Firing off an email to the wrong recipient can be embarrassing however sending funds to the wrong beneficiary is not only negligent but can also be costly. With £350 million worth of payments misdirected in 2018 alone and £145 million each year going unrecovered; the benefit of implementing a system to check the name on the account as a way of decreasing the volume is clear.
At the beginning of February this year, eight weeks prior to the original 29th March Brexit date, we published a blog entitled “No-deal Brexit – is there a regulatory backstop?” In this blog, we attempted to summarise what firms could expect in the event we crashed out having failed to agree transitional provisions with the EU27. Eight months, four failed votes and one prime minister later we find ourselves in a painfully similar situation eight weeks before the new Brexit date of 31st October. In this blog we will revisit some the issues addressed in our initial blog, and how these may have changed since the time of writing. I write this though at a time of the utmost uncertainty, with legislation proposed to remove the possibility of No Deal, another Prime Minister under threat, and the possibility of a General Election that might yet result in a new referendum. Nevertheless, let’s deal with the here and now…
Back in October last year, fscom director Alison Donnelly wrote a blog on the FCA’s consultation on new rules for payment and e-money institutions. As explained in that blog, due to FCA concern with how some e-money and payment institutions have communicated with their customers in the past, certain sections of the FCA Handbook are being applied to payment and e-money institutions.
In my previous blog, I outlined the basic requirements of the new obligation, brought in under PSD2 (the second Payment Services Directive), for all payment service providers to apply strong customer authentication (SCA) in certain circumstances. SCA has to be applied both when accessing payment account information and when initiating a payment transaction meaning that a customer checking their account and then paying a couple of bills would have to go through SCA multiple times in one session, which is far from ideal on the user-experience scale. To avoid this, you, as a payment service provider (PSP) can apply one of nine exemptions, if circumstances permit.
Strong customer authentication (SCA) is a valid attempt by the EU to curb electronic payment fraud, including ‘card-not-present’ fraud. From a glance the concept is fairly simple, it will be a regulatory obligation to apply two factor authentication (2FA) to the electronic payment process. However, it’s not all quite as simple as that as SCA has more requirements than just the frequently touted 2FA. This blog will provide the basics on SCA and subsequent blogs will go into more detail on the exemptions and how SCA differs from simple 2FA.
As we marked the first anniversary of PSD2 implementation (at least, in the UK!) this week, there will doubtless be numerous conversation pieces and reflections about the success of PSD2 so far – and its relationship with Open Banking – and what more delights both have to offer in 2019, the year the UK is supposed to leave the European Union.
New rules for payment and e-money institutions
Over the past couple of months, the FCA has been consulting on whether to apply the Principles for Businesses, and some other Handbook rules, to payment and e-money institutions and registered account information service providers. This marks another step in the FCA’s journey towards greater supervision of the non-bank payment services sector.
In a previous blog post, I took a look at the upcoming access changes to the UK’s RTGS system (the Clearing House Automated Payment System) and, in the blog post before that, the UK’s new payment architecture. In the latter, you might remember, we touched on the consolidation of three separate payment service operators (PSOs) – Bacs, Faster Payments Service and the Cheque & Credit Clearing Company – under a New Payments Service Operator (NPSO).
There has been a lot of talk in the financial sector surrounding the topic of PSD2; flagging deadlines, the implications of non-compliance and the opportunities open banking presents. But what about the other industries affected by the new regulation? From the charities and even the accountancy firms that now fall under the FCA’s watchful eye? Have they been forgotten about amid the vicissitudes?