STOP PRESS: Introducing FIS Horizons 2024 - a deep dive into the key trends shaping the financial industry for the year ahead. In this outlook, our Financial Institutions sector provides guidance and insight on five key themes which will help you to adapt to the changing legal, regulatory and governance landscape. And as we look ahead to the future, we reflect on the sector’s resilience demonstrated amidst the challenges of 2023.

In this Newsletter:

• Regulatory Developments: Payments

• Regulatory Developments: Digital Assets

• Market Developments

• Surveys and Reports

For previous editions of the Payments Newsletters, please visit our Financial Services practice page.

Regulatory Developments: Payments

United Kingdom: PSR publishes final policy statement on mandatory reimbursement requirement for APP fraud

On 19 December 2023, the Payment Systems Regulator (PSR) published its final policy statement on the new mandatory reimbursement requirement for authorised push payment (APP) fraud within Faster Payments.

Key points from the policy statement include confirmation that:

• The APP reimbursement requirement will come into force on 7 October 2024;
• The maximum mandatory reimbursement level, applicable to all in-scope consumers, will be set at £415,000 for each single APP scam case; and
• Payment service providers (PSPs) may charge an optional levy of £100 per claim, but vulnerable customers will be exempt from any such excess.

The PSR recognises that the start date of 7 October 2024 "will still be a challenging target for some PSPs, but the protection of APP scams victims must be prioritised.”

The PSR has also confirmed that the consumer standard of caution exception to the reimbursement requirement will consist of:

• The requirement to have regard to interventions: ie tailored, specific interventions made either by the consumer's sending PSP, or by a competent national authority, where they communicate clearly their assessment of the probability that an intended payment is an APP scam payment.
• The prompt reporting requirement: that consumers must promptly report to their PSP once they learn or suspect that they have fallen for an APP scam (and not more than 13 months after the last relevant payment was authorised).
• The information sharing requirement: that consumers should respond to any reasonable and proportionate requests made by their PSP in assessing a reimbursement claim, including under the 'stop the clock' rules.
• The police reporting requirement: that consumers should, after making a reimbursement claim, and on request by their PSP, consent to the PSP reporting to the police on the consumer’s behalf or request the consumer report directly the details of an APP scam to a competent national authority.

Where a PSP can prove that a consumer has not met one or more of the standards through gross negligence (taken to mean a “significant degree of carelessness” and a higher standard than negligence under common law), they will not be required to reimburse the consumer. However, the PSP will also need to look at the reason why the consumer did not meet a requirement in order to determine whether the consumer was grossly negligent.  

Alongside the policy statement, the PSR has also published a Consumer standard of caution exception notice and accompanying Consumer standard of caution exception guidance. As stated in the notice, PSPs are not allowed to rely on the consumer standard of caution exception where the consumer is vulnerable, and this had a material impact on their ability to protect themselves from the scam.

The final versions of the three instruments which will give effect to the policy have also been published:

• Specific Requirement 1.  This is imposed on Pay.UK and requires them to create the reimbursement rules through amending the Faster Payment rules by 7 June 2024;
• Specific Direction 19.  This is addressed to Pay.UK and directs them to, among other things, provide to the PSR proposals for an effective compliance monitoring regime by 5 April 2024, with the final regime to be published by 7 June 2024; and
• Specific Direction 20.  This is addressed to PSPs and sets out the reimbursement requirement, its scope, and directs all directed PSPs to comply with the reimbursement rules.

A summary of views that were received on the PSR's four most recent related consultations has also been published.

The Bank of England has announced its intention that a comparable model to the PSR's Faster Payments rules on mandatory reimbursement should apply to CHAPS payments. The PSR is considering giving a specific direction to CHAPS participants to support implementation of the comparable model for CHAPS (mirroring, where possible, the direction on Faster Payments PSPs). If it decides to do so, it expects to consult on the specific direction by the end of Q1 2024.

There are a number of other next steps, including the following:

• The PSR will set up a clarifications process in Q1 2024 to encourage a consistent approach to implementation across industry.
• All indirect access providers (IAPs) must provide the PSR annually with a list of indirect PSPs to whom they provide access to Faster Payments, starting from 31 March 2024. By 30 April 2024, and monthly thereafter, all IAPs must also provide the PSR with an update containing any changes to the list. The PSR may, in guidance, specify the format and content of the list. If so, it will consult on this in early 2024.
• Pay.UK is required to create the reimbursement rules through amending the Faster Payment rules by 7 June 2024. It must also provide proposals for an effective compliance monitoring regime for all requirements across all directed PSPs (including indirect participants) to the PSR by 5 April 2024, with the final regime to be published by 7 June 2024. The compliance monitoring regime must then come into force alongside the reimbursement requirement on 7 October 2024.

For more on this development, take a look at our Engage article.

Note also that on 7 December 2023 the PSR published reporting guidance for authorised push payment (APP) scams (Measure 1: data collection and publication). The guidance applies to the second reporting cycle (H1 2023 and H2 2023). Most of the guidance is applicable to the 14 PSPs who are required to report and publish APP scams data under Specific Direction 18.

Ireland: Government consults on a future National Payments Strategy

On 12 December 2023, the Irish government launched a public consultation seeking views on a future National Payments Strategy (NPS).

The Department of Finance is leading the development of the NPS with a dedicated team, who are engaging  with  key  stakeholders  in  the  public  and  private  sectors as well as the wider public (both businesses and consumers).  This is to  ensure  the  NPS incorporates input from across society, particularly in relation to the four principles underpinning the work which are:

1. Access and choice – promoting reasonable options for consumers and small businesses;
2. Security and resilience – of the payments system and system operators;
3. Innovation and inclusion – future focus that enhances interoperability and inclusion; and
4. Sustainability and efficiency – solutions  that  have  regard  to  cost  /  benefit  and  the environment.

The overarching aim of the NPS is to ‘enhance and build public trust in, and the effectiveness of, the payments system' and will build on the last national policy in this area (the National Payments Plan in 2013).

The consultation closes on 14 February 2024 and the NPS is due to be published in 2024.  For more information on this development, please see our Engage article.

United Kingdom: PSR publishes interim report on its market review into cross-border interchange fees

On 13 December 2023, the Payment Systems Regulator (PSR) published its interim report with the provisional findings of its market review into UK-EEA consumer cross-border interchange fees.

In summary, the PSR is proposing to introduce a price cap to protect UK businesses from overpaying on cross-border interchange fees.  

Subject to the PSR’s final report and further consultation on remedies, its provisional findings include proposals to introduce: 

• An initial time-limited cap of 0.2% for UK-EEA consumer debit transactions and 0.3% for consumer credit transactions (where the transactions are made remotely at UK businesses (ie payments made by phone or online)) (Stage 1 remedy); and
• A lasting cap on these interchange fees in the future, once further analysis has been carried out to establish an appropriate level (Stage 2 remedy).

Notably, the initial caps are those levels which applied to transactions when the UK was in the EU.

The PSR is now seeking views on its provisional findings approach to help inform the final report. It is particularly keen to hear from issuers, acquirers, card scheme operators, businesses, and cardholders.  The deadline for feedback is 5pm on 31 January 2024. 

The PSR intends to publish its final report on cross-border interchange fees in Q1 2024 but will confirm timeframes in due course. If the PSR concludes that the market is not working well and it warrants intervention, this report will be followed by a consultation on the remedy package. 

See our previous Engage article for the background to the market review.

United Kingdom: PSR consults on expanding variable recurring payments

On 18 December 2023, the Payment Systems Regulator (PSR) published a consultation paper on expanding variable recurring payments (VRP). 

The PSR is consulting on changing the Faster Payments Rules to allow:

• The possible need for a multilateral agreement that binds payment initiation service providers (PISPs) and sending firms in a central set of rules.
• The range of possible interventions on the price that sending firms can charge PISPs for non-sweeping VRPs in the use cases proposed for Phase 1 which relate to payments to regulated utilities, regulated financial services and central and local government.
• A possible use of PSR powers to require participation by some sending firms in a central rule set for VRPs.

At the same time as the consultation, the PSR released the Joint Regulatory Oversight Committee's (JROC) VRP Working Group's blueprint for the Phase 1 rollout together with the JROC's response to the blueprint.  The response includes a number of next steps that the JROC is looking to Pay.UK, Open Banking Ltd (OBL) and the wider ecosystem to deliver to enable Phase 1 VRP services to commence by Q3 2024.

The following day, the JROC published an update on actions to enable the next phase of open banking in the UK, which included the response to the VRP Working Group's blueprint as the April 2023 JROC roadmap for the next phase of UK open banking included an action to “Draft a delivery plan and framework to enable a phased roll out of non-sweeping VRP”.

The consultation closes on 2 February 2024 with the PSR looking to provide updated policy proposals for further consultation in 2024.

For more on this development, take a look at our Engage article.

Australia: Government launches consultation on the modernisation of payment systems

On 8 December 2023, the Australian Treasury released a consultation paper on a new licensing framework for payment service providers (PSPs).  The consultation forms part of the Government's broader Strategic Plan for Australia’s Payments System, launched in June 2023, and builds on a previous consultation on licensing published at the launch of the Strategic Plan.

The proposed framework includes:

• An updated list of payment functions;
• Regulatory requirements to facilitate greater access to payment systems;
• Graduated regulatory requirements for stored-value facilities including payment stablecoins;
• A framework for industry standard-setting; and
• A new rule-making power to enable the introduction of a mandatory revised ePayments code to provide enhanced consumer protections.

The consultation closes on 2 February 2024.  The Government intends to introduce legislation in 2024, with certain detailed elements of the reforms (such as supporting regulations for the mandatory revised ePayments Code, common access requirements, and mandatory technical standards) to be subject to further consultation before implementation.

United Kingdom: PSR publishes consultation on card-acquiring market remedies

On 11 January 2023, the Payment Systems Regulator (PSR) published a consultation paper proposing revisions to its Specific Directions 14, 15 and 16 which relate to the supply of card-acquiring services. The related draft amending direction is in Annex 1 to the consultation and Annex 2 contains draft consolidated Specific Directions 14, 15 and 16.

The PSR propose to update the list of directed legal entities and amend the method they use to make changes to the list in the future. The PSR is also proposing to add Checkout Ltd to the list of directed parties under the directions as they now consider Checkout Ltd to fall within the set of most significant providers of card-acquiring services.

The consultation closes at 5pm on 9 February 2024. The PSR expects to make its final decisions in spring 2024. Subject to the consultation, it aims to publish its finalised, updated version of the amending direction in Annex 1 shortly afterwards.

United Kingdom: FCA and Bank of England consultation papers on access to cash published

As part of measures introduced under the Financial Services and Markets Act 2023, the Bank of England (BoE) and the FCA have published consultations on access to cash.

The BoE is consulting on three codes of practice for wholesale cash distribution market oversight. The consultation was published on 30 November 2023 and closes on 31 January 2024. 

The FCA's consultation paper proposes new rules to maintain reasonable access to cash for personal and business customers across the UK. The consultation was published on 7 December 2023 and closes on 8 February 2024. The FCA expects to finalise the rules by Q3 of 2024.

European Union: EBA publishes consultation on two sets of guidelines on policies, procedures and controls to ensure compliance with restrictive measures

Note: Also relevant to 'Regulatory Developments: Digital Assets' below.

On 21 December 2023, the EBA published a consultation paper on two sets of guidelines on internal policies, procedures and controls to ensure implementation of EU and national restrictive measures:

• Th first set of draft guidelines are addressed to financial institutions and their supervisors and set common, supervisory expectations regarding the role of senior management, internal governance and risk management in the restrictive measures context under the CRD IV Directive (2013/36/EU), the revised Payment Services Directive ((EU) 2015/2366) (PSD2) and the Second Electronic Money Directive (2009/110/EC) (EMD2);
• The second set of draft guidelines are addressed to payment service providers (PSPs), cryptoasset service providers (CASPs) and their supervisors and specify the internal policies, procedures and controls PSPs and CASPs should put in place to comply with restrictive measures when performing transfers of funds and cryptoassets under the Wire and Cryptoasset Transfer Regulation ((EU) 2023/1113) (WCTR). In particular, these guidelines focus on know your customer (KYC), screening and due diligence.

"Restrictive measures" consist of individual measures (ie, targeted financial sanctions) and sectoral measures (ie, financial and economic measures or embargoes) and are binding on any person or entity under the jurisdiction of member states. 

The guidelines aim to create a common understanding among financial institutions within the EBA's supervisory remit and their supervisors of the steps they need to take to comply with restrictive measures.

In terms of next steps, the EBA will hold a virtual public hearing on the consultation paper on 8 February 2024. The consultation closes on 25 March 2024. Both sets of guidelines will apply from 30 December 2024.

In addition, the EBA advises that if EU law changes before the final reports on the two sets of guidelines are published, the final reports will be amended to align with these changes.

Regulatory Developments: Digital Assets

United Kingdom: New Digital Securities Sandbox launched

On 8 January 2024, the Financial Services and Markets Act 2023 (Digital Securities Sandbox) Regulations 2023 (the Regulations) entered into force, creating the new Digital Securities Sandbox (DSS) – the first Sandbox to be permitted since rules allowing their creation were laid down in the Financial Services and Markets Act 2023.  The government has also published an Explanatory Memorandum which sets out the background and purpose of the Regulations.

The Sandbox allows certain Financial Market Infrastructures (FMIs) to test the use of developing technologies subject to a modified legislative framework. The Regulations also create the framework within which the FCA and the Bank of England (BoE) will operate the DSS.   The FCA and the BoE will be able to make rules on application criteria to "Sandbox Entrants" and other participating entities, or to waive, modify or apply rules when otherwise they would not apply, where appropriate.  Regulation 3(8) sets out which regulator will be the “appropriate regulator” for the purposes of certain FMI activities falling within the scope of the DSS.

The activities in scope of the DSS are:

• The notary, settlement and maintenance services conducted by central securities depositories (CSDs); and
• The operation of a trading venue (specifically, a multilateral trading facility (MTF), an organised trading facility (OTF) or a recognised investment exchange (RIE)).

Activities must involve the use of “developing technology” (such as distributed ledger technology used in blockchain).

The DSS legislative framework will last up to five years as the Regulations are stated to cease on 8 January 2029, subject to any extensions by HM Treasury who are empowered to extend the DSS if required. HM Treasury must report to Parliament on the operation of the DSS and determine how UK legislation should be permanently amended to accommodate developing technology by 10 January 2028 (a year prior to the expiry of the Regulations)..  Participants will then be able to exit the DSS either by:

• Continuing to operate under a permanently amended legislative framework;
• Winding down their activities in the DSS; or
• Demonstrating their ability to carry out DSS activities in a manner which is consistent with regulatory outcomes under a new regime created from the amended DSS framework.

 For more on the DSS, please see our recent Engage article.

South Korea: FSC consults on detailed rules made under the Act on the Protection of Virtual Asset Users

According to its press release dated 11 December 2023, the South Korean Financial Services Commission (FSC) has launched a consultation on detailed rules it proposes to make after being given the ability to make supervisory and enforcement provisions under the Act on the Protection of Virtual Asset Users (the Act) passed in June 2023.

The FSC is proposing a number of changes, most notably to:

• Refine the definition of relevant virtual assets to state that electronic bonds, mobile gift certificates, deposit tokens linked to central bank digital currency (CBDC), and non-fungible tokens (NFTs) are excluded;
• Require that virtual asset service providers (VASPs) safeguard customers' funds with a credible financial institution; and
• Prohibit VASPs from arbitrarily blocking users' deposits and withdrawals without justifiable grounds.

The consultation closes on 22 January 2024, with the rules expected to be implemented by 19 July 2024.

Global: BIS launches new project to test the tokenisation of financial instruments

On 11 January 2024, the Bank for International Settlements (BIS) announced that, alongside the Swiss National Bank and World Bank, they have launched Project Promissa which seeks to build a proof of concept (PoC) of a platform for digital "tokenised" promissory notes.

Using distributed ledger technology, Project Promissa intends to simplify the management of promissory notes and provide a single source of truth for all counterparties throughout the notes' lifecycles.  BIS also states that while the Project currently concerns the management of promissory notes between member nations and international financial institutions, it could be extended to include payments associated with promissory notes.

BIS states that it aims to complete the PoC and testing by early 2025.

Global: IOSCO finalises policy recommendations for DeFi

On 19 December 2023, the International Organization of Securities Commissions (IOSCO) published a final report on its policy recommendations for decentralised finance (DeFi).  At the same time, IOSCO has published a note detailing how it intends these recommendations to complement the final crypto and digital asset recommendations published in November 2023.

The final, high-level DeFi recommendations are intended to assist IOSCO members as they apply existing or develop new regulatory frameworks to DeFi.  The recommendations are:

1. Analyse defi products, services, activities, and arrangements to assess regulatory responses;
2. Identify responsible persons;
3. Achieve common standards of regulatory outcomes;
4. Require identification and addressing of conflicts of interest;
5. Require identification and addressing of material risks, including operational and technology risks;
6. Require clear, accurate, and comprehensive disclosures;
7. Enforce applicable laws;
8. Promote cross-border cooperation and information sharing; and
9. Understand and assess interconnections among the DeFi market, the broader cryptoasset market, and traditional financial markets.

The report states that one of IOSCO's goals is to promote greater consistency with respect to the regulation and oversight of cryptoasset markets. IOSCO is looking to encourage consistency by ensuring that cryptoasset markets and securities markets are regulated in accordance with the principle of “same activity, same risk, same regulation/regulatory outcome.”

Global: BCBS consults on amendments to its cryptoasset standard

On 14 December 2023, the Basel Committee on Banking Supervision (BCBS) published a consultation on proposed amendments to its standard on the prudential treatment of banks' exposures to cryptoassets set out in "SCO60: Cryptoasset exposures" (SCO60) and with an implementation date of 1 January 2025.  The BCBS believes that amendments to the initial standard, published in December 2022, are needed due to the rapid pace of market developments.

The BCBS is proposing to:

• Change the requirements that determine whether banks can include the stablecoins exposures in the Group 1b category.  This is to strengthen the asset quality criteria for reserve assets under the redemption risk test to ensure that stablecoins included in Group 1b have reserve assets that allow the issuer to meet redemption requests, including during periods of extreme stress; and
• Make various technical amendments to help promote a consistent understanding of the cryptoassets standard.

Annex 1 to the consultation sets out the specific changes to SCO60 to give effect to the above proposed changes. Annex 2 lists a set of frequently asked questions and answers (FAQs) that the BCBS has agreed to add to SCO60.

The consultation closes on 28 March 2024.

European Union: EBA publishes consultation on RTS under MiCA

On 7 December 2023, the EBA published a consultation paper on draft regulatory technical standards (RTS) specifying the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens under Article 32(5) of the Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA).

The consultation closes on 7 March 2024.

Market Developments

Global: X announces plans to launch peer-to-peer payments business

On 9 January 2024, X (formally known as Twitter) announced in a blog post that they intend to launch peer-to-peer payments on the platform in 2024. 

United Kingdom: Samsung partners with Mastercard for Wallet Express payments

On 6 December 2023, Samsung Electronics announced that they have partnered with Mastercard to build on a newly launched product, "Wallet Express", designed to help banks and card issuers expand their digital wallet offerings.

Africa: Yabx and Clickatell partner to offer WhatsApp lending services in Africa

On 15 December 2023, it was reported that Yabx has partnered with Clickatell to offer WhatsApp lending services in Africa.  They are seeking to capitalise on WhatApp's high usage in Africa alongside the demand for small size loans by providing a customer-centric interface on WhatsApp. 

United Arab Emirates: Dubai Duty Free partners with Alipay+

On 4 January 2024, it was reported that Dubai Duty Free has partnered with Alipay+ to allow customers from South Korea, Singapore, the Philippines, Thailand, Mongolia, Italy, Chinese mainland, Hong Kong and Macao to pay and access promotions on their home app.

Japan: Blackstone agrees to acquire Sony Payment Services

On 22 December 2023, Blackstone announced that they had signed a definitive agreement to acquire a majority stake in Sony Payment Services Inc. from Sony Bank. Sony Payment Services Inc. is one of Japan’s leading payment service providers.

Nigeria: Mastercard announces new contactless payment solutions for Nigeria

On 19 December 2023, Mastercard announced that new contactless payment solutions (using “tap on phone”, “QR Pay by link” and “Payment link” on smart phones) will be available for businesses in Nigeria.

Singapore: AsiaNext launches cryptoassets derivatives trading

On 9 January 2024, AsiaNext announced that they have launched a cryptoasset derivatives trading offering for institutional clients.  AsiaNext have said that through the offering they wish to "create a fair, orderly and transparent venue through which institutions can transact with confidence; that helps them realise the benefits of digital assets and crypto".

France: Coinbase secures crytoasset licence

On 21 December 2023, it was reported that Coinbase had secured virtual asset service provider approval from France's Autorité des marchés financiers (AMF).  The approval allows Coinbase to extend its cryptoassets offering to both retail and institutional customers in France.

New Zealand: Revolut launches cryptoassets trading and educational content

On 20 December 2023, it was reported that Revolut was extending its offering to New Zealand customers who can now access more than 100 cryptoasset tokens.  Revolut is also partnering with Koinly to launch free "Learn & Earn" content which looks to improve financial literacy.

Surveys and Reports

Europe: EPC publishes its 2023 payment threats and fraud trends report

On 7 December 2022, the European Payments Council (EPC) published its 2023 report on payment threats and fraud trends.

The report looks to provide an overview of the attack landscape, outlining the most important threats and other “fraud enablers”.  For each threat or “fraud enabler”, an analysis is made on the impact, context, suggested controls and mitigations needed with an overview matrix provided in Annex I.

The EPC's conclusions include:

• Social engineering attacks and phishing attempts continue to increase, with increasing focus on company executives and employees (through "CEO fraud"), payment service providers (PSPs) and payment infrastructures and more frequently leading to authorised push payments (APP) fraud.
• Awareness campaigns are still very important counter-measures against social engineering.
• Malware remains a major threat, in particular ransomware has been on the rise during the past year, requiring new mitigating measures.
• One of the most sophisticated and lucrative types of payment fraud seems to be Advanced Persistent Threat (APT), described in the report as 'a sophisticated, targeted, malicious attack aimed at a specific individual, company, system or software, based on some specific knowledge regarding the target'.  This should be considered as a potential high risk not only for payment infrastructures but also for all network related payment ecosystems.

Global: The Paypers publishes its Cross-Border Payments and Ecommerce Report 2023–2024

On 18 December 2023, the Paypers published its Cross-Border Payments and Ecommerce Report 2023-2024.  The report contends that the cross-border payments and ecommerce sector is at a crossroads; after years of continued growth, there are indications that global retail ecommerce may be slowing down.

The report provides an overview of the current payments and ecommerce landscape before considering key trends that may shape the industry, with special focus given to generative AI, fintechs and the continued growth of business-to-business payments.

The report rounds off with consideration of key regulatory initiatives such as the adoption of the ISO 20022 messaging standard, and insights into local developments.

Authored by Virginia Montgomery and Grace Wyatt.