The UK regulatory landscape
2019 has shaped up to be another eventful year for the UK payments regulatory landscape. With Brexit on the horizon, the UK regulators (the Bank of England, the Financial Conduct Authority and the Payment Systems Regulator) have maintained a firm focus on both European and domestic payments initiatives. Across the UK, banks and payments providers are delivering a range of major payments infrastructure programmes, which implement ‘legal, regulatory and mandatory’ change. From Lloyds Bank’s perspective, we aim to use these programmes strategically to maximise our capabilities and deliver a leading customer experience, whilst keeping the bank and our customers safe.
What have we seen so far?
Achieving the ambitions of PSD2
The second Payment Services Directive (PSD2) is the source of many domestic initiatives. The UK is meeting the requirements relating to third party access to payment accounts by way of the centralised Open Banking programme and utilising Application Programme Interfaces (APIs). The latest 2019 releases bring enhanced functionality for payments initiation services, including for future-dated payments, Bacs, CHAPS and batch payments processing. These releases will also enable ‘trusted beneficiary’ exemptions to meet the Strong Customer Authentication (SCA) requirements.
Implementing SCA two-factor authentication for a range of transaction types is proving challenging for the UK, as it has across the EU. It is true that banks were slow to fully realise the complexities of SCA, and were playing catch up as the September deadline approached. However, SCA has also delivered a learning for regulators about the scope of the UK payments industry. As well as banks, card issuers and card schemes, merchants as payment acceptors have an important role in enabling SCA. Most merchants are not subject to oversight by the payments regulators, nor are they members of the main payments industry bodies. However, they must be fully engaged for SCA to deliver effectively. The end goal is improved security of transactions with minimum added friction in the customer payments journey.
The European Banking Authority (EBA) listened to concerns about SCA readiness, and has given EU competent authorities the go ahead to provide limited additional time if needed. In the light of this, the UK’s Financial Conduct Authority (FCA) has approved an extended 18-month implementation plan, following a similar decision by the Bank of Ireland. Lloyds Bank is fully engaged in delivering this plan.
Implementing the amended Cross Border Payments Regulation
The amended Cross Border Payments Regulation (CBPR2) requires banks to align their charges for cross-border payment transactions paid in Euro and the Swedish Krona with similar ‘corresponding’ domestic payment transactions in a payer’s own currency.
Therefore, it will have the most impact on EU Member States that haven’t adopted the Euro. CBPR2 also mandates enhancing transparency around currency conversion charges. CBPR2 comes into force on 15 December 2019 (alignment of charges) and 19 April 2020 (transparency of charges).The UK Government has confirmed that, in a ‘no deal’ Brexit scenario, CBPR2 will not apply.
Strengthening trust in payments
The UK’s Payment Systems Regulator (PSR) is also having a busy 2019, overseeing two key customer protection initiatives. Firstly, it has provided oversight of an industry plan to compensate victims of authorised push payment scams. Such scams occur where somebody is tricked into sending money to fraudsters. The PSR’s involvement led in May to the launch of a ‘Contingent Reimbursement Model’ voluntary industry code, which sets out increased customer protection standards to help reduce the number of scams as well as a framework for compensating victims. So far, eight banking groups including Lloyds Banking Group have signed up to the Code. This number is expected to increase when a sustainable solution is found to compensate customers in cases where none of the customer, sending or receiving bank were at fault.
The second PSR initiative of note is mandating implementation of ‘Confirmation of Payee’. This is a service, enabled by API functionality, that will enable customers to check the name of the account holder against the name of the person or organisation that they intend to pay. The three possible responses are “a match”, “maybe a match” and “not a match”. A similar service operates in the Netherlands, which has been a source of learnings for the UK.
The PSR has mandated that, from 31 December 2019, the six largest UK banking groups by payments volumes must be able to respond to confirmation requests and from 31 March 2020 they must be able to send confirmation requests. As one of the six, Lloyds Banking Group is focused on delivery to these deadlines. Whilst Confirmation of Payee will not stop all fraud or misdirected payments, we welcome the additional certainty that the service will give to customers that they are paying who they intended. As with SCA, a key challenge is providing a robust service whilst keeping friction low – in this case ensuring that name matching has a high accuracy rate.
"Lloyds Bank is proud to have embraced the last decade’s regulatory developments in payments for the benefit of our customers and the wider ecosystem. The next decade presents even greater opportunities. We will exploit Open Banking, next generation technologies and the Financial Services revolution which presents huge opportunities for customers and payment providers."
Russell Saunders, Managing Director, Payments Strategy, Lloyds Bank
Underpinning all individual security initiatives should be a robust payments ecosystem. The Bank of England (BoE) has been clear that, given the threats of cyber security incidents and infrastructure outages, aiming for ‘zero failure’ is unrealistic. Therefore, it expects as much focus on incident management and recovery as on prevention. The BoE has proposed setting tolerances for outages, beyond which it is unacceptable to go.
Alongside the domestic focus, PSD2 mandates measuring and reporting operational and security risks to the home state regulator. It also compels banks to be more transparent about their responses to major incidents – including by informing their payment services users. In addition, from 30 September 2019 the EBA’s updated guidelines on outsourcing arrangements – with an emphasis on cloud technology – come into force.
Confronting the cash and cheque challenge
In 2017, UK debit cards transactions overtook cash for the first time. This has continued, and cash usage is in a steady decline. However, the Government and regulators are keen to ensure that those consumers and businesses that rely on cash are not left behind – learning lessons from the reduction of cash in Sweden and China. Earlier this year, an independent ‘Access to Cash Review’ was published, making a series of recommendations with the aim of maintaining access to, and acceptance of, cash for as long as needed. To that end, Lloyds Bank is participating in an industry forum considering the case for a shared utility-style model of cash supply.
Cheques have also been the focus of significant activity this year, with the launch of Cheque Image Clearing. This is intended to speed up cheque clearing times and make paying in a cheque faster and more convenient. Whilst this is welcome for customers and businesses that use cheques, we note that cheque usage is also continuing to decline rapidly, with less than 1% of UK payments now being made via cheque.
What is next for payments regulation?
Looking into 2020 and beyond, the key milestones for the UK payments industry are compliance with the ISO 20022 global data messaging standard, renewal of the Bank of England’s Real Time Gross Settlement System (RTGS) that underpins CHAPS payments, and the development of the New Payments Architecture. Looking across initiatives, we expect a continued regulatory focus on the themes of resilience and innovation.
The SWIFT Community will migrate cross-border payments and cash reporting traffic to ISO 20022 standards starting in November 2021. Target 2 and EURO1 capability to send and receive ISO20022 compliant messages, and correspondent banking to receive, becomes mandatory in November 2021. The UK plans to go live with its domestic schemes in 2022. In the UK, CHAPS ISO compliance is dependent on the renewal of RTGS – a major infrastructure programme being undertaken by the Bank of England. The core programme objectives are wider interoperability, improved user functionality, greater access, increased resilience and strengthened end-to-end risk management. Lloyds Bank is replacing legacy systems with a new cash management and payments platform, which will enable us to make the most of the new RTGS capabilities including enhanced data.
The New Payments Architecture saw the consolidation in 2018 of Bacs, the Faster Payments Service and the Cheque and Credit Clearing Company into one overarching organisation – Pay.UK. This is intended to be followed by a phased evolution of the UK’s retail payments rails, with enhanced functionality that can be harnessed by banks and third parties to deliver greater value to end users. Enhanced data capabilities are expected to be the source of much of this value, but it is yet to be seen what this will mean in practice.
On the topic of resilience, the Bank of England has indicated its supervisory approach will continue to evolve, including a maturing approach to tolerance setting. With innovation, cryptoassets including stablecoin continue to be a hot topic for regulators. The FCA has been clear that it will assess each proposition on its own merits, taking account of factors including the benefits to customers and competitive markets. From Lloyds Bank’s perspective, new propositions must address an identified unmet need, and provide value for both the payments provider and its customers if they are to be sustainable.
Having outlined the UK payments regulatory landscape, it is worth reflecting on what Lloyds Bank has learned as the sender of approximately 22.5% of the UK’s domestic payments.
Firstly, banks should actively seek to influence payments regulatory change. This includes participating in industry working groups, responding to consultations and surveys, as well as engaging directly with regulators. We suggest banks approach this constructively with a view to helping regulators understand the most practical and proportionate ways of achieving their aims – and the earlier the better. Payments is of course a network industry, and therefore coming together with other institutions to influence can be beneficial, whilst respecting the plurality of business models and of course preserving a competitive marketplace.
Next, banks should expect to continue to balance and juggle delivery of various regulatory initiatives, maintaining a forward look of what is on the regulatory agenda. We suggest that banks step back, identify overlaps and dependencies and view their payments offerings as an integrated whole. That is, as their own internal payments ecosystem. This helps to drive efficiencies and aids prioritisation.
Lastly, banks should feel empowered to innovate, whilst demonstrating that resilience planning is at the heart of their payments operations, change programmes and outsourcing. Against a backdrop of evolving technological capabilities, new payments entrants and economic uncertainty, keeping payments working and the economy moving must be the primary collective goal of the UK payments ecosystem.
About the author
Payments Technical Services Director, Global Payments, Lloyds Bank
Important legal information
Lloyds Bank is a trading name of Lloyds Bank plc, Bank of Scotland plc, Lloyds Bank Corporate Markets plc and Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH.
Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Lloyds Bank Corporate Markets plc. Registered office 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 10399850. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278, 169628 and 763256 respectively.
Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH is a wholly-owned subsidiary of Lloyds Bank Corporate Markets plc. Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH has its registered office at Thurn-und-Taxis Platz 6, 60313 Frankfurt, Germany. The company is registered with the Amtsgericht Frankfurt am Main, HRB 111650. Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH is supervised by the Bundesanstalt für Finanzdienstleistungsaufsicht.
Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS). Please note that due to FSCS and FOS eligibility criteria not all business customers will be covered.
While all reasonable care has been taken to ensure that the information provided is correct, no liability is accepted by Lloyds Bank for any loss or damage caused to any person relying on any statement or omission. This is for information only and should not be relied upon as offering advice for any set of circumstances. Specific advice should always be sought in each instance.