 12 month period starting from 13 January 2018 and various other exclusions.

It is important to consider at the outset, however, whether your firm is offering payment services as a regular occupation or business.

Monday, 9 October 2017

Red Alert: Retailers With Loyalty Progammes

Three years after being announced in the UK and I suspect many retailers are yet to realise that their loyalty/store card programmes will be regulated by the Financial Conduct Authority from 13 January 2018 - likewise across the European Economic Area. 

As the FCA now also warns, retailers who offer such programmes anywhere in the EEA will need to track the annual transaction volumes very carefully, starting with the completely arbitrary and inconvenient date of 13 January 2018. 

If the volume meets or exceeds €1 million (or the GBP or local currency equivalent) in any 12 month period (the first ending on 12 January 2019), the retailer must notify the FCA (or local regulator) within 28 days (by 10 February 2019).  Firms may also choose to register at any time from 13 October 2017.

But be sure of the outcome before you decide whether or not to register!

The regulator must then decide whether the programme is exempt from regulation as an e-money/payment service.  

If the firm fails to notify, it commits an offence under the Payment Services Regulations 2017 (or local equivalent implementing the second Payment Services Directive (PSD2)). 

If the FCA decides the programme is exempt, then it must include the retailer on the FCA's register of 'limited networks', and the name will be added to a central register of all such firms across the EEA.

If the FCA decides the programme is not exempt from regulation the retailer can appeal, but basically this means the firm will have been found to be violating the Electronic Money Regulations 2011 and/or Payment Services Regulations 2017 by issuing e-money and/or offering a payment service without being duly authorised/registered to do so. Major problem!

So retailers really have to decide now whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

Of course, the mere fact that retailers with loyalty schemes have to be mindful of these requirements and go through the process means they are in effect regulated by the FCA. Ignorance, as they say, is no defence.

Wednesday, 27 September 2017

FCA to Regulate All Employees Of Financial Firms

The Financial Conduct Authority is consulting on the extension of its "Senior Managers and Certification Regime" (SM&CR) to all firms that are regulated by the FCA under the Financial Services and Markets Act 2000 (which excludes e-money/payment institutions, for example, unless they have dual authorisations).

This will replace the "Approved Persons" regime and extend some requirements to all employees

Consultation ends on 3 November, and the extension is likely to take effect from early in 2018. 

This means you should study the proposals and begin to plan how to comply, particularly as HR staff/advisers will also need to be involved.

Wednesday, 20 September 2017

Consultation: Contract Guidance for Data Controllers/Processors Under #GDPR

The Information Commissioner has published draft guidance for data controllers and processors on their contracts and liabilities under the General Data Protection Regulation, for comment by 10 October 2017. GDPR takes effect in the UK from 25 May 2018, but a lot of preparation is required, including reviewing and updating contracts for personal data processing.

The guidance is intended to explain what data controllers must include in contracts; and what responsibilities and liabilities data processors have under the GDPR.

As a sign of the complexity and uncertainty in this area, the ICO adds that its guidance "will need to continue to evolve to take account of any guidelines issued in future by relevant European authorities... as well as our developing experience of applying the law in practice"...

Tuesday, 19 September 2017

FCA Publishes Final Approach and Rules Implementing #PSD2

The FCA has today published its final policy statement on how it will supervise the Payment Services Regulations 2017 (implementing the second Payment Services Directive, or PSD2).

I haven't digested it fully yet, but following earlier consultations, the FCA explains that it has amended its approach in various respects, particularly, its perimeter guidance on the new account information services and payment initiation services, complaints handling and reporting and conduct of business requirements. There is a table summarising the updates on page 6 of the policy statement.

I may post on any significant changes separately.

Further updates will be required when certain regulatory/implementing technical standards (RTS/ITS) and EBA Guidelines are finalised in late 2017 and early 2018, including EBA Guidelines on operational and security risk, and fraud reporting.

In the meantime, various draft application forms for authorisation and reporting have been published, with the final versions to be available for applications from 13 October 2017.  As explained in my earlier post, the FCA recommends waiting until then, even if you are making an application under the current regulations - otherwise it will need to be updated or re-assessed.

Tuesday, 12 September 2017

FCA Weighs In On #InitialCoinOfferings

The Financial Conduct Authority has just published its thoughts on "initial coin offerings" (ICOs), the issue of cryptographic tokens or 'currency'. There is already a wide variety of purposes for ICOs, making them much harder to classify than your typical stock market "initial public offering" (or IPOs) with which some people seem to be equating them.  The FCA has also provided links to guidance from: 
Many additional risks also arise from the fact that the nature of the 'coins' or cryptographic currency and whether there is a market for those - quite apart from the purpose for which funds are being raised and/or invested in - as well as the distributed ledger in which they and related transactions are based. We are a long way from the usual stakeholders (like regulators) understanding and engaging with the new technology, let alone standardising any kind of process for doing ICOs as 'efficiently' as IPOs or even traditional technology projects (hopefully more so!).

I have no reason to think ICOs won't necessarily become fairly commonplace in due course, but it's appropriate for the regulators to be treading cautiously at present - although they should be supportive of genuine attempts to innovate in this area and engage positively with issuers while warning investors of the risks.

Here's a helpful ICO 'tracker' from CoinDesk.