Payment matters: No. 52

• United Kingdom

• Banking and finance
• Financial services - Payment services

17-01-2022

1. The Financial Stability Board Aims to Enhance Cross-Border Payments and Measure the Progress of its Roadmap

One year following the introduction of the G20’s priority initiative Roadmap for Enhancing Cross-Border Payments (the “Roadmap”), the Financial Stability Board (the “FSB”) published its progress report summarising the milestones and foundational work of the Roadmap, alongside a separate report presenting specific quantitative global targets for addressing the ‘Four Challenges of Cross-Border Payments’ – by 2027.  As the progress report illustrates, many of the initial milestones set out in Stages 1 and 2, developed by the FSB in coordination with the Committee on Payments and Market Infrastructures (“CPMI”) and other relevant international organisations, have already been completed or are nearing completion. Notwithstanding where some milestones have required minor extensions, the overall timeline for the Roadmap’s various implementations remain on track for meeting the initial deadlines.

The Roadmap

The Roadmap was developed to set out a global, high-level plan to enhance the safety and security of cross-border payments, concentrating on making payments faster, cheaper, more transparent and more inclusive. The Roadmap is implemented through FSB’s Cross-Border Payments Coordination Group where actions or ‘building blocks’ are presented in stages. Each stage shall be subject to public consultation (where appropriate) and all progress is reported to the G20.  Public consultations and FSB-mandated expert bodies will be used to help shape and adapt the Roadmap to ensure it meets its goals for the industry.

The Roadmap addresses the four existing challenges of (i) cost; (ii) speed; (iii) transparency; and (iv) access, across three core markets of (1) wholesale (payment transactions between financial institutions) (2) retail (business-to-business, person-to-business, business-to-person, or person-to-person payments), and (3) remittances (remittance payments are mainly made to those in emerging markets and developing economies, and person-to-person payments). This initiative seeks to address these challenges by recommending investment in practical improvements and upgrades to current payment systems, processes and technologies. Should these prove successful, the FSB’s Cross-Border Payments Coordination Group will look into the feasibility of implementing new and emerging payments infrastructures.

Both of these reports confirm that private sector commitments, global recognition and political support will be critical to the Roadmap’s roll out and success.

What this means for you?

The FSB is expected to provide further information on its approach to monitoring the progress of the Roadmap implementation by October 2022, with an interim update report expected in June 2022.

Organisations, service providers and other stakeholders in the cross-border payments space should review the timeline and goals of the Roadmap, and consider all ‘building blocks’ relevant to them, including:

• Data and market practice updates such as enabling ISO20022 messaging formats and other updates to transparency and uniformity when providing the information all cross-border payers and payees should have access to (e.g. total transaction cost (showing all relevant charges, including sending and receiving fees including those of any intermediaries, FX rate and currency conversion charges); the expected time to deliver funds; tracking of payment status; and terms of service). 
• Assessment of existing payment infrastructure and (where necessary) undertaking improvements and/or new developments.  Central banks may need to improve their core payment systems to enable the private sector to do the same.
• The ambitious ‘speed’ target for payment processing is that 75% of specific cross-border payments should be credited/provide availability of funds to the recipient within one hour, and  for the remainder of the market to be within one business day by the end of 2027. 
• The need for effective, harmonised corporate governance and an enhanced focus on collaboration between public authorities and the private sector to ensure these targets are achieved within the specified timeframe.
• Any global stablecoin or CBDC design should consider its cross-border arrangements and use-case. 

 2.    Real-Time Gross Settlement Systems Opening Hours Could be Extended to 24/7

 The Bank for International Settlements (“BIS”) has published a consultation report considering the impact a change to operating hours for real-time gross settlement (“RTGS”) systems may have.  BIS believes that the extension of the operating hours to a 24/7 model is consistent with G20 initiatives and would make cross-border payments more efficient and less costly by reducing the friction which arises in the time zone gaps between participating cross-border RTSG systems. 

