To some, 13 January and the implementation of the second Payment Services Directive (PSD2) will be a significant milestone in their business’s path. They will be joining the community of the regulated financial services sector, which means that their owners and managers take on significant additional liability and are subject to a new level of scrutiny. They will have to meet certain standards and requirements ranging from the information they must give their customers to the type of insurance they must hold (in the case of the payment initiation and account information service providers) to how they treat client money (for authorised payment and e-money institutions and small e-money institutions).
The second Markets in Financial Infrastructure Directive (MiFID II), and its accompanying regulation the Markets in Financial Infrastructure Regulation (MiFIR), are set to take effect tomorrow (3 January 2018) – some four and a half years after first being approved by the Council of the European Union (and after a year-long delay intended to allow for the development of the complex technical infrastructure required by firms for compliance with the incoming changes).
Last year, the FCA sent a 'Dear CEO' letter about ICAAP. For those who don't know, the ICAAP is a process a firm follows to assess the risks it’s facing currently and in the foreseeable future and calculate an amount of capital it should hold as a buffer against those risks.
The letter was a warning that the exercise shouldn't be a quick totting up of sums without any real engagement in the process. It went only to IFPRU investment firms, though BIPRU firms also have to do ICAAPs. Payment and e-money institutions don't have to do an ICAAP but as those who are tackling their re-authorisation application know, PSD2 places strong emphasis on understanding and managing risks.
In six months’ time, the second Payment Services Directive (PSD2) will be implemented in the UK. And while we don’t yet have finalised implementing documents, progress is being made on what the realised directive will look like.
The FCA’s proposed interpretation of the safeguarding obligation is causing serious concern in the industry. Under the new guidance, payment and e-money institutions will be expected to match the value of payments they make on behalf of their clients from their own funds because they will have to both keep the value in a safeguarding account and remit it to the payee.
For years, the UK charted a lonely but pragmatic course with its interpretation that deliverable FX forwards are not investment instruments. UK payment and e-money institutions can offer such products without requiring authorisation under the Financial Services and Markets Act 2000 (FSMA) while counterparts elsewhere in the EEA had to be regulated. The implementation of MiFID II in January 2018 will, among other things, confirm the UK’s position but the new definition is a little tighter than what we are used to in the UK and payment and e-money institutions must consider whether they want to remain unregulated.
The technical glitch that left thousands of customers of high profile fintech start-ups without access to their money last month should act as a major wake up call to payment services providers across the UK.