Proposed Extension of UK Cryptoasset Regulation

The UK Treasury is consulting until 21 March 2021 on its approach to extending financial regulation to 'cryptoassets'. This is intended to build on the FCA's previous guidance on the UK's regulatory approach to cryptoassets, which divides them into regulated 'e-money' and 'security' tokens and unregulated 'utility' and 'exchange' tokens. Any token could fall into multiple categories, with 'stablecoins' being a prime example that will likely be regulated in their own right. Certain types of service provider will become subject to the full weight of FCA authorisation and regulation. A 'technology neutral' approach means that any asset which replicates the features of a regulated cryptoasset will also be regulated as one ('same risk, same regulatory outcome'). The goal is to protect the 'regulated financial system' not consumers or investors, so speculation in unstable 'exchange' tokens, such as Bitcoin, will remain unregulated (but subject to anti-money laundering checks and, potentially, rules on financial promotions). A key challenge for some existing cryptoassets is that some authorisation requirements would need to have been addressed at launch but were not. Due to the digital, decentralised and cross-border nature of cryptoassets, the government is considering whether firms actively marketing regulated tokens to UK consumers should be required to have a UK establishment and be authorised in the UK.

Extending the concept of 'cryptoasset'

The Treasury takes a broader view of cryptoassets than authorities have done to date, defining them to be 

"a digital representation of value or contractual rights that can be transferred, stored or traded electronically, and which may (though does not necessarily) utilise cryptography, distributed ledger technology or similar technology."

The term ‘token’ is used interchangeably with ‘cryptoasset’. This means that the government's proposals go beyond the proposed extension of financial promotions regulation and the scope of the UK’s anti-money laundering regulations (implementing the EU's 5th Money Laundering Directive).

It is proposed that stablecoins - or 'stable tokens', as the Treasury refers to them - should receive a distinct regulatory status but this will affect assets designed to similar effect that are not based on distributed ledger technology.

FCA research published in June 2020 estimated that 4% of the UK population use or invest in cryptoasset, of whom:

• 47% of UK cryptoasset consumers said they bought cryptocurrencies ‘as a gamble that could make or lose money’; 
• stablecoins are the most likely to be used as a means of payment; 
• 27% of stablecoin owners have used those tokens to purchase goods and services.
  
• 89% understood that cryptoassets are not subject to regulatory protections. 

The government is therefore considering an approach in which the use of currently unregulated tokens and associated activities primarily used for speculative investment purposes, such as Bitcoin, could initially remain outside the perimeter for conduct and prudential purposes, while subject to more stringent regulation in relation to consumer communications via the financial promotions regime (if adopted) and anti-money laundering regulation. 

Utility tokens (used to access a system or service, for example) would also remain outside the authorisation perimeter. 

The issuance and use of stablecoins concerns the government more than rampant speculation in cryptoassets by consumers, partly in light of 10 recommendations from the Financial Stability Board of the Bank of England in December 2019. 

In other words, the more likely that a cryptoasset could be reliably used for retail or wholesale transactions, the more likely it will be subject to a UK authorisation regime. 

Yet investors should be left unprotected in relation to tokens that are not suitable for retail or wholesale transactions. These include ‘algorithmic stablecoins’ that seek to maintain a stable value through the use of algorithms to control supply, without any backing by a reference asset, as they are judged to pose similar risks to unbacked exchange tokens and in their ability to maintain stability of value. You're free to lose your shirt, just so long as it does not affect the 'system'.

Likely scope of authorisation

Key regulated participants are likely to include: 

• issuers or systems operators, responsible for managing the rules of a system, the infrastructure, burning and mining/minting coins (among others);
• cryptoassets exchanges, enabling the exchange of tokens for fiat money or other tokens;
• wallet providers, who provide custody of tokens and/or manage private keys and are often the main customer contact point, along with exchanges. 

Regulation would apply to such firms where they undertake the following functions or activities:

• issuing, creating or destroying asset-linked tokens 
• issuing, creating or destroying single fiat-linked tokens 
• value stabilisation and reserve management 
• validation of transactions 
• facilitating access access of participants to the network or underlying infrastructure 
• transmission/settlement of funds 
• custody and administration of a stable token for a third party, including the storage of private keys 
• executing transactions in stable tokens 
• exchanging tokens for fiat money and vice versa 

The following high-level requirements would be necessary for authorised firms:

• meeting certain gating criteria and threshold conditions prior to operating;
• capital, liquidity, accounting and audit requirements;
  
• maintenance and management of a reserve of assets underlying the token’s value and ensuring the quality and safekeeping on those assets;
  
• orderly failure and insolvency requirements;
  
• safeguarding requirements, principally on wallets and exchanges to ensure those entities are appropriately protecting users' tokens and the privacy and security of keys to those tokens;
  
• systems, controls, risk management and governance;
  
• notification and reporting;
  
• record keeping;
  
• conduct requirements toward customers;
  
• financial crime requirements;
• outsourcing requirements;
  
• operational resilience, service reliability and continuity requirements; and
  
• security requirements (including cyber and cloud).
  

