In this Newsletter:
- Regulatory Developments: Payments
- Regulatory Developments: Digital Assets
- Market Developments
- Surveys and Reports
For previous editions of the Payments Newsletters, please visit our Financial Services practice page.
Regulatory Developments: Payments
Australia: Treasury consults on draft legislation updating the Payment Systems (Regulation) Act 1998
On 11 October 2023, the Australian Treasury announced that it is consulting on updates to the Payment Systems (Regulation) Act 1998, following a previous consultation in June 2023. The aim is to ensure that regulators and the government can address new risks related to payments as the provision of payments evolves and increases in complexity.
The changes proposed in the draft legislation include:
- Expanding the definitions of “payment system” and “participant” to allow the Reserve Bank of Australia to regulate new and emerging payment systems (for example digital wallet providers and Buy Now Pay Later service providers); and
- Introducing a new ministerial power to designate particular payment services or platforms that present risks of national significance as "special designated payment systems", which are then subject to additional regulatory oversight.
The Treasury welcomes feedback from stakeholders on the draft legislation and explanatory materials which have also been published. The deadline is 1 November 2023.
United Kingdom: FCA publishes key findings from multi-firm review of payment account providers’ systems and controls against money mule activity
On 19 October 2023, the FCA published the key findings from its multi-firm review of payment account providers’ systems and controls against money mule activity (ie where someone is recruited by criminals to move illegally obtained money). The findings include examples of good practice and areas for improvement. Other key points include:
- Some firms are working to address the challenges of money mules by implementing a range of measures and technologies to detect and deter fraudsters from using their organisation, eg facial recognition systems, device profiling and geolocation.
- However, not all firms are responding with the same focus, and some firms need to do more to tackle the problem.
- The FCA emphasises that a proactive strategy for tackling money mules helps protect a firm’s regulatory compliance, reputation and customers.
- It expects payment account providers to establish proportionate systems and controls to manage the problem of money mules and the associated risks. It will use its full regulatory tools, including enforcement action, if it identifies a firm failing to maintain proportionate and adequate systems and controls.
The FCA expects payment account providers to consider their own organisation’s arrangements, systems and controls against its findings.
The Home Office is due to publish a money mules action plan in the coming weeks. According to the FCA, its work is aligned to the focus of the forthcoming action plan.
For more on this development, take a look at this Engage article.
United Kingdom: Open Banking Limited publishes two data collection frameworks
On 18 October 2023, Open Banking Limited (OBL) published two data collection frameworks for approval by the Joint Regulatory Oversight Committee (JROC), one for API availability and performance (under the theme ‘Levelling up availability and performance’) (API Framework) and one on financial crime (under the theme ‘Mitigating the risks of financial crime’) (Financial Crime Framework). These publications constitute the first two deliverables under the four key themes that OBL was asked to consider by the JROC in its recommendations for the next phase of Open Banking in the UK, published in April 2023 (as to which, see this Engage article).
The API Framework and accompanying templates (one for Third Party Providers (TPPs) and one for Account Servicing Payment Service Providers (ASPSPs)) are aimed at enabling Open Banking services to scale and grow by giving consumers and businesses the benefit of high-performing, reliable services that enhance user experience and continue to build trust in the ecosystem. The focus of the data reporting under the API Framework is the performance and availability of ASPSP APIs, i.e. for TPPs they will provide data about ASPSP APIs, not their own APIs.
The Financial Crime Framework is aimed at enhancing financial crime reporting to increase understanding of the level of fraud occurring within the Open Banking channel. This is key to enable the ecosystem to scale and evolve safely. OBL and stakeholders agree that a secondary objective should be to develop the Framework so that it has the potential to provide timely intelligence on emerging fraud threats. The initial Financial Crime Framework supports the gathering of data relevant to payment fraud, to be provided exclusively by sending PSPs to avoid data duplication and reconciliation challenges. It builds on existing reporting requirements. Consideration by OBL of aggregation of data relating to broader financial crime will follow at a later date.
The Appendix to the API Framework sets out the expected delivery timelines for both OBL/JROC and participant (ASPSP and TPP) activity in accordance with a four-phased approach to the delivery of the required data metrics. Feedback from 10 ASPSPs, accounting for over 85% of Faster Payments Scheme payments, indicates that they are likely to provide the required data under the Financial Crime Framework from the start of Q4 2023.
The submissions received under the Frameworks will be shared with the Payment Systems Regulator and the FCA as JROC co-chairs. The findings will support the JROC’s policy thinking, including any potential changes to reporting requirements and, if necessary, further consultations.
For more on this development, take a look at this Engage article.
United Kingdom: HM Treasury releases further policy statement on payment service contract termination rule changes
On 2 October 2023, HM Treasury (HMT) released a policy statement on implementation, timings and next steps on the government’s plans to strengthen payment account termination protections for customers. The publication builds on its July 2023 policy statement on payment service contract termination rules and freedom of expression, and follows a report on payment account access and closures which the FCA published last month (and which was covered in the September 2023 edition of the Newsletter).
The new policy statement provides that:
- The scope of regulation 51 (framework contract termination requirements) of the Payment Services Regulations 2017 (PSRs 2017) will remain the same with current carve-outs for regulated consumer credit agreements and the corporate opt-out still in place.
- While clear and tailored explanatory reasons should be provided to customers where contracts are terminated, except in limited scenarios, the government is not planning to prescribe the specific information that should be provided.
- 90 days’ notice of a termination should also be provided, except in limited scenarios including where the provider is obliged under legal or regulatory requirements to terminate the contract earlier.
The government intends to deliver the secondary legislation to implement the payment service contract termination reforms ‘as a priority’. It is therefore planning to publish a draft statutory instrument by the end of 2023 and make the relevant amendments to the legislation ‘as soon as Parliamentary time allows’.
For more on this development, take a look at our recently published Engage article.
Global: CPMI publishes report on harmonised ISO 20022 data requirements for enhancing cross-border payments
On 17 October 2023, the Bank for International Settlement's Committee on Payments and Market Infrastructures (CPMI) published a report to the Indian G20 Presidency on the harmonisation requirements for the enhanced processing of cross-border payments.
The CPMI are keen to stress that the harmonised ISO 20022 data requirements are not strict regulations but, as the CPMI considers the fragmentation and mixed use of payment messaging standards a "major friction" in cross-border payments, they are encouraging operators and participants to implement the requirements.
The CPMI have drafted their requirements with reference to the ongoing work to implement the ISO 20022 messaging standards and considers that the harmonisation requirements should take effect by the end of 2027. The proposed timing allows for a two-year transition period that starts with the end of the coexistence period between the SWIFT MT and the ISO 20022 messaging standards (currently scheduled for November 2025).
United Kingdom: Payment Systems Regulator consults on changes to powers and procedures guidance
On 3 October 2023, the Payment Systems Regulator (PSR) published a consultation paper on proposed changes to its powers and procedures guidance (PPG) which details the manner in which the PSR will normally exercise its regulatory functions. The proposed changes have largely been prompted by changes in the PSR's management structure. The consultation closed on 23 October 2023. The PSR expects to publish its new PPG before the end of 2023.
United Kingdom: Payment Systems Regulator publishes revised penalty statement
On 13 October 2023, following a March 2023 consultation paper, the Payment Systems Regulator (PSR) published a revised penalty statement. As consulted on, the PSR has consolidated its three previous penalty statements into one combined document. A related press release details other changes in the new statement.
Global: FSB publishes consolidated progress report for 2023 on G20 Roadmap for enhancing cross-border payments
On 9 October 2023, the Financial Stability Board (FSB) published a Consolidated progress report (Progress Report) and a supplementary Key Performance Indicators report (KPI Report) on the G20's efforts to enhance cross-border payments through its related Roadmap.
In the Progress Report, the FSB considers the 2027 targets in the G20 Roadmap to be "ambitious but achievable" if there is meaningful engagement from both the public and private sector. The Progress Report also announces the creation of two taskforces:
- the BIS Committee on Payments and Market Infrastructures payment interoperability and extension taskforce, which will look to facilitate public and private sector cooperation; and
- the FSB Legal, Regulatory and Supervisory (LRS) Frameworks taskforce, which will investigate and suggest improvements on the "key regulatory frictions" restricting progress.
The KPI Report looks to address a lack of existing "comprehensive data sources" and provide sources which, over time, can be used to measure progress, both globally and regionally, on improving cross-border payments. The KPI Report has identified that user experiences differ significantly across regions and the FSB hopes that the publication of this data will help spur engagement between public and private sector stakeholders.
Global: CPMI publishes interim report on governance and oversight considerations for linking fast payment systems across borders
On 18 October 2023, the Committee on Payments and Market Infrastructures (CPMI) published an interim report for the G20 on linking fast payment systems (FPS) across borders, setting out considerations for governance and oversight.
The G20 has identified the governance and oversight of cross-border payment system interlinking arrangements, in particular of FPS, as a priority in helping to achieve its 2027 targets under its Roadmap for enhancing cross-border payments. The interim report sets out ten initial considerations for FPS interlinking governance and oversight (covering a range of governance and oversight topics), as informed by a series of CPMI workshops with global stakeholders.
The deadline for comments on the interim report is 13 December 2023. The CPMI aims to deliver a final report to the G20 by the end of 2024.
Back to the top
Regulatory Developments: Digital Assets
European Union: ESMA clarifies timeline for MiCA implementation and encourages transitional planning
On 17 October 2023, ESMA published a statement detailing the timeline for implementation of the Markets in Cryptoassets Regulation (MiCA) and encouraging market participants and national competent authorities to begin preparation for the transition to MiCA. Among other things, ESMA:
- reiterates that the MiCA requirements will not apply until December 2024, meaning that until then market participants should ensure that they understand the recourse mechanisms and protections currently available in their jurisdiction (if applicable);
- stresses that even once MiCA becomes applicable, there is the potential for Member States to grant an additional 18-month transitional period to existing cryptoasset firms during which they can continue to operate without a MiCA licence, meaning that holders of cryptoassets and clients of cryptoasset service providers may not benefit from full rights and protections under MiCA until 1 July 2026; and
- states that market participants can, and are encouraged to, start preparing for a transition towards MiCA and lists a number of ways in which a smooth transition and implementation can be achieved.
For more on this development, take a look at this Engage article.
European Union: ESMA and EBA consultations on guidelines, RTS and ITS under MiCA
On 5 October 2023, ESMA published a consultation paper on its second set of regulatory technical standards (RTS) and implementing technical standards (ITS) under the Markets in Cryptoassets Regulation (MiCA), covering six RTS and two ITS. ESMA has also published a proof of concept (PoC) illustrating an application of the proposed format requirements included in the draft ITS on forms, formats and templates that form part of the consultation paper. Stakeholders are invited to test the PoC. The consultation closes on 14 December 2023. ESMA expects to publish a final report and submit the draft RTS and ITS to the European Commission for endorsement by 30 June 2024 at the latest. It also plans to publish a third consultation package containing the remaining 18-month mandates under MiCA in Q1 2024.
On 19 October 2023, the EBA published the following consultation papers (dated 20 October 2023) on RTS and guidelines under MiCA:
The deadline for comments is 22 January 2024.
On 20 October 2023, the EBA and ESMA published a joint consultation on two sets of guidelines on suitability assessments of the management body and holders of qualifying holdings under MiCA. The consultation closes on 19 January 2024.
United Kingdom: FCA takes over regulation of qualifying crypto adverts in non-broadcast media from ASA
On 6 October 2023, an Advertising Standards Agency (ASA) press release confirmed that from 8 October the FCA has assumed responsibility for regulating "qualifying cryptoassets" (i.e. cryptoassets which are transferable and fungible).
The ASA will, however, remain the principal regulator for:
- Adverts for non-qualifying cryptoassets (for example, Non-Fungible Tokens (NFTs));
- All "finance-related advertising", including adverts for cryptoassets, in Ofcom-regulated TV and radio services (although the ASA may seek advice from the FCA on technical aspects of a complaint); and
- Non-technical aspects of adverts for products by FCA-regulated businesses (for example complaints relating to offence, social responsibility, superiority claims, fear and distress, and other claims that do not relate to specific characteristics of the cryptoassets).
Australia: Treasury releases consultation on regulating digital asset platforms
On 16 October 2023, the Australian Treasury published a proposal paper on introducing a regulatory framework to "address consumer harms in the crypto ecosystem while supporting innovation."
The Treasury is seeking to regulate digital asset platforms which it considers to pose similar risks to already regulated entities operating in the traditional finance system. It is proposing to use the existing financial services regulatory framework by extending its scope. For example, the Treasury is proposing expanding the definition of a ‘financial product’ to include a ‘digital asset facility’ (i.e. a facility for holding assets and assets backing digital assets).
The consultation on the proposal paper closes on 1 December 2023. Following this, the Treasury will consider any feedback and look to publish draft legislation in 2024 which, following parliamentary approval, would come into force after a 12-month transitional period.
United Arab Emirates: DIFC proposes new Digital Assets Law and new Law of Security
On 28 September 2023, the Dubai International Financial Centre (DIFC) announced that it is consulting on the introduction of a new "global" and "groundbreaking" Digital Assets Law (DAL).
According to the announcement, the draft DAL:
- sets out the legal characteristics of a digital asset, its proprietary nature, and how it may be controlled, transferred, and dealt with by interested parties; and
- proposes changes to other key DIFC laws, including the Contract Law, the Insolvency Law, the Law of Obligations, the Trust Law, and the Foundations Law to take into account the requirements of digital assets in the broader DIFC legal framework.
In a separate but related consultation, the DIFC is also proposing to repeal the current Law of Security and to make significant amendments and enhancements to the DIFC’s securities regime. Among other things, the aim is to provide clarity in relation to taking security over digital assets. The DIFC also proposes to repeal the current Financial Collateral Regulations and amalgamate the financial collateral provisions into a new chapter of the proposed new Law of Security.
Both consultations close on 5 November 2023.
Global: BCBS launches consultation on disclosure of banks' cryptoasset exposures
On 17 October 2023, and following its earlier publication on prudential treatment of cryptoasset exposures, the Basel Committee on Banking Supervision (BCBS) released a consultation on the disclosure of banks' cryptoasset exposures.
The BCBS has developed a set of standardised disclosure templates in order to ensure consistency. The templates incorporate the requirements first detailed in the BCBS' earlier publication and are set out in a new chapter of the Basel Framework - DIS55: Cryptoasset exposures. Annex 1 to the consultation details the draft text of DIS55. The consultation closes on 31 January 2024.
Back to the top
International: Etsy Payments to stage multimarket expansion
On 17 October 2023, Etsy announced that its payments functionality, "Etsy Payments", would be launched in a further seven jurisdictions. Etsy states that Etsy Payments is a "flexible and secure payments infrastructure that benefits both our buyers and our sellers." The main advantage to sellers on Etsy will be their ability to benefit from "Etsy Purchase Protection" and obtain dedicated support.
Etsy plans to roll out Etsy Payments to Ukraine, India, Japan, Thailand, Argentina, Chile and Peru by the end of 2023.
Europe: Nikulipe partners with Aircash to expand payment options across Europe
On 4 October 2023, Nikulipe (a fintech specialising in cross-border payments) announced a partnership with Aircash (a digital wallet provider). As part of the partnership, Nikulipe will offer Aircash additional top-up options for the digital wallet in ten European markets and the Aircash Wallet will be accessible to international merchants and payment service providers via the Nikulipe platform.
