Search This Blog

Monday, 9 October 2017

Red Alert: Retailers With Loyalty Progammes

Three years after being announced in the UK and I suspect many retailers are yet to realise that their loyalty/store card programmes will be regulated by the Financial Conduct Authority from 13 January 2018 - likewise across the European Economic Area. 

As the FCA now also warns, retailers who offer such programmes anywhere in the EEA will need to track the annual transaction volumes very carefully, starting with the completely arbitrary and inconvenient date of 13 January 2018. 

If the volume meets or exceeds €1 million (or the GBP or local currency equivalent) in any 12 month period (the first ending on 12 January 2019), the retailer must notify the FCA (or local regulator) within 28 days (by 10 February 2019).  Firms may also choose to register at any time from 13 October 2017.

But be sure of the outcome before you decide whether or not to register!

The regulator must then decide whether the programme is exempt from regulation as an e-money/payment service.  

If the firm fails to notify, it commits an offence under the Payment Services Regulations 2017 (or local equivalent implementing the second Payment Services Directive (PSD2)). 

If the FCA decides the programme is exempt, then it must include the retailer on the FCA's register of 'limited networks', and the name will be added to a central register of all such firms across the EEA.

If the FCA decides the programme is not exempt from regulation the retailer can appeal, but basically this means the firm will have been found to be violating the Electronic Money Regulations 2011 and/or Payment Services Regulations 2017 by issuing e-money and/or offering a payment service without being duly authorised/registered to do so. Major problem!

So retailers really have to decide now whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

Of course, the mere fact that retailers with loyalty schemes have to be mindful of these requirements and go through the process means they are in effect regulated by the FCA. Ignorance, as they say, is no defence.


Wednesday, 27 September 2017

FCA to Regulate All Employees Of Financial Firms

The Financial Conduct Authority is consulting on the extension of its "Senior Managers and Certification Regime" (SM&CR) to all firms that are regulated by the FCA under the Financial Services and Markets Act 2000 (which excludes e-money/payment institutions, for example, unless they have dual authorisations).

This will replace the "Approved Persons" regime and extend some requirements to all employees

Consultation ends on 3 November, and the extension is likely to take effect from early in 2018. 

This means you should study the proposals and begin to plan how to comply, particularly as HR staff/advisers will also need to be involved.


Wednesday, 20 September 2017

Consultation: Contract Guidance for Data Controllers/Processors Under #GDPR

The Information Commissioner has published draft guidance for data controllers and processors on their contracts and liabilities under the General Data Protection Regulation, for comment by 10 October 2017. GDPR takes effect in the UK from 25 May 2018, but a lot of preparation is required, including reviewing and updating contracts for personal data processing.

The guidance is intended to explain what data controllers must include in contracts; and what responsibilities and liabilities data processors have under the GDPR.

As a sign of the complexity and uncertainty in this area, the ICO adds that its guidance "will need to continue to evolve to take account of any guidelines issued in future by relevant European authorities... as well as our developing experience of applying the law in practice"...


Tuesday, 19 September 2017

FCA Publishes Final Approach and Rules Implementing #PSD2

The FCA has today published its final policy statement on how it will supervise the Payment Services Regulations 2017 (implementing the second Payment Services Directive, or PSD2).

I haven't digested it fully yet, but following earlier consultations, the FCA explains that it has amended its approach in various respects, particularly, its perimeter guidance on the new account information services and payment initiation services, complaints handling and reporting and conduct of business requirements. There is a table summarising the updates on page 6 of the policy statement.

I may post on any significant changes separately.

Further updates will be required when certain regulatory/implementing technical standards (RTS/ITS) and EBA Guidelines are finalised in late 2017 and early 2018, including EBA Guidelines on operational and security risk, and fraud reporting.

In the meantime, various draft application forms for authorisation and reporting have been published, with the final versions to be available for applications from 13 October 2017.  As explained in my earlier post, the FCA recommends waiting until then, even if you are making an application under the current regulations - otherwise it will need to be updated or re-assessed.


Tuesday, 12 September 2017

FCA Weighs In On #InitialCoinOfferings

The Financial Conduct Authority has just published its thoughts on "initial coin offerings" (ICOs), the issue of cryptographic tokens or 'currency'. There is already a wide variety of purposes for ICOs, making them much harder to classify than your typical stock market "initial public offering" (or IPOs) with which some people seem to be equating them.  The FCA has also provided links to guidance from: 
Many additional risks also arise from the fact that the nature of the 'coins' or cryptographic currency and whether there is a market for those - quite apart from the purpose for which funds are being raised and/or invested in - as well as the distributed ledger in which they and related transactions are based. We are a long way from the usual stakeholders (like regulators) understanding and engaging with the new technology, let alone standardising any kind of process for doing ICOs as 'efficiently' as IPOs or even traditional technology projects (hopefully more so!).

I have no reason to think ICOs won't necessarily become fairly commonplace in due course, but it's appropriate for the regulators to be treading cautiously at present - although they should be supportive of genuine attempts to innovate in this area and engage positively with issuers while warning investors of the risks.

Here's a helpful ICO 'tracker' from CoinDesk.

 


Monday, 11 September 2017

Top Tip: Make Any UK Applications Under #PSD2 From 13 October 2017

The FCA has published several web pages explaining the new authorisation/registration process under the Payment Services Regulations 2017 ("PSRs 2017") and similar process in the existing Electronic Money Regulations 2011 ("EMRs") that are updated by the new PSRs 2017. Basically, firms are "strongly encouraged" by the FCA to make their applications on or after 13 October 2017.

For payment institutions:
"You will be able to submit applications under PSD2 from 13 October 2017, giving you the opportunity to become registered or authorised under the PSRs 2017 from 13 January 2018.
Rather than applying under the PSRs 2009, you are therefore strongly encouraged to make your application under the PSRs 2017, on or after 13 October 2017.
If you decide to apply under the PSRs 2009 and we have not determined your application by 13 January 2018, we will treat your application as being made under the PSRs 2017. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the PSRs 2009 by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the PSRs 2017, and pay an additional application fee.
Businesses applying for re-authorisation under PSD2 will need to submit a complete application by 13 April 2018 in order to continue operating on or after 13 July 2018.
Businesses applying for re-registration will need to submit a complete application by 13 October 2018 in order to continue operating on or after 13 January 2019."
For e-money institutions:
"You will be able to submit applications under PSD2 and the amended EMRs, from 13 October 2017, giving you the opportunity to be registered or authorised under the new regime from 13 January 2018.
Rather than applying under the current EMRs, you are therefore strongly encouraged to make your application under PSD2 and the amended EMRs, on or after 13 October 2017.
If you decide to apply under the current EMRs and we have not determined your application by 13 January 2018, we will treat your application as being made under the amended EMRs. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the current EMRs by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the amended EMRs, and pay an additional application fee.
Businesses applying for re-authorisation or re-registration under PSD2 will need to provide all the information we need with an application by 13 April 2018 in order to continue operating on or after 13 July 2018."

Thursday, 27 July 2017

Of Card Payments, Consumer Protection, SMEs and Merchant Aggregators

Consumer advocates have raised the issue of some uncertainty about which credit card transactions benefit from the statutory right to pursue the card issuer if a merchant makes a misrepresentation or breaches the contract for sale of an item (see the April article from MoneySavingExpert). Many do not realise that the uncertainty arises from arrangements that enable small businesses to accept card payments, overlooking important benefits to SMEs and consumers alike. If SMEs (which represent 99% of UK businesses) cannot accept card payments, consumers may find it less convenient to deal with them, threatening their livelihoods and over half the UK's new jobs, while also reducing consumer choice and competition for large retailers. The statutory right is also subject to exceptions that mean the transaction might not be covered anyway. Yet cardholders still have 'chargeback' rights under their card terms, which are more generous and involve less hassle than making a statutory claim.  So, my own view is that the benefit of enabling small traders to offer their customers the convenience of paying by card outweighs the potential lack of a statutory claim against the card issuer, because the cardholder has the greater comfort of being able to initiate a chargeback anyway. 

Statutory Rights

Consumer credit transactions that involve the borrower (e.g. a credit cardholder), the creditor (e.g. a credit card issuer) and a supplier (merchant) under the same agreement benefit from a provision of the Consumer Credit Act (CCA) that makes the creditor liable for any misrepresentation or breach of contract relating to the sale of the item (section 75). Various exclusions apply. For instance, it only covers items over a £100 up to £30,000 and it does not cover or must be more than Another provision covers transactions where the credit agreement did not directly involve the supplier but was specifically linked to the sale of a specific item (section 75A). Again, however, there are exceptions and it only applies to transactions for an amount exceeding £30,000 up to £60,260, so it is unlikely to be relevant to card transactions.

Chargeback Rights

Under rules governing the operation of the card schemes, such as MasterCard, card transactions can be reversed or 'charged back' in various cases including cardholder dispute within 180 days of the transaction. This right is wider than the statutory right under section 75 of the CCA because it applies to debit card transactions as well as credit card transactions, and the reasons for initiating a chargeback go well beyond the scope of the statutory right (see the list of reasons on page 54).

Merchant Aggregators

Card schemes operate by enabling issuers to issue payment cards that can be presented to participating merchants, who send the transaction data to an 'acquirer' who then obtains payment from the relevant card issuers via an 'interchange' process run by the card scheme operator. 

Typically, the merchant must have a direct contract with an acquirer, but that is expensive to set up and administer in the case of small merchants. 

So to give cardholders the convenience of being able to pay small merchants, the card schemes allow approved intermediaries (MasterCard calls them "Payment Facilitators", for example) to represent  small businesses more efficiently and cost effectively under a single contract with the acquirer, enabling those 'submerchants' to accept card payments where their annual transaction volume is less than $1m or local currency equivalent (increased from $100,000 a few years ago). WorldPay, the UK's largest card acquirer, explains its aggregator program here, for example; and MasterCard has a global list of approved Payment Facilitators by region.

In addition, department stores and e-commerce marketplaces may be treated by the card schemes as the merchant, where the obligation to pay the price of an item offered by a third party seller is satisfied by paying the store or marketplace operator rather than the seller directly. Where problems arise in that context, even though section 75 claims would not be possible, the cardholder typically has the right to either use the marketplace's own dispute resolution and compensation process or, in any event, to initiate a chargeback (large third party sellers will also have their own returns and complaints resolution and compensation process). Such 'master merchant' relationships are also important channels for small businesses to gain access to larger markets, again improving convenience, consumer choice and competition.

The point in all these cases is to weigh the benefits to consumers of convenience, increased choice and competition - as well as the benefits to SMEs who are able to access a wider market, grow and create more new jobs - against the loss of the relatively narrow rights under section 75 compared to chargeback rights and other remedies.