The Financial Conduct Authority’s (FCA’s) 2019/2020 business plan sets out its retail banking agenda for the year ahead and how it plans to balance the encouragement of innovation, with prudent regulation.
Part 10 of our series of the FCA’s priorities takes a closer look at what’s on the horizon for retail banking.
Having overseen the UK’s initial implementation of the second Payment Service Directive (PSD2) from January 2018; this year the FCA will regulate the UK’s implementation of the Strong Customer Authentication - Regulatory Technical Standards (SCA - RTS) by 14 September 2019.
The SCA - RTS require Payment Service Providers (PSPs) to provide at least one account interface, to enable Third Party Providers (TPPs) to access customer payment accounts. In the UK this has been achieved by standardised Application Programming Interfaces (APIs) developed by the Open Banking Implementation Entity (OBIE).
Additionally, the SCA - RTS set out the security requirements to assist in the fight against fraud and require PSPs to incorporate elements of ‘knowledge’, ‘possession’ and ‘inherence’ in their customer authentication journey.
In response to industry concerns of readiness for the 14 September deadline, the European Banking Authority (EBA) has announced that National Competent Authorities (NCAs), such as the FCA will have the power in exceptional circumstances to allow AISPs and PISPs limited additional time to adopt SCA - RTS compliant authentication processes- to avoid customer detriment.
Following the EBA’s announcement, on 26 July 2019 the European Credit Sector Associations (ECSAs) and the European Third Party Providers Association whilst confirming they remained committed to the 14 September implementation date, called on NCAs to use their discretion to extend the deadline for adoption of SCA – RTS when necessary.
It remains to be seen how many AISPs and PISPs will request an extension and the FCA’s appetite to allow such extensions given the FCA will need to agree and monitor ‘migration plans’ for the service provider’s adoption of SCA - RTS compliant standards.
The technologies and infrastructure that have been created for Open Banking look set to be harnessed and explored further through Open Finance.
Open Finance enables third parties (with consent) to extract and combine customer financial data (from various sources) – to assist the customer in assessing the performance of their products/services.
The FCA plans to work with a broad range of finance sectors to better understand emerging initiatives in data aggregation; and later in 2019 will make a call for input from the industry to shape the development of Open Finance.
The OBIE has called on the FCA to create an ‘Open Finance Policy Institute’ tasked with the development of an Open Finance strategy alongside other regulators, the extension of APIs to other financial products and ultimately the development of ‘Open Life’ where consumers can utilise the same technologies for products and services outside of financial services.
It remains to be seen whether the FCA will adopt the OBIE’s recommendations and what impact the upcoming Treasury review of the payments landscape and UK regulatory framework will have on both Open Finance innovation and regulation.
The FCA extended its Principles of Business (Principles) set out in the Principles for Business Sourcebook (PRIN) to include PSPs and e-money issuers from 1 August 2019. The Principles set out the fundamental obligations of firms under the FCA’s regime, including that firms will act with integrity, skill, care and diligence and be fit for purpose.
The FCA has also confirmed its intention to conduct a review of SME Business, with a specific focus on business current accounts (BCA) and business deposit accounts (BDA). This follows the FCA’s Strategic Review of Retail Banking Business Models (published in December 2018) in which the FCA’s expressed its concern that the personal current accounts (PCAs) provided by the major banks offer little or no interest to customers, feature high transaction charges and were resulting in poor consumer outcomes. It remains to be seen if the FCA will reach a similar conclusion in relation to BCAs and BDAs.
The FCA has confirmed it will continue to work alongside other regulators on a variety of initiatives to assist in the fight against fraud, including the Confirmation of Payee’ (COP) and Contingent Reimbursement Model initiatives.
Under COP a payer provides the payees name, alongside their sort code and account number when initiating a payment transfer, COP will then provide an alert when the payee’s name does not match that registered to the bank account details provided; enabling the payer to correct or cancel the payment transfer.
Whilst the Payment System Regulator (PSR) announced a delay to the introduction of COP (for the six largest banking groups in the UK) until 31 December 2019; given the total losses of £236 million in 2017 due to APP Fraud the regulators appear determined to push this through.
On 28 May 2019 the PSR published its voluntary code for PSPs ‘Contingent Reimbursement Model’, which in addition to requiring PSPs take appropriate steps to prevent APP scams, requires PSPs to reimburse victims of APP scams; unless the victim ignored clear warnings from the PSP.
Since 31 January 2019 all firms and PSPs are required to record and report data on complaints alleging Authorised Push Payment (APP) fraud using the FCA’s Payment Services Complaints Return (PSCR).
Whilst firms may have concerns in relation to this additional reporting, the FCA’s view is that most firms and PSPs already have the necessary data to complete the PSCR and the total costs associated with the additional reporting will be minimal.
Given the looming 14 September deadline for SCA – RTS implementation it is vital that PSPs are ready for this deadline. If you require an extension you should be prepared to justify to the FCA why providing an extension to the deadline will prevent customer detriment and how it constitutes an exceptional circumstance.
As the FCA and other regulators continue to combat fraud, you should ensure you have adequate systems in place to recognise, combat and report on fraud.
Providers of BCAs and BDAs should critically review the value their offerings provide to small business and what adjustments are necessary in advance of the FCA’s upcoming review.
Finally the developments in data aggregation and machine learning mean that customers will be able to scrutinise their service offerings to a greater degree than previously possible. PSPs will need to take the necessary commercial decisions to ensure their products remain an attractive proposition to their customer base.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at September 2019. Specific advice should be sought for specific cases. For more information see our terms and conditions.