The Payments Newsletter including Digital Assets & Blockchain, May/June 2023

Key developments of interest over the last two months include: the UK PSR publishing a policy statement on its new reimbursement requirement to fight APP fraud; the Australian government confirming its strategic plan for the future of the country’s payments system; publication of the EU MiCA Regulation in the Official Journal of the EU; and the UK FCA introducing new rules for marketing cryptoassets to UK consumers.

In this Newsletter:

For previous editions of the Payments Newsletters, please visit our Financial Services practice page.

Regulatory Developments: Payments

European Union: Council of EU adopts its position on proposed Regulation on instant credit transfers in euro

On 22 May 2023, the Council of the EU announced in a press release that it has adopted its position on the legislative proposal for a Regulation on instant credit transfers in euro. Under the proposed rules, payment service providers (PSPs) which provide standard credit transfers in euro under SEPA will be required to also offer the service of sending and receiving instant payments in euro. The European Commission’s legislative proposal for the Regulation was first published in November 2022.

The Council will now begin trialogue negotiations with the European Parliament on the proposal in order to agree on a final version of the text.

Ireland: Central Bank of Ireland issues notice on safeguarding audit requirements for PIs and EMIs

Further to the Central Bank of Ireland’s (CBI) January 2023 Dear CEO letter, which requires payment institutions (PIs) and electronic money institutions (EMIs) to obtain an audit of their safeguarding arrangements, on 25 May 2023 the CBI published a notice detailing the specific format and requirements for such audits (the Notice). According to the Notice:

  • Firms must prepare a document setting out a detailed description of their safeguarding arrangements (the Description). Appendix 1 of the Notice sets out detailed requirements of firm’s safeguarding arrangements to be addressed in the Description. The Description should address the arrangements in place at 31 December 2022 (or, to the extent the firm’s financial year end is a date other than 31 December 2022, as at the date of their most recent financial year end within the period 1 July 2022 to 30 June 2023) (the Reference Date).
  • Firms must also provide a board-approved assertion (the Assertion) confirming that the Description presents the relevant aspects of the firm’s organisational arrangements as designed and implemented at the Reference Date, does not omit or distort information relevant to the specified arrangements being described, and that the controls and processes included in the Description were operating as described at the Reference Date.
  • Following the completion of the Description, firms must complete and document a gap analysis identifying gaps in their processes and controls against safeguarding requirements as of the Reference Date (the Gap Analysis).
  • The auditor must perform a reasonable assurance engagement, in relation to the Assertion, in accordance with ISAE 3000. The auditor’s conclusion should be expressed in a positive form as to whether in their opinion, at the Reference Date, the Description and the processes and controls as set out therein, are fairly presented (the Assurance Engagement).
  • The auditor must also prepare a review engagement, which constitutes a narrative or long form report setting out the work performed , their professional view of the relevant arrangements. This should be prepared following a review of the Description, analysis of information provided by the firm, meetings with management and consideration of deficiencies identified by the firm and the auditor based on their professional experience and judgment (the Review Engagement).

Firms must submit the Description, Assertion, Gap Analysis, Assurance Engagement and Review Engagement to the Central Bank by 31 October 2023.

United Kingdom: PSR publishes policy statement on new reimbursement requirement to fight APP fraud

On 7 June 2023, the Payment Systems Regulator (PSR) published its policy statement (PS23/3) on its new reimbursement requirement to fight authorised push payment (APP) fraud. Annexes 3 and 4 to PS23/3 have been published separately. Some key changes from the PSR’s September 2022 consultation proposals (CP22/4) are:

  • The £100 minimum threshold for claims has been removed. However, the PSR will consult on the appropriate level for the claim excess and acknowledges this could act as a de facto minimum threshold depending on its structure and implementation.
  • There will now be a maximum level of reimbursement for APP fraud claims (by value), but payment service providers (PSPs) can voluntarily reimburse customers above this limit. The PSR will consult on the appropriate maximum value for individual APP fraud claims in Q3 2023 (including whether this will apply to vulnerable customers) and publish this in PSR guidance in Q4 2023.
  • Sending PSPs must reimburse customers within five business days under the new reimbursement requirement (not 48 hours, as previously proposed). The PSR also clarifies that the sending PSP can ‘stop the clock’ for specific reasons such as to gather additional information from victims to assess claims or vulnerabilities. There is no limit to how many times a PSP can do this (subject to other legislative requirements), but it should be used in proportion to ‘the value and complexity of the claim’.
  • Additional PSR guidance on the gross negligence exception to reimbursement will be consulted on in Q3 2023 and published in Q4 2023.
  • Implementation will now be via two routes: (1) As originally proposed, the PSR will require via section 55 of the Financial Services (Banking Reform) Act 2013 (FSBRA) that Pay.UK establishes scheme rules for the Faster Payment Service, to require all PSPs using Faster Payments to comply with the APP fraud reimbursement policy; (2) the PSR will issue a General Direction under section 54 of the FSBRA to all PSPs, requiring them to comply with the scheme rules established by Pay.UK under the section 55 requirement. This change follows concerns expressed by the Treasury Sub-Committee on Financial Services Regulations about the role of Pay.UK as an industry body rather than a regulator (see the PSR’s response to the Sub-Committee’s related report for more details).

The new reimbursement requirement will come into force in 2024. The PSR will consult on a specific start date alongside its draft legal instruments in early Q3 2023, with the final legal instruments due to be published in Q4 2023. However, it expects industry to start work now to implement the new reimbursement requirement.

For more information on this development, take a look at this Engage article by members of our London office which includes a link to a longer form piece on the PSR’s policy statement and next steps.

United Kingdom: JROC sets out next steps to take Open Banking recommendations forward

Following the publication in April of its recommendations for the next phase of Open Banking in the UK (see the separate item below), on 6 June 2023 the Joint Regulatory Oversight Committee (JROC) published a press release setting out its ‘ambitious programme of work’ to take those recommendations forward.

The JROC is now moving to set up dedicated workstreams to action the key themes and priorities outlined in the recommendations. This includes:​

  • Launching two new working groups on variable recurring payments (VRPs) and the Future Open Banking Entity
    • As set out in its Terms of Reference for the VRPs working group, the aim is to develop a multilateral agreement for non-sweeping VRPs that will be used as a pilot for future multilateral agreements. The new working group (chaired by the Payment Systems Regulator) will develop a blueprint for a phased roll-out of non-sweeping VRP in a report by the end of September 2023. The JROC expects this to enable the phased roll-out to start before the end of this year.​
    • The working group on the Future Open Banking Entity will be chaired by the FCA. Among other things, its Terms of Reference state that it will analyse and help develop the options and design for the Future Entity, including recommendations in relation to its role, structure, funding and governance. It will report to the JROC by the end of September 2023. The JROC will publish its views in its planned progress update in Q4 2023.​
    • As time is of the essence, both working groups will be established by the end of June 2023.​
  • Tasking Open Banking Limited (OBL) to lead and coordinate workstreams on four of the other key themes
    • In a letter to OBL, the JROC reminds OBL that it has been asked to lead and coordinate on the following four key themes, overseen by the JROC: levelling up availability and performance; mitigating the risks of financial crime; developing proposals for dispute processes; and improving information flows to third party providers (TPPs) and end users.
    • The JROC sets out specific activities to progress against these themes, with a full timetable of delivery.​

The JROC will publish a progress update on its Open Banking roadmap in Q4 2023.​

This Engage article by members of Hogan Lovells’ London office provides more information on this development.

Australia: Government confirms strategic plan for future of payments system

On 7 June 2023, the Treasurer of Australia gave a speech announcing plans to modernise the Australian payments system and the Australian Government published a strategic plan to bring about the related reforms. The Governor of the Reserve Bank of Australia (RBA), Australia’s central bank, setting out the regulatory reforms sought by the RBA in December 2022, as mentioned in our January 2023 Newsletter.

The final version of the strategic plan follows on from a  Government consultation which closed in February 2023. In outline, the five-point strategic plan will focus on:

  • Promoting a safe and resilient system by reducing scams, strengthening cyber‑security, and updating the RBA’s supervision frameworks.
  • Making changes to the payments legislation, a new licensing framework, more competition and transparency across systems and more collaboration amongst regulators, plus steps to reduce small business transaction costs.
  • Modernising payments infrastructure by phasing out cheques and supporting the industry’s transition from the old clearing system known as BECS to the New Payments Platform.
  • Uplifting competition, innovation and productivity by aligning payments reform with other parts of the Government’s agenda for the digital economy including the Consumer Data Right, Digital ID, skills, and AI agendas.
  • Leading in global payments, including through Australia’s work in the G20 and the Pacific to improve the availability of fast, low‑cost international transfers and piloting a central bank digital currency.

As part of the strategic plan, the Government has also announced the following consultations:

  • A first consultation on changes to the Payment Systems (Regulation) Act 1998 (PSRA) which will include giving the RBA the ability to regulate new and emerging payment systems and introducing a new ministerial designation power that would allow particular payments services or platforms that present risks of national significance to be subject to additional oversight by appropriate regulators. This consultation closes on 7 July 2023.
  • A second consultation on the list of payment functions that are intended to underpin a new licensing framework for payment service providers. The new framework is intended to ensure consistent and appropriate risk‑based regulation of payment service providers based on the payment functions they provide. This consultation closes on 19 July 2023.
European Union: European Commission publishes report on application of Payment Accounts Directive

On 12 May 2023, the European Commission published its delayed report to the European Parliament and the Council of the EU on the application of the Payment Accounts Directive (PAD) (originally due by 18 September 2019 under Article 28 of PAD).​

On the three objectives of PAD, the Commission’s review report concluded that: ​

  • Transparency and comparability of payment account fees: PAD has helped to create transparency/comparability of payment account fees but some member states created an additional layer of new legislation when transposing it, rather than replacing existing legislation, making the national and EU regulatory framework more fragmented (the most important unintended consequence being duplication of documents on fee levels of payment accounts).​
  • Ensuring that consumers have access to payment accounts (with basic features): PAD has ensured that consumers have access to basic accounts, but take-up varies between member states and there may be different reasons for this.​
  • Making it easier to switch payment accounts: PAD has enabled all EU consumers to easily switch accounts domestically. ​

On 13 May 2023, the Commission also published a related first report on assembling specific payment account related data from member states under Article 27 of PAD, which noted that the timespan of the data collected (2016-2021) and the differences in data collection methods makes it difficult to draw definitive conclusions on the impact of PAD. The Commission is working with member states to agree the relevant data sets to be collected and provided going forward, to ensure more complete availability and comparability of data.​

Given its conclusions in the review report, the Commission has not presented any legislative proposal to amend PAD at this time. This will need to be considered in further detail and in line with better regulation standards at a later stage and taking into account, in particular, the EBA Guidelines on interaction between PAD and anti-money laundering (AML) rules. The Commission will continue monitoring PAD implementation and enforcement in member states.​

For more on the Commission’s PAD review report, take a look at this Engage article by members of our Dublin and London offices.

United Kingdom: JROC publishes recommendations for next phase of Open Banking

On 17 April 2023, the Joint Regulatory Oversight Committee (JROC), co-chaired by the FCA and the Payment Systems Regulator (PSR) and with HM Treasury (HMT) and the Competition and Markets Authority (CMA) as the other members, published its recommendations for the next phase of Open Banking in the UK.

In the JROC’s view, for Open Banking to successfully move to the new phase the ecosystem needs to become economically sustainable. It has therefore identified three priorities:

  • Ecosystem: to establish a sustainable and competitive footing for the ongoing development of the Open Banking ecosystem so that it can grow beyond the current functionalities and bring further benefits to end users, for example by encouraging and facilitating new commercial agreements to emerge between participants, in which data holders can charge for access to premium APIs;
  • Payments: to unlock the potential for Open Banking payments, for example in supporting retail transactions as an alternative to card payments. Here, the expansion of variable recurring payments (VRPs) to non-sweeping use cases will be used as a pilot for future multilateral agreements containing clear pricing and dispute resolution principles; and
  • Data sharing: to adopt a model that is scalable for future data sharing propositions, which includes both the secure collection and sharing of data. The JROC is also considering ways to promote use cases and propositions that would create the most value to end users and businesses, particularly those with vulnerable characteristics. It is also looking at possible solutions to enhance visibility on data access and sharing as well as increasing cases where data access and sharing is complemented by payment transactions as part of a broader offering.

The JROC’s vision and the three priorities will be delivered through a roadmap of 29 actions, to be completed in step changes over the next two years. The roadmap covers five key themes:​

  • Levelling up availability and performance;​
  • Mitigating the risks of financial crime;​
  • Ensuring effective consumer protection if something goes wrong;​
  • Improving information flows to third party providers (TPPs) and end users; and​
  • Promoting additional services, using non-sweeping VRPs as a pilot.​

The JROC also sets out its vision for the Open Banking future entity, including the next steps which need to be taken in designing it. There will be a transition from the Open Banking Implementation Entity (OBIE) to the future entity which will build on the significant progress made to date. ​

In addition, the report outlines the principles that will underpin a long-term regulatory framework, which the Government is intending to legislate for.​

The publication includes a full timetable of next steps.​ The JROC will monitor progress against all activities in the roadmap and will publish a progress report in Q4 2023. Also in Q4 2023, the JROC will set out a detailed plan for the future entity and the OBIE’s transition to it.​

For more information on the proposed timetable and actions, please see this Engage article by members of our London office.

Global/United Kingdom: BIS and BoE report on project innovating transactions in an RTGS system with synchronisation

On 19 April 2023, the Bank for International Settlements (BIS) and the Bank of England (BoE) published a report on a joint project between the BIS Innovation Hub London Centre and the BoE (‘Project Meridian’). It aims to understand how innovations in RTGS systems could improve payment infrastructure.

The project experiments with the concept of synchronisation, which involves settling a transaction using central bank money in a real-time gross settlement (RTGS) system. As explained in the report, funds move if and only if an asset on another ledger also moves, reducing costs and risks, and increasing efficiencies. The report states that synchronisation builds on the existing concept of interlinking asset ledgers with RTGS systems, seeking to develop functionality that allows synchronised settlement in central bank money for a wide range of assets.

The "Meridian prototype" outlined in the report demonstrates how to orchestrate synchronised settlement in central bank money using housing transactions as an exploratory use case. The report suggests that the prototype could offer a uniform way for a new entity, synchronisation operator, to link various types of asset ledgers to an RTGS system and settle in central bank money.

The insights from this project will assist central banks in deciding on the incorporation of synchronisation in their RTGS systems, subject to an assessment of policy, operational, legal and regulatory considerations. The BoE has confirmed that it will leverage the project's findings in looking into the integration of synchronisation in its RTGS system after 2024.

United Kingdom: FCA publishes new webpage containing guidance on cash- based money laundering

On April 24, 2023, the FCA launched a new webpage on cash-based money laundering.

The FCA outlines its work in relation to reducing the money laundering risk associated with cash deposits at the Post Office, whilst ensuring access to those cash deposits for legitimate customers.

The FCA’s current expectations for banks are to:

  • Regularly review the impact of their controls to ensure they are commensurate with the risk and suitable for their customer demographic. The FCA intends to examine firms' strategies to decrease money laundering risk for cash deposits at the Post Office and through other mediums like in-store payment services. This includes evaluating the steps firms have taken to prevent undue impact on legitimate customers.
  • Maintain effective communication with their customers. Lawful customers, especially businesses, must be aware of where they can deposit and withdraw the cash they require. Companies should also persist in maintaining dialogue with the Post Office.

The FCA plans to continue concentrating on this area as part of its upcoming strategy for tackling cash-based money laundering.

Hong Kong: HKMA sets loss-sharing expectations for payment card fraud

On 25 April 2023, the Hong Kong Monetary Authority (HKMA) issued two Circulars in response to a rise in unauthorised payment card transactions involving frauds and scams.

The first Circular titled "Principles for Handling of Unauthorised Payment Card Transactions" (First Circular) was addressed to all authorised institutions (AIs). Regarding liability, the HKMA asserts that, unless the cardholders have acted fraudulently or with gross negligence, they should not be held responsible for these transactions in accordance with the Code of Banking Practice. When cardholders are deemed liable for losses, banks must ensure transparency and provide clear explanations of the rationale. A proper appeal mechanism should also be in place. The First Circular also reminds banks that they should observe all relevant requirements and have systems in place to manage associated risks. Lastly, the First Circular underlines the importance of enhancing cardholder awareness about frauds and scams.

The second Circular titled "Binding payment cards for contactless mobile payments" (Second Circular) was issued to AIs that issue payment cards. The HKMA has called for AIs to bolster security measures for card binding. The Second Circular requires AIs to perform additional authentication, beyond the input of correct card data and one-time passwords, to confirm that the cardholders have authorised the binding of their cards to new mobile payment services.

The examples of authentication measures set out in the Second Circular include:

  • Confirming cardholder consent before binding through two-way SMS, in-app confirmation, call back or other means;
  • Requiring cardholders to perform additional authentication before the first mobile payment transaction is conducted through a newly bound payment service; and
  • Requesting cardholders to activate a newly bound payment service through a two-factor authentication process in their banks' internet or mobile banking applications.

AIs are encouraged to propose other effective authentication measures, like biometrics authentication, and discuss these with the HKMA. The Second Circular also requires banks offering over-the-limit facilities to obtain explicit agreement from cardholders within six months, taking into account the cardholder’s understanding of these facilities. The implementation of these enhanced measures is expected as soon as possible, with a deadline set for 31 May 2023.

United Kingdom: Government announces new Fraud Strategy / LSB Business Plan 2023/24 to focus on future of CRM Code on APP fraud

On 3 May 2023, the UK government announced its new Fraud Strategy. The three pillars of the Strategy are to: pursue fraudsters; block fraud; and empower people.

The delivery of the Strategy is phased over a 3-year programme of work to the end of 2025, led and governed by the Home Office. Key points of interest from the Home Office policy paper include:

    • Additional time for investigation of potentially fraudulent payments: Payment service providers (PSPs) will be enabled to adopt a new risk-based approach to provide additional time for potentially fraudulent payments to be investigated. The government is examining legislative changes to accommodate the holding of payments beyond the usual timescales in a small number of cases, and has recently consulted on the best way to allow PSPs to adopt a risk-based approach to inbound and outbound payment processing.  Please also refer to this Engage article by members of our London Office.
    • Operational measures: The FCA will assess financial firms’ fraud systems and controls.
    • APP fraud reimbursement: The government will make sure more victims of authorised fraud get their money back by legislating (via the Financial Services and Markets Bill) to enable the Payment Systems Regulator (PSR) to require reimbursement by all PSR regulated PSPs. See the separate item above on the PSR’s June 2023 policy statement relating to mandatory reimbursement for authorised push payment (APP) scam victims, and note also that tackling APP scams is a focus for the PSR in its latest Business Plan 2023/24 (published on 30 March 2023).
    • Addressing money mule networks: There is a plan to publish a new cross-sector money mules action plan to disrupt money mule activity.

In a related development, on 27 April 2023 the Lending Standards Board (LSB) published its Business Plan and Budget 2023/24. One of its main areas of focus will be the future of the contingent reimbursement model (CRM) Code on APP fraud. The LSB believes an independent standards framework for firms capturing the conduct elements of the CRM Code should remain once the PSR has introduced its new requirements on reimbursement. The LSB also intends to conduct roundtables on the guiding principles for firms that result from its research work on the effective warnings provisions of the CRM Code.

European Union: European Commission statement on APP fraud and PSD2

On 4 May 2023, the European Commission published a statement on measures undertaken by member states to compensate victims of authorised push payment (APP) fraud in the context of PSD2.

The Commission confirms that member states may initiate measures regarding compensation for APP fraud. Although PSD2 restricts member states from introducing provisions beyond those it stipulates, it does not interfere with APP fraud compensation because it does not specify measures in this area. The Commission also stated that payment service providers are free to voluntarily establish compensation schemes.

In its review of PSD2, the Commission has taken into account the repercussions of APP fraud. It has determined that the existing strong customer authentication (SCA) under PSD2 has proven to be inadequate in curbing these frauds. As a result, it is contemplating targeted amendments to the liability and refund rules under PSD2. The Commission plans to incorporate these revisions in a legislative proposal aimed at amending PSD2, due to be adopted in Q2 2023.

Singapore: MAS publishes consultation on payment services framework

On 8 May 2023, the Monetary Authority of Singapore (MAS) published a consultation paper on proposed amendments to the Payment Services Regulations 2019 (PSRs) and related notices. These amendments intend to extend business conduct requirements to payment services newly regulated under the forthcoming Payment Services (Amendment) Act 2021 (PS(A)A).  The key amendments include:

  • For the PSRs, MAS proposes to exempt Major Payment Institutions providing specific types of cross-border money transfer services from certain safeguarding requirements.
  • MAS Notices PSN01 and PSN02 will also be extended to apply to payment services that are newly within scope. Additional anti-money laundering and counter-terrorist financing (AML/CFT) policies will be introduced, with stringent compliance in countries with inadequate AML/CFT measures. There are also exemptions from wire transfer requirements under certain conditions.
  • MAS Notice PSN04 will be amended to require payment service providers to provide additional data to MAS.
  • Changes to MAS Notices PSN07 and PSN08 include allowing corporate customers a longer time period for transmitting money, and revisions to risk warning statements.
  • A new set of regulations proposes a six-month transitional exemption period for entities that need to be licensed or vary their existing licence due to payment services that are newly within scope. Notified entities under this transitional exemption regime will face additional requirements.

Stakeholders are invited to submit written comments by 8 June 2023 using this link.

Back to the Top

Regulatory Developments: Digital Assets

Global: IOSCO publishes consultation report on policy recommendations for crypto and digital asset markets

On 23 May 2023, the International Organization of Securities Commissions (IOSCO) published a consultation report, responding to ‘widespread concerns regarding market integrity and investor protection within the crypto-asset markets’. It contains 18 principles-based and outcomes-focused recommendations on crypto and digital assets (CDA) covering six key areas, consistent with IOSCO Standards (ie IOSCO’s Objectives and Principles for Securities Regulation and relevant supporting IOSCO standards, recommendations, and good practices):

  1. Conflicts of interest arising from vertical integration of activities and functions;
  2. Market manipulation, insider trading and fraud;
  3. Cross-border risks and regulatory cooperation;
  4. Custody and client asset protection;
  5. Operational and technological risk; and
  6. Retail access, suitability, and distribution.

The recommendations have been developed under the stewardship of the IOSCO Board’s Fintech Task Force (FTF) in accordance with IOSCO’s Crypto-Asset Roadmap 2022/23 which was published in summer 2022. They are activities-based and cover the key risks arising from the range of activities performed by cryptoasset service providers (CASPs), including offering, admission to trading, ongoing trading, settlement, market surveillance and custody, as well as marketing and distribution (covering advised and non-advised sales) to retail investors.

IOSCO is seeking to encourage optimal consistency in the way cryptoasset markets and securities markets are regulated within individual IOSCO jurisdictions, in accordance with the principle of ‘same activities, same risks, same regulatory outcomes’. The recommendations also cover the need for enhanced co-operation between regulators, given the cross-border nature of cryptoasset markets.

Although not directly addressed to cryptoasset market participants, IOSCO strongly encourages CASPs and all participants in cryptoasset markets to carefully consider the expectations and outcomes they contain, with the related supporting guidance, in their conduct of regulated and cross-border activities.

The consultation closes on 31 July 2023. IOSCO plans to finalise the CDA recommendations and publish a final report in early Q4 2023 or, at the latest, by the end of the year. In addition, IOSCO is currently considering what cryptoasset related issues might require further analysis as potential follow-up to this initial set of proposed policy recommendations. IOSCO welcomes views from stakeholders on potential additional issues for consideration. The recommendations do not cover decentralised finance (DeFi). IOSCO's FTF DeFi workstream is considering DeFi issues and will publish a consultation report with proposed recommendations this summer.

Hong Kong:  SFC concludes consultation on regulation of virtual asset trading platforms

On 23 May 2023, the Hong Kong Securities and Futures Commission (SFC) published conclusions (the Consultation Conclusions) to its consultation launched in February 2023 on the proposed regulatory requirements for virtual asset trading platform (VATP) operators. Please refer to this Engage Article by the members of our Hong Kong office for more information about the consultation.

The Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022 (AMLO) introduced a licensing regime for VA trading platforms (VASP regime), which came into force on 1 June 2023. The VASP regime mandates that all VATPs which carry out business in Hong Kong or actively market to Hong Kong investors must be licensed with the SFC. The SFC launched the February 2023 consultation to finalise the licensing requirements and introduce conduct requirements applicable to licensed VATP operators. The Consultation Conclusions set out the SFC's response to market comments and the finalised Guidelines for Virtual Asset Trading Platform Operators (VATP Guidelines), which are additions or variations to the existing requirements applicable to platform operators currently licensed under the Securities and Futures Ordinance (Cap. 571 of the Laws of Hong Kong) (SFO).

Some of the key requirements/changes include:

  • Licensed VATPs may grant retail investors access to a limited set of virtual assets subject to meeting certain investor-protection requirements and admission thresholds.
  • In terms of insurance requirements, a combination of third-party insurance and funds of the platform operator or a group company set aside on trust and designated for the purpose of covering such risks is now permitted.
  • Under the revised VATP Guidelines, licensed VATP operators are prohibited from offering, trading, or dealing in virtual asset futures contracts or related derivatives. The SFC will conduct a separate review of virtual asset derivatives in due course.
  • Licensed VATPs must observe certain anti-money laundering requirements set out in the two guidelines on anti-money laundering and counter-financing of terrorism, such as conducting due diligence and ongoing monitoring of virtual asset transfer counterparties.
  • The Consultation Conclusions made it clear that the VASP regime only covers VATPs that "are centralised and operate in a similar manner to traditional automated trading venues licensed under the SFO." This means that the provision of virtual asset services without an automated trading engine and ancillary custody services, such as over-the-counter virtual asset trading and virtual asset brokerages, will not fall under the scope of the AMLO.

The revised VATP Guidelines, AML Guidelines and Disciplinary Fining Guidelines took effect on 1 June 2023. The SFC will provide further guidance on the implementation of the VASP regime in due course. This Engage Article by members of Hogan Lovells’ Hong Kong office sets out more information on this development.

United Kingdom: FCA introduces new rules for marketing cryptoassets to UK consumers

On 8 June 2023, the FCA published a policy statement (PS23/6) containing financial promotion rules for cryptoassets and a guidance consultation (GC23/1) on cryptoasset financial promotions. The FCA consulted on financial promotion rules for high-risk investments including cryptoassets (CP22/2) in January 2022. Final rules for other high-risk investments excluding cryptoassets (PS22/10) were published in August 2022.

The Government has now legislated to bring promotions of qualifying cryptoassets within scope of the financial promotion regime. This has been implemented by the Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023 (made on 7 June 2023). This follows the Government’s January 2022 consultation response and 1 February 2023 policy statement setting out its approach to regulating cryptoasset financial promotions.

Appendix 1 to PS23/6 sets out near final rules to allow firms as much time as possible to prepare for the regime. The FCA expects to confirm final rules shortly.  Subject to exceptional circumstances, the FCA does not expect any further changes to what is published in PS23/6 and the rules will take effect on 8 October 2023.

The new rules will apply to all firms marketing cryptoassets to UK consumers, including those based overseas. The rules aim to ensure that those buying cryptoassets understand the risks involved.

Under the policy statement, there will be four routes to legally promoting cryptoassets to consumers:

  • The promotion is communicated by an authorised firm.
  • The promotion is made by an unauthorised firm, but approved by an authorised firm. The Financial Services and Markets Bill (currently before Parliament) will introduce a regulatory gateway that authorised firms will need to pass through to approve financial promotions for unauthorised firms. Firms considering approving cryptoasset financial promotions should notify the FCA of their intention in line with Principle 11.
  • The promotion is communicated by a cryptoasset business registered with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) in reliance on the exemption in Article 73ZA of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (FPO).
  • The promotion is otherwise communicated in compliance with the conditions of an exemption in the FPO.

The guidance consultation (GC23/1) seeks feedback on proposals for guidance on how the FCA approaches, and how firms comply with, the FCA’s requirement that cryptoasset financial promotions must be fair, clear and not misleading. The FCA is encouraging responses to the guidance consultation by 10 August 2023 and intends to publish the final guidance in Autumn 2023.

See this Engage article by members of Hogan Lovells’ London office for further information on the new rules.

Singapore: MAS sets out reporting obligations for exempted payment services firms including in relation to digital payment token services

On 31 May 2023, the Monetary Authority of Singapore (MAS) published a notice applying to all entities (Notified Entities) which were granted an exemption to provide specified payment services under the Payment Services (Exemption for Specified Period) Regulations 2019 (the Notice). The Notice sets out requirements regarding the reporting of information related to the payment services that the Notified Entity is providing. The Appendix to the Notice contains a series of forms for the purposes of the reporting requirements, one of which relates to ‘digital payment token services’.

The form requires information in relation to a number of matters including ‘higher risk customers’ such as politically exposed persons, or family members or associates of politically exposed persons; the types of digital payment token; and transactions assessed to be of higher risk for money laundering and terrorist financing.

The other forms relate to account issuance services, domestic money transfer services, and cross-border money transfer services.

Notified Entities must complete and submit forms to the MAS in respect of each payment service that they carried on as a business during the period from 1 January 2022 to 31 December 2022 (both dates inclusive) within 60 days from the effective date of the Notice, which is 1 June 2023.

Hong Kong: HKMA launches retail CBDC pilot

On 18 May 2023, the Hong Kong Monetary Authority (HKMA) published a press release outlining the commencement of its e-HKD Pilot Programme. According to the press release, the Pilot Programme is a key component of Rail 2 under the HKMA’s three-rail approach to exploring the possible future implementation of a retail central bank digital currency (CBDC), i.e. e-HKD.

The HKMA explained that 16 firms have been selected to participate in the first round of pilots for 2023. The potential use cases covered by the pilots fall into six categories, including full-fledged payments, programmable payments, offline payments, tokenised deposits, settlement of Web3 transactions and settlement of tokenised assets.

The HKMA will closely engage with the selected firms over the next few months in conducting the pilots and monitoring progress. The aim is for the HKMA to share the key learnings with the public at Hong Kong FinTech Week 2023. It expects to conduct more rounds of pilots with the industry in the future.

The HKMA also plans to establish a CBDC Expert Group to facilitate collaboration between the government, industry and academia on CBDC research. This will support Hong Kong’s future exploration of key policy and technical issues relating to CBDC, such as privacy protection, cybersecurity and interoperability.

The HKMA makes it clear that it is not yet at a point where a firm decision can be made to introduce e-HKD.

European Union: MiCA Regulation and recast revised WTR published in Official Journal of EU

On 9 June 2023, the EU Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA) was published in the Official Journal of the EU (OJ). It enters into force on 29 June 2023 and will apply from 30 December 2024, except for provisions relating to the development or adoption of Delegated Acts and various regulatory technical standards (RTS) and implementing technical standards (ITS), which apply from 29 June 2023 and provisions relating to issuers of asset-reference tokens and e-money tokens, which apply from 30 June 2024.

Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain cryptoassets and amending Directive (EU) 2015/849 (recast revised WTR) was also published in the OJ on 9 June, enters into force on 29 June 2023, and will apply from 30 December 2024 (on which date Regulation (EU) 2015/847 (revised WTR) will be repealed).

United Kingdom: FCA speech on digital assets

On 25 April 2023, the FCA published a speech by Sarah Pritchard, FCA Executive Director of Markets and Executive Director of International, on the regulation of digital assets. Some points of interest include:

  • The government proposes to give the FCA powers over firms conducting cryptoasset activities who are providing services to UK customers, irrespective of whether the firms have their origins or a base in the UK.
  • The FCA has been working closely with the government on its proposals to regulate stablecoins that can be used for payments. The FCA is also part of a Cryptoasset Taskforce, alongside HM Treasury and the Bank of England. This Taskforce aims to develop policy responses to developments in cryptoassets and distributed ledger technology (DLT).
  • Ms Pritchard emphasises that consumers are highly unlikely to be covered by the Financial Services Compensation Scheme and the Financial Ombudsman Service if their cryptoasset transactions go wrong.
South Korea: Virtual Asset User Protection Bill passes first legislative review phase

On 25 April 2023, the South Korean National Assembly’s National Policy Committee announced that new legislation for the cryptoasset sector had passed its first phase of review. The Virtual Asset User Protection Bill consolidates 19 legislative proposals made since May 2021, aiming to protect virtual asset users and promote fair and transparent market practices as well as expanding the enforcement powers of financial regulators.

Key virtual asset user protection measures set out in the Bill include:

  • Requiring the segregation of customer deposits into  deposit and/or trust accounts; and
  • Requiring institutions to proactively prepare for operational disruptions such as system failures or hacking through measures such as insurance, deduction subscriptions, and/or the accumulation of reserves.

In addition, some fair and transparent market practices measures proposed include:

  • Prohibiting a range of defined categories of market manipulating, unfair, or otherwise fraudulent activities, such as incomplete disclosures;
  • Imposing restrictions on trading or transacting in self-issued virtual assets by virtual asset service providers (VASPs) or those connected with VASPs; and
  • Assigning criminal and civil liability for violations of the rules set out in the Bill, and allowing both class-action litigation and the imposition of fines by the Financial Services Commission (FSC) related to losses suffered by users in relation to such violations.

The Bill also expands the power of regulators, through measures such as:

  • Giving the FSC extensive authority in relation to the supervision and inspection of VASPs and the examination of unfair trading practices; and
  • Enabling the FSC to take measures against VASPs analogous to those in the Financial Investment Services and Capital Markets Act.

The Bill is not yet fully approved and will need to go through further reviews and steps before reaching the National Assembly for final approval.

France: AMF intends to fast track firms’ approval under MiCA

On 21 April 2023, the Autorité des Marchés Financiers (AMF) released a statement  (subsequent English language version here) welcoming the adoption of MiCA and setting out its measures for the transition to the new framework. MiCA will replace the French framework introduced by the PACTE law of 22 May 2019, which established a specific regime for initial coin offerings (ICOs) and for digital asset service providers (DASPs).

A French Law introduced on 9 March 2023 and containing various provisions adapting French law to various European Union legislative requirements in relation to economic, health, labour, transport and agricultural matters (DDADUE Law) has clarified certain provisions relating to MiCA.

Amongst other things, the DDADUE Law empowers the government to adopt any measures which ensure consistency and compliance of national law with MiCA. In consultation with stakeholders, the AMF will adapt its General Regulation and its policy documents in order to facilitate the transition of DASPs towards MiCA. The amendments it proposes include:

  • Aligning of capital requirements applying to licensed DASPs with those required under MiCA;
  • Aligning the documentation required for DASP licensing with that required for a cryptoasset service provider (CASP) licence;
  • Specifying the scope of the conflicts of interest policy required under a DASP licence;
  • Clarifying the digital asset custody policy;
  • Introducing a potential "fast-track" type approval allowing those entities holding DASP and CASP licences under the existing national legislative framework to gain licences under MiCA faster, under Article 143(6) of MiCA; and
  • Determining the powers of the Autorité de Contrôle Prudentiel et de Résolution (ACPR) and the AMF in applying MiCA.

Additionally, the AMF announced that it is in consultation with the ACPR and stakeholders to further support the transition from the French framework to the European framework.

Hong Kong: HKMA offers guidance on VASP account openings

On 27 April 2023, the Hong Kong Monetary Authority (HKMA) published a Circular titled ‘Access to banking services for corporate customers’. It encourages AIs to adopt a proportionate risk-based approach in considering account opening applications for new businesses. The Circular requests AIs to support virtual asset services providers (VASPs) regulated by the Securities and Futures Commission (SFC) in opening bank accounts for legitimate needs. The Circular also sets out good practices and observations in relation to the opening of bank accounts.

Additionally, the HKMA clarified its stance on various regulatory measures in relation to VASPs such as:

  • Additional customer due diligence (CDD) measures for VASPs: The HKMA stated that the additional CDD measures for VASPs set out in the 2022 circular titled “Regulatory Approaches to Authorized Institutions’ Interface with Virtual Assets and Virtual Asset Service Providers” only apply when AIs offer correspondent services to overseas VASPs. Accordingly, AIs are not required to conduct additional CDD measures for SFC-licensed VASPs.
  • CDD at the account opening stage: The CDD undertaken by AIs should be proportionate to the risk level of customers. Therefore, if a technology firm who is applying sets up an account for general corporate uses an AI should consider allowing a Simple Bank Account (which was introduced under the 2019 circular titled "Introduction of Tiered Account Services" and  offers a narrower set of banking services than traditional accounts) and should take into account the “approval-in-principle” issued by the relevant authority to VASP licence applicants when carrying out CDD.
United Kingdom: Treasury Committee publishes report on regulating cryptoassets

On 17 May 2023, the House of Commons Treasury Committee published a report on regulating cryptoassets, which relates to its an inquiry into cryptoassets that was launched in July 2022 and followed in February 2023 by the government's consultation on its proposed regulatory framework for cryptoassets used within financial services (see the February/March 2023 edition of the Payments Newsletter for more on the consultation).

The report focuses on the government's approach towards cryptoassets, including its consultation proposals, and the implications for consumers and businesses. It does not therefore cover all aspects of the Committee's inquiry, including central bank digital currencies (CBDCs), which the Committee is considering separately.

Some points of interest from the Committee's conclusions and recommendations include:

  • The price volatility and absence of intrinsic value of unbacked cryptoassets means that, regardless of regulation, they will inevitably pose significant risks to consumers. In addition, consumer speculation in unbacked cryptoassets looks more like gambling than a financial service. Therefore it strongly recommends that the government regulates retail trading and investment activity in unbacked cryptoassets as gambling rather than as a financial service.
  • Recognising the potential for some forms of cryptoassets and their underlying technologies to bring benefits to financial services and markets, the Committee states that the most convincing use case it has heard in this respect is the potential to improve the efficiency and reduce the cost of making payments, especially cross-border and in lower income countries with less developed financial sectors. In welcoming the government’s proposals for regulating cryptoassets used in financial services, the Committee acknowledges that an effective regulatory framework would support development of relevant technologies in the UK, while also mitigating some of the risks associated with cryptoassets.
  • It is important that the government and regulators endeavour to keep pace with developments, including by ensuring that the FCA's authorisations gateway is open and effective, so that potential productive innovation in financial services is not unduly constrained.

As the industry and the government's regulatory approach develop, the Committee plans to continue to follow those developments.

Back to the Top

Market Developments

United States: Amazon One palm-scanning payment technology now includes age verification services

On 22 May 2023, it was reported that Amazon One, Amazon’s palm-scanning payment technology, has added age verification capabilities. Customers using Amazon One devices will be able to buy alcohol by holding their palm over the Amazon One device. The first venue to support this feature will be Coors Field. Amazon intends to roll out the technology to additional venues in the coming months.

Global: Venmo introduces teen account

On 22 May 2023, Venmo announced that it is launching an account and debit card for teenagers between the ages of 13 and 17.

The Venmo Teen Account will allow parents to monitor transactions, manage privacy settings, and send money to their child. The parent or legal guardians will sign up for the Venmo Teen Account on behalf of their children.

Spain: CaixaBank launches app turning phones into POS devices

On 23 May 2023, the Spanish bank CaixaBank outlined in a press release that it had built an app that lets merchants use their Android device as a point-of-sale system (POS). According to the press release, the app offers all the features that a traditional POS device offers without the need for additional hardware.

Singapore: receives licence from MAS to offer digital payment token services

On 1 June 2023, announced that it had obtained a Major Payment Institution licence for Digital Payment Token services from the Monetary Authority of Singapore (MAS). received its in-principle approval from the MAS in June 2022.

Global: Swift explores blockchain interoperability

On 6 June 2023, Swift published a press release stating that it is exploring how institutional investors can use their Swift connection to seamlessly interoperate with the multitude of blockchain networks. Swift has announced the following experiments:

    • The transfer of tokenised assets between two wallets on the same public blockchain network (Ethereum Sepolia testnet).
    • The transfer of tokenised assets from a public blockchain (Ethereum) to a permissioned blockchain.
    • The transfer of tokenised assets from Ethereum to another public blockchain.
United Kingdom/European Union: Flutterwave and partner to offer Pay By Bank transfers

On 6 June 2023,, a European account-to-account payment provider, announced that it has partnered with Flutterwave, an African fintech company. will enable Pay By Bank transfer on Flutterwave’s platform, thereby enabling Flutterwave to give its merchants enhanced access to UK and EU customers.’s infrastructure is powered by Open Banking.

United Kingdom: American Express partners with Bluechain

On 7 June 2023, American Express announced that it has partnered with the Australian fintech start-up Bluechain with the aim of simplifying supplier payment processes for UK SMEs. The partnership aims to develop an invoice-management solution that allows SMEs centralised management, payment, and reconciliation of supplier invoices from a single dashboard on a desktop or mobile device. The new tool will allow existing American Express business customers to pay invoices with their Amex Card, regardless of whether or not the merchant accepts American Express.

Brazil: Fintech Lanistar adds cryptocurrencies to app

On 7 June 2023, it was reported that UK-based fintech Lanistar has updated its mobile payments app to allow users to buy and sell various cryptocurrencies. The Lanistar app with the newly added crypto functionality is currently only available in Brazil. However, the company plans to expand this offering to other LATAM regions and the UK later in 2023.

Australia: Mastercard launches its Touch CardTM for blind and low vision customers

On 7 June 2023, Mastercard announced that it has launched its Touch CardTM in Australia. The Touch CardTM is aimed at facilitating payments for blind and low vision customers.

The design of the new card features simple notches that help visually impaired individuals to identify their debit, credit, or prepaid cards. The Touch CardTM has been endorsed by the Royal National Institute of Blind People (RNIB) in the UK and VISIONS/Services for the Blind and Visually Impaired in the U.S.

United States: BNY Mellon and MoCaFi to form strategic alliance

On 8 June 2023, BNY Mellon and MoCaFi announced that they have formed a strategic alliance to extend payment options to unbanked and underbanked communities in the U.S. The partnership involves the launch of a disbursement service, offered through BNY Mellon's Vaia platform, which allows governments and corporate clients to distribute payments and disbursements to individuals without financial services access.

Australia: ING issues new cards made of 72% recycled plastic

On 19 April 2023, ING announced that new cards issued to certain ING cardholders in Australia will be made of 72% plastic debris. ING has designed the cards in partnership with an environmental organisation called Parley for the Oceans.

United Arab Emirates: Mbank and Dgpays partner on digital wallet

On 24 April 2023, it was reported that Al Maryah Community Bank (Mbank), a digital bank based in the UAE, has partnered with the Turkish B2B fintech firm Dgpays Group to launch a new digital wallet service. The service aims to provide business owners, entrepreneurs, and freelancers with the means to incorporate digital payments into their business activities.

Angola: Africell launches Afrimoney mobile money platform

On 24 April 2023, it was reported that Africell, a mobile network operator, will launch its mobile money platform, Afrimoney, in Angola. The new service will enable customers to transact digitally through their mobile phones with other individuals and organisations on the network. In the near future, Africell intends to incorporate financial services including credit, saving and insurance into the Afrimoney platform.

France: SG-Forge launches a euro-denominated stablecoin

On 25 April 2023, it was reported that the digital asset division of French bank Société Générale, SG-Forge, has launched a euro-denominated stablecoin – referred to as the EUR CoinVertible - on the Ethereum blockchain. The coin is made for institutional investors and could be used as a settlement asset for on-chain transactions, for corporate treasury, cash management and cash pooling activities, as well as on-chain liquidity funding and refinancing.

United Arab Emirates: Worldpay will expand to UAE

On 26 April 2023, Worldpay published a press release, announcing that it will be expanding to the United Arab Emirates this year. As a part of its expansion plans, Worldpay has secured a local category II payment services licence that allows for card acquiring and disbursements.

Ireland: TransferMate secures e-money licence

On 27 April 2023, TransferMate published a press release, stating that it has been granted authorisation as an electronic money institution (EMI) by the Central Bank of Ireland. TransferMate provides business-to-business infrastructure-as-a-service payments services.

Global: Uber Freight offers carriers a fuel card

On 27 April 2023, it was reported that Uber Freight, the logistics division of Uber, is collaborating with AtoB, a transportation fintech start-up, to offer carriers fuel cards and spend management software. AtoB's fuel card is based on the Visa platform, allowing it to be accepted at a broad spectrum of fuel retailers, and does not carry any hidden or annual fees. The fuel card and spend management software will be integrated into Uber Freight's platform. AtoB provides two versions of its fuel card: Flex Card, which is a charge card with a credit line, and Unlimited, a prepaid card that can be approved regardless of credit score.

Global: Venmo introduces crypto transfers

On 28 April 2023, Venmo announced that it is launching a feature that allows customers to send cryptocurrency to other Venmo users. Additionally, customers are able to move their cryptocurrency to a PayPal account or to other wallets and exchanges.

China: Xuzhou intends to use CBDC for cross-border trades

On 28 April 2023, it was reported that Xuzhou, which serves as the origin point for numerous freight trains heading to Europe from China, has published a strategy advocating for the use of the Chinese digital currency, encompassing its application in international trade. This strategy proposes using the digital yuan, or e-CNY, for payment of services and warehousing costs related to the transnational trains, with a future goal of expanding its use to cover tax and utility payments within the city. The e-CNY will also be used to pay for taxes and utility services in Xuzhou, according to the plan.

United States: Microsoft partners with Stripe to enable payments in Teams

On 1 May 2023, Stripe announced that it has partnered with Microsoft to facilitate payments on Microsoft Teams. This will enable hosts of virtual meetings, classes and events to receive card payments in real-time. Additionally, businesses can use Stripe to require upfront payment as a condition for joining a Teams session.

Germany: Phos partners with Paymix to bring Tap-to-Pay to Germany

On 2 May 2023, it was reported that software point-of-sale (SoftPoS) orchestration provider Phos has partnered with Malta-based company Finance Incorporated to strengthen Finance Incorporated’s Paymix brand. There will also be a focus on bringing contactless card acceptance to any NFC-enabled device, such as smartphones and tablets, and SoftPoS solutions will be made available to merchants and traders in Germany with the aim of expanding to other countries in the EU. 

Brazil: Revolut launches in Latin America by offering services in Brazil

On 2 May 2023, it was reported that Revolut has launched in Brazil. Its global account will start offering foreign exchange and remittance capabilities in 27 currencies, as well as a card that is accepted in more than 150 countries. Revolut is also due to launch in Mexico, India and New Zealand in the near future.

Back to the Top

Surveys and Reports

Global: Paysafe consumer preferences shift towards mobile wallets

On 1 June 2023, Paysafe published its annual report on consumer payment trends. The report is based on a survey of 14,500 consumers in the U.S., the UK, Canada, Germany, Austria, Italy, Bulgaria, Mexico, Colombia, Argentina, Peru, Ecuador, Chile, and Brazil. Key insights include:

  • 52% of respondents are comfortable leaving home without a physical wallet and rely on mobile wallets for their everyday purchases;
  • the preferred ways to pay online are debit cards (70%), followed by credit cards (53%) and digital wallets (41%);
  • 52% of respondents prefer not to share financial details online and 68% prefer using online payment methods that do not require them to share these details; and
  • only 14% of respondents had knowingly used AI-driven payments, such as AI-powered checkouts, smart wallets, and payment chatbots.
United States: Mobile wallet bill payments gain traction

On 5 June 2023, PYMNTS published its report entitled ‘Digital Bill Payments: Mobile Wallets Gain Popularity, but Hurdles Remain’. This report follows a survey of 2,120 U.S. consumers to assess current trends in relation to mobile wallet bill payments.

Significant findings were:

  • Close to one quarter of consumers pay bills with mobile wallets at least weekly, which is a 22% increase in consumers’ use of mobile wallets for paying bills compared to six months ago.
  • 39% of consumers cite their ability to make payments instantly as a key reason for paying bills using a mobile wallet.
  • The majority of consumers (71%) who used mobile wallets frequently reported at least one issue when making bill payments.

Those consumers who are not interested in using mobile wallets to pay bills cite security concerns as the main reason for their lack of interest.

United Kingdom: UK Finance publishes Annual Fraud Report 2023

On 11 May 2023, UK Finance released its Annual Fraud Report. Key findings in the report include:

  • APP fraud losses in 2022 amounted to £485.2 million, which was a decrease of 17% compared to 2021;
  • The amount of APP fraud losses reimbursed increased by 5% in 2022 compared to the previous year;
  • Unauthorised fraud losses across payment cards, remote banking and cheques reached £726.9 million in 2022, decreasing less than 1% compared to 2021; and
  • The majority of frauds start online (78%), followed by 18% which originate from telecommunications.

The report emphasises the need for cross-sector action, given that the majority of fraud cases begin outside of the banking sector.

Global: Annual Cybersource report looks at trends in payments processing and fraud detection

On 10 April 2023, Cybersource published its annual Global Ecommerce Payments and Fraud Report 2023. The report is based on a survey of more than 1,000 merchants that are part of the Merchant Risk Council (MRC) and non-MRC merchants who were asked about their ecommerce payments and fraud management practices. The MRC is a membership association of ecommerce professionals that focuses on strengthening payments fraud prevention in the ecommerce sector.

The survey sample included a mix of small businesses (SMBs), mid-market and enterprise merchants, representing organisations based  throughout the North American, European, Asia-Pacific (APAC) and Latin American (LATAM) regions. The research was conducted in November and December 2022.

According to the report:

  • On average, merchants rely on roughly four payment processor or gateway connections and three acquiring banks to support payment acceptance;
  • Merchants are increasingly implementing buy-now pay-later (BNPL) payment methods, with over one-third (36%) now offering customers this option;
  • 4 in 10 merchants are using machine learning to improve fraud management and payment routing;
  • While 86% of merchants have started to implement Strong Customer Authentication (SCA), only 45% say they have fully completed the process; and
  • Merchants use five fraud detection tools on average, which include credit card verification services (55%), identity validation/verification services (50%), two-factor phone authentication (44%), and 3-D secure authentication (39%).

Back to the Top


Authored by Virginia Montgomery and Grace Wyatt

Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar.


This website is operated by Hogan Lovells International LLP, whose registered office is at Atlantic House, Holborn Viaduct, London, EC1A 2FG. For further details of Hogan Lovells International LLP and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2024 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.