An Updated Approach: the FCA’s new Consultation Paper CP21/3 on Payment Services and E-Money

This note summarises these changes and will be of interest to:

• credit institutions providing payment services and/or issuing e-money;
• payment institutions;
• e-money institutions;
• registered account information services providers;
• firms subject to the temporary permissions regime (the “TPRs”) and the financial services contracts regime; and
• Gibraltar firms providing payment services in the UK.

1. Amendments to the FCA approach document on payments and e-money

The Approach Document sets out the regulators approach to the Payment Services Regulations 2017 (“PSRs”) and the Electronic Money Regulations 2011 (“EMRs”) and acts as a guide for payment services firms and e-money issuers. The FCA propose the following three changes to the guidance in the Approach Document:

1. Strong customer authentication

The FCA is set to update the Approach Document in light of:

• various EBA and European Commission Q&A responses and opinions on SCA, published up to 31 December 2020, including for example: <br/>the clarification from the EU Commission that where there is a fraudulent or unauthorised transaction, a payee’s payment service provider should be liable where it triggers an exemption and the transaction is carried out without applying SCA.Therefore, other than where the payer has acted fraudulently, the payer’s PSP would refund the customer and would then be entitled to be reimbursed by the payee’s payment service providers;<br/>the clarification from the EBA that the corporate exemption is applicable to (physical or not) card payments (as well as other payment instruments) provided those cards are “only available to payers who are not consumers” (i.e. only available to corporate customers); and

• the judgment and conclusions on contactless card payments in the recent European Court of Justice DenizBank[1] case. This opinion indicates that: <br/>NFC functionality of a personalised multifunctional payment card must be classified as a payment instrument (i.e. separate to the card’s other payment instruments);<br/>the possibility of tacit acceptance of changes to a framework agreement must be strictly interpreted and may not be applied to changes to the essential elements of that framework agreement (such as those relating to the addition of NFC functionality in a payment card).

Further, the FCA proposes to make changes to its guidance on dynamic linking, a process which requires a customer’s authentication of a payment instruction to be linked to a specific payee and a specific amount. The FCA’s view is that the SCA would not need to be reapplied where the final amount is higher than the original amount authorised. To make sure that the final payment is reasonably within the amount the customer agreed to when authorising the payment, the payment should not exceed 20% above the amount originally authorised, without further SCA being performed. The FCA believes this is a reasonable amount and further expects business to have made consumers aware that the price could go up and consumers to have agreed to such a possibility before authorising the original amount.

2. Safeguarding and prudential risk management

The FCA is proposing to make permanent its (previously) temporary guidance on safeguarding and prudential risk management. In May 2020, the FCA published a short consultation on coronavirus and safeguarding customers’ funds. It proposed additional temporary guidance to strengthen payment and e-money firms’ prudential risk management and arrangements for safeguarding customers’ funds in the exceptional circumstances of the pandemic. On July 2020, the FCA published its Temporary Guidance taking into account the feedback it received.

3.Other changes to the Approach Document

The FCA has taken this opportunity to make general updates to several areas and proposed the following:

• an extension of the FCA’s Principles for Businesses to the provision of payment services and issuance of e-money by certain payment services providers and e-money issuers;
• the extension of certain communication rules and guidance under the Banking Conduct of Business Sourcebook (BCOBS) to communications with payment service and e-money customers;
• a clarification of FCA expectations on notifications under the limited network exclusion and electronic communications exclusion, which exclude certain activities from the scope of the PSRs and the EMRs, subject to meeting certain conditions;
• general updates to reporting requirements, information sharing from ASPSPs to TPPs, and eIDAS certificates;
• onshoring changes made to legislation, regulatory rules and guidance applicable to payment services and the issuance of e-money to reflect the UK’s exit from the EU. Chapters 2 (Scope), 8 (Conduct of business requirements) and 10 (Safeguarding) in the Approach Document are most affected; and
• the Approach Document has also been updated to address how PSRs, EMRs, its rules and guidance apply to firms with transitional authorisation or who are in the regime for contractual run-off.

2. Amendments to PERG

The FCA intends to amend PERG 15 to provide additional guidance on the types of products that may benefit from the limited network exclusion, and to give guidance on its expectations of firms that benefit from the electronic communications exclusion. For example, PERG 15 would clarify that the exception would:

• not likely apply to online marketplaces, because of the operation and the very broad range of goods and services that can be sold to the sellers that can sell through such marketplaces mean the instrument can be used on them are unlikely to be sufficiently limited; and
• likely apply to team related cards, that can only be used at a specific stadium or team’s website.

3. Amendments to the SCA-RTS

The EU Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication (EU‑RTS) forms part of EU law and supplements the revised Payment Services Directive (PSD2). Following the UK’s withdrawal form the EU, amendments to the PSRs require firms to comply with the SCA-RTS, which is made by the FCA, instead of the EU‑RTS. The SCA-RTS is substantially the same as the EU RTS. However, the FCA states that following discussions with the industry, trade bodies and responses to its recent Call for Input on Open Finance, it has identified barriers to successful competition and innovation in the UK payments landscape and is proposing to make the following changes:

• increasing the single and cumulative transaction thresholds for contactless payments from £45 to £100 (or potentially a maximum of £120) and from £130 to £200 respectively;
• adding a new exemption from SCA when customers access their account information through an account information provider;
• mandating the use of dedicated interfaces (such as application programming interfaces) by account servicing payment service providers (“ASPSPs”) to facilitate third-party provider access to retail and SME customers’ payment accounts;
• changing requirements for publishing interface technical specification, availability of testing facilities, and fallback mechanisms by account providers; and
• treating ASPSPs with deemed authorisation under the TPRs as exempt from the requirement to set up a fallback interface, where the ASPSP has an exemption from its home state competent authority.

These changes are detailed in Appendix 2 of the Consultation Paper.

Next steps

The FCA welcomes all comments on its proposed changes relating to contactless payments by 24 February 2021. For all other aspects of the consultation, the deadline for comment is 30 April 2021.

After this period has elapsed, the FCA will consider the feedback and publish finalised technical standards and guidance.

Co-authored by Anna Burdzy

[1] DenizBank AG v Verein für Konsumenteninformation (Case C-287/19) EU:C:2020:897