Systemic Stablecoins

The government is considering requirements in relation to the reserves held for stable tokens (and related innovations), particularly where they operate at systemic scale (intended for widespread use in retail or wholesale transactions). Issuers would need to hold reserve assets in central bank accounts, commercial bank deposits or high-quality liquid assets.

Arrangements similar to existing 'payments systems' may need to be regulated by the Payment Systems Regulator as system operators, infrastructure providers or payment service providers in relation to that system. 

A systemic stable token arrangement could be assessed for Bank of England regulation in the same way that current payment systems and service providers are when potential disruption could lead to financial stability risks. Criteria include consideration of their ability to disrupt the UK financial system and businesses based on current or likely volume and value of transactions, nature of transactions and links to other systems, as well as substitutability and use by the Bank of England in its role as monetary authority. 

This would mean that a stable token with significant potential to be systemic at launch would need to be captured from launch by such regulation. Appropriate triggers would include likely user base, likely transaction volumes and likely avenues for acquisition of customers. 

Issuers or system operators that reach systemic status, as well as critical service providers, would be subject to regulation by the Bank of England and would be required to produce an annual compliance self-assessment. 

March Deadline For Buy Now Pay Later Offerings

Source: Financial Times

'Buy now pay later' providers and merchants have until 2 March 2021 to meet new guidance on how to comply with advertising standards. The guidance is summarised below. Please let me know if you need assistance.

Unregulated BNPL offerings allow consumers to defer full payment for a short period or allow payment by instalments, without interest.

To comply with the Advertising Standards Authority's CAP and BCAP Codes, all marketing communications for BNPL (including text on online checkout pages) must not be misleading. 

The ASA requirements apply even though the offering is not regulated by the Financial Conduct Authority, so it must be clear that BNPL services are still a form of credit and that using it could result in late payment fees, referral to debt collection agencies and have a negative impact on the customer's credit score. 

Marketing should not imply that is suitable for all customers or is risk-free credit.

Any claims that using BNPL will not impact a person's credit score or have no consequences for missing payments must be substantiated - particularly as debts may be sold to debt collection agencies. 

It is permissible, however, to explain that a "soft" credit check may not affect the customer's credit score, where that is in fact the case.

BNPL is not "free" if any fees are payable in any circumstances. 

Claims cannot be qualified in a way that contradicts the claim being made.

Ads for financial products must state the nature of the contract, any limitation, expense, penalty or charge and the terms of withdrawal. 

If the ad is brief, consumers should be directed to a page with all the relevant information (NB: this conflicts with FCA requirements that regulated consumer credit advertisements must be 'standalone compliant' - i.e. show all the required information, e.g. using a screenshot).

Where BNPL is offered during checkout: 

• it should be explicitly clear to customers (not disguised as means of entering card details as if paying by card immediately
• other available payment methods should be obvious.
• all relevant information must be set out on the page (not via a link).

This post is for information purposes only and is not legal advice and should not be relied upon as such.  Please let me know if you do need advice.  

Low Take-Up Of UK Temporary Permissions Regime By EEA Firms With UK Passports?

According to the FCA's figures in August 2016, the end of financial services passporting between the EEA and the UK was going to leave 5,476 UK finance firms potentially needing a new passporting 'hub' in one of the remaining 27 EU countries and 8,008 EEA firms potentially needing a UK base to cover their UK offerings. So, how many have acted?

There has definitely been a scramble by UK firms to set up in the EU27, although the figures are spread across multiple registers, and regulators do not disclose the numbers of applications that are still in progress. The Central Bank of Ireland claimed "well over 100" in September 2019, for example, with similar numbers thrown out by others. 

Not all firms might use their passports, of course. It's quite straightforward to take advantage of the passporting regime - a simple notification to your home state regulator, which then notifies the various host state regulators. And there's no obligation to actually use a passport. Many firms will have ticked the box for all EEA countries to avoid inadvertently committing an offence wherever their customers happened to reside. And the picture is perhaps distorted by non-EEA corporations who were using the UK as their passport hub, so their new Irish subsidiary would not count as an application by a UK parent.

There has been less pressure on EEA firms who operate under passports in the UK because the FCA offered a Temporary Permissions Regime (TPR) that allows them to continue trading for 3 years as if they were passporting. The registration deadline has been extended each time Brexit has been delayed, so the current deadline is 30 January 2020. However, it's likely that most, if not all, EEA firms that were intending to use the TPR option will have already registered, although some newly authorised firms could still squeeze in (e.g. new FinTech firms).

At any rate, the Financial Conduct Authority has responded to a Freedom of Information Act request with the news that 1,441 EEA-based firms had applied for the TPR by October 2019. Of those, 228 are based in Ireland, 170 in France, 165 in Cyprus and 149 in Germany. 

If this is to be considered a high take-up of the TPR option, then it would appear that only about 18% of EEA passports into the UK were actually being used. That's perhaps not unreasonable, given the tick-box approach to passporting to avoid inadvertently committing an offence in the UK in the event that they ended up with UK customers.

In any event, these 1,441 firms now have until 30 January 2023 to decide whether to set up offices in the UK and get authorised locally, to the extent they continue to serve the UK market.

E-commerce Marketplaces, Commercial Agents and PSD2

E-commerce marketplaces are now common in most sectors, enabling suppliers and consumers of all types of goods and services to find each other, contract directly, pay or be paid, arrange delivery and download their transaction data. But action being taken by some payment service providers (PSPs) suggests that many marketplace operators who offer this service in the European Economic Area may not have realised that the payment step needs to be structured in a way that avoids the need for the operator to be authorised by an EEA financial regulator as a payment institution or e-money institution under the Payment Services Directive or E-money Directive (depending on whether the supplier or customer is able to hold a balance in their 'account').

Some financial regulators, like the UK's Financial Conduct Authority, take the view that offering a payment service or e-money service has to be the operator's regular occupation or business in itself to fall within the scope of the PSD or EMD in the first place (the "business test"), although the payment step would need to be a small, ancillary part of the service offered and this is open to interpretation. But less pragmatic or experienced regulators around the EEA might apply the Directives simply because the operator is running a business of any kind. 

This means operators should err on the side of structuring their activities to avoid holding balances and to take advantage of an exclusion under the Payment Services Directive (e.g. for commercial agents authorised to negotiate or conclude contracts on behalf of either the payer or payee); or involve a PSP to handle the receipt and distribution of funds (or become the registered agent of a PSP). 

Other exclusions under the PSD or EMD may also be helpful. But even relying on an exclusion can be somewhat tricky because the interpretation of exclusions can vary from regulator to regulator across the EEA; and there is no 'passport' for one regulator's interpretation as there is for regulated PSPs who can offer their service across the EEA from under authorisation in their home member state. 

That means an operator should seek legal advice on how to structure its activities appropriately under the law of its home EEA member state; and if that involves relying on the local regulator's interpretation of the business test or an exclusion, the operator should check that analysis works under the law of each member state where the operator has a presence or significant numbers of participants (whether suppliers or their customers).  Acting on formal legal advice should also make it less likely that a regulator will take action for acts or omissions consistent with that advice, although it will not necessarily stop a regulator requiring a different structure going forward.

Use It Or Lose It: The UK Temporary Permission (Passport) Regime

The UK's Financial Conduct Authority has told firms based elsewhere in the European Economic Area who rely on a 'passport' to offer their financial services in the UK to notify the FCA if they intend to use the UK "temporary permissions regime" (TPR). The Prudential Regulatory Authority has issued a similar direction to the banks and other firms it regulates.

Notifications to the FCA must be made by submitting the Temporary Permission Notification Form containing the necessary information via the FCA's "Connect" system between 7 January and 28 March 2019.

Firms that have not submitted a notification during that period will not be able to use the TPR.

The FCA told Parliament in 2016 that there are 8,008 EEA firms holding 23,532 passports covering their UK financial services offerings. 

EU Warns Firms To Act On Loss Of Financial Services Passports

The European Union has today warned financial services firms that rely on EU passports to make alternative arrangements ahead of Brexit. Separate warnings were made to ratings agencies, investment firms, insurers and reinsurers,  banks and payment services firms, auditors, providers of post-trade services (settlement and clearing), and asset management. Warnings were also issued to participants in other pan-EU licensing schemes.

This is nothing new, as explained previously, and many firms have already activated their plans to move EEA-facing operations into one of the 27 remaining EU member states.

The warning is timely, however, in case any firms are distracted by UK government "assurances" concerning potential free trade arrangements following previous EU warnings in December, which the UK government has conceded the EU is legally entitled to issue. 

Such deals do not usually deal very extensively with services, and 'most favoured nations' obligations in existing EU trade deals with third countries mean that it is very unlikely that the EU will wish to - or realistically be able to - set any kind of precedent in a deal with the UK.

The UK government's insistence on the leaving the single market and the customs union effectively rules out the UK remaining a member of the EEA (like Norway). That means the only alternative to Brexit is remaining a member of the EU.

Are UK Retailers Ready for The Ban On Payment Charges To Customers?

As mentioned previously, UK retailers won't be able to charge their customers a fee for using most forms of payment from 13 January 2018, and must refund any charges that violate the ban or limit. Certain surcharges within the scope of the regulations will remain permissible, but must not exceed the actual costs incurred in accepting the relevant payment method.

Customers will have teeth. Any contractual term requiring payment of a problem fee will be unenforceable to the extent of the excess charged, and will be treated as requiring the excess to be repaid. These rights can be enforced in the courts or alternative dispute resolution schemes. Customers might also initiate chargebacks for the excess amounts via their card issuer (or make a claim against the issuer under section 75 of the Consumer Credit Act).

Local Trading Standards authorities will have to consider complaints they receive from payers concerning prohibited charges, and must then decide whether to apply for an injunction or any other appropriate relief or remedy against the relevant payee or to accept undertakings to avoid court action. They must also notify the Competition and Markets Authority of any undertakings or the outcome of proceedings taken, which will be publicised for their reputational impact.

In addition, the authorities may seek enforcement orders under the Enterprise Act 2002. Where there is collective harm, the court can restrain continued or repeated conduct. 

