Hogan Lovells 2024 Election Impact and Congressional Outlook Report
Recent regulatory developments focussed on the payments sector. Includes reports on HM Treasury's proposed new special administration regime for PIs and EMIs, and the latest on the APP CRM Code. See also our General regulatory news in the Related Materials links.
HM Treasury is consulting on proposed insolvency changes for payment institutions (PIs) and electronic money institutions (EMIs), including a bespoke special administration regime (SAR). HM Treasury notes the shortcomings of the current insolvency regime and is making these proposals ahead of the conclusion of the Payments Landscape Review to protect consumers in the event of the insolvency of PIs and EMIs.
The proposed SAR is intended to have the following key features:
The Treasury explains that Part 24 of the Financial Services and Markets Act 2000 provides the Financial Conduct Authority (FCA) with specific powers to protect consumers in an insolvency process of an FCA authorised firm. While the Payment Services Regulations 2017 and Electronic Money Regulations 2011 incorporate some FSMA insolvency provisions, it also proposes extending the full suite of provisions to PIs and EMIs so that the FCA has the same rights to participate and protect consumers in an insolvency process for PIs and EMIs, as it does for other FCA supervised firms.
Two annexes to the consultation paper provide details of the draft regulations for the proposed SAR. The regulations will create the new regime. On 17 December 2020, the Government will publish a further annex with details regarding rules for the proposed SAR. The rules will be closely related to the investment bank SAR rules with minor modifications.
Responses on this consultation (and its two annexes) are requested by midnight on 14 January 2021. Responses specifically on proposals for the rules published on 17 December 2020 are requested by midnight on 28 January 2021.
The House of Commons Public Accounts Committee (PAC) has published a report on the production and distribution of cash. In its summary, it states that oversight of the UK's cash system is fragmented. HM Treasury, the Bank of England (BoE), the FCA and the Payment Systems Regulator (PSR) all have responsibility for aspects of the system. The PAC is concerned that responsibilities among these bodies are currently unclear. No one body is in overall charge of making sure that people and businesses have access to cash.
The PAC is also worried that these bodies appear to be unclear on what they are trying to deliver for consumers and businesses. They do not appear to have grasped the full impact a lack of access can have on communities, or the real detriment caused to some groups and consumers. Unless the government acts quickly, the PAC warns that there are clear dangers of hardship for some individuals and groups if the UK moves towards a cashless society.
The PAC also finds that the BoE does not appear to have a convincing reason for why the demand for bank notes keeps increasing. It says the BoE needs to be much more curious about what is driving the increase and work with HMRC and other public agencies to shed light on this.
Recommendations in the report include:
UK Finance has published a press release relating to the interim funding arrangement to compensate victims of authorised push payment (APP) scams under the voluntary APP Contingent Reimbursement Code (also known as the Contingent Reimbursement Model Code or CRM Code).
The interim funding is being provided by seven PSPs to ensure customer reimbursement takes place while regulators and the government work to deliver a long-term, sustainable funding arrangement. The seven PSPs have agreed to extend the interim funding arrangements for a further six months until 30 June 2021. This is intended to provide further time for legislation to be agreed and implemented, placing the voluntary CRM Code on a statutory footing.
The Lending Standards Board (LSB) is the official governing body for the CRM Code, with responsibility for independent oversight of its implementation and ongoing adherence by the industry. It has published a summary report of its findings from a review of how firms have implemented the effective warnings provision (that is, provision SF1(2)) of the CRM Code for APP scams. The CRM Code requires that where firms identify APP scam risks in a payment journey, they should take reasonable steps to provide their customers with effective warnings, which should include appropriate actions for those customers to take to protect themselves from APP scams.
The review was carried out between August and November 2020. The LSB evaluated how all nine signatory firms have implemented the effective warnings provision. Overall, the LSB found that the firms had taken the provision of effective warnings as a key tool in efforts to prevent APP scams taking place. All participants acknowledged that warnings could be improved and enhanced, but that they could not prevent all occurrences of customers falling victim to scams. Most firms were in the process of reviewing the warnings in place and many had change programmes underway with a view to improving the design and impact of warnings. The LSB also found that all firms have improved the level of customer education information provided.
However, some CRM code breaches were identified, as well as key areas for improvement across the industry. The LSB will work with the relevant firms to ensure the breaches are resolved as a priority.
The LSB concluded that there is still work to be done to meet all the CRM code requirements and reach a position where firms are displaying dynamic, targeted and effective warnings. The areas for improvement, and good practices identified, are set out in the report.
Individual reports have been issued to the firms. These include the LSB's recommendations on how they must improve customer protection. The LSB will monitor firms' progress in embedding the recommendations and plans to carry out a follow-up review in 2021. The findings from the review will feed into the LSB's wider CRM Code review, the results of which will be published in the new year.
The European Payments Council (EPC) has published its 2020 report on payment threats and fraud trends. The EPC reports annually on the latest trends in security threats impacting payments and outlines how these threats could generate payment fraud. The 2020 report provides an overview of the current most important threats in the payments landscape, including social engineering and phishing, malware, advanced persistent threats, (distributed) denial of service, botnets and monetisation channels.
For each identified threat, the EPC provides a definition and a description, together with an analysis of the impact and context. The EPC also offers guidance on implementing controls and mitigation measures to address these payment risks. Annex I to the 2020 report contains an overview matrix listing the threats and the main suggested controls and mitigation measures.
Authored by Yvonne Clapham