BIS analysed 62 RTGS systems globally and devised three potential options for extending their operating hours:

1. an extension to current operating hours across specific jurisdictions to close daily gaps in RTGS operating hours (particularly on business days);
2. an extension to current non-operating days across various jurisdictions to close gaps created by bank holidays and weekends; and/or
3. provision of a near 24/7 service across the board.

These proposals have had a mixed reaction in the payments and settlement industry as overlapping global operating hours would not necessarily solve current issues associated with making cross-border payments. Some responses to the proposal have pointed out that there are a number of other factors which may delay a cross-border transaction, such as various jurisdictions’ Anti-Money Laundering/Counter Financing of Terrorism requirements or the impact of trying to harmonise the many legacy platforms used in the RTGS system. Other significant responses have suggested that frustrations with current cross-border transactions may be better dealt with by the progression of central bank digital currency (“CBDC”) projects. 

What this means for you?

Organisations who utilise the RTGS system should keep a watching brief on the consultation responses and outcome and be prepared operationally for any potential shifts in operating hours and what effect that may have.

We anticipate that BIS will publish further reports and developments in relation to cross-border transactions being handled by CBDC projects owing to the successful cross-border transaction simulation projects completed by various jurisdictions in 2021. Any global stablecoin or CBDC design should consider its cross-border arrangements and use-case. 

3.    Update on Open Banking’s Future

Open Banking enables the secure sharing data for customers’ benefit and has been recognised by UK regulatory authorities as championing competition and innovation in banking. Customers are now better able to compare prices for services in the market and manage payments through secure apps and systems.  Open Banking has delivered many positive changes to the payments industry, including increased transparency for customers. 

The UK's Competition and Markets Authority (the “CMA”) has published an update setting out a number of guiding principles for the future of Open Banking and the immediate steps it has taken to address the governance function of Open Banking Implementation Entity (the “OBIE”) following an investigation report by Alison White first published in October 2021, and updated in December 2021.

The CMA powers under the Retail Banking Market Investigation Order 2017 (the “Order”) will change as the implementation phase for Open Banking comes to an end over the course of 2022. It confirmed that underpinning the future arrangements of Open Banking will be the establishment of a new ‘Future Entity’ to replace the OBIE.

The CMA is committed to ensuring the Board of the Future Entity will be independent, accountable and have a clear purpose and vision for the entity, so it has specified a number of steps that have been taken already to overcome the issues identified in the independent report concerning the governance of the existing OBIE. These include appointment of a new Implementation Trustee and independent non-executive directors, and strengthening its HR and internal policies. The CMA has also set out some guiding principles it expects of Future Entity governance, including:

• regulatory collaboration with UK governing authorities;
• upholding regular reporting and to transparency benchmarks;
• establishing a more broadly-based, sustainable funding model;
• sufficient and fair representation in its actions of all relevant industry participants and end-users, including consumer and smaller business interests; and
• put in place sufficient transition arrangements to achieve smooth transition from OBIE to the Future Entity.

UK Finance has also published its report on its vision for the future of Open Banking by setting out the enhancements to governance and operational measures it perceives as necessary to realise its potential. It has previously proposed that an industry governance and technical ‘Participant Group’ should lead the future development of Open Banking, with appropriate anti-trust protocols. The report builds on this proposal and considers the development of an industry framework ‘payment arrangement’ which would introduce commercial application programme interfaces (“APIs”) and functionality/performance that sit outside the perimeters of the CMA Order and Second Payment Services Directive (“PSD2”) to improve open banking standards, for example, by introducing more payment execution certainty and visibility of payment status. UK Finance proposes that an industry-wide framework to describe the rights and obligations of the market participants may be necessary, and it has set out the options it perceives as available to the industry to achieve these within their report including via standardised contracts, bilateral contracts or multi-lateral contracts. It does conclude, however, that it is too early to assess the merits of bi-lateral versus multi-lateral agreements or a mixed economy of both in such a ‘payment arrangement’.

What this means for you?