I should add that the above restrictions apply to any "payee", not just retailers, as well as to bank transfers and direct debits in euros. They also cover business “payers”, not just consumers. However, excluded from the ban are charges for using commercial payment instruments - issued to businesses, public sector entities or the self-employed and limited to use for business expenses where the payments are charged directly to their account. But charges for using those must only cover the cost to the retailer of using that specific payment instrument.

The restrictions have been introduced in The Consumer Rights (Payment Surcharges) Regulations 2012 by the Payment Services Regulations 2017.

Update on 15.12.17: The government has now published its revised guidance on the Regulations, taking into account the ban introduced from 13 January 2018, as well as how to calculate appropriate surcharges where they are expressly permitted.

Red Alert: Retailers With Loyalty Progammes

Three years after being announced in the UK and I suspect many retailers are yet to realise that their loyalty/store card programmes will be regulated by the Financial Conduct Authority from 13 January 2018 - likewise across the European Economic Area. 

As the FCA now also warns, retailers who offer such programmes anywhere in the EEA will need to track the annual transaction volumes very carefully, starting with the completely arbitrary and inconvenient date of 13 January 2018. 

If the volume meets or exceeds €1 million (or the GBP or local currency equivalent) in any 12 month period (the first ending on 12 January 2019), the retailer must notify the FCA (or local regulator) within 28 days (by 10 February 2019).  Firms may also choose to register at any time from 13 October 2017.

But be sure of the outcome before you decide whether or not to register!

The regulator must then decide whether the programme is exempt from regulation as an e-money/payment service.  

If the firm fails to notify, it commits an offence under the Payment Services Regulations 2017 (or local equivalent implementing the second Payment Services Directive (PSD2)). 

If the FCA decides the programme is exempt, then it must include the retailer on the FCA's register of 'limited networks', and the name will be added to a central register of all such firms across the EEA.

If the FCA decides the programme is not exempt from regulation the retailer can appeal, but basically this means the firm will have been found to be violating the Electronic Money Regulations 2011 and/or Payment Services Regulations 2017 by issuing e-money and/or offering a payment service without being duly authorised/registered to do so. Major problem!

So retailers really have to decide now whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

Of course, the mere fact that retailers with loyalty schemes have to be mindful of these requirements and go through the process means they are in effect regulated by the FCA. Ignorance, as they say, is no defence.

Of Card Payments, Consumer Protection, SMEs and Merchant Aggregators

Consumer advocates have raised the issue of some uncertainty about which credit card transactions benefit from the statutory right to pursue the card issuer if a merchant makes a misrepresentation or breaches the contract for sale of an item (see the April article from MoneySavingExpert). Many do not realise that the uncertainty arises from arrangements that enable small businesses to accept card payments, overlooking important benefits to SMEs and consumers alike. If SMEs (which represent 99% of UK businesses) cannot accept card payments, consumers may find it less convenient to deal with them, threatening their livelihoods and over half the UK's new jobs, while also reducing consumer choice and competition for large retailers. The statutory right is also subject to exceptions that mean the transaction might not be covered anyway. Yet cardholders still have 'chargeback' rights under their card terms, which are more generous and involve less hassle than making a statutory claim.  So, my own view is that the benefit of enabling small traders to offer their customers the convenience of paying by card outweighs the potential lack of a statutory claim against the card issuer, because the cardholder has the greater comfort of being able to initiate a chargeback anyway. 

Statutory Rights

Consumer credit transactions that involve the borrower (e.g. a credit cardholder), the creditor (e.g. a credit card issuer) and a supplier (merchant) under the same agreement benefit from a provision of the Consumer Credit Act (CCA) that makes the creditor liable for any misrepresentation or breach of contract relating to the sale of the item (section 75). Various exclusions apply. For instance, it only covers items over a £100 up to £30,000 and it does not cover or must be more than Another provision covers transactions where the credit agreement did not directly involve the supplier but was specifically linked to the sale of a specific item (section 75A). Again, however, there are exceptions and it only applies to transactions for an amount exceeding £30,000 up to £60,260, so it is unlikely to be relevant to card transactions.

Chargeback Rights

Under rules governing the operation of the card schemes, such as MasterCard, card transactions can be reversed or 'charged back' in various cases including cardholder dispute within 180 days of the transaction. This right is wider than the statutory right under section 75 of the CCA because it applies to debit card transactions as well as credit card transactions, and the reasons for initiating a chargeback go well beyond the scope of the statutory right (see the list of reasons on page 54).

Merchant Aggregators

Card schemes operate by enabling issuers to issue payment cards that can be presented to participating merchants, who send the transaction data to an 'acquirer' who then obtains payment from the relevant card issuers via an 'interchange' process run by the card scheme operator. 

Typically, the merchant must have a direct contract with an acquirer, but that is expensive to set up and administer in the case of small merchants. 

