Global menu

Our global pages


Payment Matters: No. 28

Payment Matters: No. 28
  • United Kingdom
  • Financial services - Payment services


FCA and PSR publish consultations on their approach to PSD2

The FCA has published its consultation paper on the FCA’s implementation of the revised Payment Services Directive (PSD2). The Treasury has previously consulted on the draft Payment Services Regulations 2017 (PSRs 2017), which largely implement PSD2 and it is now the turn of the FCA to focus on its approach to applying these regulations. The Payment Systems Regulator is consulting at the same time on its approach to monitoring and enforcing Regulation 61 and part 8 (Regulations 102-105) of the draft PSRs 2017, for which it has been appointed the competent authority.

The FCA has noted that as PSD2 is maximum harmonising European legislation, there is limited discretion for it to depart from the Directive’s provisions. As well as reflecting changes introduced by PSD2, the FCA’s paper follows on from their February 2016 Call for Input on their approach to the current payment services regime, responds to feedback received and updates existing guidance.

They are asking for feedback on the proposals set out in the paper by 8 June 2017. Details of how to respond can be found here.

What this means for you

The FCA paper details proposals in a number of areas which will affect providers of payment-related services. These include:

  • Requirements for existing providers, including changes to conduct of business requirements, complaints and reporting requirements;
  • Joint guidance from the FCA and the PSR on access to payment account services for payment services providers;
  • Guidance on changes to the scope of PSD2 and notification requirements for businesses using exclusions to take themselves out of scope of the PSR 2017;
  • Guidance on their approach to regulating account information services and payment initiation services; and
  • Their approach to authorisation under PSD2, including the requirement for certain businesses to become re-authorised.

Payment services business of all types will need to analyse the paper closely to understand where changes need to be made to their existing operational processes and collateral, where new processes need to be built to accommodate the new parts of the regime, as well as considering what is required for existing and new businesses from an authorisation perspective. If you need support with analysing and feeding back on the paper, please contact Richard Jones.

The PSR publishes its final Terms of Reference for APP Scams

The Payment Systems Regulator (PSR) has published the final terms of reference for its review of the role of payment system operators (PSOs) in preventing push payment scams (ToR).

The ToR were produced by the PSR in response to a super-complaint by Which? in relation to authorised push payment (“APP”) scams. Essentially, Which? argued that victims of APP scams do not receive sufficient protection from the harm caused by fraudsters in comparison to the protections provided by banks in respect of pull payments (such as card payments and direct debits). The draft ToR explained how the PSR intends to carry out work considering the potential for PSOs to play a role in minimising the consumer harm caused by APP scams. The consultation period for the ToR ended on 21 March 2017 and the PSR published its final ToR at the end of March 2017.

What this means for you

The final ToR confirm the following key points:

  1. The project will focus on APP scams that target consumers (but they will consider after completion of the project whether APP scams against businesses should be looked at separately);
  2. The regulated payment systems in scope of the project are CHAPs and FPS; and
  3. The PSR will investigate whether there is direct action that PSOs could take that would be effective and proportionate in order to minimise consumer harm from APP scams and whether there are requirements that PSOs could place on PSPs using their systems that might be effective and proportionate.

At the end of the project, if the PSR decides that new measures are appropriate, it could look to introduce them via regulatory action or take an industry led approach. Depending on where the PSR gets to, PSOs could be required to impose new rules relating to fraud on their members or to take direct action themselves. After an information and analysis stage which will now take place, you can expect to see a report based on that due diligence in Q3 or Q4 this year. If you would like to provide input which will help inform the PSR’s analysis, you can send comments by e-mailing If you would like more detail on the project, please contact Richard Jones.

EPC publishes ‘Payment Threats Trends Report’

On 20 March 2017, the European Payments Council (EPC) published a Payment Threats Trend Report.

The report provides an insight into threats to payments, including cybercrime – a threat which is noted to have become increasingly organised and sophisticated. Other threats covered in the report include: denial of service (DOS) attacks and the risks posed by social engineering and phishing – which incidents are reported to have grown in frequency; together with other threats such as malware, mobile related attacks, botnets, card related fraud and ATM attacks.

The report focusses on the impact each threat can have on both the payment services provider (PSP) and the customers of the PSP. It considers how each threat is typically employed and what can be done to reduce the risk of the threats materialising and, if they do materialise, to mitigate their effect.