The CMA will retain some direct regulatory powers, including regarding the maintenance of Open Banking and monitoring its compliance. However, there will need to be an effective longer-term framework in place for the Future Entity. We can expect a more detailed response to its March 2021 consultation on the future oversight of Open Banking remedies in the next quarter.

 UK Finance will discuss its report with regulators and other industry bodies and take forward the recommendations during the first quarter of 2022. 

We expect further consultation from relevant industry bodies and implementation requirements to be made available to stakeholders. Third party suppliers, banks and building societies should keep a watching brief of publications on the future of Open Banking, including forming responses to discussions on any future payment arrangements which may affect them.

4.    The Financial Conduct Authority’s Amendments to the Re-Authentication Regime

Since 14 September 2019, a strong customer authentication (“SCA”) regime has applied which affects the way banks and other payment services providers identify a person requesting access to an account or trying to make a payment. One of the consequences of this required re-authentication by customers every 90 days to show that they were happy for account information service providers (“AISPs”) to access data relating to their accounts.

The Financial Conduct Authority (the “FCA”) has now proposed a number of changes to its re-authentication regime. The proposals include amendments to shift the onus from banks and onto AISPs in managing their customer data sharing authentication and consents.  Among these changes, the FCA has also proposed:

• that some account servicing payment service providers (“ASPSPs”) should have to provide dedicated interfaces for third-party providers (“TPPs”) to access customer account information for retail and small and medium-sized enterprise payment accounts;
• changes to requirements relating to ASPSPs’ provision of interface technical specifications, testing interfaces and fallback interfaces, in order for ASPSPs to be able to innovate and launch products and services more quickly;
• that ASPSPs with authorisation under the post-Brexit Temporary Permissions Regime (“TPR”) will be exempt, in the UK, from having to set up a fallback interface granted by an EU competent authority.

Changes to the re-authentication regime have also been made in the EU, with the European Banking Authority (the “EBA”) proposing a mandatory exemption to Article 10 of the regulatory technical standards  if account information is accessed through an AISP.  The EBA has also suggested extending the re-authentication timeline requirement from 90 days to 180 days.

What this means for you?

In relation to the re-authentication regime, from 26 March 2022, UK account providers will use SCA for the first access request received from AISPs. AISPs will then have to manage customer data sharing consents and start sending consent confirmations no later than 26 July 2022. They will need to confirm every 90 days with customers whether they wish data sharing to continue. Importantly, they will not have to seek SCA each time they do so. This should be welcomed by AISPs who perceive the requirement to re-authenticate currently as a source of friction and drop-outs in their customer journeys.  

In relation to the other changes listed above, ASPSPs should consider and have processes in place to be able to provide dedicated interfaces so that TPPs can access specific customer account information four times per day where the customer is not involved in the request.   ASPSPs should also review closely the changes that will be made to requirements relating to the provision of interface technical specifications, testing interfaces and fallback interfaces to identify any additional build requirements. Of course ASPSPs with authorisation under the TPR will be able to ignore fallback interface considerations.

We anticipate further proposals will be put forward by the EBA in the near future as its consultation on the re-authentication rule concluded on 25 November 2021.

 5.    The PSR’s APP Scam Consultation Paper

The Payment Services Regulator’s APP scam consultation paper signals an intention to place reimbursement protection on a mandatory footing. The paper is supported by a Government statement that it intends to legislate to provide for mandatory reimbursement for scam victims. We consider the proposals and their implications in our article found here. The period for firms to submit responses ended 14 January 2022.

6.    Confirmation of Payee Mandated on UK’s Six Largest Banking Groups

The Payment Systems Regulator (the “PSR”) issued Specific Direction 10 in August 2019 which mandated Confirmation of Payee (“COP”) on the UK’s six largest banking groups (“SD10 Banks”) – this was later varied in February 2020, and is now the subject of a planned revocation.  COP is a means of providing senders of payments with a method to check that the individual or business that they are sending money to matches with the information that has been given to the sender.  Importantly, this now includes the name on the beneficiary account; whereas, previously only sort codes and account numbers would be verified by the payment service provider (“PSP”).

The intention behind the introduction of COP was to give payers a greater degree of security that the Faster Payment or CHAPS transaction they were sending was going to the same person or business that they intended to send the payment to. In this respect, COP has helped to protect consumers against certain types of fraud (e.g. Authorised Push Payment scams (“APP Scams”)) – in 2020, APP Scam losses totalled £479 million. This figure does not include misdirected payments, so the actual figure is likely to be much higher.

Most PSPs noted that the introduction of COP has improved customer experience and confidence in payment journeys, so it is recognised within the payments industry that expanding COP to PSPs that are not currently offering it will have multiple benefits, both to customers (from a fraud prevention perspective) and from a competition perspective.

What this means for you?

Phase 2 of COP is now in train and the aim is to enable further participation by PSPs through the creation of a dedicated ‘COP-only’ role profile in the Open Banking Directory. Another benefit is that a broader range of PSPs can join COP:

• PSPs that are unable to meet the full Open Banking PSD2 membership requirements;
• PSPs who do not own their own sort code in the extended industry sort code directory;
• Organisations who offer accounts addressable by secondary reference data (“SRD”) (e.g. building societies that use roll numbers).

The hope is that this will increase competition between PSPs, make joining COP more straightforward and – perhaps most importantly – bolster consumer confidence. PSPs that typically use SRD also include those operating accounts that receive aggregated sums of money (e.g. mortgage or loan accounts where there could be high-value payments being made).  Whether this is the best area to focus on from a COP perspective remains to be seen, given that mortgage and loan accounts are less likely to be subject to fraud.  However, there will be some consumer benefit by way of reassurance that the risk of misdirected payments is significantly decreased.

Whilst there is undeniably a benefit to consumers by encouraging more PSPs to join COP (especially as APP Scams have increased at the smaller banks that weren’t mandated to join Phase 1 of COP), there are some concerns that the broader industry has voiced over budgetary, technical and other regulatory dependencies.

From a budgetary perspective, a number of PSPs have indicated that there are other competing financial priorities and that if COP is not mandated, they will use their limited budget to focus on other equally important projects.

The other concern voiced in the ‘Confirmation of Payee Call for views – May 2021’ was that if the SD10 Banks were not mandated to migrate to the COP-only profile, they could not be reached by the PSPs who joined in Phase 2 which in large part eliminated a lot of the benefit potentially available to these PSPs.  The SD10 Banks made a public commitment to deliver the COP-only role by the end of 2021, and other Phase 1 PSPs have also confirmed their intention to be present and complete their migration by 30 March 2022. Because of this commitment, the PSR is not minded to direct Phase 1 PSPs to implement the Phase 2 environment considering them already motivated to deliver to these timelines because of the costs associated with dual running.

From a technical perspective, we understand that the final documentation and testing message simulator from Pay.UK have been made available to PSPs, but naturally all of this requires consideration, technical build, due diligence (if using a third party supplier) and governance frameworks.  If the timeline for Phase 2 of COP becomes uncertain or requires an extension, this could significantly impact PSPs’ delivery lead times. To combat this, the PSR published its consultation asking for views on ending the dual running period between Phase 1 and Phase 2 of COP by setting a date for access to the Phase 1 environment and rules and standards to end and removing regulatory obligations on PSPs to do COP checks in line with the Phase 1 rules and standards by 30 April 2022. It has also proposed revoking Specific Direction 10 on the same deadline and requiring regular, and in some cases enhanced, reporting from PSPs starting 1 April 2022. This consultation closed on 17 December 2021 so we can expect the next few months are going to be a busy time for the PSR and for PSPs that are going to join the COP-only role as part of Phase 2.  This, along with the public commitment from the SD10 Banks to be present in Phase 2 of COP, will give the smaller PSPs some much-needed comfort around previous concerns.

For more information on any of the matters covered in this edition of Payment Matters, please get in touch: