Search This Blog

Thursday, 27 December 2018

Is Your Financial Services Provider Ready For A #NoDeal Brexit?

With a 'No Deal' Brexit now central to Tory government strategy, it's critical to ensure the right financial contingency plans are in place for a 'cliff edge' exit with no transition period from 29 March 2019. Unfortunately, however, the European Banking Authority says it is seeing "little evidence of financial institutions communicating effectively to their customers on how they may be affected by the UK withdrawal" and those institutions' Brexit arrangements. So customers have to question their providers about those arrangements. Here's a quick guide to steps those institutions might take, depending on whether they are based in the UK or elsewhere in the EEA... if you do not receive credible, satisfactory commitments to service continuity from existing providers within the next few weeks, you should set-up alternative and/or back-up relationships as soon as possible.

EEA-based firms supplying services into the UK

These firms will have a short window ahead of Brexit day in which to seek temporary regulated status:
  • temporary permission to continue operating in the UK for a limited period after Brexit if they currently passport into the UK under the Financial Services and Markets Act 2000 (FSMA) or the e-money or payment services regimes;
  • temporary recognition if they are third country central counterparties; or
  • temporary registration if they are EU-registered trade repositories. 
If EEA-based firms carry out operations in the UK after Brexit in reliance on EU legislation without entering into these temporary regimes, they may be carrying on regulated activities in the UK without appropriate permissions, which would be a criminal activity and/or mean they cannot meet their contractual obligations.

EEA firms that do not gain full authorisation through the temporary regimes can only continue to carry out new business to the extent necessary to 'run-off' pre-existing contractual obligations in the UK for five years (15 years for firms performing obligations under insurance contracts). They cannot undertake new business or agree new contracts with UK customers. A "supervised run-off" arrangement applies to those firms with a UK branch, firms who enter a temporaty regime but exit it without UK authorisation and firms that hold top-up permissions before Brexit. A "contractual run-off" regime will apply to firms without a UK branch that do not enter a temporary regime or do not hold a top-up permission; and will apply for the purposes of winding down UK regulated activities in an orderly manner.   Firms with a UK establishment will retain their existing membership of the Financial Services Compensation Scheme. 

A run-off regime for payments firms and e-money firms that do not enter the temporary regime or leave it without full UK authorisation will apply for five years, either on a supervised or contractual basis (though the FCA can require supervised run-off for firms to demonstrate they are safeguarding client funds). 

A run-off regime will apply for non-UK Central Counterparties that are eligible for, but do not enter, the temporary recognition regime, for a period of one year starting on exit day. If a non-UK CCP entered the temporary recognition regime but exits it without the necessary permanent recognition, the Bank of England will determine a non-extendable period for recognition up to a year. 

There will also be a run-off regime for trade repositories that are removed from the temporary registration regime without the necessary permissions to continue to provide services to UK firms, for a non-extendable period of one year, unless the FCA sets a shorter period. 

UK firms dealing with EEA residents

The FCA has suggested that UK financial services providers consider the following questions ahead of Brexit. If the answer is 'Yes' to any of them, then the service provider should understand the legal basis for that scenario and whether another basis is necessary after Brexit - including additional regulatory permissions or a new subsidiary with the right authorisation or agency and necessary permissions in a remaining EEA member state
  • Do you currently provide any regulated products or services to customers resident in the EEA? For example, you might provide financial advice to EEA based customers. Or you might have insurance contracts either with EEA based customers or which cover risks located in the EEA which require regulatory permission in that country in order to be serviced. 
  • Do you have customers or counterparties based in the EEA, including UK expatriates now based in an EEA country? 
  • Are you marketing financial products in the EEA? This includes products marketed on a website aimed at consumers in the EEA. 
  • Do you have agents in the EEA or interact with any intermediary service providers in the EEA? For example, you may use an insurance intermediary to distribute products into the EEA. 
  • Does your firm transfer personal data between the UK and the EEA or vice versa
  • Does your firm have membership of any market infrastructure (trading venues, clearing house, settlement facility) based in the EEA? 
  • Are you part of a wider corporate group based in the EEA, or does your firm receive any funding from an entity in the EEA? 
  • Do you outsource or delegate to an EEA firm or does an EEA firm outsource or delegate to you? 
  • Are you party to legal contracts which refer to EU law
There will now be insufficient time for any provider to get a new authorisation in another EEA member state, and even setting up an agency relationship would be very tough to do within the next few months.

Firms should be informing clients about issues such as:
  • the implications of Brexit on the specific services they provide and the implications for the relationship between the client and the firm;
  • the actions taken by the firm to prevent or detect problems, including how they will deal with client inquiries, changes in competent authorities or protection under national compensation schemes;
  • the implications of any corporate restructuring, including changes to contractual terms or contract transfers;
  • other impact on contractual and/or statutory rights, including the right to terminate existing contracts and cancel new contracts, and any rights of recourse and how to pursue them. 
If you do not receive credible, satisfactory assurances of service continuity post-Brexit from existing providers within the next few weeks, you should set-up alternative and/or back-up relationships as soon as possible.


Thursday, 20 December 2018

FCA Updates Payment Services Approach On Customer Authentication, Gift Cards

The FCA has today published its policy statement explaining changes to the Approach document following the consultation on Strong Customer Authentication and some other revised guidance in September (although the links to the actual revised Approach Document don’t appear to be working correctly at the moment).

Notwithstanding the confusion created by the proposed changes to the guidance on the "limited network exclusion" to exclude gift cards from the scope of PSD2 (no doubt partly due to the obligation to register programmes that exceed1m in transactions in any 12 month period), the FCA confirms the guidance as follows:
store cards – for example, a ‘closed-loop’ gift card, where the card can only be used at the issuer’s premises or website (so where a store card is co-branded with a third party debit card or credit card issuer and can be used as a debit card or credit card outside the store, it will not benefit from this exclusion). On the other hand, in our view, ‘gift cards’ where the issuer is a retailer and the gift card can only be used to obtain goods or services from that retailer are not payment instruments within the meaning of the PSRs 2017. This is because these basic gift cards do not initiate payment orders; payment for the goods or services is made by the customer to the retailer of the goods in advance, when the card is purchased from the retailer. Accordingly, this exclusion is not relevant to them.
The FCA explains this interpretation in the latest policy statement (at para 6.15) as follows:
"The change we have made to clarify that retailers issuing their own gift cards should not have to notify, is based on the issuer and the retailer being the same person. If the issuer is not the retailer, but the card would be used to purchase goods and services from that retailer, it is possible that the card would be considered a payment instrument under the PSRs 2017 and the limited network exclusion test would be relevant. We already give relevant guidance in PERG Q40 on such instances."
For convenience, the limited network exclusion provides as follows (with the paragraph (k)(i) being the limb which gift card programme operators - and the FCA - have historically assumed applied to avoid gift cards being subject to e-money and payment services regulation):
(k) services based on specific payment instruments that can be used only in a limited way and meet one of the following conditions—
(i) allow the holder to acquire goods or services only in the issuer's premises;
(ii) are issued by a professional issuer and allow the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer;
(iii) may be used only to acquire a very limited range of goods or services; or
(iv) are valid only in a single EEA State, are provided at the request of an undertaking or a public sector entity, and are regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers which have a commercial agreement with the issuer.

This overlooks the fact that while the retailer may have already received the funds or value from the purchaser of the gift card/account (potentially via a payment service provider under a regulated payment transaction), yet the "holder" is often a different person who is later using the gift card/account balance as a means of acquiring goods or services (albeit that transaction may only be accounted for in the retailer's accounting system without being processed via a third party payment provider).
While the FCA's view may be factually and logically correct (particularly from a VAT standpoint), and will no doubt come as a relief to retailers who would otherwise have to register programmes, it involves an apparent re-interpretation of the relevant definitions to overlook what may be regarded as certain 'legal fictions' in the PSD and PSD2 that operate to catch other payment methods - particularly in relation to card payments, for example. The FCA's guidance should therefore confirm the step-by-step rationale as to why a "payment order" is therefore not initiated; how the gift card scenario falls outside the definitions of "payment transaction"; and why neither the gift card holder nor the retailer/issuer are a "payer" or "payee" respectively. But I suspect that may open a can of worms...

The FCA's view also represents a key area of potential divergence from EU payments law in the Brexit context, to the extent that the Commission and EEA regulators may well decline to adopt the FCA's interpretation. The Central Bank of Ireland, for example, includes "prepaid gift card to buy cinema tickets" in the list of programmes that fall within the limited network exclusion. The FCA does not seem to be concerned that the same programme that regulators insist must be registered in, say, France - and therefore surface in the European Banking Authority's register of large limited networks - would not be registered at all in the UK. That wider uncertainty creates confusion and the potential for "regulatory creep" as firms might take action beyond what is required by the FCA in order to avoid it - such as shutting programmes, outsourcing or applying to register unnecessarily (at least from a UK standpoint). 

The sooner such scope for confusion at EEA level is removed, the better.

At the same time, however, the FCA's view does not alter the need for retailers to be careful about the implications of any changes made to their programme, in case they find that the limited network exclusion does then apply and needs to be registered.