In its Thematic Review 14/15 on mobile banking and payments (11 September 2014), the Financial Conduct Authority (FCA) has given an early and clear indication of its expectations to both the retail mobile banking sector and the payments chain outside of financial regulation.
The FCA uses its thematic review to set out how it will determine whether firms achieve good outcomes for consumers. Firms can be encouraged by the positive tone of this TR 14/15. The FCA clearly appreciates these channels have the potential to provide considerable benefits to consumers, from innovation and competition. A feature of this thematic work is that it is an early warning shot rather than an action against crystallised consumer harm, so it is clearly trying to limit the extent to which consumers experience risks from these new developments.
It is important that firms entering the market consider consumer rights and protections and incumbents should follow good practice.
Key compliance indicators
- Ensure it is easy for consumers to understand their legal rights and obligations and aid consumer education; information provided to customers must be clear, fair and not misleading, and appropriately targeted;
- Ensure the knowledge and understanding of key decision makers in the business keeps pace with innovation;
- Embed appropriate security measures to keep consumers’ sensitive personal data and funds secure, and use and develop robust technology to meet changes in consumer behaviour;
- Retain oversight of third parties and outsourced functions involved in the delivery of product offerings through contractual provisions and regular practical monitoring;
- New entrants must have knowledge and understanding of the regulatory framework surrounding payments (including the rules around immediate refunds for fraudulent transactions and complaints handling);
- Maintain focus on areas such as fraud and anti-money laundering and continue to develop processes to combat these;
- Have a clear strategy and sustainable business model for mobile banking;
- Consider the requirements of the consumer during each stage of product development, from design through to distribution, ensuring that the firm understands the risks to consumers and attempts to mitigate these and provide services aligned with the interests of their consumers;
- Embed a regular process to test how robust the firms' IT systems are, including transactional security and information and data protection elements; and
- Ensure senior management have relevant management information and technological knowledge to deliver effective oversight (e.g. conduct consumer behaviour studies as well as analysing complaints and satisfaction data).
When embedding new channels and planning for future development, firms must have appropriate controls in place to prevent consumer harm and damage to the market. The approach will vary and be tailored to suit their business and firms will find it advantageous to address this before mobile banking becomes truly mainstream and higher risk.
Firms must draw on the clear guidance given in the Thematic Review. For example, the FCA indicates that a firm should monitor its consumer behaviours, so it is better able to provide for system capacity at peak transaction times. There is also a reminder that firms must build in a contractual and practical ability to oversee the way services are offered, particularly if outsourcing is a feature of the service. These could well be areas of supervisory interest in future.
Once again, senior manager involvement and responsibility is expressly highlighted, indicating that firms with knowledgeable and well-informed senior teams will generally fair better in follow up supervisory activity in this area.
The report should be read with the FCA's interim report from August 2013: TR13/6, Mobile banking and payments – supporting an innovative and secure market.
A chance to influence the future
Firms should be open to working with the regulator to ensure both sides have a clear understanding of risks, regulation and technological developments and business model transformation.
Following the report, the FCA will continue to work with the industry to ensure firms have a clear understanding of the key areas identified in this report and use the report in initiatives, such as Project Innovate and work on developing an appropriate regulatory approach to digital transformation.
Firms will also want to engage with the regulators to influence EU level developments in this area. This includes the Payment Services Directive 2 (PSD2) proposals, work by the European Banking Authority and security recommendations coming from the SecuRe Pay forum (part of the European Central Bank).
Additionally, the UK's new Payment Systems Regulator (the PSR) continues to emerge; the report of its joint study with Ofcom, looking into innovation and UK payments is scheduled to be published in the autumn.
Firms should consider the Bank of England's position on this area. On 11 September 2014, the Bank pre-released articles from its Quarterly Bulletin for Q3 2014. 'Innovations in payment technologies and the emergence of digital currencies' examines recent movements in payment systems and puts forward a view that the most significant development is 'distributed ledger' technology, which fundamentally changes how payment systems can work. It draws on a range of disciplines including cryptography, game theory and peer-to-peer networking and allows payment systems to operate in a decentralised way, with no intermediaries. The authors believe this can be adapted beyond payments.