With the vast majority of e-money and payment institutions successfully re-authorised, let’s take a look at how the FCA intends to monitor this growing population of firms.
With all the excitement around re-authorisation, the ban on credit card surcharges and the new payment services activities, the less headline grabbing regulatory changes introduced by the second payment services directive (PSD2) have been somewhat overlooked. One of these changes relates to complaint handling.
The third in my trilogy of PSD2 blogs from ‘Inside the Regulator’. However, as we are now entering uncertain and uncharted territory, in terms of firms that failed to submit applications for re-authorisation in time, my insights are more presumptive than previously.
Drawing on my experience of heading up the Payment Services Authorisations Team at the FCA for many years, I spoke last week (http://blog.fscom.co.uk/psd2-a-glimpse-inside-the-regulator) about the FCA’s expectations for authorisations and re-authorisations, and offered some insight into how they might approach the challenges brought about by PSD2. I now explore the risks inherent in firms wishing to ‘upgrade’ their licences, the new entrants under PSD2 and the FCA’s approach to supervision.
Much of our time is, and seems always to have been, spent trying to interpret exactly what the regulations or, more importantly, the Regulator is expecting. A leading question asked by many compliance officers is, 'what do they expect of my company?'. This is often where the compliance consultant comes in.
It’s been five months since the FCA’s doors opened to applications from the new payment service providers, often referred to as third party providers (TPPs), and two months since they could appear on the Register so it’s a good time to ask how many have seized the opportunity presented by the second payment services directive (PSD2).
The answer is: ‘not so many’.
To some, 13 January and the implementation of the second Payment Services Directive (PSD2) will be a significant milestone in their business’s path. They will be joining the community of the regulated financial services sector, which means that their owners and managers take on significant additional liability and are subject to a new level of scrutiny. They will have to meet certain standards and requirements ranging from the information they must give their customers to the type of insurance they must hold (in the case of the payment initiation and account information service providers) to how they treat client money (for authorised payment and e-money institutions and small e-money institutions).
The second Markets in Financial Infrastructure Directive (MiFID II), and its accompanying regulation the Markets in Financial Infrastructure Regulation (MiFIR), are set to take effect tomorrow (3 January 2018) – some four and a half years after first being approved by the Council of the European Union (and after a year-long delay intended to allow for the development of the complex technical infrastructure required by firms for compliance with the incoming changes).
Last year, the FCA sent a 'Dear CEO' letter about ICAAP. For those who don't know, the ICAAP is a process a firm follows to assess the risks it’s facing currently and in the foreseeable future and calculate an amount of capital it should hold as a buffer against those risks.
The letter was a warning that the exercise shouldn't be a quick totting up of sums without any real engagement in the process. It went only to IFPRU investment firms, though BIPRU firms also have to do ICAAPs. Payment and e-money institutions don't have to do an ICAAP but as those who are tackling their re-authorisation application know, PSD2 places strong emphasis on understanding and managing risks.
In six months’ time, the second Payment Services Directive (PSD2) will be implemented in the UK. And while we don’t yet have finalised implementing documents, progress is being made on what the realised directive will look like.