United States: Mastercard partners with J.P. Morgan Payments
On 20 October 2023, Mastercard announced that it has partnered with J.P. Morgan Payments in order to launch the latter’s Open Banking-powered Pay-by-bank service that offers secure payment exchange for U.S.-based clients in relation to a variety of recurring payments (for example, rent and utilities ). The announcement also states that Verizon is planning to pilot the offering with its U.S. customers in the coming months.
United States: Rokt announces its partnership with Klarna
On 17 October 2023, it was reported that Rokt (an AI and machine learning powered ecommerce technology company) has partnered with Klarna.
The partnership will allow Klarna access to Rokt's technology which will allow Klarna to present highly relevant offers to shoppers (targeted by demographic and location) in the final stages of an ecommerce transaction. Klarna shoppers will also be able to access offers from brands such as Hulu, HelloFresh and AdoreMe.
United Kingdom: NatWest Group enables Click to Pay for Mastercard debit card holders
On 13 October 2023, Mastercard announced that NatWest Group is the first UK bank to enable Click to Pay for its customers with a Mastercard debit card. Mastercard have said that Click to Pay will make online shopping safer and easier for customers.
Customers with a NatWest, Royal Bank of Scotland or Ulster Bank Mastercard are now registered for the service.
Europe: TrustPay reported to have launched instant refunds for customers
On 10 October 2023, it was reported that TrustPay had launched a new instant refunds feature allowing customers to receive funds within seconds. The feature is only available where the payment method is settled as a SEPA payment, and where the recipient’s bank offers support for instant payments.
Ireland: Coinbase announces Ireland as EU MiCA entity location
On 18 October 2023, Coinbase announced that it has chosen to locate its EU MiCA hub in Ireland. Coinbase considers Ireland to have a "supportive political environment for FinTech companies" and cites the credentials of the Irish regulator.
Coinbase is looking to use its existing operational structure in Ireland and notably already has an e-money institution licence and VASP registration there.
United States: Galileo Financial Technologies partners with Mastercard to expand Buy Now, Pay Later (BNPL) offering to small businesses
On 5 October 2023, Galileo Financial Technologies announced it had partnered with Mastercard to allow banks and fintechs working with Galileo to offer instalment financing options to small businesses via Mastercard Installments.
Galileo have stated that the BNPL offering will provide small businesses with more flexibility to make larger purchases and manage their cash flow.
United States: American Express pilots biometric verification for online checkouts
On 5 October 2023, American Express announced that they would be the first card issuer to pilot facial and fingerprint recognition for select U.S. customers. American Express consider that the use of biometrics will prevent fraud and create a simple and intuitive online checkout process.
American Express expect to roll out the feature to all U.S. consumer card holders in early 2024.
Surveys and Reports
Global: Bottomline release their Future of Competitive Advantage in Banking & Payments Report
On 10 October 2023, Bottomline published their 2023 report on the Future of Competitive Advantage in Banking & Payments (access requires registration). The report is the product of more than 500 responses from banking and non-banking financial institutions working in a variety of fields across 32 countries.
The report includes a comparison benchmarking survey which covers topics such as:
- real-time/instant payments;
- cross-border payments;
- ISO 20022 messaging;
- transitioning from on-premise to SaaS;
- compliance and regulation, cash positioning and fraud monitoring; and
- pre-validation (Confirmation of Payee).
United States: McKinsey release findings of their 2023 Digital Payments Consumer Survey
On 20 October 2023, McKinsey reported on the findings of their 2023 Digital Payments Consumer Survey which drew responses from more than 1,800 U.S. consumers. McKinsey considers the findings show that digital consumer payments are "already mainstream, increasingly embedded, [and] still evolving".
The survey found:
- Nine out of ten consumers had used some form of digital payment over the course of the year;
- The gap between the trust consumers place in banks over large technology firms is reducing; and
The adoption of Buy Now, Pay Later (BNPL) has slowed but remains stable.
Back to the top
Authored by Virginia Montgomery and Grace Wyatt.
Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar.