Global menu

Our global pages


Payment Matters: No. 40

Payment Matters: No. 40
  • United Kingdom
  • Financial services
  • Financial services - Payment services


The Payment Systems Regulator publishes its final Terms of Reference for a review into the acquiring market

On 24 January 2019, the Payment Systems Regulator (“PSR”) published its final Terms of Reference (“ToR”) for a market review into the supply of card-acquiring services (services which enable merchants to accept debit or credit card payments from customers) following concerns that the market may not be working well for merchants, and ultimately consumers.

Following the publication of its draft ToR in July 2018, the PSR has announced that the review will focus on how competition in the supply of card-acquiring services is working. Specifically, the PSR will examine the supply of card-acquiring services by acquirers and payment facilitators, as well as the role that third parties such as independent sales organisations have in the supply of those services. The market review will predominantly focus on card-acquiring services for Mastercard and Visa but will not exclude other card payment systems.

The PSR is concerned that the following characteristics in the supply of card-acquiring services might not be conducive to effective competition, leading to adverse effects for merchants and end customers:

  • that the interchange fee caps introduced by the Interchange Fee Regulation (“IFR”) have not resulted in acquirers passing on savings to merchants
  • lack of transparency around fees merchants pay to accept card payments
  • barriers to entry for card-acquiring services
  • barriers to searching and switching for merchants
  • scheme fees charged by card scheme operators favouring large acquirers
  • significant increases in the scheme fee portion of the fees that merchants pay to acquirers

Of these concerns, the PSR intends to focus particularly on:

  • the extent and nature of any barriers to entry or expansion for providers of card-acquiring services – including whether fees and rules set by card scheme operators as well as technical, contractual, legal, regulatory or other barriers are having adverse effects on competition
  • how merchants choose between providers of card-acquiring services to better understand the extent of any barriers they face in searching or switching – including in relation to how merchants gather information to make informed choices and are able to compare services, as well as the technological and contractual barriers to switching that might exist

What this means for you?

The market review is intended to provide the PSR with a better understanding of how competition is working in the supply of card-acquiring services. If the market review identifies detriments to service-users the PSR may take a range of actions to address this, including: making a market investigation reference to the Competition and Markets Authority, making general or specific directions, requiring operators of a regulated payment system to establish or change their operating rules, issuing guidance, or making recommendations to the FCA as to regulatory change.

Separately, while the review does not signal that the PSR believes there are any practices in the sector that are illegal under competition law, market reviews of this nature always present the possibility of the PSR taking separate enforcement action under the Competition Act 1998 should they uncover evidence of anti-competitive practices during its review.

If the PSR considers that further action is necessary, there will be a consultation on its proposed actions following publication of the final report.

We would, therefore, recommend that providers of card acquiring services, card scheme operators, other parties who help merchants accept card payments (e.g. gateway providers and sales organisations and merchants engage with the PSR and respond to information requests and surveys in the early stages of the review to shape the outcome of the PSR’s review.

The PSR is aiming to publish an interim report at the end of 2019, followed by a final report due in 2020.

The Financial Conduct Authority finalises guidance on the fairness of variation terms in financial services consumer contracts

On 19 December 2018, the UK’s Financial Conduct Authority (“FCA”) published its final guidance on the fairness of variation terms in financial services consumer contracts. The guidance outlines factors that financial services firms should consider under the Consumer Rights Act 2015 (“CRA”) when drafting and reviewing variation terms in their consumer contracts.

The finalised guidance is largely the same as the draft guidance provided for consultation apart for a number of areas where the FCA has provided clarification following its receipt of feedback from various stakeholders, individuals, firms and industry associations.

A summary of the key areas of clarification provided by the FCA in the final guidance can be found in our recent article published on the Eversheds Sutherland website here.

What this means for you?

In light of the guidance, we suggest that firms now take steps to implement the guidance within their existing governance frameworks. Measures that we recommend include:

  • gathering all consumer contracts and checking whether these contracts are for a fixed or indeterminate term
  • identifying all variation provisions in contracts and understanding how they currently work
  • considering whether any variation terms in contracts are currently unfair
  • considering whether, following review of the FCA guidance, whether any change to the firms’ terms and conditions should be made
  • considering the guidance when drafting new terms and conditions
  • regularly assessing consumer contracts as part of regular reviews of all product documentation

The Authorised Push Payment Scams Steering Group publishes the final voluntary code

On 28 February 2019, the Authorised Push Payments (“APP”) Scams Steering Group published the final version of the Contingent Reimbursement Model (“CRM”) Code for APPs.

The voluntary code sets a framework for how firms should act where a customer has been a victim of an APP scam with the aim of reducing the occurrence of APP scams and protecting customers further.

The voluntary code will apply from 28 May 2019, requiring payment service providers (“PSPs”) which have signed up to the code to reimburse victims of an APP scam if they fail to meet the standards set out in the Code (provided that the customer did everything expected of them under the Code).

Interestingly, the Code does not include a date for the implementation of the proposed ‘confirmation of payee’ system which has been subject to a lot of industry debate since the PSR’s consultation in November 2018 which suggested implementing regulatory directions to require PSPs to implement the new system by 1 April 2019 and 1 July 2019.

Please see the full text of the final Code (available here) for additional details regarding the responsibility of firms and their customers.

What does this mean for you?

For those firms which have already signed up to the code, you should now review the final version and ensure you are in a position to comply by 28 May 2019. This includes committing to:

  1. protecting customers by developing procedures to detect, prevent and respond to APP fraud, with a greater level of protection for customers considered to be vulnerable to this type of fraud
  2. preventing accounts from being used to launder the proceeds of APP fraud, including procedures to prevent, detect and respond to the receipt of funds from this type of fraud

The Steering Group will also be encouraging other PSPs to sign up to the code before it comes into effect to improve consumer protection across the industry so even if you have not yet signed up to the Code, we suggest that you consider your obligations under the final text.

In relation to the implementation of confirmation of payee, we understand that the PSR has acknowledged that an implementation date of 1 April/1 July is now not achievable.

This will be welcomed by the majority of firms as the industry pushed back on the proposed timescales given the conflicting regulatory deadlines in relation to the implementation of the RTS and Brexit, the lack of awareness of the details of the confirmation of payee scheme, the complexities of the technical build and the inability to outsource the build given the fact that the specifications were not readily available.

Firms will, therefore, need to await the outcome of the PSR’s consultation and clarity on a new proposed timeline for implementation (although no dates in relation to the PSR’s response to the consultation have been suggested as the regulator is still working through the responses received).

The new European Bank Authority API working group publishes first set of clarifications

The European Banking Authority’s (“EBA”) new API evaluation working group published its first set of clarifications on 11 March following their first meeting at the end of February.

The group is tasked with identifying emerging issues and challenges that the industry is facing in relation to the use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019.

The first set of clarifications, therefore, focus on queries raised in relation to the testing facility which account servicing payment service providers (“ASPSPs”) should have put in by 14 March 2019. In particular, the EBA has recommended :

  • ASPSPs enable TPPs to use automatic testing programmes wherever possible to minimise support required from ASPSPs and improve TPP participation rates
  • ASPSPs make documentation (e.g. the API technical specifications) available in a machine-readable format
  • ASPSPs take advantage of the test cases and catalogues and other testing support material which has been developed by a number of API initiatives
  • ASPSPs ensure that the functionalities and scenarios available for testing are as close as possible to the functionalities that will be subsequently offered in the production interface, given the link between the testing phase and the wide usage criterion and to lessen the chances of issues that may otherwise arise in the production environment

The EBA has also published a list of QTSPs which it understands now issue eIDAS certificates for PSD2 purposes (as well as test certificates). Further detail can be found on the EBA’s website here.

What does this mean for you?

We recommend that all ASPSPs review the publication and consider if there testing facilities comply with the EBA’s clarifications. The clarifications appear to be phrased as recommendations which is helpful given that ASPSPs have already implemented their testing facility and published the technical specification etc. However, it is important that ASPSPs are aware of the clarifications as the EBA has suggested that the recommendations could enhance the participation rates of TPPs, help achieve wide usage and facilitate better testing results (which is particularly important as firms begin the process of applying for a fallback exemption).

Firms should also keep up to date with additional information published by the working group following their scheduled meetings on the group’s dedicated website here. The updates will aim to provide guidance and answers to issues raised during the implementation phase and will, therefore, become a useful resource for all firms when progressing with their implementation plan up to 14 September 2019. The group will meet every six weeks.

The EBA has launched its central electronic register under PSD2

On 18 March 2019, the EBA announced that it has launched the central electronic register under PSD2 which will include information on:

  1. the identity of authorised payment and electronic money institutions (including PIS and AIS providers)
  2. the country of establishment of these providers and the services they provide
  3. information on passporting

What this means for you?

The EBA Register will be a single source of aggregated information in relation to payment and electronic money institutions registered/authorised in the EU. The information included on the register is provided by national authorities and, therefore, mirrors the content of the national registers, and is updated by them at least once a day.

Firms (or bodies which firms are using for these purposes) should now use this register to determine which firms are registered within Europe and which services they provide, which will be particularly helpful in the context of the newly regulated account information and payment initiation services and determining their payment account access rights under PSD2.

For details of those institutions which are currently listed on the register, please search the data base here. You can also download a copy of the register in a machine-readable format here.

European Counsel adopts final text regarding the cross-border payments regulation

The Council of the EU has adopted the text of the new Regulation which will amend Regulation 924/2009 in relation to charges on cross-border payments in the EU and currency conversion charges.

The new Regulation will come into force 20 days after publication in the Official Journal with the majority of the provisions taking effect on 15 December 2019 (followed by two implementation dates of Q2 2020 and Q2 2021 for the new currency conversion charges).

Please see the full text of the Regulation (available here) for additional details regarding the transparency of charges.

What does this mean for banks?

Under the new rules, PSPs will be required to levy the same charge in respect of cross-border payments in Euro as they charge for corresponding national payments in the national currency of the Member State in which the PSP is located.

Firms will also be required to adopt the various proposals regarding the visibility of currency conversion charges where a customer makes a card payment abroad (or a cash withdrawal at an ATM abroad) or where a customer sends money abroad via a bank transfer. For example, some of the currency conversion measures include the following measures:

  • in relation to dynamic currency conversion when a customer makes a purchase using their card or withdraws cash at an ATM abroad the parties offering a currency conversion will be required to disclose the currency conversion charges as a percentage mark-up over the latest available foreign exchange reference rate issued by the European Central Bank before the transaction takes place
  • the payer’s PSP shall send to the payer an electronic message (e.g. SMS, email or push notification on mobile banking apps) with the information detailed above without undue delay after receipt of a payment order for purchase using their card or an ATM withdrawal in an EU currency other than the account currency
  • in relation to credit transfers involving a currency conversion, PSPs will have to disclose an estimate of the applicable currency conversion charges
  • PSPs will also have to communicate the estimated total amount of the credit transfer in the currency of the payer’s account (including any transaction fee or currency conversion charges) and the estimated amount to be transferred to the payee in the currency used by the payee

We, therefore, recommend that you review the final text for full details in respect of charges on cross-border payments and currency conversion charges to determine what measures you will need to put in place in advance of the applicable implementation date.

Please note the European Commission has also helpfully published FAQs and a Factsheet which can be considered alongside the final text.

The EBA issues clarification regarding the application of strong customer authentication for recurring card payments

The EBA has confirmed that where a recurring card payment is set up between a payer and a payee, strong customer authentication (“SCA”) will only be required to set up the mandate via a remote channel. All subsequent transactions will be treated as transactions which are initiated by the payee only and by extension will not require the payer’s PSP to perform SCA prior to each of them provided that the transactions are initiated without any interaction or involvement of the payer.

What does this mean for you?

A number of institutions are in the process of finalising their proposed SCA solutions in advance of the implementation deadline of 14 September. The EBA’s view will come as a welcome clarification to many financial institutions and merchants considering this issue, including those within the leisure and utility industries. The clarification from the EBA should also help to reduce different approaches being taken by competent authorities across the EEA, providing some comfort to those businesses which operate on a cross border basis that SCA will not be required.

New conduct rules apply to payment services and e-money sectors from 1 August 2019

On 1 February 2019, the Financial Conduct Authority (“FCA”) issued a policy statement (PS19/3) confirming the standards and communication rules for payment services and e-money sectors.

Following on from an earlier consultation, the policy statement and new rules:

  • ensure a consistency of approach to regulation across all firms operating in the payment services or e-money sectors by extending the application of the Principles for Businesses to the provision of payment services and the issuance of e-money by certain payment services providers and e-money issuers
  • address misleading advertising and marketing of services, by extending the application of certain communication rules and guidance in the Banking Conduct of Business Sourcebook, Chapter 2 (BCOBS 2) to communications with payment services and e-money customers
  • address misleading communication of currency transfer services, by making rules and guidance on the communication and marketing of currency transfer services, applicable to payment services and the issuance of e-money involving a currency conversion

The new rules and guidance affect credit institutions when they are providing payment services or e-money and the conduct of payment institutions, e-money institutions and registered account information service providers.

Please see the FCA’s Policy Statement (available here) for additional details on the new communication rules.

What does this mean for you?

The FCA has allowed a six month implementation period for firms to build procedure manuals and to familiarise their staff with the new rules in advance of their implementation on 1 August 2019.

We, therefore, recommend that firms familiarise themselves with the FCA Principles for Business as failure to comply could lead to enforcement. For example, firms will need to ensure that they are taking reasonable steps to ensure communications and financial promotions are fair, clear and not misleading in accordance with BCOBS 2 and ensure that communications are in line with requirements under the PSRs on communication of information (e.g. including the requirement to provide or make available information in an “easily understandable language and in a clear and comprehensible form”).