Global menu

Our global pages


Payment matters: No. 47

  • Global
  • Payment systems and digital commerce
  • Financial services - Payment services


This edition includes:

1. HM Treasury’s Payments Landscape Review: Call for Evidence

2. The FCA finalised guidance and ‘Dear CEO’ letter on safeguarding

3. The Payment Systems Regulator (“PSR”) seeks feedback before launching its new strategy later this year

4. UK Finance publishes Strong Customer Authentication roadmap

5. Industry representatives begin to consider what phase 2 of confirmation of payee (“CoP”) may look like

6. PSR publishes interim report in market review of card-acquiring services

7. The European Payments Initiative – Another Potential Payment Option

8. Final version of the UAE Crypto Assets Regulations due in the coming weeks

9. Coronavirus lockdown increases fraud in financial markets in the Netherlands

10. China set to widen pilot trials of central bank digital currency

11. COVID 19 - Tunisia's Entry into Digitalization

12. A CFPB Data Access Rule Could Be a Win for Open Banking in the US

If you have questions about of the topics raised in this edition of Payment Matters, please get in touch with a member of our global Payments team. Contact details are available at the bottom of the page.

1. HM Treasury’s Payments Landscape Review: Call for Evidence

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

On 28 July 2020, the HM Treasury (‘HMT’) published a Call for Evidence to kickstart a review of the UK payments landscape. From our perspective, this review is likely to bring about changes to the current regulatory regime governing payment services in the UK and potentially  in other jurisdictions based on the UK/EU model.

The current payments landscape

The past decade saw the UK adopting a dynamic approach to ensure that the UK payments landscape remains fit for purpose and develops in line with market innovations for the benefit of end users.

In 2015 there was the launch of the economic regulator, the Payment Systems Regulator  to promote innovation, as well effective competition in payment systems markets whilst ensuring they were being operated with the interests of service users in mind. Later in 2018 the separate operators managing the Faster Payments Scheme (‘FPS’), the Bacs Scheme (‘Bacs’), Paym and the Cheque & Credit Clearing Company consolidated into one, Pay.UK.  Perhaps, the most notable achievement following these two developments is the current project to build a modernised New Payments Architecture (‘NPA’) to replace the UK’s retail interbank clearing and settlement systems and create a simplified body of rules, standards and processes to use overlay services such as CHAPS.

The HM Treasury’s Review

As the payments landscape continues to evolve to match a rapidly-changing technological environment and growing user demands for greater speed, choice and convenience, HMT notes new opportunities and risks in the landscape, which it is keen to evaluate to feed into its longer-term legislative work.

Crucially, HMT’s primary aim behind this review is to ensure that the UK maintains its status as a world leading policy maker in payments and to ensure that the UK’s payments landscape continues to develop in line with the high-level aims outlined by the government, namely that:

  • UK payments networks operate for the benefit of end users, including consumers;
  • the UK payments industry promotes and develops new and existing payments networks;
  • UK payments networks facilitate competition by permitting open access to participants or potential participants on reasonable commercial terms; and
  • UK payment systems are stable, reliable and efficient.

As such, HMT has identified several key drivers of change in the payments landscape:

Faster Payments

The HMT believes that the use of Faster Payments for person-to-business transactions could be made more attractive if the FPS had an embedded dispute resolution and assignment of liability framework to compete with the more popular major card schemes for these type of transactions. It raises the potential for the FPS to have processes similar to the card schemes’ chargeback process, the direct debit guarantee in Bacs and/or PayPal’s Buyer Protection.

Open Banking

The HMT plans to enhance the current legislative framework to promote more open banking transactions safely and securely in the UK. This fits in with the government’s goal to see more account-to-account payments and support for Payment Initiation Services Providers to break through UK payments market barriers without jeopardising consumer protection.

The emergence of new payment services and chains

The HMT recognises that payments firms are increasingly becoming specialists in key parts of payment transactions chains. It will therefore assess whether the regulatory perimeter needs to be expanded to mitigate the risks associated with the lack of regulation of specialist technical providers, such as payment gateways or the current lower regulatory requirements on other firms such as e-money institutions in contrast with credit institutions.

Cross-border Payments

The HMT notes the benefits of faster, cheaper, more transparent and inclusive cross-border payment services and the various global initiatives seeking to enhance cross-border payments including SWIFT’s gpi services, Visa Direct, Mastercard Send and Project 27 in the Nordic countries. The HMT is keen to obtain the industry’s views on how it sees the cross-border payments evolving in the next 10 years and how the UK government can support innovation in this market. 

The New Payments Architecture

The HMT recognises the critical importance of the NPA and plans to build on the PSR’s regulatory approach and the Bank of England recommendation on the NPA to inform its legislative initiative around the governance of the NPA.

Cryptoassets, Stablecoins and Central bank digital currencies

HMT views the use of crypto-assets as currently not being widely used or accepted in the UK but  having the potential to develop as a means of exchange. Noting existing initiatives to promote the development of cryptocurrencies in the UK, HMT is not seeking evidence on this key driver through the Call for Evidence. Similarly, HMT recognises the potential for having a Central Bank issued digital currency, but intends to engage with the Bank of England on progress on this key driver.

Next steps

HMT is now seeking the industry’s view on the first four key drivers mentioned above. Specific questions raised by the HMT are listed in Annex A to the Call for Evidence and responses are to be submitted to by 20 October 2020. Following the Call for Evidence, the government will provide a summary of responses and will set out next steps for the review.

It will be interesting to see what direction the government plans for the UK Payments landscape. In particular, with the end of the Brexit transition period fast-approaching with no real likelihood of an extension, it remains to be seen how much the government intends to keep the UK payments regulatory regime aligned with the pan-European regime, and how it plans to maintain the UK’s status as a world leading policy maker in the sector.

As an aside, the European Commission (‘EC’) has recently closed a Consultation on a retail payments strategy for the EU through which stakeholders were invited to comment on the harmonisation of payment solutions across the EU and “same as domestic” customer experience; adequacy of the current EU legal framework for retail payments; interoperability of domestic retail payments systems, support infrastructures and licensing regimes; and how cross-border payments could be improved. Based on published responses to this consultation, we note that several PSPs regard the UK regime as a standard, especially around open banking and for the promotion of innovation. 

If you need any assistance in formulating your responses to HMT or have any queries concerning the key drivers mentioned above please get in touch.

Return to top ^

2. The FCA finalised guidance and ‘Dear CEO’ letter on safeguarding

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

On 9 July 2020, the Financial Conduct Authority (‘FCA’) published its finalised guidance in the light of the impact of coronavirus to strengthen firms’ prudential risk management and arrangements for safeguarding customers’ funds. It has also issued a “Dear CEO” letter outlining key areas where it sees regulated payment services firms and e-money issuers have fallen short.

What this means for you

The FCA plans to conduct a full consultation later in 2020/21 to incorporate the July 2020 guidance on safeguarding and prudential risk management in its approach document. In the meantime, the FCA plans to test firms’ safeguarding arrangements and other related business elements for compliance with the existing regulations as well as the July 2020 guidance.

We would strongly recommend all regulated firms, including small payment institutions and e-money institutions, to review (and remediate where necessary) their safeguarding arrangements as soon as possible in light of the new guidance.

In particular, where safeguarding accounts are used, the account terms must only allow firms (and no one else) to have an interest in or right over the relevant funds or assets in the safeguarding account, except as provided by regulation 21 of the EMRs or regulation 23 of the PSRs which also allow for relevant funds to be covered by approved insurance or bank guarantees. The FCA has clarified that firms cannot treat or use the relevant funds or assets it is required to safeguard as collateral or pre-funding to meet commitments to any third party including card schemes. Further, firms must ensure that the accounts are properly designated (ideally) as ‘safeguarding’, ‘customer’, or ‘client’ in the account name or by way of evidence such as a letter from the relevant credit institution or custodian confirming the appropriate designation.

Additionally, firms are reminded to arrange annual audits (and following relevant business model changes) to ensure compliance with the safeguarding requirements under the EMRs and PSRs at all times. Firms’ senior management are also expected to regularly review firms’ systems and controls to minimise prudential risks and in practice, this means that the FCA expects senior management teams to regularly review their firm’s capital resource and document, review and approve at least annually the design and result of stress testing. Further, all firms are expected to maintain an updated wind-down plan to manage liquidity, operational and resolution risks.

The finalised guidance and letter contain a number of other action points the FCA expects firms to take. It is important for all firms to consider the new guidance as soon as possible. We understand that the FCA is actively monitoring firms and will be taking appropriate actions upon finding contraventions and/or practices leading to potential customer harm.

If you have any questions relating to the new guidance and/or your existing safeguarding arrangement and policies, please get in touch.

Return to top ^

3. The Payment Systems Regulator (“PSR”) seeks feedback before launching its new strategy later this year

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

Earlier this year representatives from the regulator delivered a speech discussing what was on the radar for the PSR in 2020. Items on the agenda included access to cash, the development and extension of the Contingent Reimbursement Model code and the introduction of confirmation of payee. The PSR also planned to publish a formal strategy setting out what it intended to achieve and how it would complement the work carried out by other regulators. The Covid-19 pandemic has ultimately impacted the initial timeline of events but the regulator has now announced new plans to launch a consultation towards the end of this year and is currently seeking feedback from institutions to establish priorities and expectations across the market.

What this means for you

The PSR intends to publish a strategy later this year to set out what it is seeking to achieve, how it intends to achieve this and importantly how the PSR complements the work of other regulators. Therefore, utilising this open dialogue with the regulator in advance of the formal consultation process will be a good way for institutions to provide feedback on any areas of concern and/or improvement to help formulate the new strategy. You can engage in this open dialogue with the PSR by giving feedback online, through blogs, stakeholder conversations and other events. For more information, please view the PSR’s website here.

Return to top ^

4. UK Finance publishes Strong Customer Authentication roadmap

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

On 6 July 2020 UK Finance published a roadmap for the implementation of Strong Customer Authentication (‘SCA’). It provides for a managed rollout with minimum customer impact taking into account the extended SCA implementation deadline for e-commerce transactions from March 2021 to 14 September 2021 in light of the impact of COVID 19. The Roadmap also reflects the opinion of the European Banking Authority (EBA) that given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers, more time was needed to implement SCA. 

The roadmap is structured in three phases:

Phase 1 – Development (December 2020)

The aim of the initial phase is to ensure that all parties and especially e-merchants enable support for 3DSecure technology for card-based transaction authentication, and/or correct flagging of transactions sent directly via authorisations.

Phase 2 – Market Readiness (1 Jan – 31 May 2021)

By the end of Phase 2, e-merchants and issuers will be expected to have completed implementation. Issuers will start enabling SCA for certain transactions to provide e-merchants with testing and transition periods to provide for minimum impact to the customer’s check-out journey.

Phase 3 – Full Ramp up (1 Jun – 13 Sep 2021)

This final phase will be a testing and adjustment phase via the gradual introduction of SCA. Issuers will commence random checks to see if e-commerce transactions are SCA compliant. If they are not they will be ‘soft declined’.

Whilst the roadmap is based on 3DSecure, UK Finance acknowledges that other payment solutions provided through Open Banking, Apple Pay, Google Pay and others are also SCA compliant.

What this means for you

All stakeholders in the e-commerce sector should actively engage in the various deadlines to ensure they become SCA compliant by the end of May 2021 to avoid any detrimental impact on their customers from unnecessary declines. They will then need to ensure that any required adjustments are made by 13 September 2021 deadline. 

The FCA expects firms to “all necessary steps to comply with the ... implementation plan and critical path to avoid the risk of enforcement” and confirmed that after 14 September 2021, any non-compliant firm will be subject to the FCA’s full supervisory and enforcement action.

Return to top ^ 

5. Industry representatives begin to consider what phase 2 of confirmation of payee (“CoP”) may look like

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

In 2019, the Payment Systems Regulator (PSR) mandated that the largest banks and building societies implement CoP for Faster Payments and CHAPS payments from 31 March 2020 (in line with the Specific Direction originally issued by the PSR on 1 August 2019 then varied on 14 February 2020).

As previously reported in Payment Matters, the timelines for achieving this implementation were impacted by the COVID-19 pandemic so directed PSPs were then given an extension to implement the new system by 31 June 2020. Given that this deadline has now passed and directed PSPs have their systems in place, attention across the industry is turning to the next phase of CoP.

Questions on the agenda will likely include: who will be mandated to implement the system, will other payment types (other than Faster Payments/CHAPS) be brought into scope and within what timescales will implementation be required? The answers to the majority of these questions remain unknown and it is also not clear when phase 2 of CoP will be rolled out across the industry. However, we do understand that Pay.UK has announced that phase two will not be extended to include BACS payments as the focus of the next implementation phase will be about ensuring wider access across the market (i.e. mandating non-directed PSPs to implement the new fraud measure).  

What this means for you

The scope of the next phase is still unknown but for directed PSPs who have already implemented the CoP process. At this stage it seems that any proposals to extend the functionality to include other payment types such as Bacs direct debits are not currently on Pay.UK’s agenda. Conversely, for non-directed PSPs it appears that Pay.UK’s primary focus for phase 2 of CoP will be to bring a wider category of institutions into the scope of the new fraud measure to enhance its effectiveness across the market. Some non-directed PSPs have, of course, already put plans in place to voluntarily implement CoP but for those institutions who are not in a position to do so, we would recommend you keep this at the forefront of your agenda as it seems likely that the regulator will want to progress these plans at some point in 2021.

Return to top ^

6. PSR publishes interim report in market review of card-acquiring services

Julia Woodward-Carlton, Richard Jones and Pawel Chmiel

On Tuesday 15 September the Payment Systems Regulator (the “PSR”) published its interim report (the “Interim Report”) in the ongoing market review of the supply of card-acquiring services.

Provisional findings

The provisional conclusion of the Interim Report is that the supply of card acquiring services does not work well for small and medium-sized merchants (those with annual turnover of less than £10 million) or for large merchants with turnover between £10 million and £50 million.  

This conclusion is based on the PSR’s view that: the majority of available interchange fee savings brought about as a result of the introduction of fee caps for certain card transactions under the Interchange Fee Regulation 2015 (the “IFR”) were not passed through at all, or only very little, to small and medium sized merchants; and that those types of merchants would benefit from searching and, if they find a better deal, negotiating with their current provider or switching to a different one.

Key features of concern

In particular, the PSR identified three features of the market which restrict the ability and willingness of these merchants to switch and ‘secure a better deal’:

a) the complexity, and resulting cost, of comparing prices offered by acquirers and independent sales organisations (“ISOs”)[1]

The PSR found that merchants generally cannot easily access information on acquirer and ISO pricing for card-acquiring services. Instead, acquirers and ISOs usually quote a price for card-acquiring services based on information about the merchant’s characteristics collected during the sales process. The absence of published prices and the complexity of comparing prices creates significant search costs for merchants, thereby discouraging switches to alternative providers.

b) the indefinite duration of merchant contracts for card acquiring services

The Interim Report notes that acquiring contracts typically contain an initial term, after which they continue indefinitely unless terminated by either party. The contracts between merchants and acquirers therefore do not typically provide clear trigger points for merchants to think about searching for and switching to another provider, and for this reason the PSR found that it is not currently in merchants’ interests to search for and switch to a new provider.

c) the long initial terms and / or automatic renewal of acquirer and ISO point of sale (“POS”) terminal contracts

In order to change provider of card-acquiring services, merchants that obtain a POS terminal from an acquirer or ISO must first terminate their current POS terminal contract as they typically cannot use the same terminal with a different provider. Acquirer and ISO POS terminal contracts often have long initial terms of three to five years, or have terms which automatically renew for successive fixed periods, and may also include early termination fees. The difficulties and costs associated with exiting terminal contracts therefore acts as a barrier to switching providers of card-acquiring services.

Proposed remedies

In light of these concerns, the PSR is exploring a range of potential remedies on which it will now consult for a 12 week period, prior to publishing its final report. These are the following:

(i) Acquirer and ISO pricing

The PSR is proposing to expand and complement existing obligations under the IFR and Payment Services Regulations 2017, by enabling or enhancing tools to facilitate price comparison for merchants and/or requiring acquirers and ISOs to provide pricing information in an easily comparable format.

(ii) Indefinite duration of card acquiring contracts

The PSR is considering requiring all contracts for card-acquiring services to have a specific end date, thereby allowing merchants to evaluate whether their current provider provides the best deal and encouraging them to shop around for better offers

(iii) Long-term POS terminal contracts

The PSR is considering ending POS terminal contracts that automatically renew for successive fixed terms; limiting the length, for example, to 18 months; and linking the contracts for card-acquiring services and POS terminals, where they are sold together as a package by acquirers or ISOs, to make it easier to exit POS terminal contracts if terms change in the card-acquiring services contract - without incurring termination fees.

Next steps

The Interim Report is the latest step in the PSR’s ongoing review of the card acquiring market, the first holistic review of the market to be undertaken in the UK, which was commenced in July 2018. It follows a series of public consultations, a merchant survey and an extended period of the PSR gathering information and data directly from stakeholders.

The publication of the Interim Report now signals the start of a 12 week consultation, during which the PSR is seeking feedback on its provisional findings and proposed remedies with the deadline for stakeholder responses currently set as 8 December 2020. The PSR will then publish its final report which will detail its conclusions and final suggested remedies.


The PSR has stated that, as well as considering written responses to the Interim Report, they also plan to carry out a programme of stakeholder engagement – such as roundtable discussions - to listen to and discuss stakeholders’ views.  No timetable for this has yet been published. It will be important therefore for stakeholders to use the 12 week consultation period to engage with the PSR, to challenge its findings where appropriate, and to help shape its final conclusions and remedies, in particular to avoid unworkable remedies or unintended consequences.

[1] ISOs are organisations that sell card-acquiring services to merchants on the acquirer’s behalf but does not itself contract with merchants for card-acquiring services.

Return to top ^

7. The European Payments Initiative – Another Potential Payment Option

Richard Jones, Tony Anderson, Ruth Fairhurst, Sian Cosgrove and Shadiyah Jawaheer

The European Payments Initiative (EPI) which commenced its implementation phase in July, is the latest example of financial markets infrastructure which is rapidly transforming the payments and settlement landscapes of Europe. It is set to become operational in 2022.

Currently the EPI comprises 16 banks from Belgium, France, Germany, Spain and the Netherlands which include BNP Paribas, Deutsche Bank, Santander, UniCredit and ING. It is assumed that banks and third party payment providers (TPPs) from outside these countries would also be able to participate should they wish to and have until the end of 2020 to apply to join the EPI as a founding member. Unlike Project 27, the payment scheme operating only in the 4 Nordic states of Denmark, Sweden, Norway and Finland, the EPI is intended to provide for payment services across all countries within the European Economic Area.

The EPI’s intention is to create a unified payment solution for consumers and merchants across Europe allowing for in-store, online and person-to-person payments as well as cash withdrawals, utilising a digital wallet and a payment card. It also has an openly stated aim of being an alternative to the dominance of the major card schemes as well as tech behemoths such as AliPay and Google.  The Bloc’s authorities including the European Central Bank have previously expressed concern at the dominance exerted by these entities over Europe’s payment markets. The EPI is also expected to challenge domestic payment schemes, such as the Dutch e-commerce payment system, iDeal which allows customers to buy on-line using direct bank transfers.

There is still little detail available on the EPI although It is understood that it will be based on the SEPA Instant Credit Transfer (SCT) payment rails whilst also leveraging the Eurosystem’s TARGET Instant Payment Settlement (TIPS) system. It is understood that the implementation phase will involve the incorporation of a vehicle in Belgium for setting out the deliverables for the project, including technical and operational roadmaps and the user experience workstream.

What this means for you

In attempting to encourage a move away from cash and to offer competition within Europe against the dominant card schemes it is feasible that the EPI will encounter cultural issues due to the current heavy cash usage in several of the countries mentioned above. Also until relatively recently, a number of these countries weren’t heavily penetrated by these card schemes in any event. Culturally, credit cards have never really taken off in Germany for example.

There now appear to be more layers of payment systems for banks and other payment service providers (PSPs) to participate in than ever before. As providers of payment services they are still required to retain membership of a variety of payment and card schemes participating in multiple payment gateways. This creates substantial complexity not just for banks, PSPs and TPPs but also for merchants and consumers. Ultimately it will be adoption by merchants and consumers of the EPI which will decide its success.

It will be important for banks and TPPs to monitor the development of the EPI as it comes on-line to determine whether and when to participate in this initiative. Having made that decision they will then need to revisit internal operations and market strategies to ensure they accommodate any advantages presented by the EPI as opposed to other schemes they are currently members of whilst ensuring merchants and customers accompany them on the journey. With the very real likelihood of a hard Brexit in a few months’ time UK banks, other PSPs and TPPs in particular will need to monitor developments carefully to determine how they should participate in the EPI via their respective EEA branches and subsidiaries.

Return to top ^ 

8. Final version of the UAE Crypto Assets Regulations due in the coming weeks

Anna Zeitlin (Abu Dhabi)

In October 2019, the UAE’s Securities and Commodities Authority published its proposal for draft regulations governing crypto assets in the UAE (the “Draft Crypto Assets Regulations”). Following a year of public consultation, it is understood that the UAE will be launching the final version of the Crypto Assets Regulations in the next few weeks.

The Draft Crypto Assets Regulations which apply in mainland UAE (excluding freezones), follows in the footsteps of the Abu Dhabi Global Markets, the Abu Dhabi financial freezone, which launched its Virtual Assets Regulations in June 2018, with the latest amendments taking place in February 2020.

The Draft Crypto Assets Regulations aims to regulate the promotion, offering and trading of crypto assets (including security tokens) in the UAE, related financial activities, listings on crypto exchanges etc., having regard (amongst other things) to the need to protect investors and the general public, the prevention of financial crime, the promotion of innovation and competition and alternative means of financing for companies in the UAE.

It applies to any person that promotes, offers or issues crypto assets to persons in the UAE, provides custody services, operates crypto fundraising platform or a crypto asset exchange platform, or conduct other Financial Activities (which includes amongst other things, central clearing, brokerage securities, management of investment funds, arrange and promote securities, securitisation etc.), to the extent they pertain to crypto assets. However, the Draft Crypto Assets Regulations do not apply to crypto assets issued by the government, governmental institutions and authorities and any companies wholly owned by the government; those governed by the UAE Central Bank pursuant to its regulations from time to time; securities held in dematerialised form in a clearing or settlement system, by a custodian or depository and securities not issued as crypto assets but administered using an electronic record keeping method controlled by the issuer or its approved registrar, unless otherwise qualifying as a crypto asset pursuant to other features, and activities conducted within the financial freezones in the UAE (such as the ADGM above).

The Draft Crypto Assets Regulations also set out general obligations in relation to the underlying documentation required when offering or promoting crypto assets including language requirements, as well mandatory information to be contained in the relevant documents, including details of all material risks relevant to the investment as a result of the technology adopted by the offering person or embedded in the crypto asset, an explanation of the technology and protocols used or relied upon for the operation of the crypto assets, financial information concerning the assets and liabilities, financial position and P&L of the issuer or relevant business, details of custody arrangements etc.

What this means for you

The Draft Crypto Assets Regulations provides a comprehensive framework for the regulation of crypto assets in the UAE. This is a step in the right direction in fostering alternative means of financing for companies and protection of investors. Although we do not anticipate major changes from the current Draft Crypto Assets Regulations, we are anticipating the release of the final version in the coming weeks, which will apply to issuers, intermediaries and investors who want to deal in crypto assets in UAE mainland, and will promptly provide an update of the same. So watch this space!

Return to top ^

9. Coronavirus lockdown significantly increases fraud in financial markets in the Netherlands

Gidget Brugman (Netherlands)

Following the COVID-19 related lockdown in the Netherlands, the number of reports and victims of fraud has significantly increased thereby increasing the market’s attention to fraud detection and prevention.

In many of the reported cases, scammers have been posing as relatives or friends in need and sending messages asking for money to help with an emergency, such as an unpaid bill that is due imminently. Additionally, fraudsters have tried to earn thousands of euros through rogue websites from which customers would pay for fake products.

A key driver for the higher fraud rate on social media is its increased use by consumers as they turn to the virtual world to stay in contact with family and friends during the lockdown. In the Netherlands the Fraud Helpdesk, who assists actual and potential victims of fraud reported that they’ve received more reports in the first four months of 2020 than in all of 2019. Dutch banks have also reported receiving about three times as many reports of social media scams in the lockdown months of March, April and May 2020 compared to 2019. As an illustration, in May, the banks were receiving an estimated number of 70 reports per day.

As a result, the payments industry has seen enhanced measures put in place to detect and prevent fraud. For example, banks and payment institutions have been refining their fraud detection systems and controls and campaigns have been undertaken to enhance consumers’ awareness of detecting fraud, notably through (translated

In addition, the police force is now playing a key role to assist in detecting and locating fraud: they are now managing a website where fraud victims can report fraud in a fast and easy manner and they have now set up the National Hotline for Internet Fraud (“NHIF”) in partnership with various private and public entities. The NHIF allows affiliated payment and electronic money institutions to be notified about merchants against whom reports of fraud are made and enables firms to access records of all merchants who have had a record. In other words, the NHIF is assisting firms  in undertaking enhanced diligence on potential new merchant clients and assess existing ones. Finally, unusual transactions related to fraudulent merchants are also reported to the Financial Intelligence Unit.

What this means for you

Fraud in financial markets is not only an important point of attention for banks, but also for payment institution and even for electronic money institutions. These institutions play an increasingly important role in detecting fraud, both in the preliminary phase of the customer journey and on a continuous basis. Because of collaboration with the police force, financial institutions can perform a more adequate customer review as they are able to search the customer’s portfolio due to the fraud notification systems of NHIF and the police and lower the risk of doing business with malicious parties. Those institutions can play a significant role in the combat against fraud, which makes it important for these financial institutions to have appropriate customer due diligence procedures in place.

Return to top ^ 

10. China set to widen pilot trials of central bank digital currency   

Rhys McWhirter and Frankie Tam (Hong Kong)

On 14 August 2020, the Ministry of Commerce of the People’s Republic of China (“PRC”) issued the “Notice on Comprehensive Deepening of the Pilot Program of Innovative Development of Trade in Services” (“Notice”). The Notice provides that the People’s Bank of China (“PBOC”) will be responsible for forming policies for conducting pilot trials of DC/EP (Digital Currency/Electronic Payments) in suitable areas in Beijing-Tianjin-Hebei, Yangtze River Delta, Guangdong-Hong Kong-Macao Greater Bay Area and the Midwest region.

Since our last article, the PRC has expanded its pilot trials of DC/EP. According to media reports, the PBOC has expanded such pilot trials in four cities, namely Suzhou, Shenzhen, Chengdu and Xiong’an, from a limited number of selected physical shops to online platforms such as Didi and Meituan.

Meanwhile, the Supreme People’s Court and the National Development and Reform Commission of the PRC jointly issued the “Opinion on Providing Legal Services and Protection for the Comprehensive Development of Socialist Market Economy System in the New Era” (“Opinion”) on 22 July 2020. The Opinion further details the PRC’s judicial and executive arms’ positive outlook on strengthening property rights protection in relation to DC/EP and other virtual assets.

Such development is in line with the policy directions highlighted in the Notice, including (among other things):

  • promoting cross-border use of Chinese RMB in trade, and developing relevant foreign exchange management policies;
  • promoting digital economy and facilitating digital businesses; and
  • greatly enhancing digital trade and relevant policies by establishing expert working groups to provide guidance on digital trade innovation.

What this means for you 

Not only is DC/EP a technological breakthrough with its innovative double-offline digital wallet, it represents the PRC’s initiative to facilitate digitisation of the economy and establish a digital business environment that meets high international standards.

Cross-border payments have long been industry-led by leading Fintech companies providing international settlement and clearance services. The DC/EP is a government-led effort which may provide an alternative to traditional cross-border payments channels. Once implemented, the DC/EP will potentially become the largest government-led digital payments system in terms of total number of users.

While pilot trials of DC/EP will continue to be in the initial four cities and expected to be conducted at the 2022 Beijing Winter Olympic Games, the Notice has confirmed the PRC government’s intent to launch DC/EP on a broader basis. We will continue to monitor the situation closely and will keep you informed of any developments.

The Notice can be found here (in Chinese), and the Opinion can be found here (in Chinese).

Return to top ^

11. COVID-19 - Tunisia's Entry into Digitalization

Fares Koussay El Heni and Neirouz Seffen (Tunisia)

The Covid-19 pandemic has put the Tunisian government within a situation where digitalization is an economic and health necessity. The Tunisian Central Bank (“BCT”) published a circular n°2020-11 of 18 May 2020 (“Circular”) related to the conditions of providing domestic mobile payment services.

The Circular is relevant to banks, payment institutions, the National Office Post, as well as to the mobile switch manager authorized by the BCT to carry out this activity. The main purpose of this Circular is to promote an ecosystem leading to the development of this digital payment method. Indeed, the aim is to reduce the use of cash and to ensure better financial inclusion. In addition, the Circular aims to standardize minimum requirements for the various players in the mobile payment services industry, to promote the security and efficiency of mobile payment and to strengthen user confidence towards this new means of payment.

As such, the purpose of the Circular is to: (i) develop consumption with simple and instantaneous payment, (ii) have a better financial transactions trace by reducing the use of cash, and (iii) develop financial inclusion.

Indeed, around thirty-nine percent (39%) of Tunisians do not have an account in a formal financial institution, according to a 2019 report by the BCT's Financial Inclusion Observatory. Thus, within the framework of the Circular, the future users will not need to justify a bank or postal account to benefit from a "wallet". This virtual wallet allows the user to store, transfer and spend his/her money. The BCT's desire to popularize the use of mobile payments is reflected in three aspects of the Circular:

  • Security: The Circular emphasizes security by requiring various measures to guarantee the security of transactions and personal data;
  • Free services: The Circular provides for free services such as subscription to the mobile payment service, cash in transactions, merchant payments made with a mobile phone with a value of 15 dinars or less, etc.;
  • Services with special rates: The inter-exchange fees for any funds transfer and merchant payment operation (which cannot exceed 0.3% of the value of the transaction) and any late mobile payment fees, are not borne by the customer if the delay was caused by a planned interruption of the service of which the customer has not been informed.

This step towards digitalization is reinforced by the creation of the digital portfolio by the Ministry of Finance deployed to ensure the payment of social aid to citizens affected by the health crisis in order to prevent the gathering and spread of COVID-19.

What this means for you

The measures taken by the Tunisian government and by the BCT particularly during the Covid-19 pandemic in favour of the digitalization of payment will have a significant impact on e-commerce in Tunisia, from the e-commerce legislation to the e-commerce websites and the payment methods they offer. The measures taken by the BCT to date to provide new means of payments are also intended to reach the large population of internet users who have been reluctant to enter their online banking details. In Tunisia the increasingly social dimension of online shopping on the one hand, and the development of mobile commerce via smartphones and tablets on the other, will lead new players to offer their own payment solutions.

Return to top ^ 

12. A CFPB Data Access Rule Could Be a Win for Open Banking in the US

Hannah Winiarski (Atlanta, US)

On July 24, 2020, the Consumer Financial Protection Bureau (CFPB) announced plans to issue an advance notice of proposed rulemaking (ANPR) regarding consumer-authorized third party access to financial records. The announcement is the latest step in a process that began in 2016, when the CFPB began studying issues surrounding consumer data aggregation and the prospect of giving fintechs access to consumer data held by banks and other traditional financial services companies at the request of the consumer. In 2017, the Bureau issued non-binding principles aimed at giving consumers greater insight and control with respect to their financial data.  The Bureau also held a symposium in February of this year, a summary of which was published with the ANPR announcement.

Until recently, US laws governing data collection and use focused almost exclusively on protecting consumers from harm arising from unauthorized access and inappropriate uses of their data. Globally, the regulatory emphasis has shifted to both give consumers a shield to protect their data and also hand them a sword -- the ability to use their data proactively to further their financial goals. 

Before consumers can use their financial data in new ways, however, it has to be aggregated, manipulated, or interpreted in some way.  Fintech firms excel at this, but they need nearly real-time access to consumer account data, much of which still resides with banks. Fintechs can, and have, obtained this data without banks’ involvement, through credential-based access or screen scraping.  The consensus is, however, that these methods are inferior to direct access to the data through API integrations in terms of security, reliability, and consumer control. 

There are some longstanding disincentives for banks to provide data access to third parties. The consumer financial data that banks control represents a valuable asset and competitive advantage, and they generally are the party primarily responsible to consumers and regulators for protecting it. However, these disincentives are increasingly outweighed by consumer push for innovative financial products. Although not yet under regulatory mandate to develop open APIs like those in place in the UK and Europe, US Banks have already started partnering with fintechs and participating in working groups focused on developing standard API protocols to allow data exchanges with multiple third parties.

To date, these US efforts have largely proceeded in an environment of regulatory uncertainty and one-off agreements between banks and fintechs, driven solely by consumer demand. Unlike their international counterparts, US banks do not have concrete regulatory guidance on how to address fundamental issues such as informed consumer consent, the appropriate scope and duration of data access, and allocation of liability for data loss.  A final CFPB rule on data access could provide this guidance as well as the regulatory push that has been an important driver of open banking efforts globally but has been lacking in the US.

The CFPB derives its rulemaking authority in the data access area from the Dodd-Frank Act, which contains the first US statute giving consumers a general right to their electronic financial data. Section 1033 of the Act requires covered providers of consumer financial services to make consumers’ data available to them in a usable electronic format and empowers the CFPB to issue implementing rules. The Dodd-Frank Act defines “consumer” to mean not only an individual but also a representative acting on an individual’s behalf. If the CFPB interprets Section 1033 as requiring banks to give electronic access rights to financial services providers acting with the consumer’s consent, it could provide a legal basis for a US analogue to the UK’s Open Banking Standard, which required the largest UK banks to use open API standards to make consumer financial data available to non-bank fintech providers.

What this means for you

Mandated third-party access with appropriate guardrails has the potential to accelerate the development of a consumer-centric market in account information services, lowering barriers to entry and increasing the rate of innovation among start-ups and incumbents.  Depending on the scope of the CFPB rule and how successfully it is implemented, provides of account information services could see new opportunities to aggregate data across adjacent sectors, such as insurance, asset management, and retirement plan providers, as we have seen in other jurisdictions.

Return to top ^

If you would like more information about any of the topics raised in this edition of Payment Matters, please get in touch: