On 1 September 2015, Payments UK, the re-launched and re-branded Payments Council, published its interim Code of Conduct for Indirect Access Providers(the Code). The main aims of the Code are to improve transparency of information and deliver more favourable outcomes to Payment Service Providers that require indirect access to certain UK payment systems (Indirect PSPs).

This is just one of the Payment Systems Regulator (PSR) initiatives that Indirect PSPs stand to benefit from, since the Code clearly sets out the responsibilities that Payment Service Providers that offer indirect access to in-scope payment systems (“Indirect Access Providers”) have to the Indirect PSPs that use their services. The intention is that this will improve the conditions of access to payment systems for Indirect PSPs.

Background

The PSR set out its assessment of the key challenges facing the payment systems market in its consultation paper of November 2014 (A New Regulatory Framework for Payment Systems in the UK). A number of concerns were expressed by Indirect PSPs relating to the security of their arrangements with Indirect Access Providers, including the lack of written contracts detailing terms of access as well as uncertainty around termination of supply.

The PSR policy statement required that a PSR-approved and industry-led code of conduct to govern agreements for indirect access and to address the concerns in the market be developed. At that time, it also launched a market review into indirect access and issued a direction requiring the main banks providing indirect access to publish clear and up-to-date information concerning the sponsor services they offer. 

Payments UK has now published the interim Code on its website. Some initial consultation with stakeholders has happened but the Code will be finalised following a full consultation in late 2015.

The Code

The payment systems covered by the Code are Bacs, Faster Payment Service, CHAPS, Cheque and Credit Clearing, and LINK. Subscription to the Code is voluntary, although the PSR’s policy statement made clear that it expected at least Barclays, HSBC, Lloyds Banking Group and RBS to comply with the Code. The Code sets out the responsibilities that Indirect Access Providers have to Indirect PSPs by way of four separate commitments which are summarised below:

Commitment 1 - entitlement to an agreement for the supply of indirect access

Indirect Access Providers shall provide Indirect PSPs with a written agreement that details the key terms of the arrangement in a clear and transparent way. As a minimum requirement, each written agreement is to include the information listed in the Code. This includes information about fees, terms on which the services are provided, any agreed service performance levels, and specific information about duration and termination of the agreement to ensure the Indirect PSP is clear about this process.

Where an Indirect Access Provider has subscribed to the Code, each new agreement it enters into with an Indirect PSP must be compliant. Where fan Indirect PSP has an existing relationship with an Indirect Access Provider subscribed to the Code, it will be able to either ask the Indirect Access Provider to carry out a review to ensure the existing agreement is compliant or request a new agreement that is compliant.

Commitment 2 - support services & communication of important information

This commitment requires Indirect Access Providers to communicate all important information relating to the satisfactory operation and use of the particular payment services. Such information includes technical and operational information as well as ensuring Indirect PSPs are informed of any risks that may affect continuity of supply, such as planned maintenance or service ‘down-times’ as well as unexpected outages. 

There are also commitments to provide contact details of service support staff with the appropriate knowledge and to ensure the information given is clear, appropriate and accurate and timely.   

Commitment 3 - managing the security of supply of service

The third commitment covers the management of security of supply by setting out procedures relating to migration, service continuity and termination.

The Code sets out some of the circumstances by which an agreement may be terminated thus making this information clearer to Indirect PSPs at the outset. In accordance with the Code, Indirect Access Providers will commit to collaborating with Indirect PSPs so as to ensure an appropriate plan is in place to manage termination appropriately.

Similarly, where Indirect PSPs transfer to an alternative access provider or themselves become a direct participant in a payment system, the Indirect Access Provider will collaborate to ensure continuity and effective migration.

Commitment 4 - ensuring security of information

The fourth commitment recognises that Indirect Access Providers and Indirect PSPs may compete with one another, either in the downstream market or in the future provision of indirect access to payment systems, should the Indirect PSP become move to direct access. 

To enhance security of information and alleviate competition concerns, Indirect Access Providers that subscribe to the Code automatically commit to ensuring the security, commercial confidentiality and anonymity of all information and data provided in accordance with the provision of the payment services.

The Code suggests that non-disclosure agreements may be agreed between the parties to provide greater protection and commits Indirect Access Providers to only requesting information that is considered necessary to provide the particular payment services.

Subscribing to the code

The Code only sets out the minimum requirements that should govern agreements. The parties are free to agree additional requirements that go beyond the scope of the commitments.

Provided that the qualification criteria are met, the Code is expected to be suitable to all Indirect Access Providers in the UK. They can apply now to sign up to the Code in its current form. Barclays, HSBC, Lloyds Banking Group and RBS intend to subscribe by 30 September 2015.

Indirect Access Providers subscribing to the Code will be required to evidence compliance with it by undertaking a self-certification process on subscription and thereafter annually. Payments UK, as Code Administrator, is able to remove firms from the list of Code subscribers if firms cannot satisfactorily demonstrate compliance with it.

Furthermore, Indirect Access Providers will be subject to a complaint management process. The Code provides for a clear mechanism for managing complaints. Indirect PSPs must first raise their complaints with the Indirect Access Provider. If this does not resolve the complaint, there is also a means for escalation within the Indirect Access Provider’s own organisation and ultimately to an independent mediator, and/or the PSR. Subscribers should therefore ensure they are familiar with the complaint management procedure set out in the interim Code and understand in which circumstances either party may refer an unresolved complaint to the PSR.

Comment

The Code should provide Indirect PSPs with greater confidence in continuity and security of supply. Furthermore, it should bring greater transparency and certainty for Indirect PSPs by ensuring they are provided with written service agreements that clearly detail the terms of their arrangements and provide them with a means of recourse should the service they receive not be consistent with the Code.

The main sponsor banks intend to subscribe by 30 September 2015. From that point onwards, Indirect PSPs to whom they provide access services will be able to hold them to the commitments set out in the Code. Of particular benefit to many Indirect PSPs will be the requirement for Indirect Access Providers to notify their Indirect PSP customers of planned and unexpected disruptions to system availability. This will give those PSPs the ability to better manage relations with their own customers when such disruptions occur.

Indirect PSPs will have the opportunity to feed into the Payments UK consultation on the interim Code later this year. This should enable them to suggest any changes to the Code that they consider necessary, having experienced it in operation for a period of time, prior to it being finalised. The involvement of the PSR in finalising and monitoring the effectiveness of the Code will strengthen the hand of parties making such requests.

The Code is not a panacea for all of the difficulties PSPs face with seeking to gain access to payment systems, however. The main drivers of the PSR’s ongoing indirect access market review are the limited choice in Indirect Access Providers and the fees charged for indirect access. The review will also evaluate the initial impact of the initiatives and measures the PSR has taken to date in relation to indirect access.

If the PSR, in its indirect access market review, is able to find a way to promote greater competition in the market for supply of indirect access, this should give Indirect PSPs greater choice of provider and could also lead to better prices, terms and improved quality of service. Such competition could result from there being a larger number of Indirect Access Providers as well as innovations in how access to payment systems is offered allowing firms to move away from the traditional direct/indirect access model. Firms starting to offer indirect access in the coming months and years will need to decide whether to opt-in to the Code. Presumably they will be under pressure from the PSR and the market more generally to do so.

Although the Code is only voluntary, it is likely to have real teeth: it includes a complaints mechanism, the possibility of subscriber status being withdrawn for non-compliance with it, as well as a role for the PSR in overseeing its effectiveness. It will be in the interests of the main Indirect Access Providers to ensure it is effective and delivers benefits to Indirect PSPs in order to deter the PSR from taking alternative action.