Global menu

Our global pages

Close

Payment matters: No. 48

  • United Kingdom
  • Payment systems and digital commerce
  • Financial services - Payment services

03-12-2020

Contents

Spotlight article: UK Payment Systems Regulator announces more detail on Strategy for future Competition and Regulatory Enforcement of Payments Supply Chain

  1. The use of eIDAS certificates to identify third party payment providers post-Brexit
  2. The European Banking Authority (“EBA”) publishes consultation on major incident reporting under the revised Payment Services Directive (“PSD2”)
  3. The industry calls for updated guidance on the interaction between GDPR and PSD2
  4. The future of central bank digital currencies
  5. HM Treasury closes Call for Evidence on access to cash in the UK
  6. The Bank of England publishes updated guidance regarding ISO20022
  7. The European Central Bank publishes a consultation on the Eurosystem oversight framework

Spotlight article: UK Payment Systems Regulator announces more detail on Strategy for future Competition and Regulatory Enforcement of Payments Supply Chain

Peter Harper, Julia Woodward-Carlton, Richard Jones and Greg Hayes

On 29 July 2020, the Payment Systems Regulator (“PSR”) first announced the launch of its “Future Strategy” by publishing the first of three themes around which its strategy will be based. Theme 1, Innovation and Future Payment Methods, focusses on promoting debate about how the payments industry can remain flexible and innovative during this time of rapid global economic change. The PSR has now announced the launch of two further themes to inform its Future Strategy:

  • Theme 2 - Competition: What role does the PSR play to ensure that competition is effective at all levels of the payments chain?  
  • Theme 3 - Choice and availability of payment methods: How can the PSR ensure that enough options are available to allow all people and businesses to make the payments they need and want to make? 

The purpose of the PSR’s Future Strategy is to design a pathway for how the PSR will use its regulatory and enforcement powers to achieve its three statutory objectives:

  • promoting effective competition in the markets for payment systems and for services provided by those systems;
  • promoting the development of innovation in payment systems, in the interest of service-users; and
  • ensuring that payment systems are operated and developed in a way that considers and promotes the interests of service-users.

Interested parties have an opportunity to engage with the PSR until 30 October to seek to influence the Future Strategy, the outcomes the PSR will be seeking to achieve, and accordingly how the PSR might prioritise its regulatory and enforcement work in the future.

Theme 2: Competition

The principle aim of Theme 2 is for the PSR to consider how it should approach its competition objectives in the future – to this end, the PSR has identified the following questions, on which it is seeking feedback from businesses and consumers:

  • Is there currently effective competition at all levels of the supply chain in payments, and if not where could there be more and why?
  • Is effective competition possible and desirable at all levels of the supply chain, and are there any limits to competition?
  • Is competition currently providing effective benefits for consumers, and is competition succeeding in keeping downward pressure on fees and promoting innovation and choice?
  • Is competition benefitting all consumers equally?
  • Who benefits from increased competition and are consumers always sufficiently protected by adequate levels of competition?
  • How should the PSR intervene when it identifies that competition alone is not providing the level of protection needed?
  • Which areas require more competition in the market and what would be the benefits of increased competition in those areas?
  • Would the increased ability for consumers and/or merchants to switch between different payment methods make the UK payments sector more competitive?
  • Should innovation be promoted as a tool to increase competition, and is Open Banking a good example of this?

Theme 3: Choice and Availability

The PSR has highlighted that limited choice and availability can affect the speed and success of everyday transactions, thereby, in its view, causing loss of income for retailers and hindering the UK’s economic growth.

The PSR’s appears to be particularly interested in understanding the impact of changes in the market, such as the decline of older methods of payment such as cash, might have on choice and availability of payment methods and systems in the future.

With this in mind, the PSR has put forward the following questions on which it is seeking feedback:

  • Which types of payments are under-provided in the current environment, and how could more choice be encouraged so that consumers and businesses can adapt to changing circumstances?
  • If cash continues to decline as a means of payment and UK consumers and businesses continue to rely heavily on the two main card schemes when making payments, will these two systems be enough to allow people and businesses to make and receive all the payments they want and need to make?
  • Given the rapid decline in the use of cash and cheques and the corresponding increase in the use of contactless and online payments as a result of the Covid-19 pandemic, what do these changes mean for consumers’ ability to rely on certain payment methods?
  • How can innovation in payments help weather disruptive changes such as those caused by the Covid-19 pandemic, and what should regulators do to make sure consumers can still make payments in times of rapid change?
  • Is it always better to have multiple methods to make a payment so that businesses and consumers can choose between them or are there circumstances where a specialisation (and so perhaps reliance on one provider) is necessary?
  • Is the PSR’s work in the area of improving access to payment systems enough to allow access to all services needed by consumers and businesses?
  • Can businesses that need different services easily migrate to other providers or do they face barriers to doing so?
  • How is choice and availability developing with respect to cross-border payments, and what does this mean for domestic systems?

What the PSR strategy means for you?

Since its inception in 2015, the PSR has focussed significant resources on addressing legacy market issues relating to infrastructure and access to payment systems, as well as the impact of the now well established interchange fee regulation on card-acquiring services (see our briefing here).

The initial signs are that the PSR’s Future Strategy may signal a shift towards the PSR looking more proactively at competition and market issues affecting all aspects of the payments supply chain. The feedback being sought suggests that the PSR is likely to focus its efforts on targeting parts of the market where there are low levels of competition, choice and innovation and that, in the future, it will be more willing and ready to intervene to tackle features of the market which restrict the entry of new providers and new products.

This period of formal engagement, which ran until 30 October, presented a short but potentially important opportunity for interested parties to engage with the PSR to influence the future outcomes the PSR will be seeking to achieve through its regulatory and enforcement powers.

Feedback received will form part of the PSR’s initial dialogue with interested parties, ahead of consulting on its full draft Strategy early next year. This draft strategy will form the basis of a formal consultation, during which the PSR will work closely with the FCA, Bank of England and HM Treasury to fully develop its Future Strategy.

Return to top ^

1. The use of eIDAS certificates to identify third party payment providers post-Brexit

On 3 November, the FCA published its policy statement to confirm that article 34 of the UK-RTS for SCA will be amended to require ASPSPs to accept at least one other electronic form of identification issued by an independent third party in addition to accepting an eIDAS certificate.

This additional form of identification will have to meet certain criteria including:

  • it must be a digital certificate issued by an independent third party upon identification and verification of the PSP’s identity;
  • it must be revoked as soon as the TPP is no longer authorised to conduct TPP activities; and
  • it must include the name of the TPP, details of the national competent authority the TPP is authorised or registered with and the TPP’s firm reference number.

The amended article 34 (published on 27 November) will also require ASPSPs to verify the authorisation status of the TPP in a way that would not create any obstacles to TPP access, and to satisfy itself of the suitability of the independent third party issuing the certificate. ASPSPs will also be required to specify publicly which means of identification it accepts to ensure TPPs are aware.

What the amendments to article 34 will mean for you

This amendment will come into force, along with the remaining UK-RTS, immediately after the end of the end of the transition period for Brexit. This is 11 pm on 31 December 2020 (‘IP Completion Day’). The FCA’s changes will permit UK-based TPPs to continue accessing customer data and initiating payments by using alternatives to eIDAS certificates.

TPPs will need to have an alternative certificate(s) as soon as possible ahead of IP Completion Day and ASPSPs will need to select which alternative certificate(s) they will accept.  Whilst the FCA hasn’t recommended any specific alternative certificate, the FCA has urged ASPSPs to consider existing certificates and will expect ASPSPs to reveal which certificates they will accept. ASPSPs will also need to consider whether their systems require any change to accept their chosen alternative certificates and implement any such changes as soon as possible ahead of IP Completion Day.

However, the FCA has acknowledged that it may be difficult to have all of this in place by IP Completion Day and has allowed for a short transition period. During the transition period, the FCA will allow ASPSPs to accept a certificate obtained from a provider of an API programme that does not meet  the requirements of the revised Article 34. The use of these certificates is only valid when TPPs have also presented a compliant certificate to that API programme. The provider of the API programme should validate the certificate and continue checking, on behalf of the ASPSP, the status of the TPP’s compliant certificate. We understand legacy OBIE certificates will be able to be used for these purposes. This transitional arrangement will end on 30 June 2021.

Return to top ^

2. The European Banking Authority (“EBA”) publishes consultation on major incident reporting under the revised Payment Services Directive (“PSD2”)

The European Banking Authority launched a public consultation proposing changes to the Guidelines on major incident reporting under the Payment Service Directive. The consultation ends on 14 December 2020. Article 96(4) of PSD2 requires the EBA in cooperation with the ECB to review the Guidelines on a regular basis and at least every 2 years.

What the European Banking Authority consultation means for you

The proposal aims to improve and simplify the reporting process, capture additional relevant security incidents, reduce the number of operational incidents that will be reported and improve the meaningfulness of the incident reports received.

The EBA’s key proposals relate to changes to incident classifications, increased thresholds and new calculation methods for the criteria of transactions affected and payment services users affected. It is also looking at reporting standardisation and reducing the number of reports.

If followed through, the suggested measures have the potential to reduce the burden on PSPs but PSPs should still consider whether the new guidelines go far enough to reduce this burden when you find yourselves in the midst of dealing with a major incident. Feeding into the consultation should help the EBA find a better balance between necessary oversight and obtaining information form PSPs in a proportionate way.

Return to top ^

3. The industry calls for updated guidance on the interaction between GDPR and PSD2

The European Data Protection Board (EDPB) adopted guidelines on the interplay between the second Payment Services Directive and the General Data Protection Regulation at a plenary session in June 2020. The public consultation on the guidelines was closed in September 2020. Subsequently, the European Banking Federation and a range of other industry bodies representing payment service providers wrote a letter to the EDPB requesting a revision to the guidelines.

What the updated guidance means for you

The interpretation PSD2 and GDPR has raised many questions for PSPs including in relation to the use of explicit consent under PSD2 & GDPR and question marks over how account information service providers (AISPs) and payment initiation service providers (PISPs) can use the data they access under PSD2. These issues and others have made PSPs question which provisions they should apply if there is an inconsistency between the two regimes and if GDPR should prevail over the PSD 2. The letter referred to above highlights a number of shared concerns across PSPs and notes that the guidelines “risk imposing obligations on all Payment Service Providers that not only contradict PSD2 but also go beyond what is technically feasible”.

This is important feedback from the payments industry as the Guidelines (as drafted) create a number of questions and problems for PSPs. There is no published date yet for a revised version of the Guidelines but the EDPB has plenty of questions to answer including in relation to whether PSPs must comply with their concurrent obligations flowing from both GDPR and PSD2, why it hasn’t distinguished between AIS and PIS in terms of the ability to process data for other connected purposes and how PSPs are expected to obtain explicit consent from silent parties for the processing of special category data.

Return to top ^

4. The Commission publishes the Regulation regarding the appointment of central contact points

On 9 October 2020 the Commission Delegated Regulation (EU) 2020/1423 supplementing PSD2 relating to payment services central contact points was published in the Official Journal. The regulation came into force and applied from 29 October 2020.

What the Regulation means for you

It outlines the appointment criteria for central contact points in a host Member State by payment institutions and sets out the role such a contact should perform and the duties it must fulfil.

It support PSD2’s objective of facilitating the supervision by Member State competent authorities of the networks of agents used by payment institutions providing cross-border payment services under the right of establishment.

Payment institutions relying on agents in this way will need to analyse whether they meet the criteria to require the appointment of a central contact point based on the number of agents they have and the value and volume of payment transactions and, if they do meet such criteria, they will need to procure that the central contact points ensure adequate communication and information reporting on compliance with PSD2 requirements in the host Member State.

The central contact point should also have a central coordinating role between the appointing payment institution and the competent authorities of the home and the host Member States in order to facilitate supervision of the payment services business conducted in the host Member State through agents under the right of establishment.

Payment institutions will finally need to ensure that the central contact point is given the necessary resources and has access to the relevant reporting data to comply with its obligations under PSD2.

Return to top ^

5. The future of central bank digital currencies

This year saw an increased interest in the development of central bank digital currencies (‘CBDCs’). In fact, recent surveys indicate that 80% of world’s central banks are currently engaged in developing CBDC models and over 30 central banks have already launched research or design reports.

With the significant drop off in cash usage, the growing influence of card schemes and the threat posed by Tech Providers such as Facebook’s development of Libra, central banks need to ensure that they continue to maintain control over monetary policy and financial stability.

In October, the European Central Bank (‘ECB’) published a report considering the development of a Digital Euro (Link here) and separately, the Bank for International Settlements collaborated with seven central banks including the ECB and the Bank of England (‘BoE’) to release a report assessing the feasibility of publicly available CBDCs in helping central banks deliver their public policy objectives (Link here). Both HM Treasury’s Payments Landscape Review and the ECB’s Retail Payments Strategy envisage CBDCs as complementing existing payment models.

Discussions and reports have revealed multiple models for the issuance and distribution of a retail CBDC including CBDCs issued directly by a central bank to retail customers as well as hybrid models whereby central banks could outsource various functions including issuance and distribution and/or KYC to commercial banks or other payment service providers (‘PSPs’). Under the hybrid models a key issue is whether or not holders of CBDC have a direct claim against the central bank for the fiat value of the CBDC or whether the claim would be against the PSP which would be backed by the equivalent value of central bank money.

Of the world’s largest central banks the People’s Bank of China is closest to having a widespread workable model for CBDCs having completed a major pilot program earlier this year.  Digital wallets supporting a range of payment methods, including barcode, facial recognition and tap-and-go transactions have now been employed by over 113,000 Chinese people to conduct transactions using China’s new CBDC. This has provided a catalyst for other large central banks including the BoE, the ECB and the Federal Reserve Banks in the US to accelerate their own CBDC development.

What central bank digital currencies mean for you

Regardless of the form of model used, CBDCs are destined to have a significant impact on the existing payment ecosystem including e-money, stable coins, payment systems and card payment schemes. It will be important for PSPs as well as data service providers, POS providers, and payments processors to monitor the development of CBDCs to understand the threats and opportunities which they may provide to their existing business models and markets. Our team is currently working with R3 to analyse CBDC policy developments globally and would be happy to assist you with any questions you may have in this area.

Return to top ^

6. HM Treasury closes Call for Evidence on access to cash in the UK

On 20 November 2020, HM Treasury closed its call for evidence on the issue of access to cash and has received a number of responses from a range of firms and organisations including Loomis, the National Federation of Retail Newsagents, and the Association of Convenience Stores (‘ACS’).

In its Call for Evidence paper, HM Treasury outlined the government’s legislative aims for protecting access to cash and ensuring proportionality, flexibility, cost-effectiveness and support for competition and innovation. The paper also highlighted the government’s overarching objective to maintain a sustainable infrastructure for cash in the UK to ensure financial inclusion and invited the industry to opine on 5 key elements of the cash industry namely: cash withdrawal, cash deposit-taking facilities, cash acceptance and cash distribution.

What the call for evidence on access for cash means for you

Following the call for evidence, the government will provide a summary of responses and will set out next steps for its work on cash access including bringing forward legislation to protect access to cash.

Based on the published responses to the call for evidence to date, we understand that the industry supports the HM Treasury’s work to protect access to cash. For example, Loomis have confirmed their commercial interest in the continued demand for cash in addition to the social purpose of ensuing financial inclusion. and the ACS have confirmed support for regulatory change to enable cashback without a purchase. If you are involved in the distribution of cash at the retail level you will need to review existing distribution arrangements to ensure compliance with any legislative changes arising from the consultation.

Return to top ^

7. The Bank of England publishes updated guidance regarding ISO20022

On 28 October 2020 the Bank of England issued a note highlighting its revised approach and final schemas for the CHAPS and RTGS ISO 20022 migration. This document provides a new baseline document for reference by stakeholders and was published alongside the final CHAPS ISO 20022 schemas Technical Guidance and Change Log. The Bank of England details a phased migration approach with the following key stages:

  • Phase 2 (TS2): The Bank will migrate the CHAPS payments messages to ISO 20022 in 2022; the implementation date will now be June 2022.
  • Phase 2.1 (TS2.1): From February 2023; on the basis that the SWIFT correspondent banking network will migrate to ISO 20022 (with enhanced data enabled) in November 2022, the Bank will require all CHAPS Direct Participants to receive enhanced ISO 20022 payment messages and at a minimum continue to send like-for-like messages, using the enhanced schemas.
  • Phase 3 (TS3): The Bank will then introduce the new RTGS2 core ledger and settlement engine in September 2023, around six months later than previously announced. At this point CHAPS Direct Participants must continue to be able to receive enhanced messages, as under Phase 2.1. There will be a further announcement confirming the approach to mandating the population of enhanced data. The Bank does not, at this stage, expect to mandate enhanced data before 2024.

What ISO20022 means for you

The migration to ISO 20022 is a welcome development and will allow for better harmonisation internationally with over 70 countries having already adopted it. It will also improve resilience and flexibility for system participants and their underlying customers by being responsive to changes in the economy, emerging technologies and innovation. In addition to financial institutions and technology service providers, corporates and professional service firms which regularly make high value payments will need to be aware of the specifications for ISO 20022 in respect of making and receiving payment messages and adapt their business models accordingly.

Return to top ^

8. The European Central Bank publishes a consultation on the Eurosystem oversight framework

On 27 October 2020, the European Central Bank launched a public consultation on a proposed new draft oversight framework for electronic payment instruments, payment schemes and payment arrangements. The consultation, which closes on 31 December 2020, comprises of three documents namely:

  • the proposed oversight referred to as the PISA Framework;
  • a draft assessment methodology as guidance on the application of the PISA Framework; and
  • a draft exemption policy as guidance on the scope of the PISA Framework.

This draft PISA framework replaces the “Harmonised oversight approach and oversight standards for payment instruments” and all related oversight frameworks, and is aligned with the relevant Principles of Financial Markets Infrastructure issued by the Bank for International Settlements and the Revised oversight framework for retail payment systems.

What the oversight framework consultation means for you

This consultation primarily targets organisations having oversight responsibility for payment firms and recommends a longer and more prescriptive set of principles than the harmonised oversight framework. As it is currently drafted, the PISA framework is also likely to impact a wide range of firms providing payment and e-money services across Europe, regardless of whether these services constitute the firms’ main business(es). By virtue of the ECB’s current definition of firms operating ‘payment schemes’ and ‘payment arrangements’, the PISA framework, in its current version, seems set to expand the regulatory perimeter within the European payments landscape. Firms should read the Framework documentation carefully to ascertain its impact on their current business models and regulatory compliance functions.

Return to top ^

For further information on any of the updates in this edition of Payment Matters, please get in touch.