The following posts provide a snapshot of the principal U.S., European and global financial regulatory developments of interest to banks, investment firms, broker-dealers, market infrastructures, asset managers and corporates.
Consultation and Draft Direction on Confirmation of Payee System Issued by UK's Payment Systems Regulator
The Payment Systems Regulator, the regulatory body responsible for monitoring the payment systems industry in the U.K., has published a second consultation paper requesting feedback on its proposals for a mandatory "Confirmation of Payee" service, together with a draft direction setting out deadlines by which the six largest payment services providers should provide such services. The Confirmation of Payee service is being developed to assist in the PSR's fight against "Authorised Push Payment" scams - involving theft of money via fraudulent payment requests made to individuals and businesses - and accidental misdirected payments, which together cause millions of pounds in losses to individuals and businesses annually. Certain payment service providers have committed to introducing a Confirmation of Payee process. However, the PSR considers that progress on doing so has been too slow. The consultation closes on June 05, 2019.
European Banking Authority Publishes Revised Guidelines on Outsourcing Arrangements
The European Banking Authority has published revised Guidelines on outsourcing arrangements. The guidelines are intended to update and replace outsourcing guidelines issued in 2006 (by the EBA's predecessor, the Committee of European Banking Supervisors) on outsourcing by credit institutions. The EBA Guidelines have a wider scope, applying to all financial institutions that are within the scope of the EBA's mandate, namely credit institutions and investment firms subject to the Capital Requirements Directive, as well as payment institutions and electronic money institutions. The investment firms within scope, provided that the new Investment Firm Regulation and Directive and related changes to CRD and the Capital Requirements Regulation have entered into force, will only be the largest investment firms (Class 1 Investment Firms). The Guidelines also integrate the recommendation on outsourcing to cloud service providers that was published by the EBA in December 2017. Both the 2006 guidelines and the December 2017 recommendations will be repealed when these new Guidelines enter into force.
European Banking Authority Reports on EU Regulatory Perimeter for Crypto-Assets
The European Banking Authority has published a report on the application and suitability of the EU bank regulatory framework for crypto-assets. The report is in response to the European Commission's request in its FinTech Action Plan 2018. The report confirms that EU activities related to crypto-assets are fairly low and do not present any financial stability risks. The European Securities and Markets Authority also published a similar report covering Initial Coin Offerings issues within its remit on the same day.
The EBA's report sets out the EBA's findings, the issues arising from the results, the EBA's advice to the Commission and the steps that the EBA intends to take in 2019. The EBA mapped the applicability to crypto-assets and crypto-asset activities of the EU Anti-Money Laundering Directive, the Capital Requirements Directive and Regulation, the second Electronic Money Directive and the second Payment Services Directive.
European Commission Publishes Commission Delegated Regulation on the Electronic Central Register Under Payment Services Directive
The European Commission has adopted Regulatory Technical Standards on the development, operation and maintenance of the electronic central register and access to the information it contains under the Payment Services Directive 2015, known as PSD2. The register will contain details of authorized payment institutions, certain exempt persons and their agents and it will identify the payment services for which each payment institution is authorized or exempt person is registered. PSD2 took effect on January 13, 2018. The electronic central register established by these RTS will be the responsibility of the European Banking Authority. It is intended that these RTS, once published in the Official Journal of the European Union, will be binding and directly applicable in all Member States from twenty days after publication.
View the Commission Delegated Regulation.
UK Payment Systems Regulator Consults on Brexit-Related Changes to Onshore Regulatory Technical Standards Under the Interchange Fees Regulation
The U.K. Payment Systems Regulator has launched a consultation on its proposals to onshore the Regulatory Technical Standards supplementing the EU Interchange Fee Regulation to ensure the RTS can still operate effectively once the U.K. has left the EU. The consultation will primarily be relevant for card schemes subject to the IFR, parties contracting with card schemes and/or processing entities (e.g. issuers, acquirers) and third-party card payment processors.
The PSR is empowered by HM Treasury, under the Financial Regulators’ Powers (Technical Standards) (Amendment etc.) (EU Exit) Regulations 2018, to correct deficiencies in the RTS and to maintain them after exit day. The RTS set out detailed requirements for payment card schemes and processing entities, to ensure there is the requisite level of independence in accounting, organization and decision-making processes. The PSR proposes to amend the RTS in line with the draft Interchange Fee (Amendment) (EU Exit) Regulations 2018, published by HM Treasury on November 16, 2018 to onshore the IFR. The PSR's consultation paper includes a draft of the Technical Standards (Interchange Fee Regulation) (EU Exit) instrument 2019.
Comments on the consultation are invited by December 17, 2018. The PSR intends that the finalized version of the EU Exit instrument will take effect on exit day in the event of a no deal scenario.
View the consultation paper (PSR CP 18/3).
View details of the draft Interchange Fee (Amendment) (EU Exit) Regulations 2018.
UK Conduct Regulator Publishes Second Consultation on Brexit-Related Changes to Its Rulebook and Binding Technical Standards
The U.K. Financial Conduct Authority has published a second consultation on proposed changes to the FCA Handbook and guidance to ensure a functioning legal and regulatory framework for financial services in the event of a "no-deal" scenario whereby the U.K. exits the EU on March 29, 2019 without a ratified Withdrawal Agreement in place and there is consequently no transitional period for firms. The proposed amendments will not take effect on exit day if the U.K. enters into a transitional period.
The consultation includes the FCA's further proposals in relation to those Binding Technical Standards that it has been empowered by HM Treasury to amend prior to Brexit and to maintain afterwards. Since the FCA's first consultation on Brexit-related Handbook changes in October 2018, HM Treasury has published further policy notes and/or financial services "onshoring" statutory instruments with proposed amendments to retained EU law. Many of the FCA's proposals on the BTS are consequential in nature and follow the amendments proposed in the statutory instruments.
UK Legislation Made for Onshoring the EU SEPA Regulation
The Credit Transfers and Direct Debits in Euro (Amendment) (EU Exit) Regulations 2018 were made on November 19, 2018 and will enter into force on the day the U.K. exits the EU. The Regulations are relevant for all Payment Service Providers – banks, payment institutions, e-money institutions and registered Account Information Service Providers.
Draft UK Legislation Published to Onshore the EU Interchange Fee Regulation for Brexit
HM Treasury has published a draft version of the Interchange Fee (Amendment) (EU Exit) Regulations 2018, along with explanatory information. The draft Regulations will primarily affect payment system operators, payment service providers (including banks and building societies) and the businesses and individuals who rely on card payment systems. The Payment Systems Regulator will consult separately on consequential changes to its guidance on the IFR once the draft Regulations are made. The PSR will also be responsible for correcting deficiencies in the Binding Technical Standards made under the IFR.
The draft Regulations amend the EU Interchange Fee Regulation that will be retained on Brexit and the Payment Card Interchange Fee Regulations 2015. The changes are designed to ensure that current laws on interchange fees continues to operate effectively in the U.K. once the U.K. has left the EU.
Three Central Banks Explore Advantages of Wholesale Central Bank Digital Currencies
The Bank of England, the Bank of Canada and the Monetary Authority of Singapore have published a joint report entitled, "Cross-Border Interbank Payments and Settlements." Referring to current industry projects to address existing problems in cross-border payments affecting end-users, commercial banks and central banks, the report analyzes these issues and discusses proposed new models for processing cross-border transactions. The report sets out three models for cross-border payments and settlements and discusses the key considerations and dependencies of each model. Each model is then assessed against the existing identified challenges in cross-border payments.
Model 1 is based on existing plans to enhance the current systems within and across jurisdictions, which is considered to be the baseline for discussions. Model 2 is based on an expanded role for domestic real-time gross settlement infrastructure, which would be "super-correspondents" in settling cross-border payments and would replace existing correspondent banks. Model 3 has three variations, all of which are based on cross-border payments between banks being settled with wholesale central bank digital currencies (W-CBDCs). The three variations are: (i) W-CBDCs that can be held and exchanged only in their home jurisdiction; (ii) W-CBDCs held and exchanged within and beyond their home jurisdictions; and (iii) a single universal W-CBDC backed by a basket of currencies issued by participating central banks.
UK Post-Brexit Legislation Published to Onshore the EU Payment Accounts Directive for Brexit
HM Treasury has published a draft of the Payment Accounts (Amendment) (EU Exit) Regulations 2018, along with explanatory information.
The draft Regulations will amend the U.K. Payment Accounts Regulations 2015, which implemented the EU Payment Accounts Directive in the U.K., to remove references to EU institutions and to remove requirements which were intended to improve the functioning of the EU's internal market.
The draft Regulations will affect all Payments Service Providers that offer payment accounts, and, in particular, the U.K.'s nine designated providers of basic bank accounts. Consumers of payment accounts will also be affected, in particular those who hold basic bank accounts. HM Treasury states that it expects the changes for payment account providers and consumers to be minimal.
European Banking Authority Sets Out Its Work Priorities for 2019
The European Banking Authority has published its Work Programme for 2019, setting out details of, and planned main outputs from, 37 separate work streams across the following five key strategic priorities:
- Leading the Basel III implementation in the EU.
- Understanding risks and opportunities arising from financial innovation.
- Collecting, disseminating and analyzing banking data.
- Ensuring a smooth relocation of the EBA to Paris.
- Fostering the increase of the loss-absorbing capacity of the EU banking system.
The EBA also confirms that work related to Brexit will remain a horizontal priority for the EBA in 2019 and explains that the EBA's other activities may be affected in the future by Brexit-related developments. Should that be the case, any substantial change in the work programme will be communicated in due time, in order to seek steering and approval from its Management Board and Board of Supervisors.
View the EBA's 2019 Work Programme.
UK Conduct Regulator Consults on Brexit-Related Changes to Its Rulebook and Binding Technical Standards
The U.K. Financial Conduct Authority has published its first consultation on proposed changes to the FCA Handbook to ensure a functioning legal and regulatory framework for financial services in the event of a "no-deal" scenario whereby the U.K. exits the EU on March 29, 2019 without a ratified Withdrawal Agreement in place and there is consequently no transitional period for firms. The proposed amendments will not take effect if the U.K. enters into a transitional period after exit day.
The consultation includes the FCA's proposals in relation to the Binding Technical Standards it has been empowered by HM Treasury to amend prior to Brexit and to maintain afterward. These are the retained EU "Level 2" delegated and implementing regulations that set out regulatory technical standards and implementing technical standards. The consultation also sets out the FCA's proposed approach to non-legislative "Level 3" materials such as guidelines, recommendations and opinions that will also be onshored.
The FCA states in the consultation that the majority of the proposed changes are consequential in nature and follow the amendments to retained EU law that HM Treasury is proposing, as set out in the series of financial services-related statutory instruments being made under the European Union (Withdrawal) Act 2018.
