On 27 August 2013 the Financial Conduct Authority (FCA) published the interim results of its thematic review into the potential risks of mobile banking as part of its ongoing commitment to greater transparency in this area. The review comes at an interesting time for the industry with tablet sales expected to surpass those of laptops and PCs within the next 18 months, which can only lead to increased uptake of mobile banking services.
Mobile banking in broad terms may include a variety of services, such as providing information to consumers and viewing statements through to making payments using a mobile or tablet device. It also includes contactless payments.
The FCA Director of Supervision, Clive Adamson, said: "mobile banking continues to develop and grow in popularity" and "with the market growing, now is the right time for us to take stock and, as part of the FCA's forward, looking approach, to ensure that consumers are appropriately protected".
FCA highlights the following potential risks in its initial findings:
- Fraud - There is a risk of fraud, resulting in consumers being unable to access money or make payments.
- Security - The risk that customers may receive malware when downloading an app or mobile banking application, or of the customers being victims of viruses.
- Use of third parties - A chain of third party service providers or specialist outsourcing partners can result in a greater likelihood of a problem occurring or difficulty in establishing who is responsible for any consumer loss.
- Technology risk/interruption to service - IT failure could result in limiting consumers' access to money and undermining confidence in the service. FCA is also concerned that the commercial pressure to develop and launch new/improved apps could result in insufficient testing.
- Consumer awareness and understanding - Mobile phones, with smaller screens and a limited keyboard, may increase the likelihood of errors and so FCA wants to understand how firms mitigate these risks and resolve any mistakes that occur.
- Anti-money laundering (AML) systems and controls - Firms offering mobile banking must apply proportionate and risk-based AML controls. In some cases, especially where services are not linked to a customer's current account, firms may need to carry out additional checks to verify the identity of the payee and the recipient. The report also notes mobile banking may make it challenging for firms to identify and report suspicious transactions.
FCA says this initial report should ensure that the industry is made aware of what FCA is looking into. It will now test a sample of firms to assess whether they are meeting FCA expectations. The testing will cover several areas including:
- what strategies firms have in place for mobile banking and product development;
- whether mobile banking customers are provided with clear information and are being treated fairly;
- whether firms are complying with the Payment Services Regulations;
- how fraud and security risks are managed and contingency arrangements for technical failures.
The sample will include major high street banks, and smaller companies, not traditionally providing banking services, will be tested.
FCA plans to report back in the first half of 2014 outlining its findings alongside developments in the market and the way consumers use mobile banking.
Firms not involved in the survey should not wait until then, but should now consider the points FCA raised in its interim results and take appropriate action to mitigate the risks. While firms may have addressed some of the issues when setting up internet banking services, the risks are in some instances different in mobile banking.
From a consumer protection perspective it is interesting that the report did not highlight that in many cases consumers may not receive the benefit and protection of the various card scheme rules when making payments using mobile banking services. Other important issues that may come in for consideration in the final report are customer authentication and data privacy, particularly where a user changes or loses a device.
FCA is also taking an active role in contributing towards the regulation of mobile banking at a European level by representing the UK at the European negotiations on mobile banking security.