Payment Services Newsletter - March 2024

Payment Services Compliance Newsletter

Welcome to the latest edition of our compliance newsletter aimed at payments firms, including EMIs, PIs, AISPs, PISPs and prospective applicant firms.

This newsletter contains a round-up of regulatory articles that provide the latest insight into compliance issues and developments relevant to the payments industry.

As always, if you have any questions on the content in this edition of our Payment Services newsletter, then please contact us here and we will be happy to help with your enquiry.

What’s the latest?

Before looking back at some of our activity since the last newsletter, let’s take a forward glance at 2024.

In the UK, a general election is a near certainty, with October seemingly Prime Minister Sunak’s preferred option. Although the Edinburgh Reforms, announced in December 2022, are still very much in play (SMCR for payments anyone?), time is fast running out for the current Conservative administration. This is having the effect of speeding up a host of initiatives that might otherwise have unfolded over a longer time span. The City Minister, Bim Afolami, admitted as much when he spoke at our recent Forum. Quite what the impact of an incoming Labour administration will be is unclear (I’m certainly not calling the election result as a done deal), however, Labour is anxious to promote their pro-business (and pro-competition) credentials. Whether this will survive the first big scandal or crisis in financial services that comes along, in the event of a Labour government, remains to be seen.

In the meantime, there’s plenty to keep your eye on in payments over the coming year. John Burns and I explored some of the ‘known knowns’ during our ‘Horizon Scanning’ webinar last month.

The really big ticket item is likely to be the Payment Systems Regulator’s (PSR) reimbursement model for Authorised Push Payment (APP) Fraud. Directing mandatory reimbursement on a 50:50 basis between sending and receiving PSPs, from 7 October 2024. The PSR will be attending our 2024 Forum to talk about this on 7 March (see below), if you want to find out more and register.

Elsewhere, we await developments arising from Joe Garner’s Future of Payments Review and the HMT review of changes to the Payment Services/Electronic Money Regulations.

Please do check out the horizon scanning webinar for further details. But first let’s look back on updates since the previous newsletter: in this issue, we catch up on Consumer Duty (but of course!), safeguarding, proposals for the regulation of Stablecoins, changes to liquidity reporting, and much more. Let’s go!

Payments Forum Part 1

In December we hosted our second Annual Payment Services Compliance Forum (‘the Forum’). Despite rail strikes on the day, it was virtual full-house. Key topics for discussion included a history of FCA supervision in the sector, a look at possible legislative changes in the UK and Europe, a review of safeguarding audit findings by Cosegic, discussion on forthcoming safeguarding changes, some ‘top tips’ of prudential matters and, of course, a keynote speech from the newly appointed City Minister, Bim Afolami.

If you missed out on this, due to the rail strike or any other reason, you can access a recording of each of the sessions via our website here.

Payments Forum Part 2

As we said at the December event, we took the strategic decision to split our annual Forum event into two separate half-day events. The second event is being held on 7 March, at Sofitel, London, St James, 6 Waterloo Place, SW1Y 4AN.

As referenced above, we are delighted to be joined by Ben Woodside, Policy Manager at the PSR, who will be discussing the need for action to tackle APP Fraud and the subsequent expectations on payments firms in respect of reimbursing clients that have suffered loss as a result.

We will also be joined by De Quincey Bailey, HMRC’s Money Service Business (MSB) expert, with expertise in ‘underground banking’ and the criminal exploitation of alternative payment systems, and will be discussing: Alternative Banking Platforms Money Laundering, and Tax Fraud Typologies.

As before, we will have a number of panel sessions, aimed at APP Fraud, banking partner relationships and the challenges of the female MLRO. Moreover, it will provide attendees with the opportunity to network with industry experts, counterparts and Cosegic consultants.

Registration numbers are running extremely close to capacity, however there are a handful of spaces still available, once capacity is reached online registrations will be offered to those that are unable to obtain an in person place. Click here for full details Payment Services Financial Crime & Compliance Forum 2024 | Cosegic.

Open and honest? Reminder on submissions to the FCA

The FCA’s ban on James (‘Jes’) Staley, former CEO of Barclays Bank hit the headlines because of the nature of his relationship with Jeffrey Epstein and what he had disclosed (or not disclosed) to the regulator. There is a wider lesson here, in terms of individuals being absolutely open and honest in their submissions to the FCA, be they new applications for approval, or responses to questions. My colleague, Martin Lovick, produced a helpful summary article in October, highlighting the importance of full disclosure.

Indeed, in my experience as a regulator, more weight is likely to be placed on the individual’s/firm’s honesty than the underlying issue. Notwithstanding the general obligation under Principle 11, the rule should be ‘if in doubt, don’t say nowt’.

Consumer Duty – managing ongoing obligations

2023 was a headline year for the introduction of the FCA’s Consumer Duty, but the regulator has warned firms that there is still much to be done. We wrote an article on the FCA Consumer Duty Webinar in December, to dissect the latest on FCA guidance in this important area.

Whilst we don’t have too many specific examples of good/bad practice from the FCA relating to payments firms, this is likely to come any time now. Indeed, on 22 February the FCA published a Supervisory Notice against EPayPro UK Limited, in respect of the charging of its customers of a monthly compliance fee. Whilst the action cites infringements of both the Payment Services Regulations and the Consumer Rights Act, make no mistake that this action has Consumer Duty at its heart.

Indeed, in November’s newsletter we highlighted an article published by John Burns, Senior Adviser at Cosegic, highlighting the need for businesses to diligently read and review their terms and conditions.

Certainly, firms should be revisiting their Consumer Duty arrangements on a regular basis. Please check out the recent article by my colleague, Jaspreet Kaur, on outcomes monitoring and testing, and developing a programme to provide an effective framework to base the methodology for monitoring and testing outcomes for each activity in a firm. Essentially, the purpose of the programme is to continue meeting Consumer Duty obligations after the FCA’s implementation deadline of the 31 July 2023. It enables firms to cultivate the right environment to harness control and process improvement and secondly, to test the changes and monitor improvement.

Finally, if you want a more holistic review of your Consumer Duty arrangements and would like to discuss the possibility of an external ‘Consumer Duty Audit’ please do get in touch.

Prudential Webinar

My colleagues in our specialist Prudential Department are held a webinar on 27 February exclusively for payments firms, covering, capital, liquidity, wind-down planning, reporting (the new FIN073) etc, and where they looked at:

• the key prudential initiatives and reforms hitting firms and compliance departments in 2024;
• what they believe are key FCA priorities and any common themes they are seeing; and
• advice on how to earmark resources to prepare for regulatory initiatives in good order.

If you would like to watch a recording of the webinar, please click here.

Financial Resilience Survey

As touched on above, the FCA is replacing the Financial Resilience Survey – introduced during Covid to help the FCA understand how the current financial climate is impacting FCA solo-regulated firms - with a new financial resilience regulatory return. This is referred to as ‘FIN073 – Baseline Financial Resilience Report’. For further details, read the FCA’s Policy Statement, to understand the feedback to CP22/19 and final rules.

Firms that will be brought into scope of FIN073 will need to be prepared to submit the return when it is due, from January 2024. Firms will receive an automated reminder via RegData when the return is available for submission. 

To be clear, those firms brought into scope are listed in the Policy Statement as:

• an authorised electronic money institution;
• an authorised payment institution;
• a registered account information service provider;
• a small electronic money institution;
• a small payment institution

Stablecoins

The FCA released a discussion paper in November (DP23/4) setting out how it proposes to regulate the issuance and custody of fiat-backed stablecoins under the Financial Services and Markets Act 2000 (FSMA). The paper also provides details on the use of stablecoins as a means of payment under the Payment Services Regulations 2017 (PSRs).

Stablecoins, as defined in the discussion paper, are “a category of cryptoassets, that aim to maintain a stable value relative to a specified asset, or basket of assets, providing perceived stability when compared to the high volatility of unbacked cryptoassets”. For the purposes of the first phase of cryptoasset regulation, the FCA is now focusing on the fiat-backet stablecoins (also considered as a regulated or approved stablecoin) which include those that “seek to maintain a stabilised value of the cryptoasset by reference to, and which may include the holding of, one or more specified fiat currencies”.

My colleague, Delphine Chen, produced an article providing an overview of what is expected from firms that are considering or are currently offering stablecoins as part of their business model, and how the proposals might affect them.

Separately, my colleague David Rodriguez’s article examined the proposed regulatory approach discussed in the paper regarding payment services activities that involve fiat-backed stablecoins and the permitted use of overseas stablecoins.

Safeguarding

Since my last newsletter, we have been patiently waiting for a Consultation Paper on Safeguarding from the FCA. Noises from the FCA suggest that this might be published in April. In the meantime, safeguarding remains at the top of its payments supervision agenda, per their portfolio letter almost a year ago. The FCA identified a number of common issues, such as firms not having clear processes to protect funds or lacking proper reconciliation procedures. Given that, in the FCA’s view, the dial hasn’t moved significantly, this is likely to be a standing item on subsequent newsletters, as it should be on your senior management/board meeting agendas.

Since we shared our ‘top tips’ for safeguarding at our December Forum, we have since published my colleague Ed Vincent’s helpful guide to the key things to consider when reviewing your safeguarding arrangements, with final emphasis on an annual safeguarding audit. If you’ve yet to perform a safeguarding audit yourself (whether obliged to do so or not), or are considering a fresh approach, please do get in touch with me to explain our process and methodology in more detail.

UK links its AML high-risk 3rd country list with that of FATF

In early January, the UK Treasury published Guidance on its Money Laundering and Terrorist Financing (High-Risk Countries) (Amendment) Regulations 2024, which amends the definition of high-risk third country (“HRTC”) to align it with the Financial Action Task Force (“FATF”). The statutory instrument, which came into force on 22 January 2024, now defines an HRTC as “a country named on either of the following lists published by the FATF as they have effect from time to time - (i) High-Risk Jurisdictions subject to a Call for Action; (ii) Jurisdictions under Increased Monitoring”. Firms must therefore now refer directly to these FATF lists which are updated three times a year.

Final thoughts

As ever, if you would like to discuss Payment Services, or any other aspect of your compliance, then please contact any member of the Team. Additionally, if there is any topic you would like us to cover in future editions of the newsletter, then please let me know.

Cosegically yours,
James

James Borley
Managing Director, Payment Services
DDI: +44 (0)20 3457 3177