The following posts provide a snapshot of the principal U.S., European and global financial regulatory developments of interest to banks, investment firms, broker-dealers, market infrastructures, asset managers and corporates.
UK Financial Conduct Regulator Proposes to Apply Principles and Conduct Rules to Payment Service Providers and Electronic Money Firms
The U.K. Financial Conduct Authority has launched a consultation on general standards and communication rules for the payment services and e-money sectors.
Payment Service Providers and e-money firms are authorized or registered under the Payment Services Regulations 2017 and Electronic Money Regulations 2011, respectively. The Payment Services Regulations 2017 brought certain of these firms within the scope of the FCA's rulemaking powers.
Final Draft EU Technical Standards on Home-Host Regulatory Cooperation Under the Revised Payment Services Directive
The European Banking Authority has published a final report and final draft Regulatory Technical Standards under the revised Payment Services Directive on cooperation between national regulators in home and host states of a payment institution that operates cross-border in the EU. PSD2 took effect on January 13, 2018. The final report summarizes the feedback the EBA received to the proposed draft RTS and sets out the EBA's responses. The EBA confirms that it has made a number of the changes to the text of the final draft RTS as a result of the feedback.
The final draft RTS specify the framework for cooperation between supervisors of payment institutions operating on a cross-border basis, including the method for cooperation and details of information that should be provided between regulators. The final draft RTS also specify the means, details and frequency of reporting that a host national regulator may request from payment institutions concerning activities carried out in its territory through agents or branches. The final draft RTS will further apply to the framework for cooperation, and for the exchange of information, between national regulators for electronic money institutions providing services cross-border in the EU.
The EBA has submitted the final draft RTS to the European Commission for endorsement. The final RTS will apply across the EU twenty days after publication in the Official Journal of the European Union.
View the final report and final draft RTS.
UK Payment Systems Regulator Reports on the UK Contactless Mobile Payment Sector
The U.K. Payment Systems Regulator has published a Report setting out its understanding of the Contactless Mobile Payments sector, following information-gathering during 2016 and 2017. CMPs are in-store payments made by consumers, using apps installed on their mobile devices, usually using Near Field Technology for communication between the mobile device and the retailer's point-of-sale terminal and with payment security enabled via a "tokenization" process.
The PSR conducted two calls for information in 2016 and 2017, to increase its understanding of:
- whether the way CMPs operate and the way they are being offered in the U.K. potentially affects competition, innovation and the interests of people and organizations that use payment systems (and, if so, how); and
- whether there were any restrictions affecting the provision of tokenization services.
The Report explains how CMPs work from a functional and technical perspective, outlines the main participants and their respective roles, summarizes the PSR's consideration of particular issues and proposes next steps.
UK Payment Systems Regulator Will Review Supply of Card-Acquiring Services
The U.K. Payment Systems Regulator has published for consultation its draft terms of reference for a planned market review into the supply of card-acquiring services in the U.K. Merchants that accept card payments from customers purchase card-acquiring services from specialist providers to enable card payments to be accepted and processed on their behalf. The market review is a response to concerns raised by stakeholders that the supply of these services may not be working well for some merchants and, ultimately, consumers.
The market review will examine: (i) the nature and characteristics of card-acquiring services; (ii) the providers of these services and how their market shares have developed historically; (iii) how merchants buy card-acquiring services; (iv) the availability of credible alternatives to card-acquiring services for some or all merchants; and (v) how competition is working in the sector, including looking at issues around the fees merchants pay and the quality of service they receive.
The PSR is inviting feedback on its draft terms of reference until September 14, 2018. The PSR intends to publish finalized terms of reference, including a timetable for the review, before the end of 2018.
View the draft terms of reference for the review (MR 18/1.1).
Bank of England Confirms its Renewed Real-Time Gross Settlement System Can Interface With DLT
The Bank of England has published the outcomes from a "Proof of Concept" it ran to understand how its renewed Real-Time Gross Settlement service could be capable of supporting settlement in systems operating on innovative payment technologies, such as those built on Distributed Ledger Technology. The BoE has operated the RTGS service since 1996 to provide a safe and reliable means of settling high-value cash payments in real time in sterling central bank money. The BoE published a blueprint for renewal of the RTGS in May 2017, setting out how it proposed to overhaul the system to ensure higher resilience, broader access, wider interoperability, improved user functionality and strengthened end-to-end risk management of the high-value payment system.
EU Final Guidelines on Fraud Reporting Under the Payment Services Directive
The European Banking Authority has published final Guidelines on fraud reporting under the revised Payment Services Directive. PSD2 aims to increase the security of electronic payments and decrease the risk of fraud. The Directive, which has applied since January 13, 2018, requires Payment Service Providers to provide, at least on an annual basis, data on fraud relating to different means of payment to their national regulator. The regulators must in turn provide such data in aggregated form to the EBA and the European Central Bank. Existing data reporting practices vary across the EU. The EBA has worked with the ECB to develop these Guidelines to ensure that data is reported consistently and that the data is comparable and reliable.
The final Guidelines are addressed to PSPs, except account information service providers, and to their national regulators. The Guidelines cover payment transactions that have been initiated and executed, including the acquiring of payment transactions for card payments, identified by reference to: (a) fraudulent payment transactions data over a defined period of time; and (b) payment transactions over the same defined period. The Guidelines also set out how national regulators should aggregate the data.
UK Financial Conduct Authority Updates Guidance on its Approach to Payment Services and Electronic Money
The U.K. Financial Conduct Authority has updated its Approach Document on payment services and electronic money, to reflect final guidelines issued in December 2017 by the European Banking Authority on security measures for mitigating operational and security risks under the revised Payment Services Directive. The changes will affect all payment service providers. The FCA has also updated its webpage on reporting requirements for payment services providers and e-money issuers to reflect these changes. The webpage includes a link to the revised version of the FCA's REP018 (operational and security risk) reporting form.
The FCA will expect payment services providers to comply with the EBA guidelines, which cover issues such as operational and security risk management framework governance, the use of models, outsourcing and how functions, processes and assets should be identified, classified and risk-assessed. The EBA guidelines also cover security of data integrity, systems and confidentiality as well as physical security and asset control and communication of the security measures to payment service users. PSPs will be expected to report at least annually to the FCA on their operational and security risk management frameworks.
US Federal Reserve Board Seeks Comment on Changes to Fedwire Funds Service Message Format
The U.S. Board of Governors of the Federal Reserve System published a notice of proposed service enhancement and request for comment with respect to adopting the International Organization for Standardization (ISO) 20022 message format for the Fedwire Funds Service. The new format would replace the service’s current proprietary message format. The proposal notes that the decision to implement the ISO 20022 message format standard is the result of a multi-year process, where the Federal Reserve Board and U.S. Federal Reserve Banks sought input from a number of stakeholders and industry participants, including The Clearing House Payments Company, which owns and operates the other main large-value payment system in the United States. The Federal Reserve Banks have also performed extensive public outreach on this topic, including the formation of advisory groups, the distribution of customer surveys, and the preparation of educational materials regarding the ISO 20022 standard. The proposal suggests that switching to the ISO 20022 standard may result in a number of benefits, including a richer and more structured message format, improved domestic and cross-border interoperability and the ability for financial institutions to provide additional services to customers. The proposal notes that the implementation of the ISO 20022 standard will consist of three phases, with a target final implementation date of November 2023. Comments to the proposal are due by September 4, 2018.
View full text of the FRB proposal.
UK Payments Regulators Announce Full Consolidation of UK Retail Payment Systems
The Payment Systems Regulator and the New Payment System Operator have issued press releases confirming that the consolidation of U.K. retail payment systems is now complete. Consolidation of the three U.K. payment systems was one of the recommendations made in the Payments Strategy Forum's November 2016 report, which set out a wide-ranging strategy for reforming the U.K. retail payments industry.
The NPSO assumed responsibility for Bacs Payment Schemes Limited and Faster Payments Scheme Ltd on May 1, 2018. The NPSO's press release confirms that, as of July 1, 2018, the Cheque and Credit Clearing Company Limited has become a subsidiary of the NPSO and the NPSO has assumed responsibility for oversight of running and managing the cheque paper and cheque image clearing systems. All payments will continue to be processed through the cheque clearing systems. The NPSO has also acquired UK Payments Administration Ltd, which is the service company responsible for providing people, facilities and business services to the U.K. payments industry.
UK Regulator Provides Update on its Retail Banking Business Model Review
The U.K. Financial Conduct Authority has published a Progress Report on its Strategic Review of Retail Banking Business Models. The FCA launched the Review in April 2017 and published a purpose and scope document in October 2017. The FCA is conducting the Review to gain a picture of how profits are generated by the sector, of the relative competitive advantages and disadvantages of different business models and of barriers to entry and expansion. The Review covers retail banking services to personal and small business customers. It focuses on the products and services that are used on a regular basis by large numbers of consumers and small businesses. This includes current accounts, savings products, mortgages, personal loans, credit cards, and business finance.
The FCA explains that its early analysis indicates that a key component of the competitive advantage enjoyed by retail banks to date has been the combination of personal current accounts and large branch networks. This combination has brought a number of benefits including a funding cost advantage (from personal current accounts paying zero interest or lower interest than other providers), significant additional income from fees and charges on personal current accounts (including overdrafts), the opportunity to cross-sell lending products to personal current account holders and the ability to cross-sell business accounts and associated business savings balances.
UK Conduct Regulator Issues Statement on PSD2 Strong Customer Authentication and Common and Secure Communication Provisions
Following the publication by the European Banking Authority of an Opinion and draft Guidelines on Regulatory Technical Standards under the revised Payment Services Directive for strong customer authentication and common and secure communication, the U.K. Financial Conduct Authority has published a statement on its website. The RTS under PSD2 set out how third-party providers of account information and payment initiation services (TPPs) and account servicing payment service providers (ASPSPs) should interact and communicate securely to enable TPPs to provide their services to customers with the customer's consent. The Opinion relates to the implementation of the RTS and the draft Guidelines relate to the availability of an exemption for ASPSPs from a requirement to build a contingency access mechanism.
The FCA welcomes the EBA's Opinion and draft Guidelines and confirms that, assuming the Guidelines remain as drafted, it expects to comply with them. The FCA will be consulting in Summer 2018 on proposed changes to its rules and guidance to reflect the RTS, the Opinion and the draft Guidelines. The consultation will outline the proposed process and level of information that the FCA will require from firms to make an exemption assessment. The FCA raises a number of issues that ASPSPs and TPPs should be considering, along with some key points from the Opinion and draft Guidelines of which they should take note in advance of the consultation.
Bank of England Finalizes Fee-Levying Regime for Financial Market Infrastructures
The Bank of England has published a Policy Statement outlining the fees it intends to levy on Financial Market Infrastructures, namely CCPs, central securities depositaries, recognised payment systems and specified service providers to recognised payment systems.
The BoE is empowered under the Banking Act 2009 to levy fees on FMIs but has not so far exercised its power to do so. The BoE has instead funded its supervision of FMIs through the Cash Ratio Deposit scheme. The Policy Statement follows a recommendation in February 2017 from the BoE's independent evaluation office that the BoE review its approach to funding FMI supervision and consider whether levying fees on supervised FMIs would be appropriate. The BoE consulted in August 2017 on proposals to introduce a new funding structure for FMI supervision. A further joint consultation was launched by the BoE and HM Treasury in March 2018 on the detail of the proposed fee-levying regime and the proposed fees for the 2018/19 fee year. The rationale for introducing an FMI fee-levying regime is to allocate the costs of FMI supervision to those entities that directly benefit from the BoE's supervision.
European Banking Authority Clarifies Strong Customer Authentication Requirements for Account Servicing Payment Service Providers
The European Banking Authority has published an Opinion on the implementation of the Regulatory Technical Standards on strong customer authentication and common and secure communication. It has also published a consultation paper on draft Guidelines on the conditions that an account servicing payment service provider (ASPSP) must meet if it wants to provide access via a dedicated interface and be exempt from the obligation to have a fall-back option in place.
PSD2 requires that SCA is used for accessing a payment account online, initiating a payment transaction and carrying out a transaction through a remote channel. The RTS on SCA and CSC will apply directly across the EU partly from March 14, 2019 and predominantly from September 14, 2019.
UK Payment Systems Regulator Publishes Discussion Paper on Use of Data in the Payments Industry
The U.K. Payment Systems Regulator has published a discussion paper seeking feedback on the use of data in the payments industry. The PSR is the regulator for designated payment systems in the U.K. These are currently BACS, CHAPS, Cheque & Credit, the Faster Payments Scheme, LINK, Northern Ireland Cheque Clearing, Mastercard and Visa Europe.
As the U.K. payments sector undergoes rapid evolution and the collection, analysis and use of payments data plays an increasingly important part in the payments industry, the PSR wants to gain an understanding of the role it might play in ensuring that new uses of data work well for businesses and individuals using payment systems. "Payments data" in this context includes a mix of financial, transactional, behavioural and other types of data, which payment service providers collect in the course of providing payment services to end-users.
Bank of England Consults on Phased Move to Global Messaging Standards for UK Payment Systems
The Bank of England has published a consultation on adopting ISO 20022, the global messaging standard for payments which was first introduced in 2004 by the International Organization of Securities Commissions. Ten jurisdictions have already implemented the standard and another nine are intending to implement it by 2023, including the U.S., Canada, Singapore and the Eurozone. The consultation has been prepared in conjunction with the U.K. New Payment System Operator and the U.K. Payment Services Regulator.
It is intended that ISO 20022 will be adopted across the U.K.'s three main interbank payment systems, namely CHAPS, BACS and Faster Payments. The BoE took over responsibility for the operation of the CHAPS system in November 2017 and the NPSO is responsible for the operation of BACS and Faster Payments. The fact that the three payment systems currently all have different information requirements, methodologies, formats, standards and rulebooks means that it can be difficult and expensive to move customers' payments between the systems and costly for new entrants wishing to participate in payment systems. Moving to ISO 20022 will address these and related issues.
Final Global Strategy to Address Wholesale Payments Fraud
Following a consultation late last year, the Committee on Payments and Market Infrastructure has published the final strategy for reducing the risk of wholesale payments fraud related to endpoint security. The strategy is directed to all relevant public and private sector stakeholders in reducing the risk of wholesale payments fraud, including the operators of wholesale payments systems and messaging networks, their participants and relevant regulators and authorities responsible for supervising these operators and participants.
The strategy comprises seven elements that are intended to work holistically for preventing, detecting, responding to and communicating about wholesale payments fraud. The elements are:
1. Identifying and understanding the range of risks;
2. Establishing endpoint security requirements;
3. Promoting adherence;
4. Providing and using information and tools to improve prevention and detection;
5. Responding in a timely way to potential fraud;
6. Supporting ongoing education, awareness and information-sharing; and
7. Learning, evolving and coordinating.
The CPMI and each of its member central banks have committed to promoting the effective operationalization of the strategy within and across jurisdictions and systems. They will be monitoring progress in 2018 and 2019 with a view to assessing whether further action is needed.
View the strategy.
New Payment Systems Operator for UK Retail Payment Systems
The Bank of England and the Payment Systems Regulator have announced that the New Payment System Operator is now responsible for the operation of BACS and Faster Payments, two U.K. retail payment systems. The NPSO is expected to assume responsibility for the Cheque and Credit Clearing Company over the next few months. The consolidation of the three payment systems was one of the recommendations made in the Payments Strategy Forum's November 2016 report, which sets out a wide-ranging strategy for reforming the U.K. retail payments industry. The NPSO will also be responsible for delivering the New Payments Architecture, which is an industry-led initiative to increase competition, resilience and innovation across the payments and banking industry.
View the BoE and PSR announcement.
View the NPSO press release.
Corrigendum to the Revised Payment Services Directive Published
A two-page corrigendum to the revised Payment Services Directive has been published in the Official Journal of the European Union. The corrigendum makes 11 corrections to the text of the PSD2 across one recital and eight of the directive's articles.
In addition to minor textual corrections, the corrigendum makes important clarifications to provisions on: (i) the liability of a payment service provider for initiation or execution of payment transactions; (ii) liability in respect of payment initiation services among those provisions of PSD2 that can be disapplied, or applied only in part, by agreement between a payment service provider and a non-consumer payment service user; (iii) the limited circumstances in which a payment services provider is permitted to charge for fulfilling information obligations or performing corrective or preventive measures; and (iv) the circumstances in which compensation can be obtained by a payment service provider from another payment service provider or intermediary for losses incurred for non-execution or defective execution of a payment order.
View the corrigendum.
U.S. Board of Governors of the Federal Reserve System Commission Study Regarding Payments Fraud and Security Vulnerabilities
The U.S. Board of Governors of the Federal Reserve System announced that it is undertaking a study that will begin this month with respect to fraud in the U.S. payments system. The study will identify causes and contributing factors to fraud in the U.S. payments system, such as payment security vulnerabilities, and will measure the costs associated with such fraud. The study was commissioned as part of the Federal Reserve Board’s Next Steps in the Payment Improvement Journey paper that was released last year. A global management consulting firm will conduct the study, which is expected to last up to six months. The study is intended to provide data to assist the Federal Reserve with its collaboration with the payments system industry with respect to the security of the payments system.
View the full text of the Federal Reserve Board announcement.
European Commission Proposes Extending Fee Cap to Non-Eurozone Member States
The European Commission has published a proposed Regulation to amend the Regulation on cross-border payments in the EU. The Regulation on cross-border payments provides, among other things, that charges for cross-border euro payments within the Eurozone must be the same as charges for domestic euro payments. Member States outside of the Eurozone were given the option to extend the application of the Regulation to their domestic currency. Only Sweden opted to do so.
The proposed amending Regulation extends the scope of the fee cap provisions to EU Member States outside of the Eurozone for euro-denominated payments. A payment service providers' charges for cross-border euro payments will be required to be the same as that charged by the PSP for a domestic payment of the same value in the official currency of the customer's Member State. Cross-border transactions in currencies other than the euro are outside of the scope of the fee cap proposals. The proposals aim to put an end to the high cost of intra-EU cross-border transactions in euro.
European Banking Authority Proposes Extending the Scope of the Complaints-Handling Guidelines
The European Banking Authority has published proposals to extend the Joint Committee Guidelines on complaints-handling for the securities and banking sectors to the new institutions established under the revised Payment Service Directive and the Mortgage Credit Directive. The Joint Committee's Guidelines on complaints-handing for the securities and banking sectors, published in June 2014, apply to national regulators responsible for supervising complaints-handling by credit institutions, investment firms, certain fund managers, payment institutions and electronic money institutions where complaints are made by natural or legal persons about the regulated activities carried out by these entities.
The MCD, which has applied since March 2016, covers non-bank creditors. Similarly, PSD2, in application since January 2018, introduced two new providers of payment services - payment initiation service providers and account information service providers. Complaints-handling by these entities do not currently fall within the scope of the Guidelines.
The EBA is proposing to extend the scope of the existing Guidelines to these entities to ensure that consumers receive the same level of protection when they interact with these new entities as when they interact with in-scope regulated entities. The extended Guidelines would only apply to security-related complaints for account information services provided by account information service providers under PSD2. The EBA proposes that national regulators should apply the extended Guidelines on a proportionate basis, taking into account the nature, scale and complexity of the business of each entity as well as the nature and range of services they offer.
The consultation closes on May 27, 2018.
View the consultation paper.
View the existing Guidelines.
UK Payment Systems Regulator Consults on Reviewing its Directions on Access, Governance and Participants’ Relationships with the PSR
The U.K. Payment Systems Regulator has published a consultation on a review of the six formal General Directions (Directions GD 1-6) and one Specific Direction (SD1) it adopted in 2015 under the Financial Services (Banking Reform) Act 2013. These Directions were all intended to improve access to and the governance of payment systems in the U.K. GD1 sets out the PSR’s expectations of regulated participants in payment systems to have an open and co-operative relationship with it. GD2, GD3 and SD1 set out requirements on operators relating to access to interbank and card payment systems and GD4-6 set out requirements for the governance of interbank payment systems.
Since the Directions were adopted in 2015, the PSR has gained experience of applying the Directions in practice and there have been a number of market and legislative changes, including the introduction of the Payment Services Regulations 2017. The PSR considers that the Directions should now be reviewed to reflect these market and legislative developments and to ensure that they remain relevant, proportionate and correctly targeted. The consultation paper sets out each of the Directives along with the PSR’s proposals to revoke, revise or retain the Direction in its current form.
The PSR invites comments on the proposals by June 8, 2018.
View the consultation paper.
HM Treasury Consults on Cash and Digital Payments in the New Economy
HM Treasury has published a call for evidence which aims to inform the government's understanding of cash and digital payments in the new economy. Statistics show that the advance of digital technology has impacted how people manage their finances, with a large increase in the use of digital payments and a decrease in the use of cash. The UK Government is seeking input on how it can support the transition from cash to digital payments. The Government would like to ensure that cash remains available and secure to those who need to use it. In addition, the Government is concerned with how it can do more to prevent cash being used illegitimately, mostly to evade tax and to launder money.
Responses to the consultation should be provided by June 5, 2018.
View the call for evidence.
EU Legislation on Strong Customer Authentication Published
A Commission Delegated Regulation has been published in the Official Journal of the European Union. The Delegated Regulation supplements the revised Payment Services Directive with Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication.
PSD2 requires that strong customer authentication is used for accessing a payment account online, initiating a payment transaction and carrying out a transaction through a remote channel. “Strong customer authentication” means an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.
European Central Bank Confirms Collective Agreement Between TARGET2 Participants
The European Central Bank has confirmed that a collective agreement signed between the central banks operating TARGET2 component systems and the central securities depositories operating on the TARGET2-Securities platform can enter into force. The provisions of the Collective Agreement will take effect on March 20, 2018. The Collective Agreement provides a definition of a “common moment of entry” for payments and securities transfer orders that are matched in the systems of the signatories to the agreement. This common moment of entry will either be the moment at which a transfer order has been declared compliant with the technical rules of T2S by either the T2S platform or, if the CSD is operating a separate matching component, by the CSD. Defining the common moment of entry makes it possible to establish the point at which securities transactions become irrevocable and accordingly will provide certainty regarding the treatment of outstanding transactions if a participant becomes insolvent.
US Federal Reserve Board Announces Upcoming Conclusion of Secure Payments Task Force
The U.S. Board of Governors of the Federal Reserve System announced that the Secure Payments Task Force will conclude its efforts this month with a final publication detailing the lifecycles and security profiles of today's primary payment methods. Established in 2015, the Secure Payments Task Force, which has engaged more than 200 financial institutions, payment service providers, and other stakeholders, has made a number of contributions to improve the security and resiliency of payment systems, including identifying key security priorities, developing resources and documentation to educate stakeholders and providing feedback to the Federal Reserve Board. The members of the Secure Payments Task Force will transition into the FedPayments Improvement Community, a network established to provide stakeholders with opportunities to engage in the Federal Reserve Board with respect to its payment improvement initiatives.
View full text of the Federal Reserve Announcement.
UK Payment Systems Regulator To Proceed With Plans To Reimburse Payment Scam Victims
The U.K. Payment Systems Regulator has published the outcome of the consultation it launched in November 2017 on a contingent reimbursement model for the victims of so-called “authorized push payment” scams. That consultation, which closed on January 12, 2018, outlined high level principles for the CRM and requested input from stakeholders on how the model should be further developed, implemented and administered.
Taking into account responses to the consultation, the PSR proposes to proceed with the CRM model and will establish a dedicated steering group to develop it, in the form of an industry code for reimbursement of APP scam victims. The steering group will be comprised of representatives from key stakeholder groups, particularly consumer representatives and PSPs, with oversight and support from the PSR. Other relevant regulatory and governmental bodies will also be involved as observers.
European Commission Hints at Future Changes to the Second Electronic Money Directive
The European Commission has published a report to the European Parliament and the Council of the European Union on the implementation and impact of the second Electronic Money Directive, known as 2EMD. 2EMD establishes a legal framework for the issuance and redemption of e-money and covers the rights and obligations linked to the redemption of funds by consumers, the licensing of e-money institutions and the prudential requirements applicable to e-money institutions, which updates the regime under the first Electronic Money Directive to align it with requirements on payment institutions under the revised Payment Services Directive. It applies to e-money service providers in the EEA. The regime has been sparsely used in practice, with few firms operating under its auspices.
2EMD requires the Commission to assess its implementation and impact and to propose legislative changes, if appropriate. The report was due on November 1, 2012, however, the Commission delayed its publication because a majority of member states had failed to transpose 2EMD into their national laws by the transposition date of April 2011. The Commission also wanted to take into account the impact of PSD2, which includes numerous cross-references to 2EMD.
UK Financial Conduct Authority Will Follow European Banking Authority Guidelines Under the Revised Payment Services Directive
The UK Financial Conduct Authority has issued a statement confirming that it will comply with the Guidelines published by the European Banking Authority on December 12, 2017 on security measures for operational and security risks of payments services under the revised Payment Services Directive.
PSD2 takes effect on January 13, 2018. All Payment Services Providers will be expected to comply with the EBA Guidelines. The FCA reminds businesses wishing to apply for authorization or registration under PSD2, and any PSPs that are re-applying, that applications must contain a statement of the applicant’s security policy, taking into account the Guidelines. The statement of the applicant's security policy must also contain a description of the applicant's measures to comply with the provisions of the Payment Services Regulations 2017 that relate to the management of operational and security risks.
European Banking Authority Publishes Opinion on Transition to the Revised Payment Services Directive
The European Banking Authority has published an Opinion on the transition from the current Payment Services Directive to the revised Payment Services Directive, which takes effect from January 13, 2018.
Not all the provisions of PSD2 or technical standards and guidelines the EBA has been mandated to prepare under PSD2 will be applicable on January 13, 2018. This delay has led to a number of transitional issues that both market participants and national regulators have approached the EBA about. The Opinion provides clarification on the issues that have been raised and considers the implications for Payment Service Providers and national regulators of the delayed finalization and/or adoption of some of the technical standards and guidelines the EBA has been preparing under PSD2.
UK Government Makes Orders De-recognising CHAPS and Amending Designation of Cheque & Credit
HM Treasury has made two Orders which take effect from December 20, 2017.
The first Order amends the designation Order in force since April 2015 designating Cheque & Credit as a regulated payment system. The changes relate to the specification of the arrangements constituting Cheque & Credit, allowing for development in the Cheque & Credit Rules relating to the processing of the images of cheques and other paper instruments. The Order also makes references to participants as well as members of Cheque & Credit.
The second Order revokes the recognition order of January 5, 2010 specifying CHAPS as a recognized payment system under the Banking Act 2009.
View the Order amending the designation of Cheque & Credit.
View the Order for de-recognition of CHAPS.
European Banking Authority Publishes Technical Standards on Contents and Access to a Central Register for Payment Services Information
The European Banking Authority has published a final report setting out final draft Regulatory Technical Standards and Implementing Technical Standards under the revised Payment Services Directive.
PSD2 requires that the EBA develop, operate and maintain an electronic central register that contains information as notified by national regulators. The EBA consulted earlier in the year on its proposals for the central register and that consultation closed in September 2017.
European Banking Authority Issues Guidelines for Assessing and Managing Security and Operational Risks in Payment Services
The European Banking Authority has published finalized guidelines to assist payment services providers to conduct appropriate risk assessment and risk management of operational and security risks. The finalized guidelines contain some changes from the draft guidelines on which the EBA launched a consultation in May 2017.
Federal Reserve Board Announces Elimination of SOSA Ranking and Proposes Changes to Payment System Risk Policy
The US Federal Reserve Board announced that it is seeking comments regarding a proposed change to its Payment System Risk Policy. In a related action, the Federal Reserve Board has also announced that it is eliminating the strength of support assessment (SOSA) ranking used for FBOs because the information that informs such rankings (such as information on parent banks, home country accounting practices and financial systems, and international regulatory developments) has become more readily available to U.S. supervisors. The proposed changes to the PSR Policy would affect US branches and agencies of foreign banking organizations, and result in changes to the methods used in determining the net debit cap of an FBO and its ability to request a streamlined procedure with regard to the FBO’s maximum daylight overdraft capacity. The calculation method currently takes into account whether the FBO is a financial holding company, as well as the FBO’s SOSA ranking. The Federal Reserve Board notes that the changes to the PSR Policy may result in a reduction of the net debit cap for some FBOs, but contends that the changes will not constrain the US operations of FBOs generally, while more accurately reflecting the usage of intraday credit by FBOs. Comments to the proposal are due on or before February 12, 2018.
View the FRB's PSR Policy Proposal.
View FRB's SR Letter regarding SOSA.
European Banking Authority Publishes Final Draft Technical Standards on Central Contact Points Under the Revised Payment Services Directive
The European Banking Authority has published its final draft Regulatory Technical Standards on central contact points under the revised Payment Service Directive. The RTS will apply where a payment institution or electronic money institution with its head office in one member state provides payment services on a cross-border basis, under the right of establishment, through agents in another (host) member state. PSD2 gives the national regulators in the host member state the option of requiring that payment institutions or electronic money institutions operating through agents must establish a central contact point in the host territory, to ensure adequate communication and information reporting and effective supervision.
US Federal Reserve Board Vice Chairman for Supervision Randal Quarles Delivers Remarks on Prudent Innovation in the Payment System
Vice Chairman for Supervision of the US Federal Reserve Board Randal Quarles provided remarks at the 2017 Financial Stability and Fintech Conference regarding innovation in the payments system. Vice Chairman Quarles noted that technological innovation has greatly changed our day-to-day lives, including in the financial services industry, but cautioned that utility and innovation need to be weighed against the potential ramifications that innovation has on the safety and soundness of the financial system. He noted that this tension is not intrinsically negative, but that care should be taken to maintain stability and safety. Vice Chairman Quarles provided commentary on digital currencies, stating that it may be important to separate underlying technology, such as distributed ledger technology, from the overall concept of digital currency itself. He expressed concerns regarding the wide-spread use of digital currency in its current form, and further cautioned that central-bank-issued digital currency may not be a viable alternative, noting that the latter would require extensive review and consultation about legal and risk issues. However, he noted that research into digital currency issues, including for use as a settlement asset for wholesale payment systems should continue. In closing, Vice Chairman Quarles noted that prudent innovation may be the best course of action to balance the need for innovation with the need for stability.
View transcript of Vice Chairman Quarles’s remarks.
UK Legislation Published on Payment Services and Electronic Money
The Payment Systems and Services and Electronic Money (Miscellaneous Amendments) Regulations 2017 have been published and will enter into force in part on December 22, 2017 and in part on January 13, 2018.
UK Legislation Published on Oversight of Systemically Important Payment Systems
The Banking Act 2009 (Service Providers to Payment Systems) Order 2017 has been published and will enter into force in part on November 30, 2017 and in part on January 13, 2018.
European Commission Adopts Draft Regulatory Technical Standards on Security Measures and Communication Tools for Payment Services
The European Commission has adopted a draft Delegated Regulation setting out Regulatory Technical Standards on the security measures for strong customer authentication along with common and secure open standards for the communication between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers in relation to the provision and use of payment services.
European Commission Concludes that the SEPA Regulation Does Not Require Amending
The European Commission has published a Report to the European Parliament and the Council of the European Union on the application of the SEPA Regulation. The SEPA Regulation establishes technical and business requirements for credit transfers and direct debits in euro to allow electronic payments in euro without distinguishing between national and cross-border payments. The Commission is charged, under the SEPA Regulation, with reporting on the application of the Regulation and proposing legislative changes, if appropriate. The Commission has concluded that the SEPA Regulation is applied correctly across the EU and that a legislative proposal is unnecessary. The Report notes that identified issues, such as IBAN discrimination, have been addressed by Member States and their resolution will need to be closely monitored.
View the Report.
View the Annex to the Report.
EU Sets Out Rules for National Regulators on Passporting under the Revised Payment Services Directive
A Delegated Regulation has been published in the Official Journal of the European Union setting out Regulatory Technical Standards for the cooperation and exchange of information between EU national regulators that are the home and host states for payment institutions using the "passport" provided by the revised Payment Services Directive. Under PSD2, payment institutions can make use of the passport either to establish a branch in another Member State, or to provide services cross-border into another Member State. PSD2 will extend the definition of a "payment institution" to include new categories of third-party payment providers.
The RTS set out detailed rules on how national regulators are to assess passport applications and how they should deal with disagreements. The RTS also set out the information that must be obtained and/or transmitted or communicated on a branch, services or agent passport application.
The RTS come into effect on December 1, 2017. The PSD2 passport will be available from January 13, 2018, which is the transposition deadline for PSD2.
View the RTS ((EU) 2017/2055).
Final EU Guidelines on Information Required for Authorization Applications by Payment Institutions
The European Banking Authority has published final Guidelines on the information to be provided for the authorization of payment institutions and electronic money institutions, and for the registration of account information service providers. The revised Payment Service Directive - PSD2 - sets out the information that must be submitted to national regulators with applications for authorization or registration. The Guidelines are divided into four sets, one for payment institutions, one for e-money institutions, one for account information service providers and one for national regulators. The Guidelines cover, among other things, information requirements on an applicant's program of operations, business plans, evidence of initial capital, governance and internal control mechanisms and data protection.
The Guidelines apply from January 13, 2018.
View the Guidelines.
UK Payment Systems Regulator Consults on Reimbursement of Victims of Payment Scams
The UK Payment Systems Regulator has published a report on the initiatives it has engaged in with banks, the payment systems industry and the Financial Conduct Authority to prevent or mitigate harm to consumers from scams which involve tricking people into sending money to fraudsters. This type of scam is known as an authorized push payment, or APP, scam and is the second biggest type of payment fraud reported in the UK behind card fraud. The PSR has previously investigated APP scams following a Which? super-complaint in 2016 and concluded in its response to the super-complaint that more needed to be done to address them.
European Banking Authority Consults on Home-Host Regulator Co-operation Under the Revised Payment Services Directive
The European Banking Authority has launched a consultation on draft Regulatory Technical Standards under the revised Payment Services Directive concerning the level of co-operation between national regulators in home and host states of a payment institution that operates cross-border in the European Union. PSD2 takes effect from January 13, 2018. The draft RTS specify the framework for the co-operation between the supervisors of payment institutions operating on a cross-border basis, including the method for co-operation and details of information that should be provided between regulators. The draft RTS also specify the means, details and frequency of any reporting that a host national regulator may request from payment institutions of the payment business activities carried out in its territory through agents or branches.
The EBA invites comments on the draft RTS by January 5, 2018.
View the consultation paper.
UK Regulator Outlines Scope of Retail Banking Business Model Review
The U.K. Financial Conduct Authority has published a paper outlining the purpose and scope of its strategic review of retail banking business models. The FCA launched the strategic review in April 2017 in order to deepen its understanding of retail banking business models generally. The FCA also wants to gain an understanding of how changes such as increased use of digital services and reduced use of branches have impacted on banks’ business models and whether this might have implications for the FCA's consumer protection and competition objectives. The strategic review will also help the FCA to understand how free-if-in-credit banking is paid for and whether this gives rise to concerns about the distribution of profits from different types of consumers or different products.
The paper outlines how the FCA uses business model analysis in conduct and competition regulation before discussing how the face of retail banking is changing. A new environment has emerged due to the rise of challenger banks in response to macroeconomic, technological and regulatory changes, the profound effect of technology on costs and customer behaviour, the effect of recent regulatory changes on competition and the expected significant increase in competition that will be brought about by the Competition and Markets Authority's Open Banking initiative and the implementation revised Payment Services Directive.
European Banking Authority Publishes Final Guidelines on Procedures for Complaints of Alleged Infringements of PSD2
The European Banking Authority has published final Guidelines on complaints procedures for alleged infringements by payment service providers of the Payments Services Directive 2. PSD2 provides for payment service users and other interested parties, including consumer associations, to submit complaints to national regulators regarding alleged infringements of the PSD2 requirements by payment service providers. National regulators will be required to make available two different means by which a complaint can be submitted and to publicly disclose information on their procedures for complaints of alleged infringements. National regulators will also be required to provide complainants with certain information in response to their complaint. Furthermore, national regulators will need to have procedures in place to collate and analyze aggregated complaints information so that they can assess, for example, the nature of the most common types of complaints and the identity of the payment service providers subject to the most complaints. The final Guidelines will apply from January 13, 2018 and will be updated on a regular basis thereafter.
View the Final Report and Guidelines.
Global Standard Setter Consults on Strategy to Address Wholesale Payments Fraud
The Committee on Payments and Market Infrastructures is consulting on a possible strategy to improve the security of wholesale payments involving banks, financial market infrastructures and other financial institutions. The CPMI is a global standard setter, mandated to promote the safety and efficiency of payment, clearing, settlement and related arrangements. It formed a task force in 2016, to look into the evolving threat and increasing sophistication of wholesale payments fraud. The CPMI taskforce undertook a stocktake of current practices. The resulting discussion note highlights for consultation seven elements relating to preventing, detecting, responding to and communicating about wholesale payments fraud.
Stakeholders are invited to provide input on the proposed strategy by November 28, 2017. Consultation responses will contribute to guidance on the seven elements, which the CPMI aims to develop by early 2018.
View the CPMI Discussion Note.
European Banking Authority Consults on Guidelines on Security Measures for Operational and Security Risks under the Revised Payment Services Directive
The European Banking Authority has launched a consultation on draft Guidelines on security measures for operational and security risks under the revised Payment Services Directive (known as PSD2). PSD2, which will apply from January 13, 2018, requires Payment Service Providers (PSPs) to establish a framework with appropriate mitigation measures and control mechanisms to manage operational and security risks, relating to the payment services they provide. The framework must include effective incident management procedures, including for the detection and classification of major operational and security incidents. A PSP is required to report to its national regulator annually, providing an updated and comprehensive assessment of the operational and security risks relating to the payment services they provide and on the adequacy of the mitigation measures implemented in response to those risks. The draft Guidelines aim to define those requirements and will apply to PSPs and national regulators responsible for monitoring the implementation of the requirements by PSPs.
UK Delivery Plan for Consolidation of Payment Systems Operators
The Payment System Operator Delivery Group, an independently chaired body set up by the Payment Systems Regulator and the Bank of England, has published a recommended Delivery Plan for the consolidation of the operators of three payment system operators: Bacs Payment Schemes Ltd, Cheque and Credit Clearing Company and the Faster Payments Scheme Ltd. The proposed consolidation was one of the recommendations made in the Payments Strategy Forum's November 2016 report, which sets out a wide-ranging strategy for reforming the UK retail payments industry. The Delivery Plan includes a Strategic Framework (including company purpose and strategic objectives) for the new PSO, the proposed design of the PSO (including setting the company up as a company limited by guarantee), a funding model for setting up the consolidated PSO and for its ongoing operation and a target implementation timeline which also sets out a transitional scheme to ensure continuity of services.
The Delivery Plan now needs to be reviewed and agreed by the boards of the three operators as well as their members. If agreed, the aim is for the consolidation to be mostly completed by the end of 2017.
View the delivery plan.
UK Payment Systems Regulator Consults on Monitoring and Enforcing the Revised Payment Services Directive
The Payment Systems Regulator has opened a consultation on its proposed approach to monitoring and enforcing the revised Payment Services Directive. The UK Government has separately consulted on draft Payment Services Regulations 2017 which will implement the revised Payment Services Directive into national laws and replace the existing Payment Services Regulations 2009 and new FCA rules are also subject to consultation. PSD2 will repeal the current Payment Services Directive with effect from January 13, 2018. Member States must adopt, publish and apply implementing laws from that date, subject to certain exceptions and transitional measures.