Payments regulatory news, 21 June 2021

Contents

• Download the full regulatory news bulletin
• Hogan Lovells Global Payments Newsletter: June 2021
• PSR consults on strategy for next five years
• CRM code for APP scams: results of LSB follow-up review of firms' approach to reimbursement of customers
• Proposed codified EU Regulation on cross-border payments: JURI report
• PSD2: EBA final report and revised guidelines on major incident reporting
• SCA for e-commerce card-based payments transactions: EBA report

Hogan Lovells Global Payments Newsletter: June 2021

We have published our latest Global Payments Newsletter which reports on key developments of interest to the payments sector over the last month, including:

• Hong Kong: FSTB publishes consultation conclusions on virtual asset services providers licensing regime;
• Europe: European Commission publishes proposal for Regulation establishing European Digital Identity framework; and
• India: Reserve bank confirms that cryptocurrencies are not outlawed in India for the moment.

PSR consults on strategy for next five years

The Payments Systems Regulator (PSR) has published a consultation paper, CP21/7, setting out its proposed strategy. In its consultation, the PSR identifies four strategic outcomes that it wants to achieve in the next five years and proposes four corresponding strategic priorities to enable it to deliver against those outcomes.

Its proposed outcomes are that:

• all users have access to payment services that meet their needs in terms of functions, quality, cost and other relevant factors;
• users' interests are adequately protected when using payment systems so that they can use systems and services with confidence;
• payment systems are designed and operated to enable effective competition in the provision of payment services; and
• payment systems are efficient and commercially sustainable.

Its proposed priorities are to:

• ensure users have continued access to payment services they rely upon and to support effective choice of alternative payment options;
• ensure users are sufficiently protected when using the UK's payment systems now and in the future;
• promote competition in markets and protect users where that competition is insufficient, including between payment systems within the UK and in the markets supported by them; and
• ensure the renewal and future governance of the UK's interbank payment systems supports innovation and competition in payments.

The consultation closes on 10 September 2021. The PSR aims to publish the final version of its strategy before the end of 2021.

CRM code for APP scams: results of LSB follow-up review of firms' approach to reimbursement of customers

The Lending Standards Board (LSB) has published a summary report on its follow-up review of firms' approach to reimbursement of customers under provision R2(1)(c) of the contingent reimbursement model code for authorised push payment (APP) scams (CRM code).

The LSB committed to carry out the follow-up review after undertaking an initial review of this area in 2019. The follow-up review was due to be completed in summer 2020 but was delayed due to the impact of COVID-19. The aim of the follow-up review was to assess individual firms' progress in implementing and embedding required actions from the initial review.

It its follow-up review, the LSB found that there have been varying degrees of progress made with respect to individual firm action plans from the initial review, and as a result, many actions remain open. From a total of 86 actions across all firms, there remain 46 still open. The LSB states that this is not the level of progress in implementing actions that it expected. Overall, it states that there appears to be a significant disconnect between the actions firms purport to have taken and the results of its validation exercise.

In addition to key themes from the initial review not being fully remediated, the LSB has identified other areas of concern during this follow-up review which are detailed in the report. The LSB emphasises that it is concerned that these combined findings are likely to cause failures in the ability of firms to provide good outcomes for customer. As such, it has issued individual report letters to each firm and written to their Chief Executive clearly setting out its expectations of each firm's compliance with the LSB's requirements and deadlines for remediation.

Proposed codified EU Regulation on cross-border payments: JURI report

The European Parliament's Legal Affairs Committee (JURI) has published a report on the European Commission's legislative proposal for a Regulation on cross-border payments in the EU, codifying and replacing the existing Regulation on cross-border payments.

The report, which was prepared by Rapporteur Karen Melchior, states that the European Parliament should adopt the European Commission's legislative proposal for the proposed Regulation as its own position at first reading, as adapted to the recommendations of the Consultative Working Party of the legal services of the European Parliament, the Council and the Commission (as set out in the Annex to the draft report). The report contains a draft European Parliament legislative resolution setting out this position.

The European Parliament's procedure file for the proposed Regulation indicates that it will be considered in plenary on 23 June 2021.

PSD2: EBA final report and revised guidelines on major incident reporting

Following its October 2020 consultation, the European Banking Authority (EBA) has published its final report containing revised guidelines on major incident reporting under the revised Payment Services Directive (PSD2). The report includes a summary of the feedback received in response to the consultation, together with the EBA's response.  In the light of the comments received, the EBA has introduced some changes to the guidelines.

The guidelines apply to the classification and reporting of major operational or security incidents in accordance with Article 96 of PSD2. They optimise and simplify the reporting process and templates, focus on incidents with significant impact on payment service providers (PSPs), and improve the meaningfulness of the information to be reported. The revised guidelines are also estimated to reduce the reporting burden for PSPs.

The guidelines will be translated into the official EU languages and published on the EBA website. They will apply from 1 January 2022. 

SCA for e-commerce card-based payments transactions: EBA report

The EBA has published a report on data provided by PSPs to national competent authorities (NCAs) on their readiness to apply strong customer authentication (SCA) for the subset of payment transactions that are e-commerce card-based payment transactions under PSD2. The EBA and NCAs assessed the data received from PSPs across the EU for the reporting periods in 2020 and an additional reporting period in April 2021 and developed this report.

The report covers the readiness of the industry to apply SCA for e‐commerce card‐based payment transactions from the perspective of issuing and acquiring PSPs (including merchants) and the impact of the SCA migration on fraud rates.

Overall, the EBA reports that, based on the date reported, large sections of the industry appear to be prepared for the application of SCA to e‐commerce card‐based transactions. However, PSPs in some jurisdictions are lagging behind others in enabling SCA on their payment cards and enrolling payment service users to SCA-compliant authentication solutions or initiating SCA-compliant transactions. Also, while the SCA non‐compliant transactions have decreased significantly, their levels in some jurisdictions remain relatively high.

Download the full regulatory news bulletin 

Authored by Yvonne Clapham