Key developments of interest over the last month include:
- United Kingdom: HM Treasury publishes Kalifa Review of UK FinTech, setting out a strategy for the growth and widespread adoption of UK fintech, and for maintaining the UK’s global fintech reputation.
- Asia: Hong Kong Monetary Authority, Bank of Thailand, Central Bank of UAE and People’s Bank of China announce multiple central bank digital currency bridge project designed to explore the capabilities of distributed ledger technology to facilitate real-time cross-border foreign exchange payment.
- United Kingdom: CMA opens consultation on future of open banking in light of the anticipated completion of the open banking implementation phase at the end of 2021.
In this Newsletter:
- Regulatory Developments
- Payment Market Developments
- Surveys and Reports
For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.
United Kingdom: Kalifa Review of UK FinTech published
On 26 February 2021, HM Treasury published the Kalifa Review of UK FinTech, identifying priority areas to support the UK’s fintech sector. The goal of the review was to set out a strategy for the fintech sector and a model for the UK to maintain and improve its position as the global fintech leader.
The Review identifies overseas competition, Brexit and the COVID-19 pandemic as the main threats to the UK’s fintech leadership position. Each of these threats point to three opportunities for the UK fintech sector:
- Creating jobs – KPMG forecasts that the sector’s direct GVA contribution to the economy is estimated to be £13.7bn by 2030, with job creation contributing to 70% of this.
- Improving trade – enabling fintechs to achieve global scale and reach via access to international markets, and continuing to lead on regulation and standard-setting in fast-moving tech.
- Inclusion and recovery – supporting citizens and small businesses to access more, better and cheaper financial services.
To facilitate these opportunities, the Review identifies a five-point plan of recommendations:
- Policy and Regulation – creating dynamic leadership that protects consumers yet nurtures fintech activity and encourages competition.
- Skills – ensuring fintech has a sufficient supply of domestic and international talent and the means to train and upskill the UK’s current and future workforce.
- Investment – completing the funding ladder from start-ups right through to IPO.
- International – targeting an approach to exports and inward investment.
- National connectivity – leveraging the output of fintechs across the UK and facilitating connectivity amongst them.
Rachel Kent (partner, Hogan Lovells) co-chaired the Policy and Regulation chapter of the Review with Dr Kay Swinburne (KPMG). The chapter contains recommendations in relation to:
- The creation of a cross-government, cross regulator taskforce to design and deliver a holistic FinTech Policy.
- The creation of a ‘Scalebox’ to support firms in the growth phase building on the success of the FCA’s regulatory sandbox for start-ups.
- A collection of specific initiatives and regulatory changes including:
- The creation of a Central Bank Digital Currency.
- The establishment of a digital I.D.
- Regulatory reviews and improvements in crypto assets, payments, open finance, smart data and artificial intelligence.
Rachel Kent comments on the Review in this article.
Hogan Lovells has organised a series of client webinars throughout March and early April focusing on the Policy and Regulation chapter of the Review. See here for more details.
Asia: Hong Kong Monetary Authority, Bank of Thailand, Central Bank of UAE and People’s Bank of China announce Multiple Central Bank Digital Currency Bridge Project
On 23 February 2021, the Hong Kong Monetary Authority (HKMA), Bank of Thailand, Central Bank of UAE and the Digital Currency Institute of the People’s Bank of China announced that the Central Bank of UAE and the Digital Currency Institute of the People’s Bank of China have joined the second phase of the Multiple Central Bank Digital Currency (m-CBDC) Bridge Project.
The m-CBDC Bridge Project is a central bank digital currency project for cross-border payments initiated by the HKMA and the Bank of Thailand. The project aims to further explore the capabilities of distributed ledger technology, through developing a proof-of-concept prototype, to facilitate real-time cross-border foreign exchange payment-versus-payment transactions in a multi-jurisdictional context and on a 24/7 basis.
The overall aim of the project is to address issues with cross-border fund transfers, such as inefficiencies, high cost and complex regulatory compliance. It is hoped that more central banks in Asia and other regions will join in the future.
United Kingdom: Competition and Markets Authority (CMA) opens consultation on future governance of open banking
On 5 March 2021, the CMA launched a consultation on the arrangements to be put in place to ensure the effective oversight and governance of the CMA's open banking remedies, following the delivery of the implementation requirements of the Retail Banking Market Investigation Order 2017 (the Order) at the end of 2021.
The implementation phase is being delivered through the Open Banking Implementation Entity (OBIE), an organisation established by the Order. The Open Banking Implementation Trustee has made it clear that for the Open Banking ecosystem to evolve, some kind of industry-supported successor organisation to the OBIE will be required. Banking industry body UK Finance has submitted proposals that involve creating a new body, with a more broadly-based funding and governance model, to succeed the OBIE. It is proposed that this body would take over the OBIE's functions, other than compliance monitoring, which will be handled separately.
The CMA is seeking stakeholder views on:
- Whether the successor organisation proposed by UK Finance is:
- Independently-led and accountable;
- Adequately resourced to perform the functions required;
- Dedicated to serving the interests of consumers and SMEs; and
- Sustainable and adaptable to future needs of the ecosystem.
- The necessary compliance monitoring arrangements that will have to be put in place; and
- The transitional arrangements that should be adopted and when the transition process should begin.
The consultation closes at 5pm on 29 March 2021.
United Kingdom: FCA publishes February 2021 regulation round-up
On 18 February 2021, the FCA published its regulation round-up for February 2021.
Of particular interest is the FCA’s consultation on planned updates to the UK SCA-RTS and to its Payment Services and Electronic Money Approach Document (as reported in the February 2021 edition of the Newsletter). The deadline for responding to the consultation, other than the questions relating to contactless payments, is 30 April 2021. The contactless payments questions closed to feedback on 24 February 2021 and findings were published on 3 March 2021 (see the separate item on this).
The round-up also includes an update on RegData, the FCA’s new data collection platform. The FCA reports that half of the firm reporting population has successfully moved to RegData and has begun using the new system for regulatory reporting. Firms that are still Gabriel users need to register for RegData in advance of their planned moving date.
The FCA has also made available the recordings of the presentations given by firms that are taking part in the Digital Sandbox pilot. The firms presented the prototype solutions they have developed at a series of demo days that the FCA hosted earlier in February 2021.
Global: Financial Stability Board (FSB) publishes letter to G20 finance ministers and central bank governors outlining key areas of focus for 2021
On 24 February 2021, the FSB published a letter sent by its Chair to the G20 finance ministers and central bank governors ahead of their meeting on 26 February 2021.
The letter discusses the FSB’s 2021 work programme, which seeks to address vulnerabilities directly related to COVID-19 and to increase resilience of non-bank financial intermediation (NBFI). It also aims to support strong, sustainable, balanced and inclusive growth in a post COVID-19 world.
The FSB will provide the G20 with an assessment of initial lessons learned from COVID-19 for financial stability, with an interim report in July and a final report in October. In coordination with other standard setting bodies, the FSB will look at financial institutions’ use of capital and liquidity buffers and how well crisis management and operational resilience arrangements have functioned.
The work programme includes examining and addressing specific risk factors that contributed to amplifying market turmoil, enhancing understanding of systemic risks in NBFI and investigating policies to address these risks. Other key FSB priorities include:
- Implementing the FSB roadmap to enhance cross-border payments;
- Assessing the availability of data through which climate-related risks to financial stability could be monitored; and
- Addressing other financial stability topics of ongoing importance, such as a smooth transition away from LIBOR.
United Kingdom: FCA publishes policy statement on amendments to single and cumulative transaction thresholds for contactless payments
On 3 March 2021, the FCA published a policy statement (PS21/2) on amendments to the single and cumulative transaction thresholds for contactless payments, which also summarises responses received on its proposed amendments as set out in its January 2021 consultation paper (CP21/3).
The policy statement confirms that the FCA is amending Article 11 of the SCA-RTS to increase the single transaction threshold for contactless card payments from £45 to £100 and increase the cumulative transaction threshold from £130 to £300 (as also announced in the 2021 Budget). The change to the cumulative transaction threshold replaces the supervisory flexibility introduced to support the industry during the COVID-19 pandemic.
The FCA reminds firms that they must ensure they sufficiently mitigate the risk of unauthorised transactions and fraud, including by having the necessary fraud monitoring tools and systems in place and taking swift action where appropriate. The FCA may take appropriate measures, including enforcement action, where breaches are identified.
United Kingdom: Government publishes prototype trust framework on use of digital identity services
On 11 February 2021, the Department for Digital, Culture, Media and Sport published a policy paper, ‘The UK digital identity and attributes trust framework’.
The policy paper sets out a prototype trust framework of draft rules and standards for organisations who want to provide or use digital identity products and services. It is part of the government’s wider plan to make it quicker and easier for people to verify themselves using modern technology, and the aim is to create a process as trusted as using passports or bank statements.
Some of the key standards and requirements for the provision or use of digital identity services include:
- Having a data management policy;
- Following industry standards and best practice for encryption and cryptographic techniques;
- Informing users of changes made to their digital identity;
- Having account recovery processes and notifying users if a suspicion exists that their accounts have been fraudulently accessed;
- Making sure digital identity products and services are inclusive and accessible, and submitting an annual exclusion report; and
- For identity service providers who want to create a reusable digital identity, linking the digital identity to an ‘authenticator’ (eg, password) and following the guidance on using authenticators to protect an online service.
The paper is being published as a prototype to enable the government to test it with services, industries and potential users.
Among other matters, the government says that further work will be needed on the legislative or governance arrangements required to underpin the framework and ensure it is ready for use in the economy.
The government invited comments and feedback on the draft framework via a survey which was open for comment until 11 March 2021.
For further information, see the accompanying press release.
Europe: International Regulatory Strategy Group (IRSG) publishes response to the European Commission’s legislative proposal on digital operational resilience for the financial sector
On 18 February 2021, the IRSG published its response to the European Commission’s legislative proposal for a Regulation on digital operational resilience for the financial sector (‘DORA’). The response identifies three overarching areas of concern:
- Ensuring sufficient flexibility for requirements to be applied appropriately by each of the broad range of entities to which they apply;
- Avoiding overlap, duplication and contradictions caused by the application of the DORA requirements in conjunction with existing legislation / guidance; and
- Identifying practical issues arising from specific requirements in the draft proposal.
In relation to the above themes, the IRSG’s key comments include:
- There are a number of cases (including in relation to required security measures) where the DORA proposal is overly prescriptive. There is a need to be less specific and more flexible given the wide range of entities caught;
- It should be clear when entities should make an incident report, the mechanism for reporting should be practicable, and the DORA requirements should not unnecessarily duplicate reporting obligations under other applicable legislation; and
- Requiring ICT providers to participate in financial entities’ penetration testing will overburden suppliers, and will be particularly problematic for providers who supply multiple entities. Any testing scheme should be aligned with industry programmes, such as TIBER-EU, and should permit ICT providers to conduct their own testing and report to financial entities.
Europe: ECB publishes memorandum of understanding with Bank of England (BoE) and FCA on supervisory co-operation
On 19 February 2021, the ECB published a memorandum of understanding on post-Brexit supervisory co-operation that it has entered into with the BoE and the FCA.
The purpose of the memorandum is to formalise supervisory co-operation and information sharing arrangements between the ECB, the BoE and the FCA. The memorandum focuses on ensuring effective cooperation and exchange of supervisory information for the performance of the authorities’ respective supervisory powers over supervised entities, to the extent permitted by their applicable legal framework.
In a press release, the ECB explains that to enhance transparency and accountability it has decided to publish this memorandum and all existing and future supervisory memoranda of understanding on a dedicated page on the ECB’s banking supervision website.
United Kingdom: ICO letter confirms UK based financial services organisations can rely on public interest derogation to export data to SEC
In February 2021, the Information Commissioner’s Office (ICO) released a letter it wrote to the U.S. Securities and Exchange Commission (SEC), explaining the ICO’s views on how the restrictions on international transfers of data under Chapter V of the GDPR apply to UK based financial services organisations that are subject to regulation by the SEC. The letter was sent on 11 September 2020.
The letter confirmed that it is possible for SEC-regulated UK firms to transfer personal information to the SEC on the basis of the derogation set out in Article 49.1(d) GDPR, namely that the transfer is necessary for important reasons of public interest. The derogation should also be applied on a case-by-case basis.
The ICO was also of the opinion that UK organisations and the SEC should collaborate on adopting an Article 46 GDPR transfer safeguarding mechanism, which could include the use of standard contractual clauses.
Europe: ECB publishes opinion on proposed Regulation on markets in cryptoassets
On 22 February 2021, the ECB published an opinion on the proposed Regulation on markets in cryptoassets (2020/0265(COD)).
The opinion sets out the proposals relating to the responsibilities of the Eurosystem, the European System of Central Banks (ESCB) and the ECB itself where the ECB considers adjustments are still needed. In particular, the ECB comments that:
- More clarity is needed with respect to the distinction between cryptoassets that may be characterised as financial instruments (falling under MiFID II) and those which would fall under the proposed Regulation;
- The prohibition on payment of interest on cryptoassets stipulated in the proposed Regulation might make the relative attractiveness of e-money tokens and asset reference tokens from the perspective of the holder dependent on the interest rate environment, which could have implications for financial stability and monetary policy transmission;
- The Regulation should clarify that it does not apply to the issuance by central banks of central bank money based on distributed ledger technology (DLT) or in digital form as a complement to existing forms of central bank money;
- There does not seem to be any economic reason to justify different supervisory arrangements between significant asset-referenced tokens (subject to a harmonised EBA supervision) and significant e-money tokens (subject to dual supervision by the EBA together with the national competent authority (NCA)); and
- It is of the utmost importance to establish a clear coordination mechanism, including clearly defined processes and timelines regarding notification aspects, between the relevant NCAs and the ECB in its role as prudential supervisor for significant credit institutions when they intend to issue cryptoassets and/or provide cryptoasset related services.
Where the ECB recommends that the proposed Regulation is amended, specific drafting proposals with accompanying explanatory text are set out in a technical working document within the opinion document.
Europe: EPC publishes version 7 of its guidelines for appearance of mandates for Single European Payments Area (SEPA) direct debit schemes
On 23 February 2021, the EPC published version 7 of its guidelines (EPC392-08) on the appearance of mandates for the SEPA Direct Debit Core Scheme (SDD) and the SDD Business-to-Business Scheme (B2B).
The guidelines focus on the visual presentation of mandates issued by Creditors as part of their offer to Debtors for the use of SDD as a way of making payments. The objective is to illustrate several ways to reduce the mandate complexity without losing any essential or mandatory content whilst remaining rulebook compliant. Guidance is given on:
- Data elements to be included in the mandate, divided into mandatory (must be present on the mandate form) and optional elements (only provided on the mandate form if the Creditor considers it useful);
- Specimen forms for the SDD core mandate, either as a stand-alone or combined form;
- Specimen forms for the SDD B2B mandate, either as a stand-alone or combined form; and
- Translation of mandates, which are available in all EEC languages on the EPC website.
The guidelines are intended to supplement section 4.7.2 of the SDD Core and SDD B2B Scheme Rulebooks, which define the rules for the content of SDD Core and SDD B2B mandates.
Europe: EBA publishes second opinion on obstacles to provision of third party provider services under PSD2
On 22 February 2021, the EBA published its second opinion on supervisory actions to ensure the removal of obstacles to account access under PSD2.
The EBA notes that some ASPSPs across the EU have still not removed the obstacles to account access under PSD2 and Article 32(3) of the SCA RTS and are preventing the competition-enhancing objective of PSD2 from materialising in full.
In order to ensure that obstacles to the provision of account information services and/or payment initiation services in the ASPSPs’ interfaces are removed, the EBA expects national competent authorities (NCAs) to assess the progress made by their respective industries, or complete their assessment should they have already started it, taking into account the principle of proportionality. Where this assessment identifies, or has identified, that ASPSPs continue to have such obstacles in their interfaces, the EBA expects NCAs to take, by 30 April 2021, supervisory actions requiring these ASPSPs to become compliant with the applicable law and to set a deadline for the removal of these obstacles.
The EBA will monitor the way in which these supervisory actions are taken into account. If it identifies inconsistencies in the application of PSD2 and the SCA RTS, it will take action to remedy those inconsistencies.
The EBA published its first opinion on obstacles under Article 32(3) of the SCA RTS in June 2020.
Europe: European Commission publishes draft adequacy decision on UK data protection framework
On 19 February 2021, the European Commission published a draft adequacy decision on transfers of personal data to the UK under the GDPR.
The adequacy analysis is a comparison between the EU and UK frameworks for data protection. The draft analysis concluded that the UK ensures an "essentially equivalent" level of protection to that guaranteed under the GDPR. It focused on:
- Material and territorial scope of the frameworks;
- Definitions of personal data and concepts of controller and processor;
- Safeguards, rights and obligations; and
- Oversight and enforcement.
The draft adequacy decision closely scrutinised the restriction to individual rights and other provisions under the immigration exemption and for the purpose of safeguarding national security or for defence purposes. The European Commission took the view that the exemptions are subject to a number of strict conditions and can only be invoked on a case-by-case basis, such that they are unlikely to compromise the level of protection afforded in the UK.
Under the Trade and Cooperation Agreement, effective from 1 January 2021, transfers of personal data from the EU to the UK are not considered as transfers to a “third country” under EU law for a “bridging period” ending on 30 June 2021 at the latest. The EU has until the end of the bridging period to determine whether to adopt the draft adequacy decision.
For the European Commission to adopt a final adequacy decision, the draft will require: a "non-binding opinion" from the EDPB and approval from EU member states' representatives.
If adopted, the decision will be valid for an initial term of 4 years, only renewable if the level of protection in the UK continues to be adequate. Until then, UK organisations continue to be able to receive personal data from the EU under the temporary "bridging mechanism" agreed in the EU-UK Trade and Cooperation Agreement.
See more information here.
Europe: European Commission consults on review of crisis management and deposit insurance framework
On 25 February 2021, the European Commission launched a general public consultation on its review of the crisis management and insurance framework (CMDI).
The framework establishes rules for handling bank failures while protecting depositors. It is composed of three EU legislative texts acting together with relevant national legislation: the Bank Recovery and Resolution Directive (2014/59/EU) (BRRD), Single Resolution Mechanism (SRM) Regulation (806/2014), and the Deposit Guarantee Schemes Directive (2014/49/EU) (DGSD).
The Commission is seeking stakeholders’ views on and experience with the current crisis management and deposit insurance framework, as well as thoughts on its possible evolution. By reviewing the framework, the Commission aims to increase its efficiency, proportionality and overall coherence in managing bank crises in the EU, as well as to enhance the level of depositor protection, including through the creation of a common depositor protection mechanism in the Banking Union.
The public consultation covers ten questions on the key directions of the review of the bank crisis management and deposit insurance framework and is available in twenty-three official EU languages. A more technical targeted consultation has also been launched in parallel.
The same questions feature in both the targeted and the general public consultations, except that for the targeted consultation the Commission is seeking more specialised and technical views. It advises stakeholders to reply to only one of the two versions to avoid unnecessary duplications.
The targeted consultation closes on 20 April 2021, and the general public consultation closes on 20 May 2021.
Global: FATF publishes February 2021 plenary outcomes
On 26 February 2021, the FATF published the outcomes of its February 2021 plenary. These included:
- Delegates’ agreement to release for public consultation (i) draft guidance to assist countries, financial institutions and designated non-financial businesses and professions (DNFBPs) in identifying, assessing and mitigating the risks of the financing of the proliferation of weapons of mass destruction, and (ii) updated guidance on virtual assets and virtual asset service providers;
- Agreement on starting new work on digital transformation of anti-money laundering and counter-terrorist financing action; and
- Exploration of potential amendments to further strengthen the FATF requirements on beneficial ownership, in particular how to improve transparency and ensure that up-to-date beneficial ownership information is available to authorities.
Europe: EBA publishes opinion on money laundering and terrorist financing risks affecting EU financial sector
On 3 March 2021, the EBA published an opinion on the risks of money laundering and terrorist financing that are affecting the EU's financial sector.
The opinion looks at risks that cut across various sectors. These include risks associated with virtual currencies and with the services provided through FinTech firms, including RegTech solutions, risks arising from weaknesses in firms’ CFT systems and controls, and risks arising from de-risking.
The opinion also looks at sector-specific risks, as assessed by competent authorities (CAs). Points of particular interest for payments include:
- The EBA assessed the payment institutions sector as presenting significant or very significant inherent risks. The EBA proposes that CAs engage further with the sector and consider whether their supervisory activity in this sector may need to be enhanced in line with the level of money laundering/terrorist financing (ML/TF) risks by, for example, focusing more on on-site supervision;
- As the e-money institutions sector is assessed as presenting high ML/TF risk, CAs are advised to consider how they can use a mix of different supervisory tools to supervise the sector more efficiently; and
- In relation to credit institutions, among other things the EBA encourages CAs to monitor closely the evolution of key emerging risks identified in the sector, such as those associated with FinTech (including RegTech solutions) and those associated with the current pandemic.
The EBA issued the opinion as part of its new mandate to lead, co-ordinate and monitor the fight against money laundering and terrorist financing in the EU financial system. ESMA and EIOPA were also closely involved in its preparation.
United Kingdom: Digital Regulation Co-operation Framework (DRCF) workplan 2021/22 published
On 10 March 2021, the Digital Regulation Co-operation Framework (DRCF) (currently the CMA, OFCOM and the ICO, with the FCA joining as a full member from April 2021) published its 2021/22 workplan. The DRCF aims to support regulatory co-ordination in digital markets, and co-operation on areas of mutual importance.
The 2021/22 workplan focuses on three priority areas:
- Responding strategically to industry and technological developments: Priority areas for strategic joint work include algorithmic processing.
- Developing joined-up regulatory approaches: Main areas for joint work will include interactions in the wider digital regulation landscape, including building on existing discussions with regulators with a mutual interest in the regulation of digital services, such as the PRA, the PSR, and the Gambling Commission.
- Building shared skills and capabilities: As part of a working group including DRCF members, the Alan Turing Institute and the Office for AI, it is researching different approaches for sharing skills and capability.
The DRCF also plans to strengthen its wider stakeholder engagement, including international engagement, and develop its operational capabilities, eg through a review of its Memoranda of Understanding. It will also assist the government as it considers further measures to support digital regulatory co-operation.
The DRCF welcomes comments and engagement on its workplan and priorities. It will update its workplan and report on progress in 12 months' time.
Europe: EBA consultation on draft revised guidelines on stress tests of deposit guarantee schemes
On 11 March 2021, the EBA published a consultation paper on draft revised guidelines on stress tests conducted by national deposit guarantee schemes (DGSs) under the Deposit Guarantee Schemes Directive (2014/49/EU) (DGSD).
The EBA is proposing to repeal and replace the existing May 2016 guidelines to achieve greater harmonisation and comparability. The aim is that the proposed framework will enable the EBA to carry out a more robust peer review of national DGS stress tests in 2024/25.
The consultation closes on 11 June 2021. The EBA will hold a public hearing on its proposals on 26 May 2021, after which it will finalise the guidelines.
Global: Trade-based money laundering risk indicators report published by FATF and Egmont Group
On 11 March 2021, the FATF and the Egmont Group of Financial Intelligence Units published a joint report on trade-based money laundering (TBML) risk indicators.
The risk indicators are designed to enhance the ability of entities to identify suspicious activity associated with this form of money laundering, but the list of indicators is not conclusive.
As explained by the FATF and the Egmont Group, the indicators are relevant to both the public and private sectors, with particular relevance to financial institutions including banks and money value transfer services, designated non-financial businesses and professions, and SMEs and large conglomerates. The indicators are intended for use by individuals with responsibility for compliance, transaction monitoring, investigative analysis, client on-boarding and relationship management, as well as other areas working to prevent financial crime.
Europe: European Commission consultation on roadmap on EU-wide instant payments scheme
On 11 March 2021, the European Commission published an inception impact assessment (roadmap) on a proposal for a Regulation on an EU-wide instant payments scheme for consultation. The initiative is intended to complement the Commission's communication on an EU Retail Payments Strategy, which includes the aim of facilitating the full take-up of instant payments in the EU.
The draft roadmap aims to assess the need to foster pan-European market initiatives based on instant payments to ensure that anyone holding a payment account in the EU can receive and send an instant credit transfer from and to any other payment account in the EU (first in EUR and eventually in all EU currencies).
The Commission's objective is to improve the instant payments sector in the EU through a centralised scheme, as member state initiatives to promote the uptake of instant payments are likely to lead to further market fragmentation by creating domestic instant payment systems based on different rules and standards.
The Commission is considering both non-legislative and legislative options:
- Among the non-legislative options is the idea of actively promoting the voluntary participation of payment service providers (PSPs) in relevant standardisation processes and schemes.
- Legislative options include incentives for PSPs to offer instant credit transfers in euro, along the lines of the SEPA Regulation for SEPA credit transfers and direct debits, targeted consumer protection and fraud prevention measures, and reconciling instant payments with regulatory compliance obligations (for example, relating to sanctions screening).
The consultation deadline is 7 April 2021. Depending on the consultation outcome, the Commission's indicative plan is to adopt a proposal for a Regulation in Q1 2022.
United Kingdom: CRM Code review roadmap for 2021 published by LSB
On 1 March 2021, the Lending Standards Board (LSB) published a roadmap setting out the activity it will be undertaking in 2021 as part of its review of the contingent reimbursement model code (CRM Code) for authorised push payment (APP) scams.
In a related press release, the LSB also announced that it has begun work on a follow-up review of provision R2(1) (c) of the Code, on the approach to reimbursement of customers, and that it will publish the review outcome later in 2021.
United Kingdom: FCA publishes new webpages on temporary permissions regime
On 4 March 2021, the FCA published new webpages on the temporary permissions regime (TPR). The new webpages apply to firms in the TPR that previously passported into the UK under Schedule 3 or Schedule 4 to the Financial Services and Markets Act 2000 (FSMA):
- Landing slots for firms in the TPR, explaining next steps once firms have received a "landing slot" to apply for full authorisation in the UK. There are links to the material firms should read before submitting an application, as well as FAQs.
- Cancelling a temporary permission, setting out the steps for cancelling a temporary permission if the firm is in the TPR or the supervised run-off (SRO) regime and no longer has business requiring it to have UK permission.
- Supervising firms in the TPR, explaining how the FCA supervises firms in the TPR.
Global: FATF publishes revised guidance for applying risk-based approach to AML/CFT supervision
On 4 March 2021, the FATF published revised guidance for applying a risk-based approach to AML/CFT supervision. The guidance aims to encourage countries to move beyond a tick-box approach in monitoring the private sector's efforts to curb money laundering and terrorist financing.
Global: FATF consultation on draft guidance on assessing and mitigating proliferation financing risk
On 1 March 2021, FATF published a consultation on draft guidance on assessing and mitigating proliferation financing risk, focussing on helping both private and public sectors implement the new FATF requirements to identify, assess, understand and mitigate proliferation financing risk (set out in recommendation 1, as amended in October 2020).
The consultation closes on 9 April 2021, after which the FATF will consider responses and revise the draft guidance text for discussion, and possibly adoption, at its June 2021 meeting.
Europe: EBA publishes final report containing revised AML and CTF risk factors guidelines under MLD4
On 1 March 2021, the EBA published its final report (EBA/GL/2021/02) containing revised guidelines on customer due diligence (CDD) and the factors credit and financial institutions should consider when assessing money laundering and terrorist financing risk associated with business relationships and occasional transactions under Articles 17 and 18(4) of MLD4.
The final revised guidelines are addressed to both firms and supervisors and take into account changes to the EU AML and CTF framework in MLD4 made by MLD5, as well as the identification of new risks and challenges. Points of interest include:
- Strengthened requirements on individual and business-wide risk assessments and customer due diligence (CDD) measures, with new guidance on the identification of beneficial owners, the use of innovative solutions to identify and verify customers' identities, and how firms should comply with legal provisions on enhanced CDD (EDD) related to high-risk third countries.
- New sectoral guidelines for crowdfunding platforms, corporate finance, account information service providers (AISPs) and payment initiation services providers (PISPs), and firms providing currency exchanges offices.
The revised guidelines will be translated into the official EU languages and published on the EBA website, after which competent authorities will have two months to report whether they comply. The revised guidelines will apply three months after publication of the official language versions, repealing and replacing the original June 2017 version.
Payment Market Developments
Bulgaria: Mobile payments firm Settle enters Bulgaria
On 8 March 2021, it was reported that Settle has added Bulgaria as its twenty-second market, making Settle the largest collaborative mobile payment network in Europe. Bulgarians can now send and receive money instantly and for free, through the Settle app. Businesses can also accept digital payments using only their name. Settle does not require users to have a bank account, but funds can be transferred to bank accounts for free.
India: Crypto bank Unicas opens third physical branch in India
On 2 March 2021, it was reported that Unicas, a cryptocurrency financial institution based in India, has opened its third physical bank location in New Delhi. From this branch in the national capital, Unicas will offer banking services based on fiat and cryptocurrencies. The financial institution has two other branches in Jaipur and Jamnagar, and aims to launch 50 more branches by the end of 2022.
Europe: CloseCross becomes world’s first EU licensed blockchain-based derivatives platform
On 2 March 2021, it was announced that blockchain-based derivatives platform CloseCross has become the world’s first trading platform of its kind to be licensed under the EU’s MiFID II regulations. The innovative fintech platform, which allows investors to enter multiparty derivative contracts, is now fully regulated under MiFID rules offering increased protection and transparency for customers.
United Kingdom: NatWest initiates open banking payments feature for business customers
On 25 February 2021, it was reported that NatWest will launch Open Banking technology to allow businesses to send payments directly through Payit by NatWest to customers without needing their banking details. The bank is currently working on plans to enhance its Open Banking compatibility by launching an API proposition, allowing merchants to integrate Payit by NatWest directly with their own technology infrastructures. NatWest claims this is an industry first.
United States: Google introduces pay for parking within Google Maps
On 17 February 2021, Google announced a new feature allowing consumers in 400 cities across the United States to pay for parking and transit fares directly from within Google Maps. The feature is a result of an integration with parking solutions providers Passport and ParkMobile.
India: Reliance Industries Ltd will partner with Google and Facebook to seek India Payments Business Licence
On 1 March 2021, it was announced that India’s largest company by market value, Reliance Industries Ltd, will partner with Google and Facebook to seek a licence to enter India’s digital payments business market. The Reserve Bank of India has called for applications from those keen to enter India’s digital payments space by 31 March and is expected to study the proposals over the next six months. The Indian digital payments market is estimated to reach USD1 trillion by 2023.
Europe: Skrill launched digital wallet feature enabling users in the EEA to withdraw funds directly to an external cryptocurrency wallet
On 23 February 2021, it was reported that digital payments provider Skrill will introduce a new feature that enables users to withdraw funds directly to a cryptocurrency wallet of their choice. Skrill users in the EEA will now be able to instantly convert and withdraw their fiat balance, with plans to launch the feature in the UK in the near future.
Germany: Deutsche Bank and Mastercard expanding partnership to innovate digital payments
On 24 February 2021, Deutsche Bank announced that it is expanding its partnership with Mastercard in the payments space, to develop innovative digital payments solutions for business clients. The goal of the initiative is to enable companies to offer their products and services to new customer demographics, to develop digital business models and to expand sales channels in Germany and beyond.
Lithuania: Verifo partners with iDenfy biometric ID for digital onboarding
On 25 February 2021, it was reported that Lithuania-based iDenfy has added Verifo, an EU licensed e-money institution, as its latest partner implementing its digital identity verification interface. The partnership will enable Verifo to verify customers’ identities digitally throughout the world with internet access, a smartphone or a laptop with a camera.
Germany: Fidor Solutions and SIA partner to launch instant payments
On 1 March 2021, it was reported that Fidor Solutions, a subsidiary of Sopra Banking Software, has contracted with SIA, a leading European hi-tech company in payment services and infrastructures, to launch an instant payments service in Germany and other European countries. The agreement allows European financial institutions and their customers to send and receive payments for a maximum amount currently set at 100,000 euros per individual transaction in less than 10 seconds, 24 hours a day, 365 days a year, in line with the European Payments Council’s SEPA Instant Credit Transfer scheme.
United States: Sino-Global Shipping America, Ltd. joins rank of companies accepting Bitcoin as Payment
On 2 March 2021, Sino-Global Shipping America, Ltd. announced that it will now accept Bitcoin as a form of payment for its global shipping, freight, and logistics services. Payments made in Bitcoin will be made at the rate applicable at the payment date. The company believes that accepting Bitcoin amongst other payment methods will allow customers and business partners to take advantage of an increasingly important payment network.
India: State Bank of India adopts JPMorgan’s blockchain network for cross-border payments
On 23 February 2021, it was reported that the State Bank of India has become the first bank in India to join the JPMorgan blockchain network. The network will help the Indian bank to speed up cross-border payments, saving customers more time and cost when making such payments.
Australia: eftpos announces details of a national QR code payments network rollout
On 25 February 2021, eftpos, Australia’s national payments network, announced details of a national QR code payments network rollout, which aims to provide Australian consumers and merchants with more seamless experiences across e-commerce, mobile or in-person payments.
The decision to establish the network comes in the context of the COVID-19 pandemic, which has introduced Australians to widespread QR code use through COVID-19 check-ins and an increase in digital shopping.
It works by generating unique QR codes containing transaction details that are captured on a consumer’s mobile phone, initiating a secure digital wallet payment that is integrated with the merchant’s loyalty service provider.
The network should be being trialled by mid-2021 and national rollout is expected to be completed during 2022.
Surveys and Reports
United Kingdom: Open banking highlights, January 2021
On 26 February 2021, the Open Banking Implementation Entity (OBIE) published a selection of open banking highlights from January 2021.
The OBIE reported 299 regulated open banking providers, made up of 219 third party providers and 80 account providers. Out of these, 105 regulated entities have at least one proposition live with customers.
The key highlights include:
- On 13 January 2021, the UK celebrated the third anniversary of PSD2 making open banking a regulatory requirement in the UK and reported reaching 3 million active open banking users.
- On 21 January 2021, the OBIE launched the second stage of a consultation into Variable Recurring Payments and Sweeping, and produced revised Variable Recurring Payments Standards. This stage of the consultation closed on 12 February 2021.
Global: Financial Crime Report, Q1 2021
On 4 March 2021, cloud-based risk management platform Feedzai published its Financial Crime Report for Q1 2021.
The report examined the effect of the COVID-19 pandemic on consumer behaviour and financial crime in the Asia-Pacific region as compared to Europe and North America. It found that the pandemic fuelled increased levels of fraud and financial crime. The top five transfer fraud schemes were impersonation scams, purchase scams, account takeover scams, investment scams and romance scams. ATMs were the top debit and credit card fraud targets by amount of money stolen, whereas subscription services were the top target in terms of fraud rate.
The report also compared data from Q1 2021 to Q4 2020 and found:
- Account takeover scams increased by 650%;
- Online banking fraud attacks increased by 250%;
- The fraud rate for digital media increased by 178%;
- 70% of all fraud is driven by card-not-present transactions; and
- Card-present transaction volume dropped by 20%, but card present fraud attacks dropped by 48%.
United Kingdom: National study finds continued desire for instant payment methods and growing prevalence of loyalty programmes
On 3 March 2021 , daVinci Payments published a study on the ‘Future of Payments UK’, both in relation to how consumers prefer to make payments, and how they prefer to be paid.
According to the study, contactless payments are becoming increasingly popular. Key findings regarding contactless payments include:
- Over half of UK consumers say that 75% or more of their in-person payments are contactless;
- Physical cards are the preferred method of contactless payment, but mobile wallets and payment apps are gaining popularity; and
- A third of consumers now use payment apps for online payments.
The study also revealed the growing appeal of loyalty programmes:
- 86% of respondents identified loyalty programmes as an important factor in their purchasing decisions;
- 40% of consumers participate in four or more loyalty programmes;
- Consumers prefer prepaid cards for loyalty rewards over physical cards mailed to them;
- If they receive a prepaid card loyalty reward, 48% of consumers prefer a virtual, instant card; and
- 31% of employees would prefer to receive a reward instantly via a prepaid card, as opposed to direct deposit into a bank account.