What this means for you

PSPs will be keen to gain a better understanding of the threats detailed in the report and to appreciate what they can do to try to safeguard against the same. The report includes useful advice on the steps that PSPs can take to reduce their risk by having robust internal systems and policies in place and by raising customer awareness (including in relation to the need for customers to protect their own devices). The report also encourages PSPs to maintain investment in relevant security technologies. If you would like more detail on the report, please contact Sarah Langham.

High Court makes reference to ECJ for preliminary ruling on PSD2 interpretation

A reference for a preliminary ruling from the Court of Justice of the European Union (ECJ) has been made by the High Court in the case of American Express Co. v Lords Commissioners of HM Treasury (Case C-643/16).

The reference, which was made late last year but published in the Official Journal of the EU on 13 March 2017, concerns the High Court’s request for clarification from the ECJ on how it should interpret the revised Directive on payment services in the internal market (2015/2366) (i.e. PSD2).

The first question referred is whether a payment system, to which the Access Obligation (set out in Article 35(1), PSD2) would otherwise not apply (by virtue of Article 35(2)(b), PSD2), renders itself subject to the Access Obligation as a result of either or both of the following:

  • the entry into a co-brand arrangements with co-brand partners who do not themselves provide payment services on that system in relation to the co-branded product offering; and/or
  • the use of an agent to act on its behalf in providing payment services.

The second question referred is, if the answer to the first question is "yes", whether that renders Article 35(1), PSD2 invalid insofar as it provides that systems with such arrangements are to be subject to the Access Obligation, on any or all of the following grounds:

a. failure to provide reasons in accordance with Article 296 of the Treaty on the Functioning of the European Union (TFEU);

b. manifest error of assessment; and/or

c. breach of the principle of proportionality.

What this means for you

The High Court has made the reference to the ECJ on the basis that it needs to bottom a question of EU law in in relation to the case before it. It follows that the High Court considers that there is a lack of clarity regarding the intended interpretation of the above mentioned provisions within PSD2. We await the outcome of the ECJ reference. If you would like more detail on the case, please contact Sarah Langham.

EC opens fintech consultation

The European Commission opened a public consultation on fintech on 23 March 2017. The consultation, which closes on 15 June 2017, seeks feedback to help the EC develop a policy approach towards technological innovation in financial services. The consultation seeks to gather feedback on the impact of new technologies on the European financial services sector from both the perspective of providers of financial services and consumers. The EC requests comments on whether the existing regulatory and supervisory framework fosters technological innovation in line with the three core principles of technologic neutrality, proportionality and integrity. The ultimate goal is to assist the EC in assessing how fintech can improve competitiveness, inclusivity and efficiency across the EU Single Market.

What this means for you

Financial services providers need to give close consideration to what changes could be made in order to allow them to improve products and processes. Particularly in the payment services field, we have heard a lot of talk of the regulatory framework stifling innovation and this is the time to feed in to the EC on the barriers that are currently in existence. In addition, consideration of how increased competition and consumer choice can be fostered should also be a focus. For example issues around reducing operating costs and barriers to entry still require attention (despite the technological innovation which we are clearly seeing within the industry) and considerations about the possibilities for data sharing and security should not be lost sight of as the fintech industry continues to drive forward. If you would like more detail on the consultation, please contact Richard Jones.

ECON issues draft RTS on strong customer authentication and secure communication under PSD2 briefing note

In support of the scrutiny of delegated acts work of the European Parliament’s Committee on Economic and Monetary Affairs (ECON) a briefing note was issued on 22 March 2017. The note on the European Banking Authority Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication under PSD2 was produced in readiness for ECON’s scrutiny meeting on 27 March 2017 to discuss the EBA’s final draft. The note highlights the key issues of the final draft, as follows:

  • the scope and technological neutrality of the requirements of the draft RTS;
  • the exemptions, including scope, thresholds and in particular the exemption for transactions identified as low-risk as a result of ‘transaction-risk analysis’ (TRA), and
  • access to payment accounts for third-party providers (TPPs) and the requirements pertaining to the information communicated.

What this means for you

There was always going to be scrutiny of the EBA’s final draft of the Regulatory Technical Standards (RTS) and as we have previously reported there have been ongoing tensions and concerns regarding the trade-offs made by the EBA in respect to the competing objectives of PSD2, including the possibility that the RTS failed to reflect mandatory requirements of PSD2. We understand that there will be one final set of changes to the RTS and these will particularly focus on the TRA based exemption. More broadly, as the RTS is close to final form now, implementation work should be underway to analyse how your existing processes compare to the RTS requirements and to identify where new processes need to be built to comply as certain requirements may take up a significant amount of the 18 month window to put in place. If you would like assistance with your analysis of the RTS, please contact Richard Jones.

ECB Explanatory Note: the co-existence of the proposed TIPS service with other instant payment services

The European Central Bank (“ECB”) issued an explanatory note on the co-existence of the proposed TARGET instant payment settlement (TIPS) service with other instant payment services on 4 April 2017. The note picks up on questions raised during the consultation on the potential user requirements for the proposed TIPS service which closed in February 2017. It covers such issues as: interoperability, pan-European reach and operating hours for funding/defunding accounts.

The proposed TIPS service is for the settlement of instant payments. TIPS plans to offer instant settlement services to its participants when an originator instructs the transfer of funds to a beneficiary. The primary aim would be to offer settlement of instant payments in Euro. However the technical implementation of TIPS would be currency agnostic in its design, i.e. TIPS could support settlement in non-Euro Central Bank money as well. A decision on whether TIPS will be developed will be made in June 2017 with a planned operation date of November 2018 if the go ahead is given.

The ECB note seeks to clarify certain areas of uncertainty as follows:

  • although the TIPS system will not interlope (i.e. conduct and settle payments or securities transactions) with other instant payment systems, the ECB does not consider that this will limit the reachability of Automated Clearing Houses (“ACHs”);
  • ACHs can have an important role in the TIPS service process by becoming an “instructing party”, whereby the ACH would have a contractual agreement with TIPS participants to have access to their accounts and instruct on their behalf;
  • ACHs would not be able to open accounts in TIPS, as participation in TIPS is restricted to participants of the Single Euro Payments Area Instant Credit Transfer (“SCT Inst”) scheme;
  • the purpose of TIPS is to settle instant payments, and as such, accounts cannot be used to collateralise the activity that takes place within the ACH for payments between its participants;
  • full pan-European reachability of TIPS is possible, but will depend on PSPs becoming a participant of an ACH offering SCT Inst and also upon a network among ACHs being set up;
  • there is currently a split between payments processed within TARGET2 or outside of it. As TIPS is a legal extension of the TARGET2 service, this split is anticipated to continue. When payments are processed outside of TARGET2, the Eurosystem will provide support through the ASI6 real-time ancillary system;
  • balances in the TIPS account are deposits for the purpose of Reserve Management calculations. However, ASI6 will not be taken into account as they are not deposits and are not in the account of a credit institution (they operate as guarantees); and
  • the operating hours for which TIPS/ASI6 accounts can be funded/defunded from the real-time gross settlement (“RTGS”) will remain the same as for TARGET2. This may be assessed further in the future.

What this means for you

The TIPS service will affect how payments in Euros can be made. The ECB expects to publish its final decision on TIPS in June 2017, at which time the results of the consultation on user requirements will be published. Financial service businesses that may be affected by TIPS are recommended to keep a watching brief on all developments in this area.

If you need support with how the implementation of TIPS will affect your business and operations, please contact Eve England.

FCA highlights work to deal with contactless card fraud

Last month the UK Parliament published a letter, from the chair of the Financial Conduct Authority regarding contactless payment fraud. This was a follow on to his attendance, along with the managing director of the Payment Systems Regulator, at a Treasury Select Committee meeting in January. The Committee had requested information about the role of the FCA and the Payment Systems Regulator in relation to contactless fraud, and the obligations the bodies placed on banks. The Committee had also queried the scale of the problem and sought views on the wider issue of unreported fraud. This latter issue is to be addressed separately following further consideration. The letter references the available data on reported contactless card fraud. It is noted that unlike some other forms of fraud contactless card fraud can be easily identified by card issuers as they can identify transactions made on cards reported as lost or stolen making the issue of unreported contactless card fraud less of a risk. The letter also confirms that consumer losses due to contactless card fraud are relatively low but that “…public confidence could be eroded without further action.”

The letter sets out a number of areas in which the FCA is working with industry to address the risks and reduce instances of contactless card fraud. These are listed as follows:

  • removing any onus on customers to identify fraudulent transactions.
  • technical enhancements to reduce the likelihood of post-cancellation contactless fraud.
  • making the option of having a non-contactless card more visible during card issuing.
  • improving customer communications at the time of cancellation.
  • providing clarity to customers on the clearing times for contactless payments.
  • raising awareness of the Industry Hot Card File (IHCF) (which contains information on UK cards that have been reported lost or stolen).

The chair of the Treasury Select Committee welcomes this package of measures.

What this means for you

Whilst contactless card fraud represents a small proportion of card fraud as a whole, the FCA recognises that there still needs to be action in respect of unauthorised payments in this area.

Payment services businesses of all types will need to be aware of the FCA’s crackdown on security and fraud issues in relation to contactless cards.

If you need support in this area, please contact Eve England.

HMT issues Regulatory Innovation Plan

HM Treasury released its Regulatory Innovation Plan on 4 April 2017. The innovation plan outlines a series of actions financial services regulators are carrying out to ensure a more supportive regulatory and enforcement framework is created for new business models and disruptive technologies while reducing barriers to entry and boosting productivity in financial services. The plan covers the Financial Conduct Authority (FCA), Payment Systems Regulator (PSR), Prudential Regulation Authority (PRA) and the Bank of England.

Measures the various bodies are adopting to support competition and innovation include the following:

  • given the limitations of conventional consultation and engagement, the FCA has facilitated a series of “themed weeks” designed to “stimulate intense engagement” with innovative firms;
  • the FCA’s Smarter Consumer Communications initiative focuses on the ways in which information is communicated and delivered to consumers;
  • the work the PSR are doing in terms of driving innovation in payment services to remove barriers to competitive innovation ensure that collaborative innovation delivers timely and efficient results for service users;
  • the PSR have conducted market reviews into ‘the supply of indirect access to payment systems’ and ‘the ownership and competitiveness of central infrastructure provision’;
  • the PSR have established the Payments Strategy Forum to develop collaborative solutions for improving payment systems;
  • work is being undertaken by the PRA to ensure new banks are able to enter the market; and
  • the Bank of England launched its One Bank Research Agenda in February 2015 – the initiative seeks to facilitate open dialogue between the Bank and the research community to support innovation. A “research hub” has been established to assist with driving this forward.

What this means for you

It is recommended that financial service businesses are fully engaged with the various measures being adopted by the FCA, PSR, PRA and Bank of England to drive innovation in the market. The ambition to establish a supportive regulatory and enforcement framework to benefit the sector as a whole, to encourage innovative development in terms of business models and technologies, seeks to achieve the government’s vision of the UK financial services sector being the most competitive and innovative in the world.

If you need support on any measures covered by the Regulatory Innovation Plan, please contact Eve England, Principal Associate on +44 29 2047 7770.

Spotlight: The FCA, Project Innovate and Blockchain: business as usual or a new “law of the horse”?

In 1996 at a cyberlaw conference at the University of Chicago, Judge Frank H. Easterbrook of the United States Court of Appeals for the Seventh Circuit compared the concept of creating a “law of cyberspace” as analogous to that of creating “a law for horses”. For him, there was no need to create a law for technologies based on computers, any more than there is a need to have a law dedicated to horses. In other words, the way we do things should not affect existing law. Instead, current rights and obligations should accommodate new developments with no need for special laws for new technologies.

More than 20 years later, regulators are still struggling with this question in dealing with FinTech. In its Discussion Paper on Distributed Ledger Technology (another name for Blockchain), the FCA have re-opened the debate in the UK. The Discussion Paper is available here.

The FCA has done so at the same time as it encourages innovation demonstrated by the recent speech of Christopher Woolard, Executive Director of Strategy and Competition at the FCA. The full text of the speech is available here.

The FCA has also done this in light of the European Securities and Markets Authority’s discussion of blockchain where it suggested that there is not yet any need for a specialist legal regime. ESMA’s report on blockchain is available here.

FCA’s Discussion Paper on distributed ledger technology

The FCA generally takes a “technology neutral” approach to regulation. However, the unique nature of blockchain raises the question of whether a change in approach is necessary.

The FCA recognises that there may be specific areas where blockchain does not fit with the its requirements but still achieves the desired outcomes. It is thus considering whether its rules prevent or restrict sensible development that would benefit consumers and hence whether changes may be needed. Currently, the FCA does not see a clear need to consider changes to the regulatory framework for blockchain solutions to be implemented, but intends to explore emerging business models in terms of:

  • What new risks and opportunities does blockchain present to the FCA’s statutory objectives of market integrity, consumer protection and competition? Can blockchain support more effective competition, financial system integrity and deliver better consumer outcomes? How can regulated firms mitigate any risks?
  • Do any of blockchain’s characteristics make it challenging to fit blockchain solutions into the regulatory framework, despite the FCA’s approach of ‘technology neutrality’?

To navigate these issues, the FCA is seeking to start a dialogue on the potential development of blockchain, to coincide with the expected movement from blockchain applications from the Proof of Concept to the real-world deployment stage during the second half of this year. The focus will be on what the real benefits and risks of blockchain technology will be, removing the hype surrounding the technology, particularly in the context of the FCA’s objectives. To feed into this discussion, comments need to be submitted to the FCA by 17 July 2017.

Christopher Woolard’s speech: the next phase of Project Innovate

Christopher Woolard’s speech serves as a reminder that the FCA will take a bold, pre-emptive and progressive approach to regulation, and in particular, through Project Innovate, will encourage both innovation and competition. The FCA will measure its success in this respect in terms of outcomes for consumers, and in particular through three questions:

  • Can the FCA see more innovative firms entering the market?
  • Is there greater innovation and competition by and between larger firms?
  • And ultimately are consumers benefiting from that?

In terms of whether these criteria are being met, the FCA is encouraged by the fact that there have been a larger number of sandbox applications than in the previous cohort, and that there are an increasing number of requests for support (despite the recent vote to leave the EU leading to a short term dip). Interestingly, the FCA wants some of what it does in the innovation work to become the norm in how it operates. In addition, the FCA sets out some of its plans for the future, which include:

  • expanding the remit of the Advice Unit, which currently assists firms developing automated advice models, taking in firms within the mortgage, general insurance and debt sectors, as well as firms that want to provide guidance instead of regulated advice.
  • launching an open debate on the risks and benefits of blockchain (on which, see discussion paper below).
  • building stronger international co-operation with other regulators. The FCA have signed co-operation agreements with China, Japan, Canada and Hong Kong, and an agreement with India is under discussion. The FCA believes that building a common understanding of the principles of good innovation, for example through the G20 and IOSCO, can benefit both stronger international co-operation, and help secure the long-term future of the FinTech industry.
  • encouraging the emergence of more innovative firms, whether home grown or inward investors, in the regions of the UK, by offering a regular presence to give guidance and informal steers. The FCA sees two specific locations where it thinks the FCA can add value to emerging hubs: the Edinburgh-Glasgow corridor and the Leeds-Manchester area.

So, about the horses?

Historically, the FCA’s philosophy has been in line with Judge Easterbrook’s view of technology neutrality. It has not regulated specific technologies but focussed instead on the activities which they facilitate and the firms carrying out these activities.

This approach has many advantages, for example by accommodating innovation yet avoiding arbitrage and unfair competition. It also helps provide stability because firms can fit their business models into an existing legal framework, rather than create a new framework for each new technology.

However, problems with this approach arise where an out of date legal framework hinders new beneficial developments and to this extent it is worth examining whether the current law is actually best suited for its underlying purpose.

In this respect, it is good that UK and EU regulators are taking time to understand new technologies and their implications, rather than rushing in with a “regulatory answer”, which may in fact miss the point entirely. Such an approach does not equate to a “law of the horse”. Instead it shows a deeper understanding of the evolution of markets and the need for regulation to take account of innovation.

In this respect, Woolard’s speech is to be welcomed, as it shows the holistic nature of the FinTech environment, of which blockchain is but one development. To be most effective, there is a need for regulators to understand that which is being regulated, and the FCA is showing its commitment to this through increasing engagement, at both the international and regional levels.

About us

Eversheds Sutherland has a dedicated FinTech team, drawing together lawyers and consultants from across our practice areas. We would be delighted to assist you to understand FinTech developments in more detail and how they impact your business. For more information, please contact: