Global menu

Our global pages


Payment Matters: No. 45

  • Global
  • Payment systems and digital commerce
  • Financial services - Payment services


This edition includes:

  1. The impact of COVID 19: Regulatory updates
  2. Competition and Markets Authority: Open Banking
  3. EU Consultation on retail payments strategy for the EU 
  4. UK regulators’ view on the payments sector
  5. New Economic Crime Levy issued under UK Government’s new Budget
  6. The interim funding arrangement for compensating victims of Authorised Push Payment (“APP”) scams extended to 31 December 2020
  7. New recordkeeping obligations to apply to Payment Service Providers (“PSPs”) from 1 January 2024
  8. What FedNow Means for Faster Payments in the U.S.
  9. Towards stronger authentication of remote card payments
  10. Bank Negara Malaysia Releases Digital Banking Consultation Paper

For past editions of Payment Matters, please visit our dedicated hub here >

The impact of COVID 19: Regulatory updates

In response to the COVID-19 outbreak, the UK government and regulatory bodies have issued guidance on substantial industry-wide contingency measures. Measures taken in the payments industry to help increase resource whilst protecting consumers from fraud and unauthorised transactions include the following:

  • Strong Customer Authentication (SCA): The FCA has announced that it will work closely with the industry to agree, where appropriate, extending the deadline for the implementation of SCA for e-commerce transactions. Additionally, where firms have been unable to meet SCA requirements in the context of online banking because of the COVID-19 pandemic, the FCA will consider on a case-by-case basis any appropriate further measures. The adoption of any such measures would be based on the FCA taking into consideration the firms’ existing controls and processes to reduce fraud and existing authentication measures.


  • SCA and contactless payments: The contactless limit has now increased from £30 to £45. The FCA has also announced that it is very unlikely to take enforcement action against firms that do not apply SCA where the cumulative amount of previous transactions exceed EUR 150 or there are five contactless transactions in a row, on the condition that a firm can show adequate mitigation of fraud risk by employing necessary fraud monitoring tools and taking quick action (as appropriate).


  • Open Finance Call for Input (CFI): The FCA has announced a new deadline for responses on the CFI on Open Finance – it is now due to close on 1 October 2020.


  • Card acquiring: The PSR has announced that COVID 19 may have an impact on the timing of the publication of the UK card acquiring market report which was due in June 2020. Additionally, firms will now have until 21 April 2020 to provide their response to the CFI regarding competition and innovation issues in the New Payments Architecture. 

What this means for you

Now more than ever, regulators are focused on consumer protection and ensuring that financial institutions respond appropriately to any COVID-19 related risks.

The regulators in the payments space have taken proactive decisions to delay consultation processes and extend implementation deadlines to increase internal resource within financial institutions so resources can be redistributed to parts of the businesses which are being heavily impacted by the COVID-19 pandemic (including, for example, consumer finance).

It is likely that the measures noted above only represent the initial steps that we will see taken by the regulators to deal with the unprecedented and immediate challenges presented in the current climate.

In line with the flexibility measures noted above, firms may need to take this opportunity to assess what they can realistically achieve in these challenging times and redistribute internal resources to the extent necessary.

Competition and Markets Authority: Open Banking

On 7 April 2020, the CMA issued a ‘Notice of approval of certain changes and requirement for additional changes to the Agreed Timetable and Project’ Plan in relation to Open Banking  implementation. This notice follows the proposal made by the OB Implementation Trustee on 3 February 2020 for a revised timetable and stakeholders’ view submitted during the consultation process.

In summary, the CMA has approved nine items in the Trustee’s proposal and has asked for further changes to be made to seven items. For example, in relation to reverse payments functionality, the CMA has asked the Trustee to consider the proposal with the Information Commissioner’s Office and the PSR to address any data security and consumer protection issues.

Notably, the CMA has clarified that the COVID 19 crisis does not materially impact on the content of the Trustee’s proposal (i.e. what should be delivered) but recognises that  it will impact on the proposed timing of implementation. Consequently it has put in place the following temporary measures:

  • Members of the CMA9 should be permitted to defer implementation activity related to non-performance Proposal items, where the individual bank or building society can show that their change, deployment or other relevant capability is currently insufficient, because of a need to divert resources to serve crisis-related priority initiatives, or because relevant  resources have been depleted or disrupted as a result of the crisis;
  • Material implementation activity related to performance improvements may be similarly deferred, though a route to improved performance remains a priority and members of the CMA 9 will be expected to continue to participate in reasonable investigative activity
  • Bank and building society participation in consultation activity may similarly be deferred until sufficient relevant resource is reasonably available.”

The Trustee is now required to address the changes required by the CMA, create a subsequent revised OB Roadmap and submit this revised OB Roadmap to the CMA for review.

What this means for you

The CMA has indicated that it will not review any revised OB Roadmap for three months from the date of its notice. As such, we do not expect a final OB Roadmap. As such we do not expect a final OB Roadmap to be available before Q3 2020. In the meantime, we expect that the CMA9 will be considering the nine items that have been approved by the CMA.

Where there is an expectation of resource issues which will delay implementation, we suggest firms evidence these resource issues, how they will impact on the firm’s implementation work and how long the delay is likely to last.  

EU Consultation on retail payments strategy for the EU

On 3 April 2020, the European Commission launched a consultation on a retail payments strategy for Europe (the “RPS Consultation”).

With an aim to feed into the creation of a strategic and coherent policy framework for EU payments, the RPS Consultation asks stakeholders to comment on the Commission’s four broad objectives for its EU retail payments strategy:

1. Harmonisation of payment solutions across the EU and “same as domestic” customer experience

The Commission is keen to understand what measures should be put in place to harmonise the offering and development of payment solutions (which it believes have had a domestic focus so far) across member states, whilst promoting diversity of payment options.

2. Adequacy of the current EU legal framework for retail payments

The Commission is seeking evidence about the effect of PSD2, open banking and EMD2. It is especially keen to understand the impact of the current regime on current and prospective market developments.

The Commission asks specific questions relating to issues that are commonly faced by the industry, both domestically in the UK and across the EU. For instance, the RPS consultation raises questions about the efficacy of the current SCA rules for fraud prevention, giving TPPs access to payment accounts data and safeguarding and capital adequacy requirements for e-money institutions.

The consultation also opens the floor for views on the use of “Programmable Money”, a topical use case for Blockchain technology and Bitcoin.

3. Interoperability of domestic retail payments systems, support infrastructures and licensing regimes

The Commission is keen to understand what can be done to improve the interoperability of instant payments infrastructures in a cost-effective way to ensure fair and open access to all providers, including non-bank providers. It also invites views on whether there is a need (and if so, how) to harmonise licensing regimes for payment systems operators.

 4. Improving cross-border payments

The Commission believes that cross-border payments, including remittance, are too complex, slow, opaque, inconvenient and costly. It is therefore seeking views on how the Commission can assist in resolving these issues and by extension, enhance the international role of the Euro.

What this means for you

The RPS Consultation is open until 26 June 2020 and invites views from a broad range of stakeholders including payment systems users, providers and regulators. Responses to the RPS Consultation should be considered in light of the Commission’s consultation on digital finance (link here) and may be submitted through their digital form (link here).

Submissions to this consultation will be considered by the EU Commission for the purpose of introducing new and updating existing policies, rules and regulations governing retail payments at EU level.

We recommend that PSPs which is affected by such changes take the opportunity to participate in the debate at this early stage.

UK regulators’ view on the payments sector

The FCA and the Bank of England recently provided us with a glimpse of their view on the payments sector, notably through the publication of the FCA’s annual Sector Views report followed by a speech on the evolution of money by Sir Jon Cunliffe, Deputy Governor at the Bank of England.

Both regulators acknowledge a significant shift from physical cash to electronic transactions, resulting in cash use declining fast. To illustrate this shift, the Bank of England reported a decline from 60% in 2008 to 28% in 2018 in cash payments and predicts a further decline to 9% by 2028. They also comment on the payments sector seeing a steady wave of innovation which they attribute to:

  • the advent of new regulatory regime promoting market innovation (notably, the coming into effect of PSD2);
  • the digitalisation of customer journeys;
  • the rise in new technologies encouraging the sharing of data in return for convenience; and
  • significant investment in fintech

There was a view that certain elements of the payments sector need to be addressed to minimise consumer harm. It seems that there could be a regulatory focus on the following areas over the coming year:

  • Poor compliance with regulations by certain firms:

The FCA will maintain a pre-emptive approach in their supervision of firms’ systems and controls in relation to safeguarding consumers’ funds and capital adequacy.

  • Decreasing use of cash:

As the regulators estimate that 1.9 million customers continue to use cash predominantly, they will ensure that cash production and distribution continue so that no consumer groups are financially marginalised. We expect regulators to implement measures to foster diversity of payments solutions, including cash.

  • Operational resilience and financial incidents:

There will be a continued push on firms to ensure that their systems are resilient. The FCA is concerned that there have been too many reported cases of interrupted services. These interruptions are arising, for example, as a result of business transformation projects (to move away from IT legacy systems), and data breaches. The FCA is also expected to strengthen its focus on firms’ operational resilience as it recognises that cash acts as a backup during system outages.

What this means for you

The glimpse into the FCA and Bank of England view show some of the areas where PSPs need to focus their attention in order to avoid regulatory scrutiny.

Safeguarding  in particular is an area which has been subject to high level of scrutiny in recent years. The factsheet recently published by the FCA to educate consumers on non-bank payment providers galvanises the FCA’s intention to maintain a focus on non-bank providers’ approach to safeguarding and the capital adequacy requirements. Accordingly we would suggest that PSPs spend some time (if they have not already done so) ensuring that they are meeting the requirements under PSD2.

In light of the spotlight on resilience by the FCA, we would also suggest firms to maintain focus on improving their systems and minimising IT failure and data security risk.

New Economic Crime Levy issued under UK Government’s new Budget

Payment service providers (“PSPs”) will face a new “economic crime levy” under the UK government’s new Budget. The Government has confirmed that the levy will help to fund new government action to tackle money laundering and ensure delivery of the reforms committed to in their new Economic Crime Plan. The levy will be in addition to ongoing public sector funding.

What this means for you?

The measure will affect PSPs and e-money issuers as it applies to firms which fall under the Money Laundering Regulations.

The rate of the levy is not yet known however a consultation has been promised in Q2 2020 which should shed more light. We expect the consultation to touch on reforms urged by the industry such as the approach to feedback on suspicious transaction reports and how PSPs are expected to ensure that their systems and controls are compliant. We also hope for more clarity around how the levy will be applied to combat financial crime in the UK.

The interim funding arrangement for compensating victims of Authorised Push Payment (“APP”) scams extended to 31 December 2020

The APP Scam Voluntary Code (the “Code”), launched in May 2019, sets out the circumstances where victims of APP scams can get their money back.

Where both the victim of the APP scam and their Payment Service Provider (“PSP”) have met the required standards set out in the Code, the victim will still be compensated by their PSP and then the PSP will claim the money back from a collective fund.

There was a lot of industry debate in relation to how the industry would cover the costs of this collective fund initially and it was agreed that certain PSPs who have signed up to the Code would fund the pot for an interim period until a sustainable alternative arrangement was agreed.

This current arrangement has been extended further until 31 December 2020, although the PSR has recently published a note from its latest conference call (held on 30 March 2020) where it discussed potential future funding options.

In particular, the PSR was of the view that there are three possible ways forward to fund no-blame APP scams going forward:

  • continuing with the current approach which requires Code signatories to agree a solution for funding no-blame APP scams. This could be achieved by participants committing to self-funding these costs or by choosing to participate in shared funding;
  • exploring further the concept of a change to the Faster Payments Scheme (“FPS”) rules. This would require the introduction of a new rule into FPS requiring institutions to reimburse victims of APP scams; or
  • relying on the PSR to take action against individual firms to require them to reimburse victims of APP scams (although any such action by the PSR is currently prohibited under the current legal regime and may only become a viable option as the UK’s relationship with the EU becomes clearer after the end of the Brexit transitional period).

Full details of the PSR’s latest proposals in relation to these funding arrangements can be found in the notes from its recent conference call here.

What this means for you?

The industry will continue to push for the development of a sustainable solution to compensate victims of APP scams in the long term. In particular, UK Finance, the Treasury Committee and Which? have called for issues regarding the liability of PSPs, and the reimbursement of PSPs after compensating victims, to be addressed by legislation (rather than a voluntary code which only a number of institutions have currently signed up to). However, up until at least the 31 December 2020, a number of PSPs will continue to fund the current arrangement used to compensate victims of APP scams. Given the challenging climate we find ourselves in at present, it is questionable whether this could be extended further as industry resource is currently tied up providing support to consumers and businesses impacted by the Covid-19 pandemic.

New recordkeeping obligations to apply to Payment Service Providers (“PSPs”) from 1 January 2024

The amended Directive 2006/112/EC, which was adopted on 18 February 2020, sets out new obligations upon PSPs to maintain accurate records in relation to payees and cross-border payment transactions in order to assist national authorities in detecting fraudulent businesses and VAT liabilities.

The new measures, which will apply from 1 January 2024, apply to PSPs that fall under the scope of the revised Payment Services Directive, including both the payer’s PSP which is responsible for transferring funds or issuing payment instruments and the payee’s PSP which will receive funds or acquire transactions on behalf of the payee.

Once the measures come into force, all PSPs will be required to  record details of payees and cross-border payments for each calendar year, including, by way of example, information regarding the individual/business name of the payee, a VAT number or other national tax number of the payee, the details of any payment refunds identified in relation to a cross-border transaction, and the address of the payee (to the extent that this information is available). PSPs will be required to keep the records electronically for three calendar years.

What this means for you?

Member States will now have until 31 December 2023 to adopt this Directive into national law so there is no need for immediate action to be taken by PSPs. It is not clear what impact the amended Directive will have on PSPs registered and authorised in the UK following the end of the UK transitional period (currently scheduled to end on 31 December 2020). However, given a large number of PSPs have already taken steps to register their institutions in another European jurisdiction (e.g. in Ireland), it is likely that many PSPs will still need to adopt any measures implemented into the respective national law to meet the requirements set out in this amended Directive before 1 January 2024.

What FedNow Means for Faster Payments in the U.S.

The Board of Governors of the U.S. Federal Reserve announced in August 2019 that it will develop a new 24x7x365 real time gross settlement (RTGS) system called FedNow. The new system will allow near-instant settlement of transactions in final funds through debits and credits to member bank’s master accounts at Federal Reserve Banks. The Fed has said that it expects the system to be ready within five years, though it has hinted that development might be ahead of schedule.

FedNow will compete head-on with a similar service launched in 2017 by The Clearing House, a consortium of the largest U.S. banks, called the RTP Network.  

I. How Will FedNow Work?

The Fed still has significant decisions to make during FedNow’s multi-year build phase, but many of the most important features have been announced.  Here is what we know:

  • FedNow will handle only domestic credit transactions (“push payments”), not debit (“pull payment”) authorizations or cross-border payments.
  • Only Fed member banks will participate directly, though they may designate a service provider or agent to submit or receive payment instructions on their behalf or settle funds to a correspondent bank.
  • Non-bank fintechs will access FedNow indirectly through their financial institutions or an agent or service provider, similar to the current ACH system in the U.S.
  • The initial per-transaction limit will be $25,000 (though participating banks could set a lower ceiling on payments they send).
  • The interbank messages FedNow uses will conform to the ISO 20022 standard and will support non-value message types (like invoice details) and “request for payment” messages, in addition to the content needed for clearance.
  • The Fed will likely make intraday credit available on a 24x7x365 basis to help participating banks maintain the continuous liquidity required for real-time settlement.
  • Fees have not been announced but will likely include per-item charges, to be paid by sending and receiving banks, and a fixed fee for participation.
  • Ancillary services the Fed is considering include: (1) either hosting a directory of public account identifiers or providing participating banks with a link to existing directory services to allow end-users to send funds without exchanging account info; and (2) including embedded fraud mitigation and identity authentication features.

II. Where Does FedNow Fit into the U.S. Faster Payments Landscape?

FedNow is intended to allow any deposit-account holder in the U.S. to send a payment to any other deposit-account holder with real-time settlement in final funds.  This is a welcome development.  Today, U.S. businesses and consumers have access to several retail payments services that appear instantaneous in that the recipient may access funds immediately.  However, existing services typically have one or both of the following limitations. 

First, they are not ubiquitous because they are “closed-loop”, meaning that both the sender and recipient must be signed up with the same service (and no single service reaches substantially all U.S. accounts).

Second, today’s services often carry some degree of credit risk because funds are made available to the recipient before the actual interbank debits and credits necessary to fund the payment have occurred. This delay occurs because funds are still travelling over existing, slower rails (like ACH). As a result, transfers may be subject to clawback if final settlement and funding do not occur. That is the case with card payments (for which settlement takes one or more days), ACH (including same-day ACH), and person-to person payment services (such as Venmo, in which payment funds are available immediately only within the platform unless the user pays for expedited transfer). 

The promise of FedNow is its potential to overcome both of these limitations. The Fed has existing relationships with nearly all of the roughly 12,000 U.S. depository institutions, so it can offer nationwide scope. The hope is that, even if FedNow and the RTP Network are not interoperable, RTGS will still reach ubiquity because banks will make both services available to their customers. Unless ubiquity is achieved, RTGS will not be a significant improvement on faster payments solutions available today in the U.S. As for interbank and credit risk, they do not exist in an RTGS system because payment and settlement in final funds occur simultaneously.

The RTP Network, currently reaches about 51% of deposit accounts. Its reach comes not from the number of its participating banks, but from the large market share those banks hold. Historically, The Clearing House has lacked relationships with smaller institutions. This cast some doubt on The Clearing House’s ability to gain national reach on its own and increased support for the Fed’s entry into the market. However, the Clearing House announced in October 2019 that 15 small banks had joined the RTP Network. It is unclear how many smaller institutions will follow their lead in the near term. Many are not likely to be early adopters of RTGS, in part because they are not experiencing the same push from their customers as larger institutions. They may be content to wait for FedNow.

III. What Will Drive Adoption of RTGS?

U.S. tech companies and retailers hungry for an alternative to the card networks have welcomed the Fed’s greenlighting of its RTGS project. However, with respect to point-of-sale payments, it remains to be seen whether enough consumers will respond by ditching plastic cards for the new RTGS systems and new payment methods that ride their rails. Fintechs, or merchants using fintech payment solutions, may try to entice consumers to non-card payment methods powered by FedNow (or other real-time solution like The Clearing House’s RTP Network) by developing rewards programs to compete with the credit card rewards consumers in the United States have come to expect. 

Small businesses, and those who send recurring bills, may be key adoption drivers for FedNow because they will benefit from the ability to send payment requests with attached invoices and receive payments in near-instant, final funds. This should mitigate cash flow management issues, which have been a significant drag on small business. Proponents of FedNow also expect consumers and gig workers to push adoption as they come to expect instant availability of paychecks and streamlined billing and payment for consumer-to-business, business-to-consumer, and person-to-person payments. Finally, large retailers have indicated that they expect significant benefits in the form of more efficient returns and refunds. 

IV. What Does this Mean for Fintechs?

The Fed’s decision to deny non-bank financials direct participation in FedNow keeps banks in their traditional role of trusted gatekeepers of the U.S. financial system. This is consistent with the Federal Reserve’s longstanding view that banks are the bedrock on which even the most innovative financial products are built. As Federal Reserve Board Governor Brainard said in a 2017 speech, “more often than not, there is a banking organization somewhere in the fintech stack.” 

Banks’ status as federally regulated entities is a major reason for this. There have been attempts to level the playing field for non-bank fintechs at both the federal level, with the controversial fintech charter advanced by the OCC, and at the state level, with the multi-state money transmitter licensing process under development by the Conference of State Bank Supervisors, and with the recent approval by the U.S. Federal Deposit Insurance Corporation (FDIC) of industrial loan company charters for fintech companies Square Financial and Nelnet. For now, however, access to FedNow is another on the long list of functions and privileges that most fintechs have to obtain by either becoming a bank or partnering with one.

Contact us

Brian Murphy - Partner, Atlanta

Hannah Winiarski - Special Counsel, Atlanta

Towards stronger authentication of remote card payments

Dutch Payments Association takes the initiative for PSD2 ‘managed roll-out’ of remote card payments

In the Netherlands there has been a broad concern about the potentially negative effects on conversion rates for remote card payments with the introduction of SCA as required in PSD2 and the RTS by 14 September 2019. The topic has been considered to be very complex because of the relation ship between the degree of readiness of online merchants, the availability of security techniques (3D Secure v2) and the preparation of cardholders (including communication to cardholders).

It was a big relief in the Dutch market when the EBA gave supervisors discretion to provide PSPs and other stakeholders with limited additional time to implement SCA and the RTS for remote card payments in their systems. It allows card issuers to have more time to migrate to SCA-compliant authentication methods as described in the EBA Opinion and to enable acquirers to migrate their merchants to solutions that support SCA.

For regulated entities in the Netherlands the Dutch Central Bank is their national competent authority. The flexibility of the Dutch Central Bank regarding the migration of SCA compliant authentication methods is available on the conditions that (i) PSPs have set up a migration plan, (ii) have agreed the plan with the Dutch Central Bank and (iii) will operationalise the plan in an expedited manner.

The Dutch Payments Association has set up an SCA migration project to ensure the best possible transition for the Dutch payments eco system. The SCA migration project will facilitate, amongst others, a dialogue between stakeholders such as the Dutch Central Bank, representatives of online merchants and consumers, schemes, card issuers and acquirers. This dialogue should keep all parties informed about developments in the Dutch ecosystem and minimise any unintended short term effects of the introduction of SCA for online card payments. For example, the Dutch Payments Association is liaising with the Dutch Central Bank about clarity on the conditions for a ‘managed roll-out’ and is currently working on an outline of the roll-out plan, using input and inspiration from roadmaps already published in the market, among which the plans drafted by the card schemes feature.

Supervised institutions which do not want to participate in this initiative of the Dutch Payments Association, but do wish to make use of the extended SCA migration deadline, already submitted their migration plans to the Dutch Central Bank before 1 December 2019.

What this means for you

Institutions regulated by the Dutch Central Bank can participate in its program for the phased roll-out of SCA. The deadline will be 31 December 2020. The Dutch Payments Association's SCA migration project will provide templates and guidance for this program of the Dutch Central Bank. The general migration plan templates meet DNB’s requirements. PSPs that use these plans do not need to submit additional information to DNB.

It is not only useful to participate in the SCA migration project of the Dutch Payments Association if you are a regulated entity in the Netherlands, but also for (non-regulated or non-Dutch) parties involved in the Dutch chain of payments to contribute to a smooth SCA migration. For the benefit of the other parties active in the chain of payments the Dutch Payments Association provided an overview of how issuers are acting in relation to this matter. In April 2020 they gave a snapshot covering Dutch card issuers, like International Card Services, ING, Rabobank Quander and Bunq. Based on that information the roadmap was updated and published on the website of the Dutch Payments Association.

Starting in April, Dutch issuers will soft decline unauthenticated high risk card transactions that are otherwise rejected. Merchants should re-submit them as authenticated using 3-D Secure.

From September, issuers will gradually introduce SCA compliant behaviour: transactions without SCA that would previously have been approved, will now be soft-declined to force authentication. Merchants should make sure their implementation or their service provider is ready to support the new, mandatory transaction flows that include 3DS authentication. Failing to implement and test the new transaction flows may impact merchants’ conversion from this date.

Merchants and other stakeholders need to contact their PSP or acquirer for advice and support on the implementation and application of these SCA events.

Contact us

Gidget Brugman - Partner, Amsterdam

Bank Negara Malaysia Releases Digital Banking Consultation Paper

On 27 December 2019, Bank Negara Malaysia (“BNM”), Malaysia’s central bank, released the long-awaited “exposure draft” of their proposed Licensing Framework for Digital Banks for public consultation (“Consultation Paper”), together with the Application Procedures for New Licences under the Financial Services Act 2013 and Islamic Financial Services Act 2013. The announcement marks the Malaysian government’s willingness to position Malaysia as a leading player in the digital bank arm’s race taking place throughout Asia, following on the success of a similar digital banking regime in Hong Kong and the recent announcement by the Monetary Authority of Singapore that five new banking licenses are “up for grabs” across Singapore’s retail and wholesale markets.

The Consultation Paper sets out a high-level proposed framework for the licensing of digital banks in Malaysia. Importantly, the Consultation Paper stresses the need for a balanced approach that will facilitate the introduction of digital banks with strong value propositions whilst safeguarding the integrity and stability of the financial system. In that regard, the BNM has adopted a progressive approach in the rollout of digital banking in Malaysia through a “foundational phase”.

On 3 March 2020, the BNM issued an updated Consultation Paper that incorporates the proposed simplified regulatory framework for digital banks applicable during the foundational phase and also extended the deadline for submission of comments on the Consultation Paper to 30 April 2020 from the original 28 February 2020. Consistent with the BNM’s approach, the simplified framework is intended to reduce regulatory burden for new entrants that have strong value propositions for the development of the Malaysian economy, whilst safeguarding the integrity and stability of the financial system.

Relaxed and simplified requirements during the foundational phase

During the foundational phase, licensed digital banks shall:

  1. maintain a minimum amount of capital funds of RM100 million;
  2. ensure that their total asset size does not exceed RM2 billion; and
  3. be subject to simplified regulatory requirements, the key features of which are as follows:

(a) Capital adequacy. The risk categories to calculate the credit and market risk components for risk-weighted assets under Basel II capital framework have been rationalised into simpler categories;

(b) Liquidity. A digital bank shall hold an adequate stock of unencumbered Level 1 and Level 2A high-quality liquid assets (HQLA) equivalent to at least 25% of its total on-balance sheet liabilities;

(c) Stress testing. A licensed digital bank shall be exempt from the requirements under the policy document on Stress Testing; and

(d) Public disclosures. A licensed digital bank shall be exempt from the requirements under the policy documents on Risk-Weighted Capital Adequacy Framework (Basel II)−Disclosure Requirements (Pillar 3) and Capital Adequacy Framework for Islamic Banks (CAFIB)−Disclosure Requirements (Pillar 3).

Duration of the foundational phase

After an initial period of three years, a digital bank may apply to the BNM for the foundational phase to end and for the asset size limitation to be lifted. In any event, by the end of the fifth year of operations all digital banks shall be subject to equivalent regulatory requirements applicable to a licensed bank or Islamic bank and shall increase their capital funds to a minimum of RM300 million. According to the Consultation Paper, the foundational phase will allow for the licensees to demonstrate their viability and sound operations and for the BNM to observe performance and effectively manage risk.

Additional requirements for digital banks

The BNM has reiterated over and over again that digital banks will be required to comply with the applicable requirements under the Financial Services Act 2013 or the Islamic Financial Services Act 2013—just like traditional banks—depending on the type of banking business they wish to do. But on top of that, digital banks must also comply with some additional requirements set out in the Consultation Paper, including submitting a 5-year business plan that emphasises how they intend to serve the unserved and underserved market segments, pro-forma financial statements, an exit plan, etc.

What this means for you

In light of the disruptions caused by the COVID-19 outbreak, the BNM has further extended the deadline for submission of comments on the Consultation Paper to 30 June 2020. Following the consultation, the BNM will aim to finalise the policy document and will then start accepting applications. In a media statement, the BNM has stated that they may issue up to five licences to qualified applicants to conduct either conventional or Islamic banking business in Malaysia.

It is worth noting that a number of local corporates and domestically incorporated foreign players have publicly expressed their interest in participating in Malaysia’s digital bank application process, including those currently operating in traditional financial services markets, together with those operating in the technology and telecommunications sectors who are looking to partner with financial organisations with expertise with e-wallets, micro-lending and algorithmic lending. These developments bear watching, and we will continue to monitor and report on new developments as they unfold.

Contact us

Rhys McWhirter - Of Counsel, Hong Kong