Search This Blog

Monday, 14 November 2016

Will Regulatory Technical Standards Slow The Pace Of Payments Innovation?

Under the new Payment Services Directive (PSD2), the European Banking Authority (EBA) is tasked with producing 'regulatory technical standards' to be followed by those with certain obligations, including how payment service providers (PSPs) must authenticate customers and communicate with each other. But it seems this process and the standards themselves are acting as a brake on innovation and related investment.

The EBA consulted on its proposed regulatory technical standards for authentication and communication between August and October, with a revised set due in the coming months.

PSD2 requires PSPs to apply "strong customer authentication" where "the payer... accesses its payment account online, initiates an electronic payment transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuses."

But two big issues raised by PSD2 are (1) how each type of payment is initiated; and (2) who actually initiates it.

The EBA believes card payments are initiated by the cardholder as payer, but fudges the issue somewhat by requiring the card acquirers (i.e. the PSP of the merchants) to require their merchants to support strong authentication for all payment transactions. The added complication is where a payment transaction is initiated by the payee, but the payer's consent is given "through a remote channel which may imply a risk of payment fraud or other abuses".

There is a view, however, that card payments are among those that are in fact initiated by the payee (the merchant), who is not in fact the 'payee' of the cardholder at all but is paid by the card acquirer to which the merchant submits its transactions. The cardholder just pays the card issuer. This is all bound up in fundamental problems with the definitions of "payment transaction", "payer" and "payee" in both the PSD and PSD2; and the fact that card acquiring works through a series of back-to-back contracts that do not involve any direct contract between the buyer and the seller at all concerning payment processing. Indeed, a challenge for the UK's implementation plans is that there is a Court of Appeal decision which supports this view. 

In these respects, PSD2 appears to set up a 'legal fiction', which (despite taking a somewhat purposive approach in the 'fudge' explained above) the EBA appears to insist on in language at the end of its consultation paper: "all the requirements under consultation apply irrespective of the underlying obligations and organisational arrangements between" the various types of PSP, payers and payees. In other words, we have a weird situation where the law and related standards are to be applied regardless of how payment systems and processes really work.

Not only can this lead to situations where, for example, some banks insist that the PSD does not cover card acquiring, but it can also cause over-compliance to avoid doubt and other restraints on innovation.

While distinctions concerning how payments are inititiated and by whom might seem to matter less in the context of security measures to be adopted by PSPs - since everyone is interested in reducing financial crime - it is absolutely critical in the context of software and services that contribute in any way to payments being "initiated" and whether the suppliers or users of such software and services must be authorised as "payment initiation service providers" or perhaps even as the issuers of payment instruments

It will be very interesting to see how the Treasury proposes to address these problems in transposing PSD2 itself, although it's more likely the FCA will be left to explain how to comply, assuming the Treasury declines to take a purposive approach to EU law and simply copies the language of PSD2 into UK law (a process known as 'gold-plating').

There are numerous other glitches in the technical standards that have been identified by respondents, too numerous to mention here, but which it is hoped will be reconsidered in the next version - not that such standards should ever be considered as 'final' or set for all time. Indeed, an overarching problem seems to be that in the EBA's attempts to drag our legacy payments infrastructure into the 21st century, insufficient attention has been given to existing and potential alternative security technology - even in cases where incumbents are seeking to leapfrog the limitations of legacy systems.

Meanwhile, a year has slipped by since PSD2 was approved and the standards themselves are only due to take effect in October 2018 'at the very earliest', by which time they are likely to be thoroughly out of step with commercially available technology. 

While old systems may need to be accommodated to some degree, surely the pace of payments innovation should not be tied to the slowest animals in the herd?

Friday, 11 November 2016

Money Laundering Includes... Tax Evasion and Virtual Currencies?

Hot on the heels of the UK's consultation to introduce the 4th Money Laundering Directive comes the imminent EU approval of MLD5

A key element involves the creation of a central register of beneficial ownership of legal entities and related ownership arrangements, plus ongoing monitoring of those arrangements, with the intention that: 
"The enhanced public scrutiny will contribute to preventing the misuse of legal entities and legal arrangements for ...predicate offences such as tax evasion."
Other key provisions may be seen as closely related to this ambition: 
  • creating a central register of all citizens' bank/payment accounts;
  • enabling authorities to go hunting for evidence of suspicious activity even in the absence of a 'suspicious activity report';
  • imposing customer due diligence and transaction monitoring obligations on 'virtual currency' exchanges and wallet providers; and
  • reducing the limit of anonymity for prepaid cards/instruments.
Needless to say, the members of the European Banking Federation are very uncomfortable with the idea of equating tax evasion with money laundering. The nub of EU banks' concern seems to be that their tax evading customers will simply move their accounts to banks based outside the EEA, the implication being that they'd quite like to retain the business! To be fair, it is a little odd that the list of countries with deficient anti-money laundering regimes doesn't include tax havens typically associated with tax evasion.

But there are reasonable objections on the basis that centralising such sensitive and valuable personal data would be a 'snoopers/fraudsters charter'; and creating a central record of every citizen's bank account and financial arrangements seems mightily disproportionate to the benefit of collecting evidence on the comparatively small proportion of the population that would be involved in significant organised crime or tax evasion. It's surprising that the European Economic and Social Committee ("EESC") did not object on these grounds - either the 'social' aspect of the committee's remit is subordinate to the 'economic' interest, or they consider that the whole of society should happily sacrifice privacy and security to ensure everyone pays their fair share of tax. That's certainly the Scandinavian practice. At any rate, the European Central Bank says that member states' central banks shouldn't have to operate the central registers unless they can bill the government for doing so - highlighting the more important point, that governments are better at wasting the taxes they do manage to collect than collecting taxes in the first place.

The FinTech crowd will no doubt be concerned about stealth regulation of distributed ledger technology or blockchains, via the virtual currency requirements. A "virtual currency" is quite broadly defined as:
"...a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by a natural or legal person as a means of payment and can be transferred, stored or traded electronically."
Even if exchanges and wallet providers are prepared to tolerate AML regulation as the price for entering the 'mainstream', trying to regulate 'virtual currencies' (or any aspect of digital ledger technology or blockchains) at this early stage is very problematic. The above definition is broad but still does not cover every characteristic of a currency (which the Isle of Man has tried to capture). Indeed, the ECB has bluntly responded that so-called 'virtual currencies' are not currencies or money, pointing out they can also be used for other purposes and the holders don't need to use exchanges or wallet providers. The courts are also struggling with the concept that such 'currencies' are 'ownable' or 'property', as Lavy and Khoo have also explained.

Little wonder that the EESC recommends creating some kind of "European tool for monitoring, coordinating and anticipating technological change." But quite how Europe intends to 'anticipate' let alone 'coordinate' blockchain development is anyone's guess!

In any event, retailers should breathe a sigh of relief. Gift cards and other 'closed loop' instruments generally would not fit the MLD5 definition of a virtual currency, since they typically cannot be transferred or traded electronically. And there is a specific exclusion consistent with the 'limited network' exemption from the definition of electronic money (and therefore 'funds') for instruments that can be used to acquire goods or services only in the premises of the issuer, or within a limited network of service providers under direct commercial agreement with a professional issuer, or that can be used only to acquire a very limited range of goods or services. But note that the limited network exemption will be significantly narrower from January 2018, especially for programs transacting more than EUR1m a year.

At least someone wins!

Tuesday, 18 October 2016

Boring But Important: UK's Anti-Money Laundering Consultation

The Treasury is consulting on how to implement the fourth Money Laundering Directive into UK law by 26 June 2017, with responses due on 10 November 2016. Draft guidance from the European Banking Authority is also open for consultation. In parallel, a new EU Funds Transfer Regulation will take direct effect, updating the rules on information on payers and payees accompanying the transfer of funds in any currency.

The consultation is important, given that money laundering is also a key enabler of serious and organised crime, estimated by the Home Office to cost us £24 billion a year. Terrorists also tend to use the proceeds of crime as a means to obtain funding, but might also try to obtain finance from (unwitting) legitimate sources.

The current Money Laundering Regulations 2007 cover 150,000 UK businesses, with more likely to be covered due to a lowering of the threshold for eligible transactions in cash (or a series of transactions that appear to be linked) by persons trading goods, from EUR15,000 down to EUR 10,000 (probably about £1000 in 2017 money!); and an extension to include receiving as well as making payments in cash.

With the exception of money remittance, the government is able to exempt from the regulations some persons engaging in certain financial activities on an occasional or very limited basis where there is little risk of money laundering or terrorist financing:
  • the financial activity is limited in absolute terms (the proposal is that the total annual turnover from the activity should not exceed £100,000);
  • the financial activity is limited on a transaction basis (the proposed maximum threshold per customer and per single transaction, whether the transaction is carried out in a single operation or in several operations which appear to be linked, is £1,000);
  • the financial activity is not the main activity of such persons (the proposal is that the activity should not exceed 5% of the total turnover of the natural or legal person concerned);
  • the financial activity is ancillary and directly related to the main activity of such persons;
  • the main activity of such persons is not an activity referred to in Article 2(1)(3)(a) to (d) or 2(1)(3)(f) of the directive; and
  • the financial activity is provided only to the customers of the main activity of such persons and is not generally offered to the public.

The directive requires firms to verify the identity of a customer and any beneficial owner(s) before establishing a business relationship or carrying out a transaction, subject to certain thresholds. But the timing of the verification can be altered: (i) where there is little ML/TF risk and it is necessary so as not to interrupt the normal conduct of business, then verification can be carried out during the establishment of a business relationship - although it shall still be completed as soon as practicable after initial contact; and (ii) an account may be opened with certain institutions provided there are adequate safeguards in place to ensure transactions are not carried out by the customer or on its behalf until the necessary CDD measures are completed.

The directive also requires obliged entities to apply customer due diligence measures to existing customers at appropriate times, using a risk-based approach, as well as to new customers. In particular, such measures should be applied when the circumstances of a customer change, but it is not clear which circumstances are relevant ("e.g. name, address, vocation, marital status etc.") and how a firm would know they had changed. There is a non-exhaustive list of factors in Annex 1 of the MLD that must be taken into account when assessing the risk of money laundering and terrorist financing, raising some uncertainty as to what might constitute an exhaustive list in any given circumstances.

Certain thresholds for implementing customer due diligence apply, but the fact they are expressed in Euros highlights the significant problems posed by the volatility of the pound following the Brexit vote.

Simplified due diligence remains an option, but the list of products currently specified in Regulation 13 is to be replaced by a non-exhaustive list of factors in Annex II of the directive and further guidelines due from the EBA by June 2017 - heralding more uncertainty. In addition, pooled client accounts are no longer mentioned specifically in this context, meaning that the existing explicit option for an institution hosting another firm's client money account (or 'segregated' account or 'safeguarded' account) to apply simplified due diligence in connection with the beneficial owners of the funds in that account will no longer apply.

Enhanced due diligence measures must be implemented in certain circumstances, a non-exhaustive list of which appears in Annex III, with further details in the EBA consultation documents that the Treasury expects everyone to review separately... In fact, there are numerous instances where the various European financial authorities are to draw up regulatory technical standards, so watching that space is very important, as it could act as a brake on innovation.

There has been some increase in the scope of entities that can be relied upon to have conducted customer due diligence, and the Treasury is inviting further suggestions here, particularly to help reduce the regulatory burden. Here it would be very helpful if governments could actually work together to achieve, or at least support, formally 'reliable' ways of verifying the identity of each others' citizens, as envisaged by the eIDAS regulation (there is a single reference to electronic signatures as a means of reducing certain risks, in Annex III).

The new directive is more prescriptive on the internal controls that firms are required to implement, which must vary according to the nature and size of the business concerned. The Treasury is open to suggestions on the thresholds etc., particularly related to a compliance officer and independent audit functions.

There are separate chapters in the consultation specific to gambling, e-money, estate agents, correspondent banking; dealing with politically exposed persons (PEPs); and meeting the requirement for a central register of beneficial owners of corporate and other legal entities incorporated in each member state; as well as reporting, supervision and sanctions for breaches of the regulations.

Worth a read to know what's coming down the 'pike.

Monday, 19 September 2016

Prospectus Requirements To Be More Crowd Friendly

Under the new Prospectus Regulation adopted by the EU Parliament, the scope of exemptions from the need for onerous disclosure requirements will be expanded from late 2017. 

The regulation won't apply to offers of securities (shares and bonds etc) to fewer than 350 (previously 150) natural or legal persons per member state or no more than 4,000 natural or legal persons in the EU who aren't qualified investors etc; or where the total being raised in the EU over a 12 month period is less than EUR1 million (previously EUR500,000). 

Each member state can exempt offers from the prospectus requirement where the amount being raised over 12 months in the EU does not exceed EUR5 million (previously EUR10 million) - though there are measures to confine the offer to the relevant member state.  

Other rules are aimed at making the amount of information disclosed more proportionate. 

Boring But Important: Changes To Money Laundering Regulation

The UK government is consulting on important changes required to implement the fourth EU directive on anti-money laundering (which is still subject to change in the meantime) and changes to wire transfer regulation. Responses are due by 10 November.

This is not the only consultation paper issued recently, so it will be a week or so before I add further summary detail below!

The Next Revolution in UK #Payments: Non-bank PSPs and The RTGS

The Bank of England is consulting on the reform of its Retail Gross Settlement System ("RTGS"), which processes half a trillion pounds worth of transactions a day covering almost every payment in the UK economy — from salaries to invoices, from car purchases to retail sales, pensions and investments. 

The system is 20 years old and needs to be reinvented in way that is more flexible and cost-effective. It must interoperate with a wider range of payment systems on a 24x7 basis and better support the increasingly rapid evolution of various new payment methods in the retail, commercial and financial markets.

Responses can be made online by 7 November 2016. 

Monday, 8 August 2016

Consultation on Transposing PSD2 In the UK and Loads Of Other Stuff

Just when you thought it was safe to go on holiday, the Treasury let's slip that it will begin a 6 week consultation on transposing PSD2 in August, which is a bizarrely short time frame and awkward time of year, given the issues and scale of uncertainty involved.  

Kind of makes it tough to engage with clients, and for clients to engage the right management and staff internally.

Maybe that's the point?


At this rate, we'll have between Christmas and New Year to consider the regulatory implications of Brexit.

Monday, 11 July 2016

#FinTech Service Providers Must Proactively Support FCA Compliance

The FCA has finalised its new guidance to authorised firms on outsourcing to the 'cloud' and other third party IT services, which is mandatory for some firms but (strongly) advisory for others. Unfortunately, exactly what amounts to 'outsourcing' remains grey and short of examples, as do important issues such as the meaning of 'cloud' (largely a marketing term anyway), whether access to data centres is necessary and so on. Not only does that leave FCA staff and finance firms in doubt, but it leaves service providers exposed to the need for financial firms to suddenly switch providers where the FCA considers that guidelines should have been followed but have not been.

The FCA guidance says that outsourcing is "where a third party delivers services on behalf of a regulated firm". That suggests the service in question must effectively be part of the firm's service to its customers, like answering customer calls on the firm's behalf in a call centre, as opposed to, say, the supply of commercial IT hosting services for web sites, apps or back-office software etc., which the firm is not in the business of providing to customers. 

A table in the guidelines sets out an extensive process and related paper trail designed to show that a firm has outsourced a function appropriately.

So lack of clarity on the boundary between outsourcing and normal service provision means that some IT providers may not realise that a financial firm has incorrectly classified the use of its services; and/or the service provider may not be willing or able to help the regulated firm jump through the many hoops laid out in the FCA's guidance. 

As a result, service providers risk losing customers who are finance firms that have failed to grind through the FCA's requirements and have to re-run their outsourcing process.

For all practical purposes, this places the burden on IT service providers to clarify the nature of their offering and make sure they are ready to help their finance customers either explain why there is no outourcing or demonstrate compliance with the FCA's outsourcing guidelines.

Some might observe that this represents regulatory 'scope creep', since it effectively subjects outsourcing providers to FCA regulatory requirements even where they are not required to be authorised (and may even be based outside the UK). Whether this is ever challenged as being ultra vires - beyond the FCA's powers - remains to be seen, but it is certainly a cost of doing business with UK financial firms.

FCA Calls For Input On #P2Plending and #CrowdInvestment Rules

It's been two years since the FCA created specific rules governing peer-to-peer lending and crowd-investment in securities, and the FCA promised a review of those rules in 2016. That review has just begun with a call for input closing on 8 September. 

This comes at an important time for the industry, as the FCA's report reveals that it has only processed 9 of 97 applications for authorisation by P2P lending platforms (44 of which operate under a two year old interim permission) and only 9 firms have been authorised to join the 25 firms that were operating in the crowd-investment market during the FCA's interim review in 2015. This shows that the FCA authorisation process, and regulation itself, are significant 'choke points' in the development of innovative financial services, notwithstanding firm support for the sector from the Treasury and strong growth in supply and demand from consumers and small businesses on existing platforms. 

It remains to be seen whether the FCA will further complicate life for crowdfunding entrepreneurs and their customers or clear the regulatory path to facilitate the growth of alternatives to the declining supply of bank finance, likely to worsen post-Brexit...

Wednesday, 22 June 2016

Humans At The Heart of FinTech

My article on this theme has been published by the Society of Computers and Law in connection with the IFCLA conference, where I participated on a panel discussing disruptive technology in financial services. 

It is interesting to see how people's belief in the 'efficient market' and appeals to the authorities for help when things get out of hand is playing out in the context of the Ethereum project and the DAO!

Friday, 13 May 2016

European Commission Raids The #Cookie Jar Again... and Again

Hard on the heels of the General Data Protection Regulation, the European Commission is having another crack at cookies, which now crumble quite differently to the way they did in 2009, or in 2002 for that matter.

Don't worry. This time the boffins will get it right... until the next time.

That's the joy of regulating really innovative technology in really detailed, prescriptive ways - it's the gift that keeps on giving!

EC Boils Consumer Law Ocean On Eve of #Brexit Referendum

Perfectly timed to coincide with a peak in frustration with EU red tape, the European Commission has just published its plan to ruin everyone's summer consultation on the 'fitness' of six consumer directives, and is also busy reviewing a seventh (the Consumer Rights Directive):
Try to avoid falling asleep in the sun!

Will this result in less red tape? I could hazard a guess, but we won't really know until it's too late. The Commission reports its findings in mid-2017.

Thursday, 14 April 2016

Revenge Of The Trilogues

They sound like something from a sci-fi horror movie, but the Trilogues are actually already among us. In an excellent article, Vicky Marissen, MD of PACT European Affairs, has explained how these "three-way discussions" have moved further and further away from their rightful place in the latter part of the ordinary European legislative procedure and are now being used informally as a legislative shortcut - something the new EU agreement seems likely to make even worse.

Relying more on trilogues means that about 90% of EU legislation is adopted on first reading without any genuine legislative debate; and secondary legislation is being used to kick more sensitive cans down the Rue du Luxembourg. Indeed, trilogues are now happening within just a few days of each other without publishing the changes agreed, so it's impracticable for those outside the trilogues to follow or attempt to engage in what is really a closed debate. This was a frequent problem in the course of agreeing the new Payment Services Directive, for example.

The recent EU institutional agreement on better regulation won't fix this, as the Commission is able to use its participation in trilogues to (wrongfully) assume the role of legislator - note that its proposal for better regulation didn't even mention the word "trilogue" and merely stated that "The three institutions will ensure an appropriate degree of transparency of the legislative process, including of trilateral negotiations between the three institutions." If anything, that agreement promises more informal trilogues:
"Where appropriate, the three institutions may agree to coordinate efforts to accelerate the legislative adoption process, both during each institution's internal preparatory steps and during the inter-institutional negotiations."
Not only does this increasingly closed shop raise the risk of poor, ill-considered drafting that creates costs for the broader community, but the mere perception of an opaque process also widens the gap between EU legislators and EU citizens - a gap that is already wider than the one between national legislators and their citizens.

The EU's legislative process needs to be more transparent than national processes, not less, if the EU is to be respected or seen as a Good Thing.

I'm amazed the Brexit fans aren't sounding the alarm over this...

Oh, wait, no I'm not. The Brexit 'debate' is pure politics, not connected to anything real.

Sunday, 10 April 2016

Privacy Not Core To Your Business? Take The ICO's 12-Step Programme

Though years in the making, it's possible that word of the EU's data protection reforms has yet to penetrate some boardrooms, let alone the IT development roadmaps of UK plc, and the UK Information Comissioner is very concerned that Britain will not be ready to comply. So much so that it has created a new website to urge preparation for the new law - even though the draft directive is not due to be passed until after the UK's referendum on EU membership, and will not take effect until mid-2018. 

Brexit fans should still be concerned. The US will tell you that appropriate privacy safeguards are just one cost of doing business with Europe, and the UK will also need to comply in substance if it is to qualify for cosy trade deals as a non-member of the EU. 

The ICO recommends starting with this 12-step programme.

Is The UK Framing Canada?

The economy, financial services and privacy are among the most sensitive political areas for the United Kingdom, yet with Mark Carney in charge at the Bank of England and the recent appointment of Elizabeth Denham as the UK's next Information Commissioner all these areas are now the responsibility of Canadians. Seems the UK government is looking for someone else to blame...

Wednesday, 6 April 2016

Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blog has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

In January, I also posted on Pragmatist about on the potential use of DLTs for tracking and collecting royalties on music and other creative works. But whether this technology will address the root causes lurking beneath the biggest problems that the creative industry faces is another question...

Tuesday, 5 April 2016

RegTech Bottleneck?

The UK's Financial Conduct Authority is rightly proud of its Innovation Hub, Regulatory Sandbox and new "RegTech" approach, which includes "managing regulatory requirements more efficiently, and... how we can best support developments and potentially adopt some RegTech solutions ourselves."

But the figures suggest that either more resources are required or there has to be a quicker route to market for new firms.

Of 413 requests received as at February, about 215 firms (52%) obtained support from the FCA's Innovation Hub. But only 39 firms (18%) have either been authorised (18) or are going through the approval process (21).  And in a recent statement defending its record on processing applications for authorisation by P2P lending platforms, the FCA said that it has only processed 8 of 94 applications received (about 9%).

Something is gumming up the works!

In its statement on the P2P lending process, the FCA bravely claims that it is "taking a proportionate approach to regulation, recognising the need for consumers to be adequately protected and have the information they need". It has a deadline of 12 months to decide on applications (actually 6 months for complete applications). But it's not like these firms are trying to flout the law - they have willingly approached the FCA for approval. Indeed, the P2P lending industry spent years lobbying for regulation of the sector, which was introduced by the Treasury in early 2013 and took effect on 1 April 2014. Yet since then the FCA's figures suggest that over 40 new firms have applied to enter the market and 42 of them are unable to trade because their application to do so is yet to be approved. Another 44 firms are still relying on their interim permission by virtue of being licensed under the previous regulatory regime, and therefore (ironically) cannot offer the new Innovative Finance ISA because they are not yet fully authorised.

How many firms are able to persist against these regulatory headwinds remains to be seen, but the approach seems neither proportionate nor worthy of the FCA's ambition to foster innovation and competition for the benefit of consumers. So far, the traditional players remain pretty safely sheltered behind the FCA's regulatory wall.

Something must be done.

Either the FCA needs more resources or it must adopt a more expeditious approach to granting regulatory approval - a mechanism that allows firms to begin trading more quickly under certain thresholds, for example, as is the case with small payment institutions and small e-money institutions. Indeed, payment services firms enjoy their own regulatory regime (with a 3 month turnaround time for complete applications); and the P2P industry lobbied for that regime to be used as the basis for regulating their platforms - an approach which the French and Spanish have since adopted and the European Banking Authority supports.

Monday, 21 March 2016

Recent Changes to FCA Rules for P2P Lending Platforms

The FCA has announced some changes to rules on P2P lending (explained amongst other non-P2P changes here). Feedback on the prior consultation papers and final rules are here.

You should consult the listed FCA Handbook sections for the detailed changes, but in summary they are designed to: 
  • simplify client money requirements for P2P platform operators that hold money in relation to both regulated and unregulated peer-to-peer business which come into force immediately on 21 March, as they are helpful. The rule changes and related guidance are in: 
Glossary; SYSC 4; CASS 7; TP 1, Schs 1 and 2; SUP TP 1 
  • support the introduction of the Innovative Finance ISA (IFISA) and new regulated activity of advising on P2P agreements, by clarifying the FCA’s expectations about standards for IFISA disclosures and establishing a regulatory regime for the provision of regulated advice on P2P agreements that reflects the recent changes to the Regulated Activities Order. The rule change come into force on 6 April 2016. The rule changes and related guidance are in: 
Glossary; SYSC 1 and 4; TC 2, App 1.1 and 4.1, TP 8; FEES 4; COBS 2, 4, 6, 9 and 14; CASS 7; SUP 10A, 12, 16, App 3; DISP 2; COLL 6; and PERG 1, 2, 5, 7, 8, 10 and 13

Wednesday, 16 March 2016

Are Your Payment Accounts Caught By The Payment Accounts Regulations?

If you offer any type of "payment account" covered by the Payment Services Regulations, then the time has come to assess whether any of those fall within the scope of the Payment Accounts Regulations 2015 (“PARs”). From 18 September 2016, affected accounts will be covered by provisions relating to switching; accounts with basic features; and packaged accounts.

In its recent consultation paper, the FCA has said it expects firms to:
  • make (and record) an initial assessment of the potential application of the PARs;
  • put processes in place to make ongoing assessments for every new account introduced or changes to the functionalities of accounts are introduced; and
  • revisit the issue regularly in case consumers are using the accounts differently or any other relevant factors change.
Unfortunately this is not an easy process. In particular, not all “payment accounts” under the Payment Services Regulations (which include e-money accounts) will necessarily fall within the scope of the PARs, as the definitions are different. This has caused uncertainty as to the scope of the PARs which the FCA has tried to put  right in the consultation paper (see Appendix 2).

The FCA has also offered guidance on what constitutes "packaged accounts" and what information must be given to consumers in relation to those under regulation 13 of the PARs (see Appendix 3).

Payment accounts providers must either participate in a designated switching service or provide one that meets certain minimum requirements in the PARs. There is a separate consultation by the Payment Services Regulator on the designation and monitoring of alternative switching services.

And finally, a little something for those preoccupied by Brexit.

As mentioned in July 2015, the PARs import the provisions of the EU Payment Accounts Directive ("PAD") but, as the FCA has stressed in its consultation paper, the UK created its own complexity and red tape in this scenario - choosing to 'gold-plate' EU law by copying it into UK laws that are interpreted literally, rather than reflecting the purposive interpretation that civil law member states adopt:
"In line with the Government’s default approach to implementing EU directives, the provisions of PAD have been copied out into the regulations as far as this is possible.... " (at para 1.12)
Whichever side of the Brexit debate you're on, if any, it's worth realising that Brussels is not always to blame!