Search This Blog

Wednesday, 22 November 2017

FCA Launches PSD2 Navigator

The Financial Conduct Authority has always led its EU counterparts in explaining its approach to regulating payment services, and continues to do so in spite of Brexit. 

The FCA had already published its "Approach" document for the new Payment Services Regulations 2017 (incorporating its approach to supervising the Electronic Money Regulations 2011) and has now launched a higher level web page to help navigate the impact and benefits of the new regulations.

This will be of most help to firms offering the new "account information services" and "payment initiation services", as well as retailers operating loyalty programmes that transact over €1 million in any 12 month period starting from 13 January 2018 and various other exclusions.

It is important to consider at the outset, however, whether your firm is offering payment services as a regular occupation or business.


Monday, 9 October 2017

Red Alert: Retailers With Loyalty Progammes

Three years after being announced in the UK and I suspect many retailers are yet to realise that their loyalty/store card programmes will be regulated by the Financial Conduct Authority from 13 January 2018 - likewise across the European Economic Area. 

As the FCA now also warns, retailers who offer such programmes anywhere in the EEA will need to track the annual transaction volumes very carefully, starting with the completely arbitrary and inconvenient date of 13 January 2018. 

If the volume meets or exceeds €1 million (or the GBP or local currency equivalent) in any 12 month period (the first ending on 12 January 2019), the retailer must notify the FCA (or local regulator) within 28 days (by 10 February 2019).  Firms may also choose to register at any time from 13 October 2017.

But be sure of the outcome before you decide whether or not to register!

The regulator must then decide whether the programme is exempt from regulation as an e-money/payment service.  

If the firm fails to notify, it commits an offence under the Payment Services Regulations 2017 (or local equivalent implementing the second Payment Services Directive (PSD2)). 

If the FCA decides the programme is exempt, then it must include the retailer on the FCA's register of 'limited networks', and the name will be added to a central register of all such firms across the EEA.

If the FCA decides the programme is not exempt from regulation the retailer can appeal, but basically this means the firm will have been found to be violating the Electronic Money Regulations 2011 and/or Payment Services Regulations 2017 by issuing e-money and/or offering a payment service without being duly authorised/registered to do so. Major problem!

So retailers really have to decide now whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

Of course, the mere fact that retailers with loyalty schemes have to be mindful of these requirements and go through the process means they are in effect regulated by the FCA. Ignorance, as they say, is no defence.


Wednesday, 27 September 2017

FCA to Regulate All Employees Of Financial Firms

The Financial Conduct Authority is consulting on the extension of its "Senior Managers and Certification Regime" (SM&CR) to all firms that are regulated by the FCA under the Financial Services and Markets Act 2000 (which excludes e-money/payment institutions, for example, unless they have dual authorisations).

This will replace the "Approved Persons" regime and extend some requirements to all employees

Consultation ends on 3 November, and the extension is likely to take effect from early in 2018. 

This means you should study the proposals and begin to plan how to comply, particularly as HR staff/advisers will also need to be involved.


Wednesday, 20 September 2017

Consultation: Contract Guidance for Data Controllers/Processors Under #GDPR

The Information Commissioner has published draft guidance for data controllers and processors on their contracts and liabilities under the General Data Protection Regulation, for comment by 10 October 2017. GDPR takes effect in the UK from 25 May 2018, but a lot of preparation is required, including reviewing and updating contracts for personal data processing.

The guidance is intended to explain what data controllers must include in contracts; and what responsibilities and liabilities data processors have under the GDPR.

As a sign of the complexity and uncertainty in this area, the ICO adds that its guidance "will need to continue to evolve to take account of any guidelines issued in future by relevant European authorities... as well as our developing experience of applying the law in practice"...


Tuesday, 19 September 2017

FCA Publishes Final Approach and Rules Implementing #PSD2

The FCA has today published its final policy statement on how it will supervise the Payment Services Regulations 2017 (implementing the second Payment Services Directive, or PSD2).

I haven't digested it fully yet, but following earlier consultations, the FCA explains that it has amended its approach in various respects, particularly, its perimeter guidance on the new account information services and payment initiation services, complaints handling and reporting and conduct of business requirements. There is a table summarising the updates on page 6 of the policy statement.

I may post on any significant changes separately.

Further updates will be required when certain regulatory/implementing technical standards (RTS/ITS) and EBA Guidelines are finalised in late 2017 and early 2018, including EBA Guidelines on operational and security risk, and fraud reporting.

In the meantime, various draft application forms for authorisation and reporting have been published, with the final versions to be available for applications from 13 October 2017.  As explained in my earlier post, the FCA recommends waiting until then, even if you are making an application under the current regulations - otherwise it will need to be updated or re-assessed.


Tuesday, 12 September 2017

FCA Weighs In On #InitialCoinOfferings

The Financial Conduct Authority has just published its thoughts on "initial coin offerings" (ICOs), the issue of cryptographic tokens or 'currency'. There is already a wide variety of purposes for ICOs, making them much harder to classify than your typical stock market "initial public offering" (or IPOs) with which some people seem to be equating them.  The FCA has also provided links to guidance from: 
Many additional risks also arise from the fact that the nature of the 'coins' or cryptographic currency and whether there is a market for those - quite apart from the purpose for which funds are being raised and/or invested in - as well as the distributed ledger in which they and related transactions are based. We are a long way from the usual stakeholders (like regulators) understanding and engaging with the new technology, let alone standardising any kind of process for doing ICOs as 'efficiently' as IPOs or even traditional technology projects (hopefully more so!).

I have no reason to think ICOs won't necessarily become fairly commonplace in due course, but it's appropriate for the regulators to be treading cautiously at present - although they should be supportive of genuine attempts to innovate in this area and engage positively with issuers while warning investors of the risks.

Here's a helpful ICO 'tracker' from CoinDesk.

 


Monday, 11 September 2017

Top Tip: Make Any UK Applications Under #PSD2 From 13 October 2017

The FCA has published several web pages explaining the new authorisation/registration process under the Payment Services Regulations 2017 ("PSRs 2017") and similar process in the existing Electronic Money Regulations 2011 ("EMRs") that are updated by the new PSRs 2017. Basically, firms are "strongly encouraged" by the FCA to make their applications on or after 13 October 2017.

For payment institutions:
"You will be able to submit applications under PSD2 from 13 October 2017, giving you the opportunity to become registered or authorised under the PSRs 2017 from 13 January 2018.
Rather than applying under the PSRs 2009, you are therefore strongly encouraged to make your application under the PSRs 2017, on or after 13 October 2017.
If you decide to apply under the PSRs 2009 and we have not determined your application by 13 January 2018, we will treat your application as being made under the PSRs 2017. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the PSRs 2009 by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the PSRs 2017, and pay an additional application fee.
Businesses applying for re-authorisation under PSD2 will need to submit a complete application by 13 April 2018 in order to continue operating on or after 13 July 2018.
Businesses applying for re-registration will need to submit a complete application by 13 October 2018 in order to continue operating on or after 13 January 2019."
For e-money institutions:
"You will be able to submit applications under PSD2 and the amended EMRs, from 13 October 2017, giving you the opportunity to be registered or authorised under the new regime from 13 January 2018.
Rather than applying under the current EMRs, you are therefore strongly encouraged to make your application under PSD2 and the amended EMRs, on or after 13 October 2017.
If you decide to apply under the current EMRs and we have not determined your application by 13 January 2018, we will treat your application as being made under the amended EMRs. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the current EMRs by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the amended EMRs, and pay an additional application fee.
Businesses applying for re-authorisation or re-registration under PSD2 will need to provide all the information we need with an application by 13 April 2018 in order to continue operating on or after 13 July 2018."