Payment Matters No. 49
Contents1. UK Finance publishes plans for Open Banking and the Competition and Market Authority (CMA) consults on the Open Banking “Future Entity”2. The Financial Conduct Authority (FCA) consults on changes to the SCA-RTS, Approach Document and Handbook3. Changes to UK contactless card payment limits4. Developments in Open Finance – FCA issues Feedback Statement and Berlin Group publishes a first version of its Certification Process document5. The EBA seeks to ensure the removal of obstacles to account access under the revised payment services directive (PSD2)6. The introduction of Confirmation of Payee (CoP) and the Contingent Reimbursement Model (CRM) for payment initiation service provider (PISP) payments7. The Lending Standards Board (LSB) publishes its report on the CRM Code8. The Payment Systems Regulator (PSR) issues calls for views on APP scams and protection in interbank payments9. The European Central Bank (ECB) issues Opinion on proposed codified Regulation on cross-border payments in EU10. European Commission publishes targeted consultation on SFD review11. Towards Instant Payments as the new normal
1. UK Finance publishes plans for Open Banking and the Competition and Market Authority (CMA) consults on the Open Banking “Future Entity”In June 2020, UK Finance (in partnership with Accenture) published the Open Banking Future State as part of Phase 1 outlining a model and recommendations for the provision of Open Banking Services. The report stated that the final CMA Roadmap would see the Open Banking implementation phase complete and the need for the Open Banking Implementation Entity (OBIE) and the functions it carries out in the wider banking system to continue but evolve. The model proposed that the OBIE should transition to become a new industry open banking services company funded by the participants. At the request of the CMA, UK Finance (in association with Baringa Partners LLP and Eversheds Sutherland) published a Phase 2 follow-up report (Open Banking Futures: Blueprint and Transition Plan) on March 2nd 2021. This report expands on the initial proposals and focuses on the transition map for the “Future Entity”, details of the entity structure and capabilities and the corporate governance and funding plans for the newly created company. Following on from the UK Finance publication of the blueprint and transition plan the Competition and Markets Authority (CMA) launched a consultation. The CMA consultation closed on 29 March 2021.
What this means for youThe structure of the “Future Entity” will have a significant impact on all parts of the UK Open Banking ecosystem. A structure needs to be set up which ensures accountable leadership, sufficient resourcing, equitable funding and that all stakeholders are represented rather than any part of the ecosystem having too much influence. Separate monitoring is also being considered in order to ensure compliance with the regulatory standards. Getting this right will be critical, particularly seen as the Future Entity’s work will now extend beyond the CMA’s Retail Banking Order and will enable firms to meet their PSD2 obligations efficiently and to provide services that meet the industry’s expanding open banking requirements. The inclusive stakeholder engagement we have seen from UK Finance so far needs to continue. The market must now lead the development of open products and services and help competition flourish in a cost effective and agile way.Return to top ^
2. The Financial Conduct Authority (FCA) consults on changes to the SCA-RTS, Approach Document and Handbook
The FCA has published a consultation in relation to its proposed changes to the UK SCA-RTS, the Approach Document and the Handbook. Some of the key proposals include:
- introducing a new rule so that third party payment providers (TPPs) will need to re-confirm the customer’s consent every 90 days to continue accessing account information without the customer actively requesting the information;
- introducing a new exemption for strong customer authentication (SCA) which means that account servicing payment service providers (ASPSPs) will not need to apply SCA every 90 days when the customer accesses their account through an account information service provider (AISP);
- mandating the use of dedicated interfaces (e.g. APIs) for certain types of payment accounts which are accessible online. Subject to some exclusions, this will generally include: personal and SME 'current accounts', 'payment accounts' as defined under the PARs, 'payment Accounts' which would fall under the PARs but are held by SMEs and credit card accounts held by consumers or SMEs;
- changing the UK SCA-RTS so that technical specifications and a testing facility will only need to be made available to TPPs from the launch date of new products and services (rather than 6 months in advance of any such launch);
- amending the Approach Document to reflect the guidance on SCA factors set out in the Opinion of the European Banking Authority (EBA) on SCA elements (e.g. clarifying that static card details will not constitute a valid knowledge or possession factor); and
- amending the Approach Document to reflect guidance issued via the EBA’s Q&A tool (e.g. clarifying that the payee’s PSP will be ultimately liable for an unauthorised transaction where it applies an SCA exemption).
What this means for youSome of the proposals included in the consultation are simple updates to the FCA’s guidance to reflect existing industry practice and guidance which had already been issued by the EBA. However, some of the changes will have an impact on UK financial institutions which will require significant changes to operational processes. For example, any institution who currently provides access to TPPs via a modified customer interface will potentially be required to build and implement a new dedicated interface (requiring additional resource and costs). On the other hand, some of the proposals may have a beneficial impact on certain institutions, including the removal of the requirement to launch a testing facility and specifications 6 months before a new potential product launch and the creation of a new SCA exemption for customers accessing their accounts through AISPs. Therefore, we would recommend that all payment service providers (PSPs) review and feedback on the areas of the consultation which are likely to impact their business. The deadline for providing responses to this consultation is 30 April 2021.Return to top ^
The FCA has confirmed that the thresholds for not applying SCA to contactless payments under Article 11 UK SCA-RTS will increase, so that more transactions can be exempt from the application of SCA. In particular, the FCA has confirmed that
- the single threshold limit which applies to all transactions will be increased from £45 to £100; and
- the threshold limit for the cumulative amount of previous contactless electronic payments since the last application of SCA will be increased from £130 to £300.
What this means for youThe FCA has increased the regulatory limits to enable the industry to make changes to the current contactless solution by setting higher maximum thresholds. This does not translate into an immediate change for consumers and businesses. Any increase to the contactless limit available to customers will be determined by the industry, up to a maximum of £100. Individual card issuers will also be free to set their own cumulative limit up to £300. We anticipate that any such changes will be implemented by the industry later this year.
4. Developments in Open Finance – FCA issues Feedback Statement and Berlin Group publishes a first version of its Certification Process documentOn 26 March the FCA issued a Feedback Statement following its Call for Input to explore the opportunities and risks arising from Open Finance and to inform the FCA’s regulatory strategy towards Open Finance. The Call for Input was first published in December 2019 but the FCA gave stakeholders until October 2020 to respond due to the coronavirus pandemic. The 169 responses to the Call for Input show that Open Finance could have a number of benefits, including increasing competition, spurring innovation, empowering customers to make more informed decisions and improving access to a wider range of financial products and services. The feedback also addresses some of the challenges which arise with Open Finance, including questions regarding data ethics, consumer protection and the implementation being a significant undertaking for firms. Overall, a regulatory framework was considered as essential if Open Finance is to develop successfully. Following the FCA’s Feedback Statement, the FCA will support the Government as it considers the legislation required on Open Finance. This will include sharing expertise from the open banking journey and supporting the Government in relation to the development of any future legislation. The FCA also intends to play a role working with industry to convene working groups relating to the development of common standards. In other Open Finance related developments, on 29 March 2021 the Berlin Group published a first version of its Certification Process document. According to the Berlin Group, the certification process should ensure a high quality of Open Finance implementations and describes a possible certification and approval ecosystem model for the Berlin Group openFinance API Framework. This follows the Berlin Group’s announcement on October 26, 2020 that they were to start work on a full Open Finance API Framework.
What this means for youOpen Finance has the potential to transform the financial services sector and it will be key for businesses to consider and engage in any consultations, both relating to the development of a legislative framework and in the development of common industry standards. It is also key that businesses take an early look at the opportunities which could arise for them as a result of Open Finance. This will allow those businesses to take early advantage of such opportunities and ensure that they do not lose their competitive edge.Return to top ^
5. The EBA seeks to ensure the removal of obstacles to account access under the revised payment services directive (PSD2)The EBA has issued an opinion to national competent authorities explaining that it expects all authorities to take supervisory action against ASPSPs who continue to create obstacles to the provision of account information and payment initiation services in their dedicated interfaces. The opinion notes that competent authorities should all take action by 30 April and set a deadline for ASPSPs to remove any such obstacles. In the event that the ASPSPs fails to remove the obstacles, the EBA expects national authorities to take more effective supervisory measures to ensure compliance with the applicable law. This may include the revocation of any exemptions from the requirement to build a contingency mechanism under Article 33(6) of the RTS.
What this means for youThere continues to be an increased focus on the effectiveness of PSD2 and whether the introduction of new regulated TPPs has enhanced competition across the market. The EBA is particularly keen to remove any obstacles which are preventing this competition-enhancing objective of PSD2 from materialising in full. Therefore, we would anticipate an increased focus from national competent authorities on potential obstacles to the provision of these services over the next few weeks. To this effect, you may want to review the EBA’s Opinion on what constitutes an obstacle under PSD2 to assess whether you need to make any immediate changes to your dedicated interface.Return to top ^
6. The introduction of Confirmation of Payee (CoP) and the Contingent Reimbursement Model (CRM) for payment initiation service provider (PISP) paymentsOn 2 February the OBIE published a consultation on CoP and the CRM Code, and its implications for open banking payment journeys. As part of the consultation, the OBIE considered various use cases for PISP payments (e.g. P2P payments, payments made to merchants) and analysed whether those types of payments were as susceptible to fraud as the payments which are currently covered by CoP and CRM. One of the key questions raised as part of the consultation was which party should perform CoP checks and provide CRM warnings for PISP payments (i.e. should this be the PISP or the ASPSP), which raised subsequent questions on how the liability model would work in each circumstance. The OBIE also considered the effectiveness of warning messages, following consumer research. The consumer research findings in the consultation paper were provisional, and we can expect more detailed conclusions in the next phase of the consultation. The consultation closed on 1 March 2021. After discussion with the Implementation Entity Steering Group, an update is due to be published by the OBIE with next steps. The ultimate output of the consultation process is expected to be recommendations to Pay.UK and to the Lending Standards Board.
What this means for youWe expect that many fraud teams will welcome the inclusion of PISP payments within CoP and CRM, but there are still many practical questions to be addressed as to how such checks and warnings will be implemented in practice. In particular, which party will take responsibility for the checks and warnings needs careful consideration, especially since that party will have control over the level of friction in the journey, but is also likely to need to take on liability where things go wrong. We suggest that firms pay close attention to the next update from the OBIE where we should be given more insight into the feedback provided to the consultation and the likely next steps.Return to top ^
The LSB has published a report following its review of the effectiveness of the implementation of the CRM Code and its impact on consumers and the industry. You can find a copy of the report here.
What this means for you
The report details a number of recommendations, including changes to ensure that the CRM Code reflects the evolving nature and complexity of authorised push payment (APP) scams and to ensure that it is able to provide effective protection for consumers. The LSB has begun work on a number of the recommendations and will be undertaking more activities in relation to the CRM Code during the course of 2021 (as detailed in the LSB’s roadmap here). The LSB also intends to issue a specific Call for Input on some of the recommendations which will require further input from the industry in order to ensure that they are implemented effectively. This is expected by the end of quarter 1, 2021. Therefore, we recommend that all institutions who have signed up to the CRM Code, or intend to sign up to the CRM Code, follow each of these developments, work with the LSB and ensure that the CRM Code is implemented effectively across your business.
8. The Payment Systems Regulator (PSR) issues calls for views on APP scams and protection in interbank payments
On 11 February the UK PSR published two calls for views focusing on greater protections for everyone using payment systems. The first relates to protections against Authorised Push Payment (APP) scams, which has been a key focus for the PSR in recent years. The second call looks at consumer protection in interbank (bank-to-bank) payments.
APP scams occur when fraudsters trick account holders into instructing a payment be made which they believe to be legitimate but which is sent to a fraudulent account holder. The bank or account provider of the defrauded account holder is usually acting on their legitimate instructions so normally wouldn’t be at fault. The PSR is proposing to combat this fraud by introducing three measures to payments made via Faster Payments and Bacs Direct Credit:
- making banks and building societies publish their APP scam data (including reimbursement and repatriation levels),
- requiring banks and building societies to adopt a standardised approach to sharing data thereby helping to identify these scams to stop them before they actually occur.
- changing payment system rules to achieve a minimum standard of protection for customers across all banks and building societies.
There is an increase in payments being made by direct transfer from one bank account to another (interbank payments). A large number of these are via smartphone apps or online banking and the PSR is keen to understand whether current protections in place are sufficient and that the makers of interbank payments are not disproportionately harmed as their usage increases.
What this means for you
Banks and other account providers will need to monitor any proposed changes carefully to ensure that, among other things, their data systems and permissions are configured to enable the publication and sharing of data as efficiently as possible. It will also be important to provide views and responses to both calls to ensure a representative outcome is achieved. The closing date for views and responses to both calls is 8 April.
9. The European Central Bank (ECB) issues Opinion on proposed codified Regulation on cross-border payments in EU
On 25 January the ECB published an Opinion on a proposal for a regulation on cross-border payments in the European Union. The proposed regulation intends codifying the existing regulation on cross-border payments, Regulation (EC) No 924/2009. Although the ECB generally welcomes the codification exercise, it notes in the explanatory memorandum of the proposed regulation that instruments affected by codification do not contain substantive changes, but only formal amendments as are required by the codification exercise itself.
The ECB Opinion focuses on the provision of the proposed regulation which relates to the euro foreign exchange reference rates issued by the ECB. Article 4(1) of the proposed regulation requires PSPs and parties providing currency conversion services (DCCPs) at ATMs or at the point of sale to express the total currency conversion charges as a percentage mark-up over the latest available euro foreign exchange reference rates issued by the ECB (ECBRRs). The ECB is concerned that by referring to ECBRRs, market participants could be incentivised to trade at these reference rates. This would be contrary to their purpose of protecting the interests of customers of PSPs and DCCPs. The ECB recommends that references to ECBRRs in the proposed regulation be replaced with references to appropriate FX benchmark rates provided for under EU benchmark regulation.
What this means for you
PSPs and DCCPs should monitor these develops closely to ensure that they will be using the correct reference rates when the proposed regulation comes into force. There is no current indication of when the proposed regulation might come into effect.
On 12 February the Commission published a targeted consultation on the review of the Directive on settlement finality (SFD) in payment and securities settlement systems. The SFD was originally adopted in 1988, and regulates designated SFD systems used by participants to transfer financial instruments and payments. It was designed to protect duly designated systems and participants from the inherently unpredictable outcomes of the insolvency of other systems or participants. It does this by stipulating when transfer orders are final and not subject to reversal by insolvency proceedings and by ring-fencing collateral security provided for transactions undertaken within an SFD or in the monetary operations of the central banks of member states or of the ECB.
What this means for you
The last review of the SFD was undertaken in 2008/2009. The increased inter-operability of SFD systems will be a key focus of this review as well as the recognition of ‘close-out netting provisions’ and ‘financial collateral’. The EC is interested in the views of a wide range of direct and indirect participants of SFDs including credit institutions, investment firms, payment & e-money institutions, consumer interest groups, public authorities, CCPs and system operators. The consultation period ends on May 7, 2021, and the results will feed directly into a Commission report to the European Parliament and Council. Please let us know if we can help you with formulating any responses to the Review.Gidget Brugman and Danielle van de VijverThe Netherlands is leading the eurozone with respect to Instant Payments. In the Netherlands 90% of all single credit transfers between Dutch banks are Instant Payments. However, in the eurozone this percentage is approximately 15%. This is due to the fact that in most countries an Instant Payment is a premium payment method, which is only available to limited customers such as business customers or only for mobile payment transactions. In the Netherlands however, most banks are facilitating Instant Payments for every customer which makes transferring money via Instant Payments the new normal. An Instant Payment supports a transfer in euro, where the amount is credited to a payment account within less than ten seconds. It does not matter when an Instant Payment is made, as Instant Payments can be transferred at any time of the day and every day of the year, regardless of whether this is in the weekend, a public holiday or in the middle of the night. Instant Payments are based on a European standard ‘SEPA Instant Credit Transfer Scheme Rulebook’ (SCT Inst scheme) published by the European Payment Council. The SCT Inst scheme allows instant payment transactions in euro currency to any beneficiary within the eurozone within 10 seconds. The SCT Inst scheme was developed in 2017 to establish guidelines for real-time payments which was the first real-time payments regulatory framework in the region that addressed all EU countries. Additionally, TARGET Instant Payment Settlement (TIPS) was developed (as an extension of TARGET2). TIPS will support participants to comply with the SCT Inst scheme following the same process flows and liquidity transfers based on the participation criteria of TARGET2. The European Commission is of the opinion that Instant Payments should be used as the normal way of transferring funds and therefore the European Central Bank (ECB) aims for full coverage across the eurozone. However, as participation to SCT Inst scheme is optional, action is required to improve the interconnectedness of infrastructures involved in the clearing and settlement of instant payments. Accordingly, ECB aims to ensure pan-European instant payments by the end of 2021. Respectively, the Governing Council of the ECB has agreed to update the TIPS participation rules for PSPs and automated clearing houses (ACHs). This means that all PSPs which have adhered to the SCT Inst scheme and are reachable in TARGET2 should become reachable via TIPS. PSPs can be reachable via TIPS either as a participant or as a reachable party through the account of another participating PSP. Additionally, ACHs who offer instant payments should move from TARGET2 to TIPS.