EBA launches innovation discussion paper
On 4 May 2016, the European Banking Authority (EBA) released a discussion paper on innovative uses of consumer data by financial institutions. The paper looks at the ways in which financial institutions use customer data, and the associated benefits and risks. The EBA’s aim is to decide whether the current regulatory framework is sufficient to harness the risks or requires action.
The EBA notes that only few requirements presently exist in EU legislation specific to the financial sector that address the use of consumer data by financial institutions. Data in relation to payments is particularly highlighted as being of interest to the EBA as it provides an insight into consumers’ purchasing habits and preferences.
What this means for you
The EBA has requested feedback by 4 August 2016 on a number of questions in line with its mandate to monitor financial innovation.
Innovation is important but so too are the privacy law requirements related to “new use” of customer data. This will be one key risk area to consider. Financial institutions are “data controllers” of their customers’ personal data and the Data Protection Act 1998 (to be replaced in 2018 by a General Data Protection Regulation) governs what they can do with it. Payment processors will have made contractual commitments to their customers, which could well restrict new use without permissions. And if they use customer data for their own new purpose, the payment processor itself will likely be “data controller” for privacy law purposes.
Any proposed “new use” must first be checked to ensure it is fair and lawful. Fairness: If it is outside the reasonable expectations of customers then this means it must be notified to them in written privacy notices. Lawfulness: If it is not strictly necessary for the legitimate interests of the financial institution or the other data controller (e.g. a payment processor making a new use) then an alternative lawful reason is needed - such as a fully informed, prior and freely given consent from the “data subject” (here, the customer). If sensitive personal data is at issue, such as racial/ethnic origin detail of the customer, his disability or his religious or other beliefs, risks are heightened, additional rules apply and explicit consent would be necessary. In short, a privacy impact assessment (in line with the ICO’s Code of Practice and GDPR when it comes in) should be conducted before as soon as any “new use” is proposed. The privacy implications should be factored into decision making process as early as possible in the process.
Possible consultation to transpose revised PSD2
The Head of Payment Systems and Services at HM Treasury, Edward Corcoran, is reported to be considering a six-week consultation to transpose the revised Payment Services Directive (PSD2) into national law, with domestic legislation targeted for January 2017.
What this means for you
The deadline for the transposition and implementation of PSD2 into national law is 12 January 2018. Timely implementation and effective stakeholder engagement will be welcomed. No formal consultation has yet been announced but it is clear that officials are keen to begin consulting with stakeholders regarding plans for the transposition of the directive.
Bank of England promoting FinTech
On 17 June 2016, the Bank of England (BoE) published a speech in which the Governor of the BoE, Mark Carney, announced a number of BoE initiatives intended to promote the development of ‘FinTech’ (that is, the harnessing technology to make financial services more efficient).
What this means for you
Among other things, the BoE intends to widen access to its real-time gross settlement system (RTGS) to non-bank payment service providers (PSPs). By extending RTGS access, the BoE’s aim is to increase competition and innovation in the market for payment services. This news will no doubt be well-received by those non-bank PSPs which want to take a more central role in the payment system.
Payments Strategy Forum Launches its Draft Strategy
On 13 July the Payments Strategy Forum (PSF), which comprises 22 experts from across the payments industry and other organisations, launched its draft strategy (‘the Strategy’). The Forum is supported by several working groups comprising 190 people, and ultimately by the Payments Community, which brings together 500 people who work, or have an interest, in payments.
When it launched, the PSF set itself three objectives, to deliver payments that are: versatile and responsive to user needs; secure and resilient; and efficient. To arrive at a strategy the Forum collated and ranked a series of sector ‘detriments’ that need fixing. The proposed Strategy is bold and considers steps that should be taken to tackle these detriments over the short, medium and longer term. For example, the PSF has taken the radical step of proposing that three of the main inter-bank payment systems, Bacs, FPS and Cheque and Cheque and Credit Clearing (C&CCC) should be consolidated, in terms of how they are organised, their rulebooks and entry criteria, as well as the infrastructure underpinning them. The PSF’s vision is for these systems to form a single, simplified payments platform. Proposals also include the adoption in the UK of the ISO20022 messaging standard and common governance for the APIs used in the system.
There are numerous other proposals aimed at simplifying access to payment systems, as well as to address problems associated with financial crime, data and security and to address end-user needs. For example the draft Strategy includes proposals: to introduce ‘Request to Pay’ (whereby payment requests are sent between payee and payer prior to the payment being made and including more data e.g. about the amount requested, the timeframe for responding and the preferred payment method); for assurance data (enabling payers to track the progress of payments they have made); and enhanced data (enabling payers to attach data to payments they have made to allow recipients to identify them).
PSR’s Final Report on Indirect Access
The proposals in the Strategy could bring about significant changes to the payments sector both in the short and longer term. The consultation on the draft Strategy will run from 13 July to 14 September. Most, if not all, financial services businesses will be affected by these proposals in some way. It would be advisable for those that will be affected to engage in the process by submitting a response to the consultation. The Strategy can be viewed here.
In Payment Matters 22 we reported that the Payment Systems Regulator (PSR) had published its interim findings from its market review into competition in the supply of indirect access to payment systems. On 21 July 2016, the PSR published its final report which broadly follows its interim findings.
The Report concludes that competition in the supply of indirect access appears to be producing “some good outcomes”. However, the PSR has identified specific concerns in respect of the quality of access being supplied, limited choice for certain payment system providers in the market, and barriers to switching.
The PSR has confirmed, as proposed at interim report stage, that it will not take any specific action to tackle these concerns because it is encouraged that developments already taking place in the market, combined with its own work, will be sufficient. Instead of monitoring the impact of these developments over a 12 month period, as proposed in its interim report, the PSR will include an overview of developments in the indirect access market in its annual access and governance reports – the next of which is due in early 2017.
At the same time, the PSR is consulting on draft guidance (also released on 21 July 2016) on how it proposes to use its regulatory powers to require operators of payment systems and indirect access providers to grant access to a payment system, or vary the terms of such access . This, coupled with its decision not to take action at the market-wide level, suggests the PSR may have an appetite for using these powers to address access issues between individual firms instead.
Blockchain and Bitcoin
On 19 July, the Economic Affairs Committee took evidence from the Bank of England, representatives of the blockchain industry and academics for its one-off inquiry into distributed ledger (“blockchain”) technology.
The Committee explored a range of issues relating to blockchain technology including:
- How can the Government make use of blockchain? Could it be used to collect taxes or pay benefits?
- What happens if the technology goes wrong?
- How should blockchain be regulated?
- Could blockchain be used to create a central bank digital currency?
The Deputy Governor of Monetary Policy at the Bank of England, Ben Broadbent, was generally positive, acknowledging that the benefits are clear, but also noting that it could only be achieved at significant cost. He dispelled the idea that the Bank of England would ever operate a central bank digital currency and suggested that market participants would prefer a system which included regulatory oversight rather than an open, permissionless bitcoin-like system.
What this means for you
This is the first major committee discussion of the technology within Parliament and is indicative of the UK government’s interest in exploring its possible uses. This is good news for financial services clients who think it could be the future of financial transactions. The distributed nature of a blockchain database makes it less susceptible to hacking and keeps the data secure and private. If implemented, banks could begin to share data using a custom version of blockchain, cutting out the middleman and reducing manual processing. This would increase the speed of transactions and ultimately reduce costs. FinTech Network have put together a whitepaper which provides a comprehensive introduction to blockchain technology.
World Class Payments Report
Payments UK published its latest report in the World Class Payments series on 17 June 2016. The report focuses on the need to improve access arrangements to UK payment systems for payment service providers. The report gives an overview of the current situation in the UK and highlights work already undertaken to develop open access, along with the challenges associated with bringing about change.
The report picks out four main issues that need addressing in the UK:
- industry agreed road map and backing
- detailed and fully supported transition plan
- agreement on the funding model required to bring about change
- the need for a wide range of industry players across the full industry spectrum to work together to achieve change.
What this means for you
New and existing users of payment systems in the UK have highlighted Open Access as critical in the support of healthy competition and innovation within the industry. Payments UK envisages that improvements to the current system would boost competition. The Payment Systems Regulator is in the process of conducting a market review which focuses on indirect access. It will also consider whether competition is working well for those who use payment systems. In addition, the Regulator is carrying out a market review into the ownership and competitiveness of infrastructure provision. The industry can expect big changes with the strategy setting body, The Payment Strategy Forum, examining whether payment systems can be developed to simplify access, ensure a common messaging standard and centralise functions to prevent financial crime and reduce the cost of compliance.
MasterCard in £19bn UK interchange fees class action
In one of the first and largest claims under the Consumer Rights Act 2015, lawyers are preparing to file a £19bn class action lawsuit against MasterCard on behalf of UK consumers.
Walter Merricks, former Chief Financial Services Ombudsman, has instructed law firm Quinn Emanuel Urquhart & Sullivan to bring a class action against MasterCard following a European Court of Justice (ECJ) ruling in 2014. The ECJ decided that MasterCard had abused its dominant market position for 16 years (1992-2008), by charging anti-competitive interchange fees for cross-border transactions.
MasterCard ‘firmly disagrees’ with the action, and contends that the ECJ ruling is limited to cross-border transactions. MasterCard has already faced 12 lawsuits in the UK following the ECJ ruling, from retailers including Topshop, Sainsbury’s, Asda and Morrisons. The suits are ongoing with MasterCard arguing that retailers cannot claim damages since they passed any losses from the cross-border transactions on to consumers.
The initial hearing for the class action claim is likely to take place later this year, with the trial starting in 2018.