Search This Blog

Thursday, 27 July 2017

Of Card Payments, Consumer Protection, SMEs and Merchant Aggregators

Consumer advocates have raised the issue of some uncertainty about which credit card transactions benefit from the statutory right to pursue the card issuer if a merchant makes a misrepresentation or breaches the contract for sale of an item (see the April article from MoneySavingExpert). Many do not realise that the uncertainty arises from arrangements that enable small businesses to accept card payments, overlooking important benefits to SMEs and consumers alike. If SMEs (which represent 99% of UK businesses) cannot accept card payments, consumers may find it less convenient to deal with them, threatening their livelihoods and over half the UK's new jobs, while also reducing consumer choice and competition for large retailers. The statutory right is also subject to exceptions that mean the transaction might not be covered anyway. Yet cardholders still have 'chargeback' rights under their card terms, which are more generous and involve less hassle than making a statutory claim.  So, my own view is that the benefit of enabling small traders to offer their customers the convenience of paying by card outweighs the potential lack of a statutory claim against the card issuer, because the cardholder has the greater comfort of being able to initiate a chargeback anyway. 

Statutory Rights

Consumer credit transactions that involve the borrower (e.g. a credit cardholder), the creditor (e.g. a credit card issuer) and a supplier (merchant) under the same agreement benefit from a provision of the Consumer Credit Act (CCA) that makes the creditor liable for any misrepresentation or breach of contract relating to the sale of the item (section 75). Various exclusions apply. For instance, it only covers items over a £100 up to £30,000 and it does not cover or must be more than Another provision covers transactions where the credit agreement did not directly involve the supplier but was specifically linked to the sale of a specific item (section 75A). Again, however, there are exceptions and it only applies to transactions for an amount exceeding £30,000 up to £60,260, so it is unlikely to be relevant to card transactions.

Chargeback Rights

Under rules governing the operation of the card schemes, such as MasterCard, card transactions can be reversed or 'charged back' in various cases including cardholder dispute within 180 days of the transaction. This right is wider than the statutory right under section 75 of the CCA because it applies to debit card transactions as well as credit card transactions, and the reasons for initiating a chargeback go well beyond the scope of the statutory right (see the list of reasons on page 54).

Merchant Aggregators

Card schemes operate by enabling issuers to issue payment cards that can be presented to participating merchants, who send the transaction data to an 'acquirer' who then obtains payment from the relevant card issuers via an 'interchange' process run by the card scheme operator. 

Typically, the merchant must have a direct contract with an acquirer, but that is expensive to set up and administer in the case of small merchants. 

So to give cardholders the convenience of being able to pay small merchants, the card schemes allow approved intermediaries (MasterCard calls them "Payment Facilitators", for example) to represent  small businesses more efficiently and cost effectively under a single contract with the acquirer, enabling those 'submerchants' to accept card payments where their annual transaction volume is less than $1m or local currency equivalent (increased from $100,000 a few years ago). WorldPay, the UK's largest card acquirer, explains its aggregator program here, for example; and MasterCard has a global list of approved Payment Facilitators by region.

In addition, department stores and e-commerce marketplaces may be treated by the card schemes as the merchant, where the obligation to pay the price of an item offered by a third party seller is satisfied by paying the store or marketplace operator rather than the seller directly. Where problems arise in that context, even though section 75 claims would not be possible, the cardholder typically has the right to either use the marketplace's own dispute resolution and compensation process or, in any event, to initiate a chargeback (large third party sellers will also have their own returns and complaints resolution and compensation process). Such 'master merchant' relationships are also important channels for small businesses to gain access to larger markets, again improving convenience, consumer choice and competition.

The point in all these cases is to weigh the benefits to consumers of convenience, increased choice and competition - as well as the benefits to SMEs who are able to access a wider market, grow and create more new jobs - against the loss of the relatively narrow rights under section 75 compared to chargeback rights and other remedies.


Wednesday, 19 July 2017

Final UK Regulations Implementing #PSD2

The UK government has today announced its final approach to implementing the new Payment Services Directive (PSD2), along with the final version of the Payment Services Regulations 2017. A final assessment of the impact of the new regulations is yet to be published. The FCA is expected to finalise its guidance on its approach to supervising PSD2 - along with application forms and so on - by September, and to accept applications for authorisation/registration from October 2017 to meet the implementation deadline of 13 January 2018.

It turns out that the responses to the consultation in February have only persuaded the government to change a few aspects of its approach to implementation (explained below). But it seems from the summaries that many responses didn't account for the fact that the government's hands have been tied since 2015, when the UK agreed the final version of PSD2 at EU level. As it's a maximum harmonisation directive, member states can only depart from PSD2 where it specifically allows them to. The ship has sailed (albeit with some awkward passengers on board, as explained in my own response). For the most part, implementation is now a question of how the FCA interprets the language in its application to the real world, which it consulted on in April. This does not suggest any lack of 'sovereignty', just a failure to influence EU negotiations (assuming those affected took the opportunity to engage at that time).

Ban on surcharging

One area of departure from the government's initial plan is to prohibit retailers from charging customers any additional amount for using any type of payment method/instrument.

The original idea was only to ban surcharging for the use of cards covered by the Interchange Fee Regulation (as required under PSD2), as well as cross border bank transfers and direct debits in euros (under the Single Euro Payments Area regulations); and limit the surcharges for other payment methods to the direct cost borne by the retailer for making them available.

But the government has opted instead for a blanket ban on businesses surcharging consumers for using any type of payment method, on the basis that it: 
"will create a level playing field between payment instruments and create a much clearer picture for consumers in which they know the full price of the product/service they are purchasing upfront and [can be] confident that there will be no additional charges when they come to pay [with] any payment instrument they choose to use. A blanket ban will also be much easier to enforce than the current position in which merchants are able to pass on costs (but the consumer has no easy way of assessing what these are).
Meanwhile, the government says it will "assess the scale" of claims that interchange fees for card payments have been rising again.


PSD2 introduces a new “account information service” which basically involves providing information from one or more payment accounts held by the user with one or more other payment service providers.

Initially, the list of services the government said it believed might constitute account information services included some services of a much broader in nature:
"• price comparison and product identification services;
• income and expenditure analysis, including affordability and credit rating or credit worthiness assessments...
[and] might include accountancy or legal services, for example” (para 6.30)."
This provoked concern that the government's interpretation was too broad and overlooked the requirement that an account information service would need to be conducted by way of business in its own right, rather than merely as an ancillary part of a wider service. Examples of services that the government says that respondents were concerned about include: 
"banks’ corporate functions; price comparison websites; accountants; financial advisors; legal firms; and Credit Reference Agencies (CRAs). Many of these services are currently provided via a contractual relationship between service providers, users, and ASPSPs, often referred to as Third Party Mandates (TPMs)."
The government now confirms, however, that:
"many uses of these mandates are likely to be outside of the scope of the PSDII. Examples could include power of attorney, where the services are unlikely to be undertaken ‘in the course of business’."

In addition, the FCA has already suggested this narrower view, based on the 'business test' in its own consultation on how it proposes to supervise PSD2.

Next steps

The FCA is expected to finalise its guidance on its approach to supervising PSD2 - along with application forms and so on for the various types of authorisation/registration - by September, and to accept applications for authorisation/registration from October 2017.


Monday, 3 July 2017

P2P Lending Goes Global: FinTech Credit v OldTech Credit

Twelve years after the launch of Zopa and the peer-to-peer finance sector finally gets its first report from the Bank of International Settlements (BIS), the central bank of central banks. The report is surprisingly positive, given financial regulators' preference for the status quo. Basically, they believe that change increases risk and increased risk is bad, so innovation is both risky and bad. Similarly, they're fond of shoe-horning innovative services into existing regulatory frameworks without seeing that the innovation may itself be exposing and/or solving flaws in that system. At any rate, the banking situation must be pretty dire for the industry's global beacon to produce a positive report on alternatives...  But in the the interests of time I want to ignore the positives and answer a few criticisms:

Is P2P lending "procyclical"?

No.

In fairness, the BIS report only suggests that P2P finance represents the "potential for ...more procyclical credit provision in the economy", but I still disagree that this is a feature of the model.

Bank lending itself is procyclical, which is to say that banks lend lots of money when the economy is booming, yet try to protect their balance sheets when times are tough and we need credit the most. In fact, this was such an alarming feature of the recent/current financial crisis that BIS itself introduced capital rules that it thought would force banks to become less procyclical. Recently, moreover, the BIS's own Basel Committee reported that these rules are proving ineffective. They think there is too much bank credit available and/or the quality of creditworthiness is in decline.

If that's the case, then we really are in trouble, since UK banks have been lending progressively less to real businesses, and we aren't exactly in the grip of an economic boom...

Compare this to the rise of P2P lending. We started Zopa in 2005 when the 'spread' between high bank savings rates and cheap credit was actually very narrow (heavily subsidised by PPI revenues) - yet proved that lending directly between humans without a bank in the middle produced a better deal for both lenders and borrowers. This is why P2P lending has become ever more popular since 2008, while banks have sat on the sidelines waiting for the good times to roll. Lenders get higher interest on their money, diversify risk by lending to lots of people and businesses who are starved of bank loans - apparently leaving the banks with leaner opportunities...

But I believe the banks have simply chosen to chase higher yielding loans and other assets because their cost base does not allow them to make money serving the better risk customers.

Indeed, the BIS report acknowledges that banks have "left room" for platforms that enable people to lend directly to each other "by withdrawing from some market segments" after the financial crisis (which, I'd like to emphasis, still hasn't ended).  The report notes that P2P lending equated to 14% of gross bank lending flows to UK small businesses by 2015... only 5 years after the launch of the first P2P business lending platform.

So, P2P finance is actually counter-cyclical by its very nature.

The real issue, perhaps, is what happens when banks start being able to offer better interest rates and cheaper loans. Yet Zopa's early experience shows the new platforms will still be able to compete successfully (especially because those PPI cross-subsidies are no longer available: refunds and compensation have now reached £26.9bn, according to the FCA!).

Is it likely there will be a 'run' on P2P lending?

No. Far from seeing a potential 'run' on P2P lending platforms by lenders trying to get their money out, many platforms are seeing excess lender demand due to continuing low yields on bank deposits (not to mention high fees on investment products). Zopa, for example, has been closed to new lenders for some months, even while seeing record borrower demand, yet still plans to offer P2P lending within Innovative Finance ISAs. Everyone is chasing yield, not just the banks. But, again, the early experience shows that the rates will still be more attractive if and when banks are able to offer higher rates to savers, because they need fatter margins than P2P platform operators.

Meanwhile, the P2P model has expanded from consumer and small business loans into car finance and commercial property loans. But so far the regulators have protected banks against head-to-head competition for other forms of finance, such as retail sales finance or mortgages, through lack of reform to arcane procedures dictated by consumer credit and mortgage regulation and refusing to allow longer term finance to be supported with short term loans - which banks are allowed to do all the time.

So, rather than a run on P2P lending, we're more likely to see successful P2P lending operators adding a bank to their group, at the same time as expanding their existing P2P offerings. In other words, a twin-track attack on Old Tech banks and banking models.

Will P2P lending help solve problems with banks' legacy systems?

No.

There's no doubt that this BIS report and the regulatory obsession with 'FinTech' generally, springs partly from regulators' fervent wish that OldTech banks will simply take advantage of the latest trend to rejuvenate their systems for the longer term.

But there are many reasons why established retail banks won't do that - and will continue to passively resist regulatory edicts to do so. That's why the UK government had to impose the open banking initiative (not to mention sharing business credit information and declined loan applications); why the Bank of England has opened up the Real Time Gross Settlement system; and why PSD2 regulates a new class of  third party 'account information' and 'payment initiation' service providers.

Why won't the banks renew their legacy systems to save themselves? For starters, they don't actually have legacy "systems" so much as separate bits of very old kit connected manually by employees holding hands with electrical chord between their teeth using their own spreadsheets. So the shiny new government-mandated open banking interfaces will likely be connected to computers that aren't really party of any type of integrated "system" that, say, a Google engineer might recognise.

Aside from that insurmountable IT challenge, bank management teams are simply not incentivised or empowered to think about the long term, and all their key decisions are made (after a very long time) in committee to avoid personal blame.

So it's more likely that the aspects of 'banking' which are within the scope of P2P lending will gradually drift away from banks altogether, while activities outside that competitive scope will need to be reinvented by others, including new banks, from the ground up.

Will traditional banks launch their own P2P lending platforms?

Probably not.

Some have bought shares in such platforms and others have actually lent their own funds on P2P lending platforms. But that's a long way from allowing their depositors to lend directly to their borrowers.

That's because bankers make their money by keeping savers and borrowers separate of each other and treating deposits as their own funds. 

It's high time regulators admitted this to themselves and got on with the job of supporting more transparent, fairer mechanisms for allocating people's spare cash to other people who need it.

Is P2P lending an "originate-to-distribute" model?

No.

Here, again, P2P lending is a reaction away from this type of model and is transparent enough to reveal attempts to introduce it. BIS says that "originate-to-distribute" refers to the fact that neither the primary lender nor the operator of the platform retains any ownership or interest in the loan that is agreed. But this does not fully describe the model or its potential hazards.

The "originate-to-distribute" model may have that basic feature but the point is that it's driven by a market for secondary instruments (bonds and other derivatives) that are based on underlying loan contracts, where demand in that secondary market has outpaced the supply of loans. In that case, loans may start to be originated solely to support the secondary market. This transpired in the context of the sub-prime mortgage crisis, where investment banks arranged bond issues in a way that effectively concealed the poor quality of underlying loans. From their own problems with undertaking due diligence, they knew that the underlying loan data was hard to find and in many cases unreliable (hence the related 'fraudclosure' issue of investors foreclosing on mortgages they could not prove they owned). That's why the banks involved have since been paid billions in fines and compensation towards the repayment of bailouts (at least in the US).

But, as the name suggests, P2P lending - at least in the UK - involves a direct loan between each lender and borrower on the same platform, where the data concerning the loans is available to the participants, including lenders who may receive assignments of loans already made on the same platform. The visibility of the loan performance data and reputational impact for the platform operator if all goes wrong limits the temptation to conceal the original credit quality or performance of the loan.

So, BIS's assertion that P2P lending represents the same model or suffers from the same potential for moral hazard is not right.

It is possible for a lender to ask a P2P platform to provide it with access to some less creditworthy borrowers to achieve a higher overall yield, perhaps even with a view to selling the resulting loans to other lenders or even securitising them; but even if you deem that to be 'originate-to-distribute', the 'moral hazard' is not there because the data is readily available for all to understand the lesser quality or performance of the loan.

The BIS report cites the Lending Club 'scandal' in 2016. But, ironically, Lending Club is not based on a genuine P2P lending model at all, because the SEC refused to allow direct 'peer-to-peer' loans without full security registration requirements (just ask Prosper!). So the regulators forced the US platforms to operate the same securitisation model that the banks pioneered in the sub-prime crisis... We abandoned attempts to launch the direct P2P model in the US because this model is nothing new - as well as being cumbersome, convoluted and expensive. But even there the relevant 'scandal' was 'only' that when selecting a portfolio of loans to issue bonds to the relevant investor, Prosper selected some loans that did not meet the investor's specified criteria. Not great where the data is available, but the point was that the problem was spotted quite quickly because the relevant data was readily available, so the loans could be re-purchased by the issuer.  

The report also cites the problems at Trustbuddy, in Sweden, but the problems there were again detected early by new management looking at the collections data, who promptly alerted the authorities; and Ezubao, in China, which was a ponzi scheme operated between July 2014 and December 2015 that was detected quite quickly - certainly faster than Madoff's activities in the supposedly heavily regulated US investment markets.

It is worth acknowledging, however, that there is always scope for something to go wrong. This is why the UK P2P lending industry pushed for specific regulation of P2P lending from 2011; and highlights why regulators should stop their hand-wringing about innovation and get on with the job of adapting to change.

Monday, 22 May 2017

EBA Insists On Access To Cloud Providers' Premises And Machines

Yes, it's 2017 and the European Banking Authority really does want financial regulators and their auditors to be able to visit the datacentres of regulated firms' cloud service providers, "including the full range of devices, systems, networks and data used for providing the services outsourced".  Responses on these 'recommendations' are due by 18 August 2017.

No one, including the EBA, really knows why regulators would need to do this, or what they would do on arrival - beyond exchanging pleasantries with the datacentre management and staff (who may not be co-located) and perhaps accepting the kind offer of tea or coffee from a robot or good old-fashioned dispensing machine.

The EBA simply presumes that other firms whose data is kept in the same datacentre (however fleetingly) will be happy for the financial regulators and their auditors to be allowed to wander among the cages amidst the pretty lights, exercising their "unrestricted rights of inspection and auditing".  And there's no mention of whether the EBA is happy for all firms' information security policies to be subject to the unauthorised access to their and their clients' sensitive data by audit teams from random financial (or other?) regulators, even where a firm and its clients are not the subject of the audit. 

Far better that the EBA recommendations focus on these thorny, practical issues instead of blithely insisting that firms negotiate broad, unfettered rights of access to datacentres on their regulators' behalf. 

Or maybe this is just a passive aggressive way of trying to prevent firms from using cloud services?


Thursday, 18 May 2017

Fake News, Screen-scraping and the European Banking Federation #PSD2

The old row between new financial service providers and the European Banking Federation has blown up again. At issue is whether the providers of new regulated "account information" services that rely on access to your payment account data should be able to copy it from your online account ('screen-scraping') or only get it through a different type of interface (API) directly provided and controlled by the bank.

Rather typically, the EBF has produced a video that purports to explain 'screen-scraping' (which could be done in a single slide) but actually misleads by suggesting that the motives of the new service providers who want to do it are unlawful. 

Of course, the method of accessing the account information really has nothing to do with the motives of this new type of regulated service provider.

Instead, the EBF's tactics merely reflects the major banks' age-old resistance to anyone else using "their" payment data to provide you with services that are more useful than the very limited data and features available in your bank account. In fact, that resistance led retailers to launch 'loyalty' programmes and behavioural targeting of advertising as far less efficient ways of figuring what you like to spend your money on.

But the data in your payment account is your data, and you should be able to combine it with your other data - or have trusted third parties do that for you - if you wish. 

That's why - refreshingly - the authorities insisted that PSD2 should specifically regulate the new 'account information service providers'; and, crucially, requires banks to make your payment account available to them, precisely so that you can - if you wish to - rely on their services to make sense of your financial affairs or know how much money you have available while shopping etc., without having to log-in to your bank account(s). 

PSD2 also obliges your payment account information service provider to comply with security and data protection requirements when accessing and handling your payment data, regardless of how they get access to that information. 

So, the latest dust-up is is really just an (old) technological argument about whether a service provider should use your log-in credentials to copy the information from the screen that you see, or only access the data through an interface provided (possibly badly) by the bank. It has nothing to do with the possible motives of the service provider in using the data - and they have to behave lawfully anyway.

The fact that the EBF has resorted to fake news and moral panic tells me that any real 'arguments' against screen-scraping are very weak indeed...


Tuesday, 16 May 2017

New Money Laundering Guidance

The complexity of the anti-money laundering regime has meant that practical guidance on how to comply has been particularly necessary. The best guidance has come from the Joint Money Laundering Steering Group of various organisations (JMLSG) in three parts. 

New EU directives on money laundering has led to consultation on how these should be implemented in new draft UK regulations that are due to take effect from 26 June 2017. 

And the JMLSG has used the draft regulations as the basis for consultations on updating Part I of its guidance (the mark-up is in 4 separate documents, Chapter 5 of which shows changes to the guidance on electronic identity verification), and more recently on Parts II and III. The consultation versions show the proposed changes to the current guidance, and are an invaluable tool for understanding how a firm's existing approach should change once the new regulations take effect.




Saturday, 22 April 2017

Durable Medium, According To The FCA

The Financial Conduct Authority has published new guidance (in the form of a web page), on what forms of media will enable firms to satisfy their obligations to provide information or make it available in a 'durable medium' as an alternative to paper...