So to give cardholders the convenience of being able to pay small merchants, the card schemes allow approved intermediaries (MasterCard calls them "Payment Facilitators", for example) to represent  small businesses more efficiently and cost effectively under a single contract with the acquirer, enabling those 'submerchants' to accept card payments where their annual transaction volume is less than $1m or local currency equivalent (increased from $100,000 a few years ago). WorldPay, the UK's largest card acquirer, explains its aggregator program here, for example; and MasterCard has a global list of approved Payment Facilitators by region.

In addition, department stores and e-commerce marketplaces may be treated by the card schemes as the merchant, where the obligation to pay the price of an item offered by a third party seller is satisfied by paying the store or marketplace operator rather than the seller directly. Where problems arise in that context, even though section 75 claims would not be possible, the cardholder typically has the right to either use the marketplace's own dispute resolution and compensation process or, in any event, to initiate a chargeback (large third party sellers will also have their own returns and complaints resolution and compensation process). Such 'master merchant' relationships are also important channels for small businesses to gain access to larger markets, again improving convenience, consumer choice and competition.

The point in all these cases is to weigh the benefits to consumers of convenience, increased choice and competition - as well as the benefits to SMEs who are able to access a wider market, grow and create more new jobs - against the loss of the relatively narrow rights under section 75 compared to chargeback rights and other remedies.

#PSD2: The FCA Clarifies The "Business Test"

In deciding whether or not a firm's activities are caught by the new Payment Services Directive (PSD2) as implemented in the UK by new Payment Services Regulations, one needs to first consider whether the activities are conducted by way of business. This is a question of fact and degree that can be difficult to answer. In the consultation on its approach to supervising the new regulations, the Financial Conduct Authority has helpfully done a lot more than it has in other areas to clarify when it considers that a payment activity will constitute 'a regular occupation or business' in itself, as opposed to being merely part of another type of business.

FCA's current guidance on the Payment Services Regulations 2009 states (at PERG 15.2, Q.9):

“…Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations. Accordingly, we would not generally expect solicitors or broker dealers, for example, to be providing payment services for the purpose of the regulations merely through operating their client accounts in connection with their main professional activities.”

The FCA has revised Question 9 as part of its proposed draft changes to the Perimeter Guidance to read as follows:

"Q9. If we provide payment services to our clients, will we always require authorisation or registration under the regulations?

Not necessarily; you will only be providing payment services, for the purpose of the regulations, when you carry on one or more of the activities in PERG 15 Annex 2:

• as a regular occupation or business activity; and

• these are not excluded or exempt activities.

Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations (see definition of "payment services" in regulation 2(1)). In our view this means that the services must be provided as a regular occupation or business activity in their own right and not merely as ancillary to another business activity. Accordingly, we would not generally expect the following to be providing payment services as a regular occupation or business activity:

• solicitors or broker dealers, merely through operating their client accounts in connection with their main professional activities;

• letting agents, handling tenants’ deposits or rent payments in connection with the letting of a property by them;

• debt management companies, receiving funds from and making repayments for a customer as part of a debt management plan being administered for that customer; and

• operators of loan or investment based crowd funding platforms transferring funds between participants as part of that activity.

The fact that a service is provided as part of a package with other services does not, however, necessarily make it ancillary to those services – the question is whether that service is, on the facts, itself carried on as a regular occupation or business activity."

Simlarly, in Question 38, the FCA proposes to state:

"Q38. We are an investment firm providing investment services to our clients - are payment transactions relating to these services caught by the regulations?

Generally, no. Where payment transactions only arise in connection with your the main activity of providing investment services, in our view it is unlikely that you will be providing payment services by way of business. In those limited cases where you are, the PSRs 2017 do not apply to securities assets servicing, including dividends, income or other distributions and redemption or sale (see PERG 15 Annex 3, paragraph (i))."

In relation to e-commerce marketplaces, the FCA proposes to add the following question to its Perimeter Guidance:

"Q33A. We are an e-commerce platform that collects payments from buyers of goods and services and then remits the funds to the merchants who sell goods and services through us – do the regulations apply to us?

The platform should consider whether they fall within the exclusion at PERG 15 Annex 3, paragraph (b). The PSRs 2017 do not apply to payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Recital 11 of PSD2 makes clear that some e-commerce platforms are intended to be within the scope of regulation. An example of where a platform will be acting for both the payer and the payee would be where the platform allows a payer to transfer funds into an account that it controls or manages, but this does not constitute settlement of the payer’s debt to the payee, and then the platform transfers corresponding amounts to the payee, pursuant to an agreement with the payee.

The platform should also consider whether they are offering payment services as a regular occupation or business activity (see Q9). Depending on your business model, the payment service may be ancillary to another business activity, or may be a business activity in its own right. Where the payment service is carried on as a regular occupation or business activity, and none of the exclusions apply, the platform will need to be authorised or registered."

The FCA also proposes to add Question 34A relating to "online fundraising platforms":

"Q34A. We are an online fundraising platform which collects donations in the form of electronic payments and transmits funds electronically to the causes and charities that have an agreement with us - do any of the exclusions apply to us?

Persons collecting cash on behalf of a charity and then transferring the cash to the charity electronically do not fall within the exclusion in PERG 15 Annex 3, paragraph (d), unless they themselves are carrying this out non-professionally and as part of a not-for-profit or charitable activity. For example, a group of volunteers that organises regular fundraising events to collect money for charities would fall within this exclusion. On the other hand, an online fundraising platform that derives an income stream from charging charities a percentage of the money raised for them is unlikely to fall within this exclusion.

Nor will an online fundraising platform accepting donations and then transmitting them to the intended recipient be able to take advantage of the exclusion in paragraph (b), as they are not a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Online fundraising platforms should also consider the guidance in Q33A."

There may be some confusion over whether a platform is an "online fundraising platform" covered by Questions 33A and 34A, as opposed to a 'donation/reward based crowdfunding platform' which I would suggest should be treated consistently with loan/investment based crowdfunding platforms under Question 9 above.

Consultations On Supervision Of New Payment Services Regs Under #PSD2

The FCA is consulting on its approach to supervising the new regulations that will implement PSD2. It's a huge job, and delays to the release of the draft regulations has left little time to prepare for the regulations to take effect from 13 January 2018. Responses to the FCA consultation are due by 8 June 2017, and can be provided online. 

The consultation is explained in the first 60 pages of the main policy document, and the detailed changes to the FCA Handbook is in the Annexes (another 217 pages worth!), including important updates to the 'perimeter guidance' on activities that are in scope, out of scope or excluded (Annex K from page 223 of the PDF version).

The FCA has also helpfully published a mark-up showing changes to its Approach Document that explains how it regulates the current PSD. The regulations are still in draft, so the FCA's guidance may also change if the regulations do; and there are certain 'regulatory technical standards' being developed that could also produce changes over time.

Meanwhile, the Payment Services Regulator has also issued its guidance on how the draft regulations impact its supervision of payment systems.

Unfortunately, the UK's view of PSD2 may not be consistent with other member states, and further divergence could occur after Brexit. The main consequences of this are explained in my answer to Question 1 of the Treasury consultation.

I will likely publish my general observations on the FCA's proposed changes in the coming weeks, where possible. 

In the meantime, my general response to the Treasury consultation on the draft Payment Services Regulations is here; and I've also previously posted on the following general issues under PSD2:

• Loyalty schemes with volumes over €1m (or GBP equivalent) must register with FCA, which must decide if they are a ‘limited network’; 
• Are Merchant Checkouts ‘Payment Instruments’? – may impact how checkout processes are structured/hosted and who by; 
• What is a ‘Payment Initiation Service’? – could affect merchants and various ‘technical service providers’ who support payment processes but don’t handle funds; 
• What is an ‘Account Information Service’? – new issue for accountants, personal data aggregators, cloud storage providers etc. who handle payment account data; 
• Are ‘bill payment services’ in or out of scope of new UK payments regs? 
• Post-Brexit outlook for passporting – if you need to get authorised to offer services across EU/UK, where do you do it? 

Post-Brexit Outlook For Passported Financial Services

Well it's been a dismal six months watching the politicians shadow-box among themselves over what Brexit really means. There's no shared vision of the big picture, let alone any grip on the detail. What is clear, however, is that size matters in trade negotiations. So the larger trading partners like the EU will dictate their own terms in any deals. And while the application of logic seems to be prohibited in this 'post-truth' era, I intend to proceed on the basis that the UK will not even be a member of the EEA (or the Customs Union) - and that it certainly won't get a better trade deal with the EU than it has today. That means the only real job left for UK politicians is to figure out who gets pork-barrelled compensated by the UK taxpayer for being worse off for having to treat the EEA as a separate market (where they can't pass those costs onto their UK/EEA customers more).

While the car makers got in first, ejecting from the EU/EEA poses a very significant challenge, in particular, for the 5,476 of the UK firms relying on 336,421 'outbound' passports to avoid being authorised in every EEA member state. This works out at 61 passports per firm, which is somewhat strange given there are 31 EEA countries, but passports are counted for each separate directive that requires them (only one if a firm has several under the same directive). Brexit is also a challenge for the 8,008 EEA firms that hold 23,532 passports (about 3 each) to cover their UK offerings.

In essence, a total of 13,484 firms need to apply for 359,953 additional regulatory permissions over the next two years if they want to continue to make sure they can cover their existing markets.

Such applications don't come cheaply or quickly, and involve significant ongoing management and administration costs following authorisation. And because most of the work will be required abroad, the lion's share of the related fees and expenses will be charged outside the UK, worsening the UK's trade deficit even further. The UK can also kiss goodbye to the tax revenues on the earnings of each foreign firm, as well as the incomes of its management and staff...

But that's all water under the bridge (or out the English Channel, if you will).

During the next two years, any financial services firm based in the UK/EEA that relies on a passport for cross-border activities or ambitions involving the UK will need to pursue the following options, either organically or by acquisition: 

• Retain/obtain authorization for an entity established in the UK, if it wishes to serve the UK market;

• Obtain/retain authorization for an EEA-based entity to take advantage of the EEA passport regime for the remaining EEA countries;

• Seek to rely on any passporting arrangements that the UK may agree with non-EEA countries (these could only be formally agreed post-Brexit, but might be planned in the meantime);

• Obtain/retain authorisations in any non-EEA countries it wishes to target - as is the case today, but the cost/benefit of targeting some of these countries may now have changed, given the extra cost of authorisation to serve EEA markets, and perhaps jockeying among countries wishing to take advantage of the situation.

So where would you base your EEA-passport firm?

The relevant analysis, if not the outcome, will vary significantly depending on the type of financial services and markets involved. Most of the relevant passports relate to general insurance intermediation and trade in various securities/markets, but payment and e-money services represent the third most popular category with perhaps greater retail significance - here 350 UK firms rely on outbound passports and 142 EEA firms passport into the UK.  According to a report commissioned by the Emerging Payments Association, the 350 UK firms have six countries to choose from as a potential base for their EEA passport entity, based on criteria including the ease of making an application, supportive regulatory approach/attitude, ease of setting up and doing business, jurisdictional reputation and sovereign/political risk:

• Cyprus 
• Denmark 
• Ireland 
• Luxembourg 
• Malta 
• Sweden

While not wishing to disparage any of those fine jurisdictions, you will see from the commentary in the EPA report why the UK is walking away from a (literally) golden opportunity to continue its role as the preferred EEA passporting hub for financial firms (many of which are managed or staffed by people who moved to the UK for that reason).  Yet, while that commentary is very helpful and a useful lens through which to view options, I know from personal experience that it does not always reflect reality on the ground or capture all the criteria that are relevant to the decision for each firm - and the authors don't pretend that it does.

We are only at the beginning of a very long and expensive journey...

The Next Revolution in UK #Payments: Non-bank PSPs and The RTGS

The Bank of England is consulting on the reform of its Retail Gross Settlement System ("RTGS"), which processes half a trillion pounds worth of transactions a day covering almost every payment in the UK economy — from salaries to invoices, from car purchases to retail sales, pensions and investments. 

The system is 20 years old and needs to be reinvented in way that is more flexible and cost-effective. It must interoperate with a wider range of payment systems on a 24x7 basis and better support the increasingly rapid evolution of various new payment methods in the retail, commercial and financial markets.

Responses can be made online by 7 November 2016. 

RegTech Bottleneck?

The UK's Financial Conduct Authority is rightly proud of its Innovation Hub, Regulatory Sandbox and new "RegTech" approach, which includes "managing regulatory requirements more efficiently, and... how we can best support developments and potentially adopt some RegTech solutions ourselves."

But the figures suggest that either more resources are required or there has to be a quicker route to market for new firms.

Of 413 requests received as at February, about 215 firms (52%) obtained support from the FCA's Innovation Hub. But only 39 firms (18%) have either been authorised (18) or are going through the approval process (21).  And in a recent statement defending its record on processing applications for authorisation by P2P lending platforms, the FCA said that it has only processed 8 of 94 applications received (about 9%).

Something is gumming up the works!

In its statement on the P2P lending process, the FCA bravely claims that it is "taking a proportionate approach to regulation, recognising the need for consumers to be adequately protected and have the information they need". It has a deadline of 12 months to decide on applications (actually 6 months for complete applications). But it's not like these firms are trying to flout the law - they have willingly approached the FCA for approval. Indeed, the P2P lending industry spent years lobbying for regulation of the sector, which was introduced by the Treasury in early 2013 and took effect on 1 April 2014. Yet since then the FCA's figures suggest that over 40 new firms have applied to enter the market and 42 of them are unable to trade because their application to do so is yet to be approved. Another 44 firms are still relying on their interim permission by virtue of being licensed under the previous regulatory regime, and therefore (ironically) cannot offer the new Innovative Finance ISA because they are not yet fully authorised.

How many firms are able to persist against these regulatory headwinds remains to be seen, but the approach seems neither proportionate nor worthy of the FCA's ambition to foster innovation and competition for the benefit of consumers. So far, the traditional players remain pretty safely sheltered behind the FCA's regulatory wall.

Something must be done.

Either the FCA needs more resources or it must adopt a more expeditious approach to granting regulatory approval - a mechanism that allows firms to begin trading more quickly under certain thresholds, for example, as is the case with small payment institutions and small e-money institutions. Indeed, payment services firms enjoy their own regulatory regime (with a 3 month turnaround time for complete applications); and the P2P industry lobbied for that regime to be used as the basis for regulating their platforms - an approach which the French and Spanish have since adopted and the European Banking Authority supports.

Can It Really Be #PSD2?!

The new Payment Services Directive (PSD2) has been approved by the European Parliament. Following the Parliament’s vote, in order to take effect, the Directive must be formally adopted by the EU Council of Ministers and published in the Official Journal of the EU. This is explained by the European Commission here. I understand that should be done by sometime in November. In the meantime, the official version is published by the European Parliament here. From that date of publication in the Official Journal, Member States will have two years to introduce the necessary changes in their national laws in order to comply with the Directive.

I have updated my note for SCL on PSD2 accordingly.

PSD2 - EU Sleight of Hand?

True to form, the EU Parliamentary process threw up an amended proposal for the new Payment Services Directive last Tuesday, leaving everyone two business days to consider it before this week's Parliamentary session. Conspiracy theorists will wonder what last minute lobbying victories were secured and what might have been different with a few weeks to consider them.

It seems pointless to review the draft, let alone summarise any changes, since further changes may well emerge this week from lurking MEPs. Who knows what will finally pop out in the Journal? Only those swimming in the primordial soup.

My summary of the June draft is here.

More Sunlight On #Payment Accounts

The Payments Account Directive (PAD) must be implemented in the UK by 18 September 2016, and the Treasury is consulting on how to do it. You have until 3 August to respond. This post explains the key features of PAD and the likely UK impact, according to the Treasury.

Key Features of PAD

Perhaps the most important feature of PAD is that payment accounts with certain basic features must be made available by banks to all consumers, including the homeless and asylum seekers, within 10 business days after receiving a complete application. Only banks will have to participate in that scheme, rather than other types of payment service providers (PSPs), like payment institutions and e-money institutions (the privileges and state guarantees enjoyed by banks must come at a price, after all). Such 'basic bank accounts' should be free of charge, or subject only to a reasonable fee, taking into account certain criteria, and there will be limits on termination.

PAD will also target the top 10 to 20 types of fee-based services commonly used by consumers in connection with a payment account or current account, and which generate the highest cost. The authorities have to provide that list to the European Commission and the European Banking Authority a year in advance, so they can specify technical and terminology standards in time for implementation by member states. That 'hit list' will be updated every four years.

The idea is we will each get a 'fee information document' in various forms before we sign up to a payment account or current account, as well as an annual statement of fees. We must also be able to refuse any 'packaged' features (like insurance), or get them separately, if we wish.

Member states have to ensure that at least one comparison website compares the fees for the top 10 to 20 types of fee-based services. There are rules to keep the comparison websites honest.

A 'switching service' must enable the prompt transfer between PSPs of information about all or some standing orders, recurring direct debits and incoming credit transfers, and of any positive balances from one payment account to the other, without necessarily closing the first payment account. The information must be available free of charge; and any other related fees that are charged must be "reasonable and in line with the actual costs" of the relevant PSP (except in cases of abnormal and unforeseeable circumstances beyond the control of the PSP, the consequences of which would have been unavoidable despite all efforts to the contrary, or where a PSP is complying with a statutory obligation). Any financial losses incurred by consumers due to switching must be refunded by the PSP without delay.

Similarly, PSPs must facilitate cross-border account opening, which will be interesting to see in action.

The Commission must report on the application of PAD and any proposals for improvements by 18 September 2019.

UK impact

The Treasury reckons about 50 firms are covered by PAD, and while some of the requirements are covered by existing UK initiatives, those firms are facing significant costs associated with standardising product descriptions and statements. The PAD requirements for basic bank accounts also go beyond the UK banks' voluntary bank programme (of course), so regulation is required. Only the UK's Money Advice Service will be expected to act as a comparison site. The 'current account switching service' covers most payment accounts likely to be affected, and PSPs who are not members of it will have to provide their own equivalent that meets the PAD requirements.

#PSD2: The Final Chapter?

I have updated my article for the SCL on the differences between the Payment Services Directive (PSD) and the latest compromise text of PSD2, produced following informal negotiations amongst the European Parliament, Council and the Commission.

It seems we are not far away from the final version.

UK Plans For #VirtualCurrencies and #Blockchain Technologies

The Treasury has published its response to the recent call for evidence on virtual currencies. The plan is to apply anti-money laundering regulation to virtual currency exchanges and ensure effective enforcement related to the criminal use of the currencies themselves, including seizure. It will also foster the development of standards for consumer protection in conjunction with the British Standards Institute. The government will also invest £10m to address 'research opportunities and challenges'.

In addition to addressing the risks, the report also explores the benefits of digital currencies as methods of payment, including uses beyond the retail scenarios, as well as other applications of blockchain technology; as well as barriers to suppliers setting up in the UK and how the government can help clear the way.

Alternative uses for the “distributed ledger” technology (i.e. beyond retail payment services) that the Treasury identified were:

• transfer of title to digital assets, with inherent authentication, digital ‘signing’ and time-stamping and record-keeping e.g. recording and transferring the ownership of bonds, shares, securities and other financial instruments; passports, driving licences, criminal records, land registry and digital voting; 
• ‘smart contracts’ and smart payments, whereby users encode requirements into a payment instruction or other message in order to achieve autonomous, self-executing payments and contracts that adjust for specific conditions. 
• decentralised data storage solutions (using blockchain technology to store files securely and efficiently);
• encrypted peer-to-peer messaging networks; and 
• links with ‘smart property’ and the Internet of Things, whereby devices (including autonomous vehicles) communicate with each other and maintain and update themselves semi-autonomously.

Great news for the everyone that the government is positively engaging with this technology.

Changes to #MIF Regulation

Worth noting that the text of the Merchant Interchange Fees Regulation dated 16 January 2015 differs substantively from the version published on 31 October 2014 and considered by MEPs on 17 December. Troubling that no mark-up has been provided. However, I have done the work and updated my previous summary accordingly.