UK Conduct Regulator Consults on Post-Brexit Temporary Permissions Regime for EEA Firms and Funds
The U.K. Financial Conduct Authority has published a consultation on its proposed approach to a Temporary Permissions Regime for EEA firms and investment funds that currently provide services in the U.K. - either via a branch or cross-border - pursuant to a single market passport. The proposed TPR is designed to minimize the potential harm caused by an abrupt loss of the passport in a "no-deal" scenario, in which the U.K. exits the EU without a ratified Withdrawal Agreement, which would mean that there would be no transitional period following Brexit and that the U.K. would be treated as a third-country after exit day. The TPR will enable EEA firms and investment funds to continue to provide services in the U.K. for a limited period following exit day.
The proposed TPR will take effect on March 29, 2019 in the event of no deal. Should the U.K. and EU negotiations lead to ratification of the Withdrawal Agreement, the TPR will not enter into force. Instead, during the transitional period, firms and investment funds would continue to have access to the same passporting arrangements as they do now.
UK Regulator Finds E-Money Firms Have Effective Anti-Money Laundering Controls
The Financial Conduct Authority has published a report on the outcome of its thematic review into money laundering and terrorist financing risks in the e-money sector. The report focuses on e-money products, including prepaid cards and digital wallets. The FCA assessed the anti-money laundering and counter-terrorist financing controls of 13 authorized Electronic Money Institutions and registered small Electronic Money Institutions. The review included consideration of business models that involve distributing e-money through agents and distributors.
The FCA's review did not cover activities that are not regulated by the FCA (for instance, gift cards that can be used only within a limited network or prepaid products denominated in a cryptocurrency) or money remittance services provided by the EMIs.
US Federal Reserve Board Seeks Comment on Facilitating Faster Payments
The U.S. Board of Governors of the Federal Reserve System published a notice and request for comment with respect to potential measures that could be taken to improve the efficiency and speed of payment services, specifically regarding the facilitation of real-time interbank settlement of “faster payments”—a term generally used to convey a future payment and settlement system that is fast, convenient and accessible. The notice highlights that while traditional payment methods, such as checks, ACH payments, and credit card transactions have created a payment systems infrastructure that is universal, safe and reliable, this does not necessarily translate into speed and efficiency. The notice suggests that the current system has resulted in a gap between the speed and efficiency of the payment systems infrastructure and user expectations. The notice provides background regarding Federal Reserve Board initiatives associated with faster payments, including its Strategies for Improving the U.S. Payment System initiative and Faster Payments Task Force, provides an overview of the faster payments construct, and introduces potential faster payment models, including deferred net settlement of interbank obligations and real-time gross settlement of interbank obligations. The notice also discusses potential actions that the Federal Reserve Board could undertake to support faster payments, including the development of “24x7x365” real-time interbank settlement and the creation of a liquidly management tool to help promote, support and drive participation in real-time interbank settlement.
View full text of the request for comments.
UK Conduct Regulator Consults on its Approach to Technical Standards and Guidelines Under the Revised Payment Services Directive
The U.K. Financial Conduct Authority has launched a consultation on its approach to implementing Regulatory Technical Standards and related Guidelines developed by the European Banking Authority to supplement provisions of the revised Payment Services Directive. The FCA's consultation focuses in particular on the RTS for strong customer authentication and common and secure open standards of communication. These RTS impose obligations on payment service providers to increase the security of customers' payments made by card and other means and also set out requirements on account servicing payment service providers (ASPSPs) relating to the third party providers of Account Information Services (AIS) and Payment Initiation Services (PIS) that were brought within the regulatory regime by PSD2.
The consultation includes proposals on new fraud reporting requirements reflecting PSD2 fraud reporting guidelines published by the EBA in July 2018. The FCA is also consulting on proposed changes to its Payment Services and E-Money Approach Document to reflect other legislative changes and clarify its expectations.
The EBA consulted between June and August 2018 on proposed Guidelines on aspects of the RTS. The FCA's proposed implementation approach is premised on the assumption that the final Guidelines will be largely as consulted on and the FCA will adjust its approach if necessary when the finalized Guidelines are published.
US Federal Reserve Board Issues Final Rule Amending the Liability Provisions of Regulation CC
The U.S. Board of Governors of the Federal Reserve System announced a final rule amending the liability provisions of Subpart C of Regulation CC to address instances where there is a dispute between banks as to whether a check has been altered or is a forgery, and the original check is not available for inspection. The final rule creates a rebuttable presumption of alteration (as that term is used in the UCC) with respect to disputes that arise between banks regarding substitute or electronic checks. The presumption is rebuttable either by proving by a preponderance of the evidence that the substitute or electronic check is forged (i.e., derives from an original check that was issued with an unauthorized signature of the drawer) or does not contain an alteration. The presumption of alteration does not apply if a copy of the original check is available for inspection by all parties or where one bank sent the original check to the other bank, even if the check was subsequently truncated and destroyed. The final rule will take effect on January 1, 2019.
View full text of the final rule.
UK Financial Conduct Regulator Proposes to Apply Principles and Conduct Rules to Payment Service Providers and Electronic Money Firms
The U.K. Financial Conduct Authority has launched a consultation on general standards and communication rules for the payment services and e-money sectors.
Payment Service Providers and e-money firms are authorized or registered under the Payment Services Regulations 2017 and Electronic Money Regulations 2011, respectively. The Payment Services Regulations 2017 brought certain of these firms within the scope of the FCA's rulemaking powers.
Final Draft EU Technical Standards on Home-Host Regulatory Cooperation Under the Revised Payment Services Directive
The European Banking Authority has published a final report and final draft Regulatory Technical Standards under the revised Payment Services Directive on cooperation between national regulators in home and host states of a payment institution that operates cross-border in the EU. PSD2 took effect on January 13, 2018. The final report summarizes the feedback the EBA received to the proposed draft RTS and sets out the EBA's responses. The EBA confirms that it has made a number of the changes to the text of the final draft RTS as a result of the feedback.
The final draft RTS specify the framework for cooperation between supervisors of payment institutions operating on a cross-border basis, including the method for cooperation and details of information that should be provided between regulators. The final draft RTS also specify the means, details and frequency of reporting that a host national regulator may request from payment institutions concerning activities carried out in its territory through agents or branches. The final draft RTS will further apply to the framework for cooperation, and for the exchange of information, between national regulators for electronic money institutions providing services cross-border in the EU.
The EBA has submitted the final draft RTS to the European Commission for endorsement. The final RTS will apply across the EU twenty days after publication in the Official Journal of the European Union.
View the final report and final draft RTS.
UK Payment Systems Regulator Reports on the UK Contactless Mobile Payment Sector
The U.K. Payment Systems Regulator has published a Report setting out its understanding of the Contactless Mobile Payments sector, following information-gathering during 2016 and 2017. CMPs are in-store payments made by consumers, using apps installed on their mobile devices, usually using Near Field Technology for communication between the mobile device and the retailer's point-of-sale terminal and with payment security enabled via a "tokenization" process.
The PSR conducted two calls for information in 2016 and 2017, to increase its understanding of:
- whether the way CMPs operate and the way they are being offered in the U.K. potentially affects competition, innovation and the interests of people and organizations that use payment systems (and, if so, how); and
- whether there were any restrictions affecting the provision of tokenization services.
The Report explains how CMPs work from a functional and technical perspective, outlines the main participants and their respective roles, summarizes the PSR's consideration of particular issues and proposes next steps.
UK Payment Systems Regulator Will Review Supply of Card-Acquiring Services
The U.K. Payment Systems Regulator has published for consultation its draft terms of reference for a planned market review into the supply of card-acquiring services in the U.K. Merchants that accept card payments from customers purchase card-acquiring services from specialist providers to enable card payments to be accepted and processed on their behalf. The market review is a response to concerns raised by stakeholders that the supply of these services may not be working well for some merchants and, ultimately, consumers.
The market review will examine: (i) the nature and characteristics of card-acquiring services; (ii) the providers of these services and how their market shares have developed historically; (iii) how merchants buy card-acquiring services; (iv) the availability of credible alternatives to card-acquiring services for some or all merchants; and (v) how competition is working in the sector, including looking at issues around the fees merchants pay and the quality of service they receive.
The PSR is inviting feedback on its draft terms of reference until September 14, 2018. The PSR intends to publish finalized terms of reference, including a timetable for the review, before the end of 2018.
View the draft terms of reference for the review (MR 18/1.1).
Bank of England Confirms its Renewed Real-Time Gross Settlement System Can Interface With DLT
The Bank of England has published the outcomes from a "Proof of Concept" it ran to understand how its renewed Real-Time Gross Settlement service could be capable of supporting settlement in systems operating on innovative payment technologies, such as those built on Distributed Ledger Technology. The BoE has operated the RTGS service since 1996 to provide a safe and reliable means of settling high-value cash payments in real time in sterling central bank money. The BoE published a blueprint for renewal of the RTGS in May 2017, setting out how it proposed to overhaul the system to ensure higher resilience, broader access, wider interoperability, improved user functionality and strengthened end-to-end risk management of the high-value payment system.
EU Final Guidelines on Fraud Reporting Under the Payment Services Directive
The European Banking Authority has published final Guidelines on fraud reporting under the revised Payment Services Directive. PSD2 aims to increase the security of electronic payments and decrease the risk of fraud. The Directive, which has applied since January 13, 2018, requires Payment Service Providers to provide, at least on an annual basis, data on fraud relating to different means of payment to their national regulator. The regulators must in turn provide such data in aggregated form to the EBA and the European Central Bank. Existing data reporting practices vary across the EU. The EBA has worked with the ECB to develop these Guidelines to ensure that data is reported consistently and that the data is comparable and reliable.
The final Guidelines are addressed to PSPs, except account information service providers, and to their national regulators. The Guidelines cover payment transactions that have been initiated and executed, including the acquiring of payment transactions for card payments, identified by reference to: (a) fraudulent payment transactions data over a defined period of time; and (b) payment transactions over the same defined period. The Guidelines also set out how national regulators should aggregate the data.
UK Financial Conduct Authority Updates Guidance on its Approach to Payment Services and Electronic Money
The U.K. Financial Conduct Authority has updated its Approach Document on payment services and electronic money, to reflect final guidelines issued in December 2017 by the European Banking Authority on security measures for mitigating operational and security risks under the revised Payment Services Directive. The changes will affect all payment service providers. The FCA has also updated its webpage on reporting requirements for payment services providers and e-money issuers to reflect these changes. The webpage includes a link to the revised version of the FCA's REP018 (operational and security risk) reporting form.
The FCA will expect payment services providers to comply with the EBA guidelines, which cover issues such as operational and security risk management framework governance, the use of models, outsourcing and how functions, processes and assets should be identified, classified and risk-assessed. The EBA guidelines also cover security of data integrity, systems and confidentiality as well as physical security and asset control and communication of the security measures to payment service users. PSPs will be expected to report at least annually to the FCA on their operational and security risk management frameworks.
US Federal Reserve Board Seeks Comment on Changes to Fedwire Funds Service Message Format
The U.S. Board of Governors of the Federal Reserve System published a notice of proposed service enhancement and request for comment with respect to adopting the International Organization for Standardization (ISO) 20022 message format for the Fedwire Funds Service. The new format would replace the service’s current proprietary message format. The proposal notes that the decision to implement the ISO 20022 message format standard is the result of a multi-year process, where the Federal Reserve Board and U.S. Federal Reserve Banks sought input from a number of stakeholders and industry participants, including The Clearing House Payments Company, which owns and operates the other main large-value payment system in the United States. The Federal Reserve Banks have also performed extensive public outreach on this topic, including the formation of advisory groups, the distribution of customer surveys, and the preparation of educational materials regarding the ISO 20022 standard. The proposal suggests that switching to the ISO 20022 standard may result in a number of benefits, including a richer and more structured message format, improved domestic and cross-border interoperability and the ability for financial institutions to provide additional services to customers. The proposal notes that the implementation of the ISO 20022 standard will consist of three phases, with a target final implementation date of November 2023. Comments to the proposal are due by September 4, 2018.
View full text of the FRB proposal.
UK Payments Regulators Announce Full Consolidation of UK Retail Payment Systems
The Payment Systems Regulator and the New Payment System Operator have issued press releases confirming that the consolidation of U.K. retail payment systems is now complete. Consolidation of the three U.K. payment systems was one of the recommendations made in the Payments Strategy Forum's November 2016 report, which set out a wide-ranging strategy for reforming the U.K. retail payments industry.
The NPSO assumed responsibility for Bacs Payment Schemes Limited and Faster Payments Scheme Ltd on May 1, 2018. The NPSO's press release confirms that, as of July 1, 2018, the Cheque and Credit Clearing Company Limited has become a subsidiary of the NPSO and the NPSO has assumed responsibility for oversight of running and managing the cheque paper and cheque image clearing systems. All payments will continue to be processed through the cheque clearing systems. The NPSO has also acquired UK Payments Administration Ltd, which is the service company responsible for providing people, facilities and business services to the U.K. payments industry.
UK Regulator Provides Update on its Retail Banking Business Model Review
The U.K. Financial Conduct Authority has published a Progress Report on its Strategic Review of Retail Banking Business Models. The FCA launched the Review in April 2017 and published a purpose and scope document in October 2017. The FCA is conducting the Review to gain a picture of how profits are generated by the sector, of the relative competitive advantages and disadvantages of different business models and of barriers to entry and expansion. The Review covers retail banking services to personal and small business customers. It focuses on the products and services that are used on a regular basis by large numbers of consumers and small businesses. This includes current accounts, savings products, mortgages, personal loans, credit cards, and business finance.
The FCA explains that its early analysis indicates that a key component of the competitive advantage enjoyed by retail banks to date has been the combination of personal current accounts and large branch networks. This combination has brought a number of benefits including a funding cost advantage (from personal current accounts paying zero interest or lower interest than other providers), significant additional income from fees and charges on personal current accounts (including overdrafts), the opportunity to cross-sell lending products to personal current account holders and the ability to cross-sell business accounts and associated business savings balances.
UK Conduct Regulator Issues Statement on PSD2 Strong Customer Authentication and Common and Secure Communication Provisions
Following the publication by the European Banking Authority of an Opinion and draft Guidelines on Regulatory Technical Standards under the revised Payment Services Directive for strong customer authentication and common and secure communication, the U.K. Financial Conduct Authority has published a statement on its website. The RTS under PSD2 set out how third-party providers of account information and payment initiation services (TPPs) and account servicing payment service providers (ASPSPs) should interact and communicate securely to enable TPPs to provide their services to customers with the customer's consent. The Opinion relates to the implementation of the RTS and the draft Guidelines relate to the availability of an exemption for ASPSPs from a requirement to build a contingency access mechanism.
The FCA welcomes the EBA's Opinion and draft Guidelines and confirms that, assuming the Guidelines remain as drafted, it expects to comply with them. The FCA will be consulting in Summer 2018 on proposed changes to its rules and guidance to reflect the RTS, the Opinion and the draft Guidelines. The consultation will outline the proposed process and level of information that the FCA will require from firms to make an exemption assessment. The FCA raises a number of issues that ASPSPs and TPPs should be considering, along with some key points from the Opinion and draft Guidelines of which they should take note in advance of the consultation.
Bank of England Finalizes Fee-Levying Regime for Financial Market Infrastructures
The Bank of England has published a Policy Statement outlining the fees it intends to levy on Financial Market Infrastructures, namely CCPs, central securities depositaries, recognised payment systems and specified service providers to recognised payment systems.
The BoE is empowered under the Banking Act 2009 to levy fees on FMIs but has not so far exercised its power to do so. The BoE has instead funded its supervision of FMIs through the Cash Ratio Deposit scheme. The Policy Statement follows a recommendation in February 2017 from the BoE's independent evaluation office that the BoE review its approach to funding FMI supervision and consider whether levying fees on supervised FMIs would be appropriate. The BoE consulted in August 2017 on proposals to introduce a new funding structure for FMI supervision. A further joint consultation was launched by the BoE and HM Treasury in March 2018 on the detail of the proposed fee-levying regime and the proposed fees for the 2018/19 fee year. The rationale for introducing an FMI fee-levying regime is to allocate the costs of FMI supervision to those entities that directly benefit from the BoE's supervision.
European Banking Authority Clarifies Strong Customer Authentication Requirements for Account Servicing Payment Service Providers
The European Banking Authority has published an Opinion on the implementation of the Regulatory Technical Standards on strong customer authentication and common and secure communication. It has also published a consultation paper on draft Guidelines on the conditions that an account servicing payment service provider (ASPSP) must meet if it wants to provide access via a dedicated interface and be exempt from the obligation to have a fall-back option in place.
PSD2 requires that SCA is used for accessing a payment account online, initiating a payment transaction and carrying out a transaction through a remote channel. The RTS on SCA and CSC will apply directly across the EU partly from March 14, 2019 and predominantly from September 14, 2019.
UK Payment Systems Regulator Publishes Discussion Paper on Use of Data in the Payments Industry
The U.K. Payment Systems Regulator has published a discussion paper seeking feedback on the use of data in the payments industry. The PSR is the regulator for designated payment systems in the U.K. These are currently BACS, CHAPS, Cheque & Credit, the Faster Payments Scheme, LINK, Northern Ireland Cheque Clearing, Mastercard and Visa Europe.
As the U.K. payments sector undergoes rapid evolution and the collection, analysis and use of payments data plays an increasingly important part in the payments industry, the PSR wants to gain an understanding of the role it might play in ensuring that new uses of data work well for businesses and individuals using payment systems. "Payments data" in this context includes a mix of financial, transactional, behavioural and other types of data, which payment service providers collect in the course of providing payment services to end-users.
Bank of England Consults on Phased Move to Global Messaging Standards for UK Payment Systems
The Bank of England has published a consultation on adopting ISO 20022, the global messaging standard for payments which was first introduced in 2004 by the International Organization of Securities Commissions. Ten jurisdictions have already implemented the standard and another nine are intending to implement it by 2023, including the U.S., Canada, Singapore and the Eurozone. The consultation has been prepared in conjunction with the U.K. New Payment System Operator and the U.K. Payment Services Regulator.
It is intended that ISO 20022 will be adopted across the U.K.'s three main interbank payment systems, namely CHAPS, BACS and Faster Payments. The BoE took over responsibility for the operation of the CHAPS system in November 2017 and the NPSO is responsible for the operation of BACS and Faster Payments. The fact that the three payment systems currently all have different information requirements, methodologies, formats, standards and rulebooks means that it can be difficult and expensive to move customers' payments between the systems and costly for new entrants wishing to participate in payment systems. Moving to ISO 20022 will address these and related issues.
Final Global Strategy to Address Wholesale Payments Fraud
Following a consultation late last year, the Committee on Payments and Market Infrastructure has published the final strategy for reducing the risk of wholesale payments fraud related to endpoint security. The strategy is directed to all relevant public and private sector stakeholders in reducing the risk of wholesale payments fraud, including the operators of wholesale payments systems and messaging networks, their participants and relevant regulators and authorities responsible for supervising these operators and participants.
The strategy comprises seven elements that are intended to work holistically for preventing, detecting, responding to and communicating about wholesale payments fraud. The elements are:
1. Identifying and understanding the range of risks;
2. Establishing endpoint security requirements;
3. Promoting adherence;
4. Providing and using information and tools to improve prevention and detection;
5. Responding in a timely way to potential fraud;
6. Supporting ongoing education, awareness and information-sharing; and
7. Learning, evolving and coordinating.
The CPMI and each of its member central banks have committed to promoting the effective operationalization of the strategy within and across jurisdictions and systems. They will be monitoring progress in 2018 and 2019 with a view to assessing whether further action is needed.
View the strategy.
New Payment Systems Operator for UK Retail Payment Systems
The Bank of England and the Payment Systems Regulator have announced that the New Payment System Operator is now responsible for the operation of BACS and Faster Payments, two U.K. retail payment systems. The NPSO is expected to assume responsibility for the Cheque and Credit Clearing Company over the next few months. The consolidation of the three payment systems was one of the recommendations made in the Payments Strategy Forum's November 2016 report, which sets out a wide-ranging strategy for reforming the U.K. retail payments industry. The NPSO will also be responsible for delivering the New Payments Architecture, which is an industry-led initiative to increase competition, resilience and innovation across the payments and banking industry.
View the BoE and PSR announcement.
View the NPSO press release.
Corrigendum to the Revised Payment Services Directive Published
A two-page corrigendum to the revised Payment Services Directive has been published in the Official Journal of the European Union. The corrigendum makes 11 corrections to the text of the PSD2 across one recital and eight of the directive's articles.
In addition to minor textual corrections, the corrigendum makes important clarifications to provisions on: (i) the liability of a payment service provider for initiation or execution of payment transactions; (ii) liability in respect of payment initiation services among those provisions of PSD2 that can be disapplied, or applied only in part, by agreement between a payment service provider and a non-consumer payment service user; (iii) the limited circumstances in which a payment services provider is permitted to charge for fulfilling information obligations or performing corrective or preventive measures; and (iv) the circumstances in which compensation can be obtained by a payment service provider from another payment service provider or intermediary for losses incurred for non-execution or defective execution of a payment order.
View the corrigendum.
U.S. Board of Governors of the Federal Reserve System Commission Study Regarding Payments Fraud and Security Vulnerabilities
The U.S. Board of Governors of the Federal Reserve System announced that it is undertaking a study that will begin this month with respect to fraud in the U.S. payments system. The study will identify causes and contributing factors to fraud in the U.S. payments system, such as payment security vulnerabilities, and will measure the costs associated with such fraud. The study was commissioned as part of the Federal Reserve Board’s Next Steps in the Payment Improvement Journey paper that was released last year. A global management consulting firm will conduct the study, which is expected to last up to six months. The study is intended to provide data to assist the Federal Reserve with its collaboration with the payments system industry with respect to the security of the payments system.
View the full text of the Federal Reserve Board announcement.
European Commission Proposes Extending Fee Cap to Non-Eurozone Member States
The European Commission has published a proposed Regulation to amend the Regulation on cross-border payments in the EU. The Regulation on cross-border payments provides, among other things, that charges for cross-border euro payments within the Eurozone must be the same as charges for domestic euro payments. Member States outside of the Eurozone were given the option to extend the application of the Regulation to their domestic currency. Only Sweden opted to do so.
The proposed amending Regulation extends the scope of the fee cap provisions to EU Member States outside of the Eurozone for euro-denominated payments. A payment service providers' charges for cross-border euro payments will be required to be the same as that charged by the PSP for a domestic payment of the same value in the official currency of the customer's Member State. Cross-border transactions in currencies other than the euro are outside of the scope of the fee cap proposals. The proposals aim to put an end to the high cost of intra-EU cross-border transactions in euro.
European Banking Authority Proposes Extending the Scope of the Complaints-Handling Guidelines
The European Banking Authority has published proposals to extend the Joint Committee Guidelines on complaints-handling for the securities and banking sectors to the new institutions established under the revised Payment Service Directive and the Mortgage Credit Directive. The Joint Committee's Guidelines on complaints-handing for the securities and banking sectors, published in June 2014, apply to national regulators responsible for supervising complaints-handling by credit institutions, investment firms, certain fund managers, payment institutions and electronic money institutions where complaints are made by natural or legal persons about the regulated activities carried out by these entities.
The MCD, which has applied since March 2016, covers non-bank creditors. Similarly, PSD2, in application since January 2018, introduced two new providers of payment services - payment initiation service providers and account information service providers. Complaints-handling by these entities do not currently fall within the scope of the Guidelines.
The EBA is proposing to extend the scope of the existing Guidelines to these entities to ensure that consumers receive the same level of protection when they interact with these new entities as when they interact with in-scope regulated entities. The extended Guidelines would only apply to security-related complaints for account information services provided by account information service providers under PSD2. The EBA proposes that national regulators should apply the extended Guidelines on a proportionate basis, taking into account the nature, scale and complexity of the business of each entity as well as the nature and range of services they offer.
The consultation closes on May 27, 2018.
View the consultation paper.
View the existing Guidelines.
UK Payment Systems Regulator Consults on Reviewing its Directions on Access, Governance and Participants’ Relationships with the PSR
The U.K. Payment Systems Regulator has published a consultation on a review of the six formal General Directions (Directions GD 1-6) and one Specific Direction (SD1) it adopted in 2015 under the Financial Services (Banking Reform) Act 2013. These Directions were all intended to improve access to and the governance of payment systems in the U.K. GD1 sets out the PSR’s expectations of regulated participants in payment systems to have an open and co-operative relationship with it. GD2, GD3 and SD1 set out requirements on operators relating to access to interbank and card payment systems and GD4-6 set out requirements for the governance of interbank payment systems.
Since the Directions were adopted in 2015, the PSR has gained experience of applying the Directions in practice and there have been a number of market and legislative changes, including the introduction of the Payment Services Regulations 2017. The PSR considers that the Directions should now be reviewed to reflect these market and legislative developments and to ensure that they remain relevant, proportionate and correctly targeted. The consultation paper sets out each of the Directives along with the PSR’s proposals to revoke, revise or retain the Direction in its current form.
The PSR invites comments on the proposals by June 8, 2018.
View the consultation paper.
HM Treasury Consults on Cash and Digital Payments in the New Economy
HM Treasury has published a call for evidence which aims to inform the government's understanding of cash and digital payments in the new economy. Statistics show that the advance of digital technology has impacted how people manage their finances, with a large increase in the use of digital payments and a decrease in the use of cash. The UK Government is seeking input on how it can support the transition from cash to digital payments. The Government would like to ensure that cash remains available and secure to those who need to use it. In addition, the Government is concerned with how it can do more to prevent cash being used illegitimately, mostly to evade tax and to launder money.
Responses to the consultation should be provided by June 5, 2018.
View the call for evidence.
EU Legislation on Strong Customer Authentication Published
A Commission Delegated Regulation has been published in the Official Journal of the European Union. The Delegated Regulation supplements the revised Payment Services Directive with Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication.
PSD2 requires that strong customer authentication is used for accessing a payment account online, initiating a payment transaction and carrying out a transaction through a remote channel. “Strong customer authentication” means an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.
European Central Bank Confirms Collective Agreement Between TARGET2 Participants
The European Central Bank has confirmed that a collective agreement signed between the central banks operating TARGET2 component systems and the central securities depositories operating on the TARGET2-Securities platform can enter into force. The provisions of the Collective Agreement will take effect on March 20, 2018. The Collective Agreement provides a definition of a “common moment of entry” for payments and securities transfer orders that are matched in the systems of the signatories to the agreement. This common moment of entry will either be the moment at which a transfer order has been declared compliant with the technical rules of T2S by either the T2S platform or, if the CSD is operating a separate matching component, by the CSD. Defining the common moment of entry makes it possible to establish the point at which securities transactions become irrevocable and accordingly will provide certainty regarding the treatment of outstanding transactions if a participant becomes insolvent.
US Federal Reserve Board Announces Upcoming Conclusion of Secure Payments Task Force
The U.S. Board of Governors of the Federal Reserve System announced that the Secure Payments Task Force will conclude its efforts this month with a final publication detailing the lifecycles and security profiles of today's primary payment methods. Established in 2015, the Secure Payments Task Force, which has engaged more than 200 financial institutions, payment service providers, and other stakeholders, has made a number of contributions to improve the security and resiliency of payment systems, including identifying key security priorities, developing resources and documentation to educate stakeholders and providing feedback to the Federal Reserve Board. The members of the Secure Payments Task Force will transition into the FedPayments Improvement Community, a network established to provide stakeholders with opportunities to engage in the Federal Reserve Board with respect to its payment improvement initiatives.
View full text of the Federal Reserve Announcement.
UK Payment Systems Regulator To Proceed With Plans To Reimburse Payment Scam Victims
The U.K. Payment Systems Regulator has published the outcome of the consultation it launched in November 2017 on a contingent reimbursement model for the victims of so-called “authorized push payment” scams. That consultation, which closed on January 12, 2018, outlined high level principles for the CRM and requested input from stakeholders on how the model should be further developed, implemented and administered.
Taking into account responses to the consultation, the PSR proposes to proceed with the CRM model and will establish a dedicated steering group to develop it, in the form of an industry code for reimbursement of APP scam victims. The steering group will be comprised of representatives from key stakeholder groups, particularly consumer representatives and PSPs, with oversight and support from the PSR. Other relevant regulatory and governmental bodies will also be involved as observers.
European Commission Hints at Future Changes to the Second Electronic Money Directive
The European Commission has published a report to the European Parliament and the Council of the European Union on the implementation and impact of the second Electronic Money Directive, known as 2EMD. 2EMD establishes a legal framework for the issuance and redemption of e-money and covers the rights and obligations linked to the redemption of funds by consumers, the licensing of e-money institutions and the prudential requirements applicable to e-money institutions, which updates the regime under the first Electronic Money Directive to align it with requirements on payment institutions under the revised Payment Services Directive. It applies to e-money service providers in the EEA. The regime has been sparsely used in practice, with few firms operating under its auspices.
2EMD requires the Commission to assess its implementation and impact and to propose legislative changes, if appropriate. The report was due on November 1, 2012, however, the Commission delayed its publication because a majority of member states had failed to transpose 2EMD into their national laws by the transposition date of April 2011. The Commission also wanted to take into account the impact of PSD2, which includes numerous cross-references to 2EMD.
UK Financial Conduct Authority Will Follow European Banking Authority Guidelines Under the Revised Payment Services Directive
The UK Financial Conduct Authority has issued a statement confirming that it will comply with the Guidelines published by the European Banking Authority on December 12, 2017 on security measures for operational and security risks of payments services under the revised Payment Services Directive.
PSD2 takes effect on January 13, 2018. All Payment Services Providers will be expected to comply with the EBA Guidelines. The FCA reminds businesses wishing to apply for authorization or registration under PSD2, and any PSPs that are re-applying, that applications must contain a statement of the applicant’s security policy, taking into account the Guidelines. The statement of the applicant's security policy must also contain a description of the applicant's measures to comply with the provisions of the Payment Services Regulations 2017 that relate to the management of operational and security risks.
European Banking Authority Publishes Opinion on Transition to the Revised Payment Services Directive
The European Banking Authority has published an Opinion on the transition from the current Payment Services Directive to the revised Payment Services Directive, which takes effect from January 13, 2018.
Not all the provisions of PSD2 or technical standards and guidelines the EBA has been mandated to prepare under PSD2 will be applicable on January 13, 2018. This delay has led to a number of transitional issues that both market participants and national regulators have approached the EBA about. The Opinion provides clarification on the issues that have been raised and considers the implications for Payment Service Providers and national regulators of the delayed finalization and/or adoption of some of the technical standards and guidelines the EBA has been preparing under PSD2.
UK Government Makes Orders De-recognising CHAPS and Amending Designation of Cheque & Credit
HM Treasury has made two Orders which take effect from December 20, 2017.
The first Order amends the designation Order in force since April 2015 designating Cheque & Credit as a regulated payment system. The changes relate to the specification of the arrangements constituting Cheque & Credit, allowing for development in the Cheque & Credit Rules relating to the processing of the images of cheques and other paper instruments. The Order also makes references to participants as well as members of Cheque & Credit.
The second Order revokes the recognition order of January 5, 2010 specifying CHAPS as a recognized payment system under the Banking Act 2009.
View the Order amending the designation of Cheque & Credit.
View the Order for de-recognition of CHAPS.
European Banking Authority Publishes Technical Standards on Contents and Access to a Central Register for Payment Services Information
The European Banking Authority has published a final report setting out final draft Regulatory Technical Standards and Implementing Technical Standards under the revised Payment Services Directive.
PSD2 requires that the EBA develop, operate and maintain an electronic central register that contains information as notified by national regulators. The EBA consulted earlier in the year on its proposals for the central register and that consultation closed in September 2017.
European Banking Authority Issues Guidelines for Assessing and Managing Security and Operational Risks in Payment Services
The European Banking Authority has published finalized guidelines to assist payment services providers to conduct appropriate risk assessment and risk management of operational and security risks. The finalized guidelines contain some changes from the draft guidelines on which the EBA launched a consultation in May 2017.