Global Payments Newsletter, August 2021

Key developments of interest over the last month include:

Brazil: Central bank publishes details of push towards Phase 2 of Open Banking
United Kingdom: PSR launches Digital Payments Initiative
Estonia: Central bank publishes results of digital euro experiment

In this Newsletter:

Regulatory Developments
Payment Market Developments
Surveys and Reports

For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.

Regulatory Developments

Brazil: Central bank publishes details of push towards Phase 2 of Open Banking

On 2 August 2021, the Central Bank of Brazil published Normative Instruction No. 136 of 29 July 2021 containing new details regarding the country’s push towards Phase 2 of Open Banking.

The Central Bank of Brazil mandates that participating institutions must implement the scaled and efficient launch of Open Banking APIs for the purpose of sharing registration and transactional data. To achieve this, the central bank considers that Phase 2 of Open Banking should be carried out in four cycles, with the first cycle starting on 13 August 2021 and the final cycle ending on 24 October 2021.

The Normative Instruction also places limits on the number of interface calls allowed per participating institution during the launch period, to two interface calls per month for registration data and 120 interface calls per month for transactional data.

United Kingdom: PSR launches Digital Payments Initiative

On 30 July 2021, the Payment Systems Regulator (PSR) launched a new initiative to examine potential barriers to the take-up of digital payments and to identify solutions to these barriers. The move is part of the PSR’s response to the 2020 Access to Cash Working Group’s recommendation for further work on digital payments.

The initiative will be led by the PSR Panel and it will focus on four key areas:

Identifying potential purchases or transactions where digital payments could provide a solution to future needs (e.g. caregivers with multiple clients, budgeting tools);
Collating evidence from other jurisdictions;
Identifying practical challenges for users and small businesses that could prevent the adoption of digital payment options; and
Identifying technical and / or regulatory barriers within the PSR’s remit to enable suppliers of digital payment services to develop new payment solutions.

For the moment, the initiative will be confined to the PSR’s remit. The PSR Panel is expected to present its findings later this year.

Estonia: Central bank publishes results of digital euro experiment

On 26 July 2021, the Eesti Pank, Estonia’s central bank, published a press release and report on the results of its digital euro experiment, carried out alongside the European Central Bank and the central banks of Spain, Germany, Italy, Greece, Ireland, Latvia and the Netherlands.

The experiment saw payments made in digital money between people with digital identities from Estonia, Latvia, Lithuania and Spain. The results showed that the blockchain technology used is easily scalable, meaning that the number of payments in digital euro can quickly be increased if needed. The technology also did not set any essential limits on the size of the money supply, ie it could support the entire supply of euros in circulation and more. Moreover, the technology could be linked to forms of electronic ID so that the security of payments is heightened. The bank considered that the various parties involved could only see information on the payment, but it was still possible to carry out the necessary anti-money laundering controls.

The conclusion was that a novel blockchain-based solution could support an almost unlimited number of payments being processed at the same time with a smaller carbon footprint than the card payment system.

For further information on the EU digital euro project, see the July 2021 Global Payments Newsletter.

France and Tunisia: Central banks successfully conduct cross-border CBDC experiment

On 13 July 2021, the Banque de France announced that it has successfully conducted a cross-border Central Bank Digital Currency (CBDC) experiment with the Banque Centrale de Tunisie.

The experiment involved a wire transfer between two individuals, located in France and Tunisia, in commercial bank money through transfer of wholesale CBDC between the Banque de France and the Banque Centrale de Tunisie. The operation took place on the Instaclear interbank transaction solution based on a private distributed ledger operated by Prosperous.

The Banque de France has stated that the experiment constitutes the first use case of wholesale CBDC as a means to operate retail transfers and paves the way for further studies between central banks to improve remittances. Both participants believe that CBDC is likely to enhance transparency, speed and cost savings.

France has conducted several other similar CBDC experiments, most recently with Singapore (covered in the July 2021 Global Payments Newsletter).

India: Central bank to consider phased launch of CBDC

On 23 July 2021, it was reported that the Reserve Bank of India is considering a phased introduction of CBDC in India. At this stage, the central bank is examining the technology needed to design and introduce such a CBDC.

It is hoped that the introduction of a CBDC will curb the popularity of cryptocurrencies such as bitcoin. The Reserve Bank of India has repeatedly voiced its concerns over the spread and use of cryptocurrencies and the Indian government has been working on a Cryptocurrencies Bill to regulate their use. The central bank reportedly stated that the introduction of a CBDC is not only desirable for its benefits in the payments system, but also to protect the general public from volatile private cryptocurrencies.

Nigeria: Central bank to pilot CBDC from October 2021

On 26 July 2021, it was reported that the Central Bank of Nigeria (CBN) may pilot its CBDC as early as 1 October 2021. Nigeria has been researching the e-naira since 2017.

One of the main use cases for a CBDC in Nigeria is the potential for a CBDC to reduce the cost of international remittances, as Nigeria was the tenth largest remittance recipient in the world in 2020. The introduction of a CBDC would also benefit financial inclusion in Nigeria by making cash more accessible and enabling the population to participate in Nigeria’s growing e-commerce economy.

Colombia: Central bank to launch blockchain bond

On 22 July 2021, the Banco de la República announced the launch of a pilot bond that was issued, placed, negotiated and settled in blockchain technology through the use of smart contracts. The bond will be issued by Davivienda bank and tested through the use of smart contracts for the Colombian stock market. The money will flow through the high-value payment system of the central bank.

The central bank is looking to confirm the benefits of this new technology in the life cycle of a security, from issuance to expiration. The benefits include the potential reduction of operational costs, the optimisation of process times, greater efficiencies in the traceability and security of operations and a better management of financial risks.

Ukraine: Government produces roadmap to integrate cryptocurrencies by 2024

On 21 July 2021, it was reported that the Ukrainian Ministry of Digital Transformation has produced a roadmap to integrate cryptocurrencies in Ukraine by 2024. In particular, the Ministry of Digital Transformation aims to see 50% of Ukrainians using digital currencies by 2024.

The Ministry of Digital Transformation has established a series of working groups for this project. In addition, a draft law on virtual assets was voted through at the first reading in the Ukrainian Parliament in December 2020 and a final regulation is expected to be adopted by the end of the year. Other priorities of the roadmap include promotion of real asset tokenisation and the launch of a pilot fiat-crypto gateway.

United Kingdom: FMLC response to Law Commission call for evidence on digital assets

On 30 July 2021, the Financial Markets Law Committee (FMLC) published its response to the Law Commission's call for evidence on digital assets. The response includes the following points:

The Law Commission's decision not to define the term "digital asset" in the call for evidence may give rise to unintentional legal complexities and ambiguities, given the need to take account of the complex components of any particular asset when considering how digital assets may be dealt with under English law.
In the FMLC's view, the truly novel legal questions that are best addressed by the call for evidence relate to "cryptoassets" in the sense used by UKJT's legal statement on cryptoassets and smart contracts rather than digital assets in the broadest sense. This is because both the technologies underpinning them and the means by which they are being used in practice are novel and are not assimilated readily with other assets familiar to law and practice.
On the overriding question of whether the law needs to recognise digital assets as capable of being in possession, the Committee's view is that it does. It proposes the creation of a third category of personal property recognising digital assets as both intangible and yet capable of possession.

United Kingdom: PSR narrows scope for delivery of New Payments Architecture

On 29 July 2021, the PSR updated its webpage on the New Payments Architecture (NPA) to confirm that it is planning to narrow the scope of the NPA over concerns about the programme’s high risk. The NPA is set to become the UK payment industry’s new way of organising the clearing and settlement of interbank payments, replacing the existing Faster Payments and Bacs retail system. Pay.UK is responsible for delivering the NPA and it is hoped that the NPA will future-proof the UK payment industry.

Also on 29 July 2021, the PSR published a related policy statement and consultation (CP21/8), along with Annexes 1 and 2 and 3 and 4. The document sets out the PSR’s decisions on reducing the risks to successful delivery of the NPA and consults on the draft legal instruments it proposes to use to implement these decisions. Following its February 2021 consultation paper (CP21/2) on delivery and regulation of the NPA , the PSR has decided to phase the development of the NPA by narrowing the scope of the NPA central infrastructure service (CIS) contract and requiring Pay.UK to secure the contract through a competitive tender.

In particular, the PSR will require the CIS contract to include, at a minimum, buying services needed to support single push payments (which will allow most Faster Payments transactions to migrate to the NPA). The PSR has also reserved the power to object to the inclusion of additional services and system functionality in the CIS.

The PSR intends to vary Specific Directions (SDs) 2 and 3 to enable the phasing of the NPA's development. The draft legal instruments varying SDs 2 and 3 are set out in Annexes 3 and 4.

Comments can be made on the proposals until 10 September 2021. The PSR plans to give the directions to vary the SDs in Q4 2021. It will shortly publish non-confidential versions of the responses it received to CP21/2 and consolidated versions of the SDs showing the changes it proposes to make.

By the end of 2021, the PSR plans to publish a separate policy statement setting out its regulatory framework for the NPA, following its January 2020 call for input on competition and innovation in the NPA (CP20/2).

Brazil: Central bank to incorporate payment initiation service into real-time payment system

On 22 July 2021, the Banco Central do Brasil approved Resolution No. 118 updating and amending the PIX rules. PIX is Brazil’s real-time payment system, which is used by all QR code-based digital wallets in Brazil to make instant payments or transactions.

Among other things, Resolution No. 118 announces the launch of a payment initiation service embedded in PIX. Currently, PIX transactions can be made at ATMs and via internet banking. The purpose of the payment initiation service is to reduce friction and simplify the payment process by making e-merchants the payment starters.

The initiation service on PIX will take place when the institution that provides the initiation service is different from the institution that holds the paying user's account. It will be necessary for the user to consent to the sharing of the service, in line with Open Banking rules. All PIX features will be available through the initiation service.

United Kingdom: Government consults on operation of digital ID system and publishes updated digital identity and attributes trust framework

On 19 July 2021, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation on digital identity (digital ID) and the governing body which will oversee the rules on digital ID. The consultation asks for views on how the digital ID system should operate, including proposals for a governing body which will be charged with making sure organisations follow government rules on digital ID.

The consultation seeks views on three key issues:

The governance system to oversee digital ID and to make sure that organisations comply with the rules;
How to allow trusted organisations to make digital checks against authoritative government-held data, in the way that physical passports can be checked; and
Establishing the legal validity of digital ID, so people can be confident that they are as good as physical documents like passports or bank statements.

By way of guidance, the consultation proposes a principle-based approach to digital ID and digital attributes. The principles envisaged include:

Privacy - people should have confidence that there are measures in place to ensure their confidentiality and privacy;
Transparency – people should be able to understand what digital data was checked, by whom, why and when;
Inclusivity – any digital ID policy should promote financial inclusion and people who want or need a digital ID should be able to obtain one; and
Interoperability - there needs to be agreed technical and operating standards across the UK’s economy to define what good quality digital ID products look like.

The consultation also includes proposals for managing liability as it relates to redress for consumers.

The consultation closes on 13 September 2021. For further information, see this press release.

On 2 August 2021, the DCMS published an updated version of its digital identity and attributes trust framework (first published in February 2021) following previous feedback, together with a press release. The trust framework is still in the alpha phase of development.

Updated content includes changes relating to the certification scheme for the trust framework, eg details on how organisations will become certified against the trust framework in the future, including how the independent assessment will take place. The process will involve bodies accredited by the UK Accreditation Service (UKAS) completing service audits to assess eligibility.

China and Hong Kong: Shenzhen finalizes local data regulation

On 6 July 2021, the Standing Committee of People’s Congress in Shenzhen (China’s leading technology and innovation hub) released the Data Regulations of Shenzhen Special Economic Zone (the Shenzhen Data Regulation), which will come into force as of 1 January 2022.

On 10 June 2021, China promulgated its Data Security Law (DSL), introducing a number of important data-related regulatory initiatives, such as the development of a national big data strategy and the development of data security standards. In a number of ways the Shenzhen Data Regulation takes forward a number of key parts of the DSL’s regulatory framework, with specific implementation for the Shenzhen Special Economic Zone.

Similarly, there has been much national level focus on the pending implementation of China’s Personal Information Protection Law (PIPL). Expected later this year, the PIPL will be the mainland’s first comprehensive data protection regulation. A number of the measures under the Shenzhen Data Regulation have touchpoints with the PIPL, drawing from Shenzhen’s specific context as a hotbed for technological innovation.

The Shenzhen Data Regulation is closely linked to China’s ambitions to further develop its Greater Bay Area initiative. In February 2019, the State Council of the People’s Republic of China, together with the Central Committee of the Communist Party of China, published the Outline Development Plan for the Guangdong-Hong Kong-Macao Greater Bay Area, which proposes to jointly develop a Greater Bay Area big data centre as well as provide a platform for international innovation.

Once it receives final approval, the Shenzhen Data Regulation will formally provide a legal framework for multiple emerging and advanced industries such as artificial intelligence technology and open source systems, artificial intelligence financial technology, blockchain technology and trusted computing, industrial intelligent Internet of Things and intelligent robotics.

For more on the Shenzhen Data Regulation, take a look at our Engage article.

United Kingdom: EPA publishes response to FCA’s proposed consumer duty

On 3 August 2021, the Emerging Payments Association (EPA) published a paper in response to the FCA’s May 2021 consultation paper on a new consumer duty.

The paper expresses the view that, despite the good intention of protecting consumers, the FCA’s proposed new consumer duty will create extra burdens on firms, providing extra costs and another layer of administration which will inevitably exclude smaller players and will create an extra barrier to market entry, resulting in the consolidation of bigger players and harming broader competition.

The EPA considers that measuring culture is notoriously difficult, expensive and affected by external social and economic factors, such as a pandemic. As a result, the EPA is concerned about how firms would be able to provide evidence that demonstrates compliance with this extra duty placed on payments firms.

The EPA also questions whether the new consumer duty should apply to all firms in the payments industry; it urges the FCA to consider excluding firms that are not retail consumer-facing from the consumer duty.

For further details on the new consumer duty, see this Engage article.

United Kingdom: Government consults on reforms to competition and consumer protection law

On 20 July 2021, the Department for Business, Energy & Industrial Strategy launched a consultation on reforms to competition and consumer policy. The consultation seeks views on three key areas, namely promoting competition, updating consumer rights and strengthening the enforcement of consumer law by individuals and regulators.

Among other things, the government is proposing to:

Tackle subscription traps by strengthening and clarifying the law on pre-contract information so that consumers know what they are signing up for and are given a choice on auto-renewal (although contracts for goods, services and digital content where an interruption in supply could result in serious harm to consumer welfare – for example contracts for financial services such as insurance - would be excluded from the proposals);
Strengthen prepayment protections for consumers by amending the law to mandate that consumer prepayment schemes like Christmas savings clubs have means to safeguard customers’ money. In addition, the government is considering the Law Commission's April 2021 proposals on possible new rules on when ownership in goods transfers to consumers in order to address the risk of unfairness and unenforceability of online retailers’ T&Cs under the Consumer Rights Act 2015 (CRA), any negative impact on the protection consumers have from retailers' obligations to deliver goods within 30 days of contract formation (under the CRA), and their ability to claim a refund under section 75 of the Consumer Credit Act 1974.
Reform the CMA’s (and possibly also sector regulators’, including the FCA’s) civil consumer enforcement powers under Part 8 of the Enterprise Act 2002 (EA) to allow for enforcement through an administrative model (in which the CMA can control the timetable for investigations and conclude cases faster);
Expand civil sanctions, including fining powers for:
- Non-compliance with information gathering powers (applying across all CMA competition tools). The CMA would be able to impose fines of up to 1% of a business’ annual turnover, with an additional daily penalty of up to 5% of daily turnover while non-compliance continues. The CMA, and possibly sector regulators in future, would be able to impose these fines directly under their administrative model for consumer enforcement;
- Breaches of undertakings. Three possible approaches to enhance enforceability are proposed; and
- Breaches of consumer protection law. The CMA would be able to impose fines on firms of up to 10% of global turnover for consumer law breaches (the same penalty as for breach of competition law). Again the CMA, and possibly sector regulators in future, would be able to impose these fines directly under their administrative model.â€‹
Ensure more effective market inquiries. For more on the competition aspects of the consultation, take a look at our Engage article.

The consultation closes on 1 October 2021.

The Government has also launched a separate consultation on a new pro-competition regime for digital markets, as to which please see the below item.

United Kingdom: DCMS and BEIS launch consultation on pro-competition regime for digital markets

On 20 July 2021, the Department for Digital, Culture, Media and Sport (DCMS) and the Department for Business, Energy and Industrial Strategy (BEIS) launched a consultation on a new pro-competition regime for digital markets.

The consultation observes that there is an unprecedented concentration of power amongst a small number of digital firms which is holding back innovation and growth. There is also compelling evidence that the features of digital markets, in the UK and internationally, often lead them to ‘tip’ in favour of a single incumbent, which can be difficult to reverse and can lead to higher prices, barriers to entry for entrepreneurs and less choice and control for consumers.

To promote competition, the consultation makes a series of proposals including:

Giving the Digital Markets Unit that has been established within the CMA powers to introduce interventions and to monitor and enforce the new regime;
Using an evidence-based assessment to identify those firms with substantial and entrenched market power, in at least one digital activity; and
Subjecting firms with strategic market status (SMS) to an enforceable code of conduct that will set out how they are expected to behave.

The consultation closes on 1 October 2021.

For more information, take a look at our Engage article on the consultation.

United States: Regulators consult on third party relationships guidance

On 13 July 2021, the Federal Deposit Insurance Corporation launched a consultation on proposed guidance designed to help banks to manage risks associated with third party relationships.

The proposed guidance highlights that banks should undertake ongoing monitoring of each of their third party service providers that support critical activities and be prepared to address interruptions in delivery, for example by using multiple payment systems. Also, when using third party service providers in mobile payment environments, banks are expected to act in a manner consistent with OCC Bulletin 2013-29 by working with mobile payment providers to establish processes for authenticating the enrolment of customers’ account information that the customers provide to the mobile payment providers.

The consultation remains open for 60 days from the proposed guidance’s publication in the Federal Register.

United Kingdom: PSR publishes open letter regarding Confirmation of Payee

On 21 July 2021, the PSR published an open letter to UK Finance and the Specific Direction 10 banks on Confirmation of Payee (CoP) Phase 2. The letter concerns the Specific Direction 10 banks’ CoP Phase 2 implementation plans and was prompted by Pay.UK’s recent announcement that CoP Phase 2 has opened for enrolment.

The letter encourages the banks’ commitment to enrol in CoP Phase 2 by the end of 2021. The PSR also confirms that it will continue to engage with the Specific Direction 10 banks and Pay.UK to monitor the delivery of the commitment and take steps to direct delivery where appropriate.

The PSR’s recent consultation on Phase 2 of CoP was covered in the June 2021 Global Payments Newsletter.

United Kingdom, Iceland, Norway and Liechtenstein: Governments publish FTA

On 16 July 2021, the governments of the United Kingdom, Iceland, Norway and Liechtenstein signed a Free Trade Agreement (FTA) covering, among other topics, financial services and payments.

Some of the key provisions in the FTA include:

Each country shall grant established financial service suppliers of another country access to payment and clearing systems operated by public entities, and to official funding and refinancing facilities available in the normal course of ordinary business;
There will be free movement of capital and payments related to transactions liberalised under the FTA;
There will be free movement of capital for the purpose of liberalisation of investment and other transactions; and
If a country experiences serious balance of payments or external financial difficulties, or threat thereof, it may adopt or maintain restrictive measures with regard to capital movements, payments or transfers.

Europe: Commission launches consultation on legislative proposals for AML / TF action plan

On 22 July 2021, the European Commission launched a consultation on several legislative proposals as part of its initiative on preventing money laundering and terrorist financing (AML / TF). The Commission seeks views on the following proposals:

New rules for the private sector, which include transferring the existing rules for the private sector from a Directive to a Regulation, giving the EU more control and supervision over how AML / TF progress is implemented in the private sector;
A new EU Authority for AML to create an EU wide organisational and technical framework for detecting money laundering activities on an operational and strategic level;
New national mechanisms to be put in place for the prevention of the use of the EU financial system for money laundering or terrorist financing; and
New rules on information accompanying transfers of funds and certain cryptoassets.

The consultation period closes on 12 October 2021.

United Kingdom: HM Treasury launches call for evidence and consultation on revised AML / TF regime

On 22 July 2021, HM Treasury published a call for evidence and a consultation on a review of the United Kingdom’s AML / TF regulatory and supervisory regime. The review was prompted by the Economic Crime Plan 2019-2022, which committed HM Treasury to a comprehensive review of both the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) and the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017 (OPBAS regulations).

The review will focus on three key themes:

The overall effectiveness of the regimes and their extent;
Whether key elements of the current regulations are operating as intended; and
The structure of the supervisory regime including the work of OPBAS to improve effectiveness and consistency of public body supervisors (PBS) supervision.

Notably, the consultation seeks views on specific amendments to the scope of the regulated sector to exempt particular payment service providers (e.g. AISPs and PISPs, which do not hold payment service users’ funds) which may present low risk of money laundering and terrorist financing.

Input will be accepted until 14 October 2021. A final report setting out the findings of the review and possible options for reform will be published no later than 26 June 2022.

Europe: EBA consults on new guidelines on role of AML / TF compliance officers under MLD4

On 29 July 2021, the EBA published a consultation on the role of AML / TF compliance officers under the Fourth EU Money Laundering Directive (MLD4). The consultation arises out of reports that suggest that the requirements set out in MLD4 have been implemented unevenly across different sectors and Member States, and that they are not always applied effectively.

The consultation proposes clear expectations of the compliance officer role, tasks and responsibilities. More specifically, compliance officers need to have a sufficient level of seniority, which includes the powers to propose, on their own initiative, all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML / TF measures to the management body in its supervisory and management function.

The consultation closes on 2 November 2021.

Europe: Commission publishes consultation on proposed Directive on cross-border law enforcement access to bank account registries

On 22 July 2021, the European Commission launched a consultation on a proposed Directive on cross-border law enforcement access to bank account registries. The rationale behind the consultation is that in order for authorities in one Member State to obtain information on subjects of an investigation who hold bank accounts in another Member State, they currently have to collect the information via police cooperation or judicial cooperation channels, which is an often burdensome and time-consuming process. The consultation is part of the Commission’s initiative on access to interconnected bank account registries during such cross-border investigations.

A legislative proposal for the Directive and an accompanying staff working document have also been published. The consultation seeks views on the legislative proposal, which would require Member States to ensure that the information from centralised bank account registries is available through the bank account registers (BAR) single access point to be developed and operated by the Commission.

The consultation closes on 21 September 2021.

Europe: Industry, Research and Energy Committee adopts position on Data Governance Regulation

On 15 July 2021, the Industry, Research and Energy Committee (ITRE) in the European Parliament published a press release detailing its position on the proposed EU Data Governance Act (DGA).

The proposed DGA encourages the sharing of data generated by public authorities, private sector organisations and individual citizens (data holders) by providing a good governance framework, ensuring that data can be made available voluntarily by data holders and can flow within the EU and across sectors.

ITRE welcomed the proposed DGA and made amendments to clarify the scope of the legislation. These amendments include specifying that big tech companies fall within the scope of the DGA, requiring public bodies to avoid exclusive agreements for the reuse of certain data and asking Member States to lay down penalties for infringement.

United Kingdom: CMA publishes letter requiring VRPs for sweeping

On 26 July 2021, the Competition and Markets Authority (CMA) published a letter to the Open Banking Implementation Trustee mandating Variable Recurring Payments (VRPs) as the mechanism for implementing sweeping, which is the automatic transfer of money between a customer's own accounts.

In a related press release, the OBIE explained that “VRPs allow customers to safely connect authorised payments providers to their bank account so that they can make payments on the customer’s behalf within agreed parameters that offer more control and transparency than existing alternatives.”

The CMA considers that VRPs are the sole method that meet the relevant criteria for sweeping and that making effective provision for sweeping is an important element of Open Banking. Despite the costs associated with VRPs, the CMA considers that, given the likely scale of benefits of sweeping, the absence of effective alternatives and its importance to the Open Banking remedy, it is proportionate to mandate VRPs.

This development means that the largest UK current account providers will have to implement VRPs within the next six months and allow free access to third party providers who are using VRPs to enable their customers to move money from their current accounts to other accounts.

Europe: Codified Regulation on cross-border payments published in OJ

On 30 July 2021, Regulation 2021/1230 on cross-border payments in the EU was published in the Official Journal of the European Union (OJ). The Regulation brings together all existing rules on cross-border payments in the EU, codifying and replacing the existing Regulation on cross-border payments (924/2009). It enters into force on 19 August 2021.

United Kingdom: FCA regulatory sandbox moves to “always open”

On 2 August 2021, the FCA announced that the regulatory sandbox has reopened for applications and will now remain open throughout the year, in line with one of the recommendations of the Kalifa Review of UK FinTech. The sandbox is for authorised firms, unauthorised firms that require authorisation, and technology businesses that are looking to deliver innovation in the UK financial services market.

To assist with applications, the FCA has also published a regulatory sandbox application guide, which contains information to help applicants answer each question on the regulatory sandbox form.

For further details on the rationale behind moving to an “Always Open” application cycle, see the July 2021 Global Payments Newsletter.

Europe: EDPB and EDPS issue joint opinion on the EU’s proposed AI Regulation

On 18 June 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion on the European Union’s proposed AI Regulation.

The EDPB and EDPS have called for significant modifications to the existing draft, highlighting that in its current form the AI Regulation fails to adequately address key topics such as supervision, the scope of permitting AI in certain situations and the role of the AI Regulation in the data protection framework.

Some of the key changes suggested in the joint opinion are:

Improving the harmonisation between the AI Regulation and the EU’s data protection framework;
Prohibiting the use of biometric identification in public spaces;
Expanding the current list of AI systems considered to be high risk;
Giving supervisory authority to national data protection authorities; and
Introducing a single point of contact for organisations in each Member State.

For further details, see our Engage article on the opinion.

United Kingdom: Treasury Select Committee requests information from FCA on approach to frozen bank accounts

On 22 July 2021, the Treasury Select Committee published a letter to the CEO of the FCA requesting information on the FCA’s approach to frozen bank accounts. The letter poses a series of questions to the FCA, including:

Why does the FCA believe that some banks have frozen the bank accounts of vulnerable customers on low incomes?
What customer service standards does the FCA expect from banks when they move to freeze bank accounts?
How is the FCA ensuring that banks treat customers fairly in relation to freezing bank accounts, and how is it ensuring that all banks have the same standards?

United Kingdom: HM Treasury consults on proposed Senior Managers and Certification Regime for FMIs

On 20 July 2021, HM Treasury launched a consultation on creating a Senior Managers and Certification Regime (SMCR) for Financial Market Infrastructures (FMI), including payment systems recognised under the Banking Act 2009 and specified service providers to those recognised payment systems.

HM Treasury considers that FMIs are institutions that underpin the UK’s economy and financial system and a well-functioning system of FMIs creates stability in the financial services sector and provides critically important functions. The proposed SMCR would be similar to the corresponding regime for banks, insurers and other authorised persons. The Bank of England would be granted new powers to implement, supervise and enforce the regime.

The consultation closes on 22 October 2021. For further information, see this Engage article.

United Kingdom: PRA publishes policy statement on approach to supervising international banks

On 26 July 2021, the PRA published a policy statement on its approach to supervising branches and subsidiaries of international banks. The policy statement provides feedback to a January 2021 consultation paper on the same topic.

In the policy statement, the PRA lays out its expectations regarding the arrangements that firms should have in place to ensure they can be effectively supervised, and explains how it will assess such firms against its threshold conditions. Based on responses to the consultation, the PRA has further refined its expectations, which include:

Clarifying that the PRA will take a proportionate approach to implementation by requiring firms to meet the expectations over a reasonable time frame;
Explaining that where the PRA identifies concerns that a branch would fail to meet its expectations for effective supervision, the PRA may exercise its powers under the Financial Services and Markets Act 2000 (FSMA) to apply specific regulatory requirements at branch level;
Explaining the process that the PRA will adopt in obtaining group information, and clarifying that it will take a tailored approach to each group in light of the relevant factors and circumstances; and
Explaining the PRA’s expectation that international banks understand the extent of the services - and associated risks - they provide to external end users in the UK.

Europe: ECB publishes response of Eurosystem to independent review of incidents affecting TARGET Services

On 28 July 2021, the ECB published the response of the Eurosystem to the Deloitte independent review of incidents that affected TARGET Services (in particular, TARGET 2 and TARGET 2 Securities) in 2020.

In 2020, TARGET Services encountered a number of major incidents relating to information technology and affecting payment transactions and securities processing. As a result of the frequency of the incidents and their relevance, the ECB decided to launch an external and independent review.

The independent review makes a series of recommendations, including:

Implementing risk assessments within relevant processes, especially in change management, and deciding on the criticality of processes and IT elements, in particular business impact analysis;
Improving documentation by, among other things, introducing umbrella documents for complex processes; and
Enhancing organisational and governance structures, including implementing a common second line of defence.

The Eurosystem accepted the recommendations made by the independent review and is committed to implementing the recommendations in full.

The ECB has also published an abridged and redacted excerpt from Deloitte's review report and a letter to the European Parliament's Economic and Monetary Affairs Committee (ECON) in which it notes the review's findings and the Eurosystem's response and commits to keeping the Parliament and the wider public informed about progress in implementing the recommendations.

United Kingdom: LSB outlines ongoing and future work on CRM code for APP scams

On 5 August 2021, the Lending Standards Board (LSB) published a press release on ongoing and future work on the contingent reimbursement model code (CRM code) for authorised push payment (APP) scams. Points of interest include:

The LSB is still in the course of analysing the results of its March 2021 call for input on the CRM code, but it provides some information on the responses received. Respondents suggest that the risk of APP scams is not evenly distributed among payment providers. Some believe that the CRM code does not take account of more diverse business models and point out that APP scams continue to evolve using different mediums such as cryptocurrencies.
The LSB recognises it is vital that protections are afforded to as many customers as possible. Therefore, it will carry out work to further review the wording of the CRM code to ensure that a wider range of firms are able to sign up to, and implement, it, while retaining a consistent level of consumer protection across the board.
The LSB has introduced interim registration, allowing firms to demonstrate their commitment to becoming a fully registered firm with an LSB standard or code and setting a timeframe in which they are to become compliant. At the same time, the LSB conducts due diligence on the firm to ensure the customer protections are met at the point they reach full registration.
The LSB will set out a timeline for making the confirmation of payee (CoP) provisions in the CRM code effective for those firms who have this functionality. It will continue to work closely with the PSR and Pay.UK as they work towards Phase 2 of CoP activity.
Other key areas of work for the LSB include refreshing the customer-facing document that accompanies the CRM code and working towards defining success measures of the code.

The LSB plans to publish a full report from the call for input in autumn 2021.

Global: CPMI publishes work programme for 2021/22

On 5 August 2021, the Committee on Payments and Market Infrastructures (CPMI) published its work programme for 2021/22. In a related press release, the CPMI explains that this is the first time it has published its work programme, and it has done so due to a commitment to increased transparency.

The work programme focuses on:

Shaping the future of payments, including work on enhancing cross-border payments, analysing and addressing policy issues arising from payment innovations (such as central bank digital currencies and stablecoins), and monitoring changing trends in payments; and
Evaluating and addressing risks in financial market infrastructures (FMIs), including evaluating and addressing issues relating to the resilience and recovery of FMIs (such as payments fraud, cyber risk, FX settlement risk and climate change-related risk, as well as risks arising from the COVID-19 pandemic).

Payment Market Developments

United States: PayPal removes annual crypto purchase limit

On 15 July 2021, PayPal announced that it was removing its annual purchase limit on cryptocurrencies for PayPal customers in the United States. Additionally, the company has also raised the weekly purchase limit to USD 100,000. PayPal hopes that the move will enable customers to have more choice and flexibility in purchasing cryptocurrency through PayPal.

Global: PayU and Celo partner to bring stablecoin payments to merchants

On 21 July 2021, it was reported that PayU and Celo have partnered to launch a stablecoin payment option for hundreds of thousands of merchants in more than fifty markets worldwide. PayU believes that stablecoins are well-suited for the high-growth markets it operates in due to their protection from the volatility of some fiat currencies and cryptocurrencies.

United Kingdom: Barclaycard partners with Visa to launch cashback programme

On 26 July 2021, it was reported that Barclaycard and Visa have teamed up to launch an automatic cashback feature when using Barclaycard credit cards at a selection of retailers. Customers can earn up to 15% cashback when making purchases, which can be redeemed back to their Barclaycard, traded for an e-voucher or donated to a chosen charity.

Global: Shopify enables merchants to sell NFTs

On 27 July 2021, Shopify announced that non-fungible tokens (NFTs), a form of cryptoasset that records ownership of digital items, can now be sold directly through its online store. It is hoped that the move will give merchants more control over the sale and allow them to build deeper customer relationships.

Global: Twitter and Amazon announce crypto payments integration

On 28 July 2021, it was reported that Twitter and Amazon have confirmed they will allow customers to make payments using cryptocurrencies. Twitter will enable cryptocurrency payments for features on its platform such as Tip Jar, which lets users receive tips from followers. Amazon is still considering the role of cryptocurrencies in its model and has advertised a new role on its payments team to develop a Digital Currency and Blockchain strategy.

Australia: Eftpos completes QR code payments infrastructure

On 28 July 2021, Eftpos announced that it has completed its new QR code payments infrastructure and the first commercial trials will begin in the coming weeks. The infrastructure is designed to provide secure and enhanced consumer purchasing and engagement experiences through loyalty, offers, receipts and added security. The infrastructure allows merchants to grow their sales with low cost QR acceptance using enriched data and integrated customer loyalty services.

Vietnam: Visa Direct enables instant receipt of remittances

On 30 July 2021, it was reported that Visa has partnered with a number of Vietnamese banks to offer instant remittances for Vietnamese customers through Visa Direct. The remittance payments must be made through MoneyGram, Remitly or a number of other partners to benefit from the feature. Vietnam is one of the ten largest remittance recipients in the world.

Russia: Moscow Metro tests facial recognition payments

On 2 August 2021, it was reported that the Moscow Metro has started testing facial recognition payment systems on Line 4 of the transit network. The transport agency is testing three different systems from Russian-based developers VisionLabs, Ntechlab and Tevian. One thousand commuters are currently part of the testing phase, and Moscow Metro employees are already using the service and have made more than 1m successful passes.

India: Neokred and Virenxia develop card for farmers

On 2 August 2021, it was reported that fintechs Neokred and Virenxia have partnered to develop an exclusive payment card for Indian farmers. The aim of the project is to facilitate economic empowerment in India’s rural areas.

United Kingdom: Nationwide cards become certified by the Royal National Institute of Blind People

On 3 August 2021, the Royal National Institute of Blind People announced that it has certified Nationwide Building Society’s “dot and notch” cards. The card design will enable members to distinguish between credit and debit cards by touch and to determine which way the card needs to be inserted into card machines and ATMs.

Philippines: GCash and Ayannah partner to provide accessible financial services

On 8 August 2021, it was reported that Philippines-based digital wallet provider GCash and fintech Ayannah have partnered to offer more affordable and accessible financial services through a new service named GCash Padala. Users will be able to remit funds through GCash Padala even if the recipient does not have an active digital wallet or mobile banking account.

Canada: Scotiabank converts credit card repayments into BNPL instalments

On 9 August 2021, Scotiabank announced that it is set to begin converting credit card repayments into Buy Now Pay Later (BNPL) plans, with the option to pay off debt in three, six or twelve payments. Plan details are included in credit card statements and can be cancelled at any time without additional fees or penalties.

Surveys and Reports

Global: The Paypers Payment Methods Report 2021

On 21 July 2021, The Paypers published its annual Payment Methods Report for 2021. The report examines trends in payment methods over the last year, as well as how Account-to-Account (A2A) payments, BNPL, mobile payments, and payment cards have been developed to meet acceptance and adoption in the payments ecosystem.

Key conclusions from the report include:

Consumers have less patience with cumbersome checkouts and want an “anytime, anywhere, on any device” experience;
When it comes to payment methods, cards and e-wallets are still the two major methods, but A2A payments and BNPL have gained momentum, with the former making up 13% of payments in Europe;
BNPL accounted for 2.1% of e-commerce transactions worldwide in 2020 and that value is expected to double by 2024;
In-store purchases are declining and an estimated 10% of all sales will occur via Click and Collect by 2025; and
Subscription payments in Europe have grown at a rate of 21.7% and continue to increase.

Southeast Asia: ACI Worldwide report on real-time digital payments

On July 8 2021, ACI Worldwide published its report on real-time digital payments in Southeast Asia, showing how real-time transaction volumes and values have jumped significantly since the onset of the COVID-19 pandemic. Real-time payments are payments that are initiated and settled nearly instantaneously.

The report found that real-time payment schemes have achieved rapid adoption in Southeast Asia as 61% of survey respondents selected real-time payments as their preferred method of payment in 2021. In addition, the report predicts that the popularity of real-time payments will continue to increase, in particular in Malaysia (83.9% projected growth rate between 2020 and 2025) and Thailand (32% projected growth rate between 2020 and 2025).

With respect to future steps, the report considers that real-time payments systems for low and high value payments should be consolidated in time to match the increasing need for real-time payments in all types of businesses. The report concludes that Southeast Asia should make a consumer-driven case for continued payments modernisation.

United States: PYMNTS.com US Open Banking Tracker

On 30 July 2021, PYMNTS.com published its July 2021 Open Banking Tracker for the United States. The tracker analyses how consumers’ payment and banking expectations have shifted over the past year, as well as how open banking can meet them.

With respect to open banking, some of the key conclusions from the July 2021 Tracker include:

Consumers are beginning to default to digital channels for their shopping or financial needs, which is prompting them to pay more attention to how digital businesses collect, store and use their data. This is where open banking technologies such as APIs can come into greater play, enabling fast payments while also providing better security;
A significant portion of consumers are still confused about what open banking really is, which has a negative effect on consumers’ trust in open banking systems; and
Slower or more cumbersome payments can take a significant toll on businesses’ profits, with one study finding that one in five online merchants worldwide cited outdated payment infrastructure as the reason for a lack of growth at their own organisations.

Authored by Virginia Montgomery and Julie Patient

Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar