Search This Blog

Tuesday 20 December 2011

The Nature of Scepticism

Readers of Pragmatist will know that I've expressed my bemusement before that auditors have to be taught how to be sceptical. That was back in March. In November, the European Commission confirmed that the Financial Reporting Council wasn't joking:
"Article 15

Professional scepticism

When carrying out the statutory audit of a public-interest entity, the statutory auditor or audit firm shall maintain professional scepticism throughout the audit, recognizing the possibility that a material misstatement due to facts or behaviour indicating irregularities, including fraud or error could exist, notwithstanding the auditor's or firm's past experience of the honesty andintegrity of the audited entity's management and of the persons charged with its governance.

The statutory auditor or the audit firm shall maintain professional scepticism in particular when reviewing management estimates relating to fair values and the impairment of goodwill and other intangible and future cash flow relevant to the consideration of the going concern.

For the purposes of this Article, 'professional scepticism' means an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud and a critical assessment of audit evidence."
Proposal for a regulation on specific requirements regarding statutory audit of public-interest entities.
Next: a European Regulation governing the exercise of scepticism in the course of police interviews...  


Hat-tip to Mark from last night's London New Finance Meet-up. Image from The Philosopher's Magazine.

Friday 25 November 2011

Alternatives To Traditional Business Funding

Huge thanks to MarketInvoice for the kind invitation to their event at the Cass Business School yesterday. The event really highlighted the gravity of the SME funding situation and the giant leap in understanding that is required of politicians and policy-makers in this area.

Chuka Umunna MP, Shadow Secretary for BIS, gave the keynote, and the panel included Andrew Cave, the Head of Policy at the Federation of Small Businesses, Emmanouil Schizas of ACCA Global, as well as Anil Stocker of MarketInvoice and Andy Ralph, director of a company that has raised significant amounts of invoice finance in the past quarter. 

Chuka gave some useful context:
  • All the recent banking industry figures point to a significant contraction in lending to SMEs in the past quarter. Worse, SME Finance Monitor says over half of SMEs applying for overdrafts this year for the first time have been refused, and more than 400,000 SMEs who wanted to apply for an overdraft in the third quarter  didn’t do so – a third because they were discouraged by their bank.
  • A recent BACS report also suggests that "half of all the UK’s small and medium sized enterprises are awaiting late payments. On average, each firm is owed £39,000 in late payments, with the total amount owed to SMEs having reached a staggering record figure of £33.6bn."
Less helpful, however, were Labour's proposed solutions to this mess. In summary, notwithstanding his glowing endorsement of MarketInvoice's as a useful private sector alternative to bank finance and the acknowledged need for more non-bank competition, Chuka said that Labour wants:
  • Banks to improve local relationship management;
  • The government to be more active and directly involved in improving payment and supply chain management;
  • To create a new agency along the lines of the US Small Business Administration and Small Business Investment Company programme, whereby SBICs use their own capital plus funds borrowed with an SBA guarantee to make investments in qualifying small businesses - a phenomenal soure of moral hazhard and downright fraud that's been well documented by David Einhorn in his US Senate Committee testimony and the book "Fooling Some of the People All of the Time"; and
  • To use government procurement to help SMEs (notwithstanding Labour's notorious reputation for waste in that area).

Perhaps it's beyond his shadow brief, but it was notable that Chuka made no mention of the discussion of alternative regulatory solutions here and in the US, nor the Cabinet Office focus on red tape that inhibits disruptive business models that specifically identifies alternative finance platforms. There was no reaction to the suggestion that alternative payment providers should enjoy the same tax subsidies that banks and other regulated institutions enjoy through ISA/pension allowances and individuals' ability to off-set losses against income. And no thought appeared to have been given to the idea of a clearly defined 'safe harbour' for the likes of MarketInvoice and peer-to-peer platforms from the rules on collective investment schemes and/or arranging deals in investments, to enable them to start up more confidently, quickly and efficiently.

In fact, Chuka's pitch rather underscored his party's role in helping to create our desperate need for alternatives to traditional business funding. Let's hope we see some decent ideas from the opposition in future.

In the meantime, it's down to the participants on MarketInvoice, Funding Circle and CrowdCube and the many angel networks to carry the alternative funding hopes of SMEs.

Wednesday 16 November 2011

A New Regulatory Model For Retail Finance - Update 1

"It's time for reflection..." FT.com
The fact that the US has taken the first step towards a 'Crowdfunding Act' requires an update of my earlier post on a new regulatory model for retail finance...

Non-bank retail finance models have been gaining momentum worldwide over the past six years, in spite of our creaking financial regulatory framework. Finally, it seems that framework is about to become more directly supportive. 

Since 2005 we have seen the launch of various innovative person-to-person, or peer-to-peer (P2P) finance platforms in the UK, US, Germany and elsewhere, which have been tracked here. These were launched by teams that spent considerable time and expense trying to accommodate existing regulation that favoured incumbents, with little or no regulatory assistance. Their goal was to enable those with surplus cash to connect directly with people who needed finance in a way that minimises costs and delay, and leaves most of the 'margin' with lenders and borrowers, rather than the middleman.

Meanwhile, we have all discovered that the existing financial regulatory framework, ironically designed to protect consumers, actually guaranteed the worst excesses amongst 'traditional' banks and failed to contain the risks posed by the "shadow banking" system. And although taxpayers have had to step in and effectively democratise the financial markets, we are still unable to extract badly needed funding from retail banks.

Against that background, it is perverse that the regulatory framework does not already directly facilitate simple, low cost, alternative financial services. And let's not forget that banks and other retail investment institutions continue to enjoy indirect tax subsidies through individuals' ability to off-set losses, as well as ISA and pension allowances for which unregulated alternative investments do not qualify.

While substantial innovation in consumer and small business lending has been possible, UK rules against marketing investments like bonds, shares and unregulated collective investment schemes, have made it much harder to offer direct, alternative funding for SME start-ups, trade finance and even social projects. Given a more proportionate investment regime, the likes of Crowdcube, MarketInvoice, Buzzbnk, Social Impact Bonds and the Green Investment Bank, for example, might operate rather differently. No doubt existing and new P2P platforms would take the opportunity to distribute multiple financial instruments, creating a far more substantial alternative to banks and other fee-hungry investment institutions.

Oddly, given its reputation for fast-paced innovation, the US has been (until recently) even less supportive of alternative retail financial models. Zopa, for example, which led the growth of P2P platforms with its launch of person-to-person lending in the UK, was unable to launch that model in the US despite lengthy consultations with securities regulators. And life has been unnecessarily complicated for the likes of Prosper and Lending Club ever since.

To help remedy the regulatory imbalance, as mentioned in August, three of the leading UK commercial P2P lending facilitators launched the Peer-to-Peer Finance Association (P2PFA) for platforms on which the majority of lenders and borrowers are consumers or small businesses (rather than, say, ‘investment clubs’ or networks of sophisticated investors). The P2PFA has adopted a set of self-regulatory measures that are based on similar FSA requirements for payment services platforms (which have a similar, low risk profile). In particular, the P2PFA Operating Principles require:
  1. Senior management systems and controls;
  2. Minimum amounts of capital;
  3. Segregation of participants’ funds;
  4. Clear rules governing use of the platform, consistent with the Operating Principles;
  5. Marketing and customer communications that are clear, fair and not misleading;
  6. Secure and reliable IT systems;
  7. Fair complaints handling; and 
  8. The orderly administration of contracts in the event a platform ceases to operate
  9. Appropriate credit assessment and anti-fraud measures
Earlier this month, the US House of Representative has passed a Bill HR 2930 (still subject to Senate and Presidential approval) which would enable the issuer of securities to raise small amounts of money from many people (crowdfunding) on the basis summarised below. Please note that I've used the helpful summary from VentureBeat, but replaced "company" with "issuer", as I see no reason on my reading of the bill and the definition of "issuer" in the Securities Act 1933 why this would not enable person-to-person lending, rather than merely raising capital for corporations (please seek your own independent legal advice):
  • "The [issuer] may only raise a maximum of $1 million, or $2 million if the [issuer] provides potential investors with audited financial statements.
  • Each investor is limited to investing an amount equal to the lesser of (i) $10,000 or (ii) 10% of his or her annual income.
  • The issuer or the intermediary, if applicable, must take a number of steps to limit the risk to investors, including (i) warning them of the speculative nature of the investment and the limitations on resale, (ii) requiring them to answer questions demonstrating their understanding of the risks, and (iii) providing notice to the SEC of the offering, including certain prescribed information.”
Will this work in practice?

Absolutely. The challenge (and benefit) associated with such 'safe harbours' is that there is very little room for fee income. This in turn favours 'thin intermediaries', like the new electronic finance platforms, as a means of broad, open distribution. Proportionately regulating platforms to address horizontal issues like those covered by the P2PFA Operating Principles leverages economies of scale, leaving product providers to focus only on vertical product-specific requirements. Specifically, the platforms can control operational risk (including anti-money laundering); deliver transparency through adequate product disclosure and ‘my account’ functionality; and centralise customer service and complaints handling, with ultimate referral to financial ombudsmen or other complaints handling bodies. In addition, because the platforms provide a reliable audit trail, tax rules should permit losses to be off-set against gains and income derived via platform-related activity. Similarly, there is no reason why instruments distributed via these platforms should not also qualify for consumers’ tax-free ISA and pension allowances.

Further, the 'horizontal' form of credit intermediation adopted by P2P platforms solves the problems identified by the NY Federal Reserve in the 'vertical' model adopted by the 'shadow banking' system. Since each borrower's loan amount is drawn from many lenders at the outset, there’s no need to engage split a single loan into many pieces by securitising later. Lenders also achieve diversification across many borrowers at the start, so there is no need for a series of bonds, CDOs and so on to ‘transform’ interest rates, maturity or borrower type. The facilitator is not a party to the loan agreements made on its platform and segregates lenders’ funds, so it has no credit risk (or ‘balance sheet risk’), and therefore no need or temptation to engage in regulatory/tax arbitrage that banks and shadow banks attempt. The one-to-one legal relationship between borrower and loan owner is maintained for the life of each loan via the same technology platform (with a back-up available), so all the loan data is readily available to participants and it's easy to assess the performance of the loan against its grade. Risk remains visible, rather than being rendered opaque through fragmentation, re-packaging and re-grading of the underlying loans, guarding against moral hazard. 

Finally, by enabling the efficient use of technology to facilitate consumers’ desire for greater control over their personal circumstances, governments will be helping to build a decent, sustainable financial services industry.

Consumers and small businesses should expect further developments in this space throughout 2012.

Tuesday 15 November 2011

US Crowdfunding Bill

"It's time for reflection..." FT.com
Further to my recent post on a new regulatory model for retail finance, the US House of Representative has passed a Bill HR 2930 (still subject to Senate and Presidential approval) which would enable the issuer of securities to raise small amounts of money from many people (crowdfunding) on the basis summarised below. Please note that I've used the helpful summary from VentureBeat, but replaced "company" with "issuer", as I see no reason on my reading of the bill and the definition of "issuer" in the Securities Act 1933 why this would not enable person-to-person lending, rather than merely raising capital for corporations. However, I'm not a US securities lawyer, and you should seek your own independent legal advice ;-)
  • "The [issuer] may only raise a maximum of $1 million, or $2 million if the [issuer] provides potential investors with audited financial statements.
  • Each investor is limited to investing an amount equal to the lesser of (i) $10,000 or (ii) 10% of his or her annual income.
  • The issuer or the intermediary, if applicable, must take a number of steps to limit the risk to investors, including (i) warning them of the speculative nature of the investment and the limitations on resale, (ii) requiring them to answer questions demonstrating their understanding of the risks, and (iii) providing notice to the SEC of the offering, including certain prescribed information.”
As mentioned previously, it would be great to see this sort of support for alternative finance from the UK authorities.

Tuesday 1 November 2011

FSA, OFT Seek To Avert Another PPI Scandal

Having covered the Great PPI Robbery - and the Redux - via Pragmatist for some years now, it's encouraging to see the FSA and the OFT remaining vigilant against another heist. Listen for any mention of a "debt freeze" or "debt suspension"; or a "debt waiver" or "debt cancellation" during your next discussion about a loan or mortgage - and assume a fee or higher interest rate or the need to make some kind of payment. You should also assume that activating the freeze or waiver will be harder than it looks.

If you think you need the insurance, you probably shouldn't be borrowing at all.

The FSA/OFT consultation on the guidance is open until 13 January 2012.

Sunday 23 October 2011

A New Regulatory Model For Retail Finance

"It's time for reflection..." FT.com
Non-bank retail finance models have been gaining momentum worldwide over the past six years, in spite of our creaking financial regulatory framework. Finally, it seems that framework is about to become more directly supportive. 

The mid-noughties saw the launch of various innovative person-to-person finance platforms in the UK, US, Germany and elsewhere, which have been tracked here. These were launched by teams that spent considerable time and expense trying to accommodate existing regulation that favoured incumbents, with little or no regulatory assistance. Meanwhile, the regulatory authorities discovered that their framework, ironically designed to protect consumers, actually guaranteed the worst banking excesses and failed to contain the downside to complex "shadow banking" system in which the incumbent institutions were also involved. And although taxpayers have had to step in and effectively democratise the financial markets, we are still unable to extract badly needed funding from retail banks.

Against that background, it is perverse that the regulatory framework does not already directly facilitate simple, low cost, alternative financial services. And let's not forget that banks and other retail investment institutions continue to enjoy indirect tax subsidies through individuals' ability to off-set losses, as well as ISA and pension allowances for which unregulated alternative investments do not qualify.

While substantial innovation in consumer and small business lending has been possible, UK rules against marketing investments like bonds, shares and unregulated collective investment schemes, have made it much harder to offer alternative funding for SME start-ups, trade finance and even social projects. Given a more proportionate investment regime, the likes of Crowdcube, MarketInvoice, Buzzbnk, Social Impact Bonds and the Green Investment Bank, for example, might operate rather differently. They would no doubt also be joined by existing and new P2P platforms as a substantial alternative to banks and other fee-hungry investment institutions.

Oddly, given its reputation for fast-paced innovation, the US is even less supportive of alternative retail financial models. Zopa, for example, which led the growth of P2P platforms with its launch in the UK, was unable to launch its P2P model in the US despite lengthy consultation with securities regulators. And life has been unnecessarily complicated for the likes of Prosper and Lending Club ever since.

To help remedy the regulatory imbalance, as mentioned in August, three of the leading UK commercial P2P platforms launched the Peer-to-Peer Finance Association and an accompanying set of self-regulatory measures. Their focus is platforms on which the majority of lenders and borrowers are consumers or small businesses, rather than, say, ‘investment clubs’ or networks of sophisticated investors. 

And in September the New York Times reported that there are three proposals in the US to allow peer-to-peer financing without securities registration and disclosure requirements:
"One petition, prepared in 2010 by the Sustainable Economies Law Center and, fittingly, paid for by a grass-roots crowdfunding effort, asks the S.E.C. to permit entrepreneurs to raise up to $100 per individual and an aggregate of up to $100,000 without requiring expensive registration and disclosure.

President Obama, as part of his jobs act, advocates an exemption for sums totaling up to $1 million. Representative Patrick McHenry, a Republican from North Carolina, has drafted legislation that would allow companies to obtain up to $5 million from individuals through crowdfunded ventures, with a cap of $10,000 per investor, or 10 percent of their annual incomes, whichever is smaller."
How would this work in practice?

The challenge (and benefit) associated with such 'safe harbours' is that there is very little room for fee income. This in turn favours 'thin intermediaries', like the new electronic finance platforms, as a means of broad, open distribution. Proportionately regulated, these platforms can deliver greater efficiency, transparency and cost savings that benefit providers and consumers alike. 

Specifically, these platforms can be the focus of regulation designed to control operational risk; deliver transparency (through adequate product disclosure and ‘my account’ functionality); and centralise customer service and complaints handling, with ultimate referral to financial ombudsmen. Focusing those regulatory burdens on the platforms would shift significant compliance costs away from the product providers who rely on the platforms as a means of distribution. This would also mean specialist product regulators could focus their resources on 'vertical' issues related to specific products and their providers rather than 'horizontal' issues that are common to all. Such is the primary intent behind the P2PFA's Operating Principles, for example, which cover lending to both consumers and small businesses.

In addition, since social investments and P2P finance offerings both involve some credit risk and therefore the potential for losses, tax rules should allow off-setting against gains and income derived via these platforms. And there is no reason why instruments so distributed should not also qualify for ISA and pension allowances.

Consumers and small businesses should expect further developments in this space throughout 2012.

Tuesday 4 October 2011

Excessive Mortagage Arrears Fees?

Following my recent post on excessive arrangement fees, it's worth noting that the FSA recently meted out a £630,000 fine for excessive arrears charges to Swift 1st Limited - the fifth such lender since a review in 2010. Swift will also have to pay about £2.35 million to redress the problems.

The FSA found that "Swift applied certain charges to its customers’ accounts... which ... did not reflect a reasonable estimate of the cost of administering an account in arrears."

The list of adverse practices is quite long, and worth comparing against your own mortgage statement or that of any client who has suffered arrears. However, you'll need to go back over all the old statements - the Swift practices dated back from June 2007 to July 2009...

The fees "were:

  • Arrears management fee: a monthly management fee applied to a customer in arrears;
  • Default notice fee: a default fee applied when a customer’s account fell into arrears;
  • Unpaid mortgage payment fee: applied when a cheque, direct debit or standing order was not honoured by a customer’s bank; and
  • Litigation fees: fees applied to customers’ accounts when Swift started legal proceedings."
"In addition:
  • Swift applied excessive early repayment charges to the redemption figures of customers who were, or had been, in arrears;
  • Swift failed to send all its customers in arrears certain prescribed documents, providing information on the options available to them;
  • Swift focussed on the collection of arrears without always proactively engaging with customers to establish an appropriate “Arrangement To Pay” based on their individual circumstances; and
  • Swift also failed to have adequate systems and controls in place to deal with early redemptions which resulted in some customers who redeemed their mortgages overpaying."

Wednesday 28 September 2011

Identity Is Dynamic, Not Static. Proof: Momentary.

On Tuesday we had a very revealing discussion on whether "banks and/or mobile operators should provide the identity infrastructure" at the CSFI's Sixth roundtable in the series on Identity and Financial Services.

Of course we began by discussing what identity actually is - not something that can be isolated or assumed, as was also apparent from the Fifth roundtable.

In this discussion, it was very clear that a bank or telco views identity as a static collection of data about an individual that can be stored or held, with varying degrees of subject access and control. In this entrenched view of the world, institutions - like banks and telcos - can compete for the privilege of 'holding' your identity and enabling you to prove who you are. In essence, those institutions are in control of your identity.

So what's stopping them providing an all-purpose identity infrastructure today?

The fact that identity is not a static concept. It's dynamic, contextual, and defined more by your various sets of activities or behaviours - "routes and routines", as Tony Fish put it - than by a picture, address and date of birth. That collection of behaviours and the data they generate are what makes us unique. Further, Dean Bubley made the point that we over-estimate the degree to which telcos (and banks), actually 'know' their customers in the sense of understanding their customers' end-to-end activities. And we over-estimate these institutions' technological ability to enable their customers to prove their identity at all, let alone conveniently in scenario's of their choosing.

A Finnish delegate also made the point that Finnish banks offer identity services, based on a government database, but make very little money out of them. Which suggests the services are not very useful or compelling.

In any event, static data repositories are vulnerable to attack; and the services that rely on them are apt to be 'gamed' by simply replicating the data held - as in the case of skimming card data or fabricating identity documents to gain control of a bank account. The fact that the individual consumer is ultimately compensated and therefore not 'harmed' in a direct financial sense is beside the point. We all pay for such inefficiencies in the form of higher interest rates, fees and retail prices.

So there are two key problems to be solved. As consumers, we need to be able to simply, conveniently and efficiently prove our identities in the course of any day-to-day activities.  And as a community, we need the source of that proof to be less vulnerable to being hacked or guessed, and to contain its cost.

Given those key problems, the solution cannot possibly comprise an "identity infrastructure" or 'service' that relies on a single, static set of data that is 'held' by some institution. Rather, the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by our own activity, on the fly, which is then useless and can be safely discarded.


Image from Young Lee.

Thursday 22 September 2011

Old Newzbinned

I see that Lexology carries a note on the decision in Motion Picture Association v BT [2011] EWHC 1981 (Ch) in July, ordering BT to block access to a revived "Newzbin2" web site that was enabling a large scale copyright infringement in films after an earlier site had been successfully restrained. 

The problem with services that post material on a delayed basis is that time-pressured senior lawyers can get over-excited about the 'latest' case, and miss all the discussion that occurred when it first hit the traditional and social media, none of which is summarised in the note. That's especially problematic in this particular context, given the vast lobbying effort by the 'majors' to gloss over some critical issues associated with alleged mass copyright infringement.

Specifically, the injunction was granted under section 97A of the Copyright, Designs and Patents Act 1988, which enacts the Information Society Directive (2001/29/EC) giving the High Court "power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright." 

The case shows that rightsholders have long had adequate protection for mass infringement, and underscores the waste and futility involved in passing the Digital Economy Act during the infamous Parliamentary 'wash-up' of 2010. The core provisions and site-blocking generally have been found by Ofcom to be unworkable; and the Liberal Democrats have joined the calls for the DEA to be largely repealed.

More productive efforts are focused on modernising our intellectual property rights, and it would be good to see more articles on that. 





Sunday 4 September 2011

Are 'Soaring' Mortgage Arrangement Fees Excessive?

Moneyfacts July 2007 warning
In a re-run of 2007, this time amidst persistent low interest rates, MoneySavingExpert has reported huge increases in mortgage arrangement fees. In 2007, the suggestion was that the high fees masked artificial reductions in headline interest rates. This year, the suggestion is that higher arrangement fees are being used to make up for low interest income:
"Typical mortgage rates are at a record low, and while this undoubtedly means reduced costs for consumers, lenders are partly offsetting that fall with a rise in costs to secure that deal."
Of course, that may be hard for lenders to justify in relation to regulated mortgages, on the basis of treating customers fairly, disclosure obligations or under the excessive fee provisions in the FSA's Mortgage Conduct of Business sourcebook (MCOB).

In particular:
"When determining whether a charge is excessive, a firm should consider:

(1) the amount of its charges for the services or products in question compared with charges for similar products or services on the market;

(2) the degree to which the charges are an abuse of the trust that the customer has placed in the firm; and

(3) the nature and extent of the disclosure of the charges to the customer."
But I'm sure each of the lenders has prepared some kind of explanation in case the FSA or the competition authorities inquire...

Tuesday 30 August 2011

Regulating P2P Finance


From a standing start in March 2005, this year peer-to-peer finance will account for more than £100 million of loans to individuals and small businesses in the UK. The timing is perfect, given that our banks are lending less and paying lower savings rates, and new capital rules will drive further need for alternative funding.

Yet, as I noted last year, while these platforms deliver very real social and economic benefits by enabling people rather than banks to share most of the margin between savings rates and funding costs, the financial regulatory and tax framework does not directly accommodate them. So, ironically, new entrants whose business models are founded on openness, fairness, transparency and individual consumer control must spend a huge amount of time and start-up capital figuring out a regulatory path through a regime that is not only designed to force recalcitrant 'traditional' financial institutions to treat customers fairly but also subsidises their marketing efforts with favourable tax allowances.

While the various P2P providers were also considering the merits of forming a self-regulatory body to act as a focal point for more helpful enabling regulation, a further catalyst was the BIS consultation on moving responsibility for consumer credit from the OFT to the Financial Conduct Authority (the FSA's replacement). Having helped frame Zopa's positive response to that consultation, I was happy to help apply the same regulatory approach we'd suggested to a set of operating principles that could form the basis of an interim self-regulatory framework. Collaboration with both Ratesetter and Funding Circle ultimately led to the formation of the "Peer to Peer Finance Association" in July, with invitations extended to others.

The intention of the P2PFA is to enable the development of platforms that facilitate open consumer and small business participation, rather than merely 'investment clubs' or networks reserved for sophisticated investors. As a result, the term “Peer to Peer Finance” is broadly defined in the Rules to mean "any funding arrangement that comprises direct, one-to-one contracts between a single recipient and multiple providers of funds, where the majority of providers and borrowers are consumers or small businesses." The desire for scalable, open or 'mass' access is underlined by the definition of “Platform” as "an electronic system that facilitates Peer to Peer Finance." Generally, funding is likely to be in the form of simple one-to-one loans, but other instruments may evolve over time.

As stated on the Association's web site:
"The Association’s Rules and Operating Principles set out the key requirements for the transparent, fair, robust and orderly operation of peer-to-peer finance platforms and cover:
1. Senior management systems and controls;
2. Minimum capital requirements;
3. Segregation of participants’ funds;
4. Clear rules governing use of the platform, consistent with these Operating Principles;
5. Marketing and customer communications that are clear, fair and not misleading;
6. Secure and reliable IT systems;
7. Fair complaints handling; and
8. The orderly administration of contracts in the event a platform ceases to operate.
The Peer-to-Peer Finance Association is run by a Management Committee, made up of one representative from each member, with one member acting as Chairman for one year on a rotating basis. Giles Andrews, CEO of Zopa, will act as the Committee’s initial Chairman. As new members join the Association, their representative will join the Management Committee.

Membership of the Peer-to-Peer Association is subject to the Rules of the Association and members must comply with the Association’s Operating Principles."
The Rules, Bye-laws and Operating Principles are set out here.

Thursday 4 August 2011

Wither the Digital Economy Act?


A year later we're still fussing over the damn thing and, surprise, surprise: site-blocking has been abandoned as unworkable and ISPs won't have to subsidise the costs of protecting outmoded entertainment industry business models.

BUT! I cannot fathom a decision to charge on individual citizens £20 for appealing "every notification letter received from their ISP, and against every instance of infringement identified" by a copyright owner. It's all very well to say that this will discourage vexatious appeals and that the individual can recover the £20 if their appeal is successful. But where is the constraint on the mistaken, vexatious or groundless issue of infringement notices? Will it cost £20 per notice to complain about that? Can they all be heard together? These things could arrive like confetti, effectively reversing the burden of proof and obliging the indivdual to underwrite a multiplicity of appeals.

My sense is that there will be not be a significant number of appeals. But, on the flip-side (as it were), rights owners who avail themselves of this process will find their material shunned altogether, for the reasons discussed in Henry Jenkins' "Convergence Culture". Rights owners who don't understand that are doomed.

I can't imagine what Kafkaesque process Ofcom is being forced to envisage in order to bring this monster to life, but I understand we'll find out "shortly".

Image from LoveMarks.

Saturday 30 July 2011

How Not To Deal With A Regulator

The 'Big Six' energy providers are actually threatening to steal the regulatory limelight from UK retail banks - which is no mean feat. Ofgem says it has levied a total of £12.5m in fines this year already. In the past few weeks alone, SSE and Scottish Power have found themselves under scrutiny from MPs. And British Gas has complained publicly that it's recent fine of £2.5m for complaints mishandling is "totally disproportionate", seeming to suggest they should've been given credit for having to spend £4m fixing the problem.

But you'd expect a little more humility from a company that is raising consumer gas and electricity prices at an average of 18% and 16% respectively, and contributed £270m of its parent's £1.3bn profit for the first half of this year. 

Ofgem explains that its complaint handling regulations include the following requirements ("the breaches Ofgem found against British Gas in this case are in bold):
  • a common definition of a complaint between (sic) energy suppliers;
  • a requirement for suppliers to record complaints upon receipt and follow up contact with the customer after the initial complaint;
  • a requirement for suppliers to have a complaints handling procedure and be able to explain to customers how they can make a complaint;
  • a requirement to signpost customers to the Energy Ombudsman if the complaint is not resolved;
  • a requirement to deal with consumer complaints in an efficient and timely manner, and allocate sufficient resources to do this;
  • a requirement to publish information on complaints."
Here's an explanation of Ofgem's industry governance arrangements.

And here's where to complain if you are a consumer or small business (once you've given the provider a chance to resolve the dispute).

Meanwhile, Ofgem says that it's:
"currently investigating Npower and EDF Energy for complaint handling; Scottish Power, Scottish and Southern Energy, EDF Energy and Npower for misselling; and is undertaking two investigations into Scottish Power for potentially misleading marketing and the difference between its Standard Credit and Direct Debit Tariffs."
I'm sure the suspects are bound to accept any adverse findings with good grace...

Saturday 16 July 2011

Private Sheriffs in Cyberspace and Counter-regulation

Zittrain's Rule-making quadrant
What better task for a rainy Saturday than extracting the 'blawg' posts from Pragmatist and placing a link to them on a dedicated Blawg where they belong?

Here's my response to a Zittrain lecture in May 2009, that appears to have stood the test of time.

Sunday 12 June 2011

Counter-Regulation And Consumer Empowerment

In 2006, I speculated in an article for the Society for Computers and Law, entitled "Counter-regulation", that the government would one day require offline businesses to implement the benefits of successful online business models. They would do this, I suggested, because successful online businesses "will have demonstrated to most consumers the inadequacies in the business models of their offline counterparts" whose customers will realise they're at a disadvantage compared to consumers dealing online.

That day certainly arrived in April, if not before, when the UK government announced its "Consumer Empowerment Strategy". The policy "aims to put consumers in charge so that they are better able to get the best deals for themselves, individually and collectively." As part of the strategy, "the Government wants to work with [service providers and retailers] to come up with a solution that allows consumers to access [purchasing] information, analyse it according to their own preferences and make better choices."

However, in Better Choices: Better Deals, the Government makes it refreshingly clear (at p.5) that a new legislative programme is not the best way to achieve consumer empowerment. Instead, it is relying on "a wide range of new programmes that have been developed in partnership with businesses, consumer groups and regulators" against a background of normal regulatory enforcement.

It is also refreshing to see that the Government has gone to considerable lengths to try to understand the overall context before announcing policy. As a result, Better Choices: Better Deals is a treasure trove of statistics, behavioural insights, and research - and an inspiring read, rather than an irritating one. There are numerous proposals (see pp.6-7 and Annex A of Better Choices: Better Deals), some of which are the product of thematic regulatory work and some of which go beyond the way many online businesses operate today. Indeed, the semantic web is central to the Government's vision. Of course, the list is not exhaustive - the document is step one in in an attempt to foster collaborative effort across the community, not a creaking regulatory panacea of the kind favoured by the European Commission. These proposals include:
  • the 'mydata' [since renamed 'midata'] project to enable consumers to access information about their purchases, analyse it according to their own preferences and use that information to make better purchasing decisions;
  • e-statements for credit cards, to provide the last 12 months of transaction data in a portable electronic format;
  • clear information about the lowest energy tariff on energy bills;
  • changes to Energy Performance Certificates and how they are presented;
  • improving the provision of product information about cars and other products from a health and environmental standpoint;
  • encouraging local collective purchasing deals;
  • making available more complaints and performance data about businesses, regulators, government departments and public service providers;
  • figuring out how in-store shoppers can access consumer feedback normally only available online;
  • a new resolution scheme for e-commerce disputes;
  • a review on how to empower very vulnerable consumers.
Of course, our day-to-day consumer activities tend to require combinations of data held by both public and private sector organisations. So it's encouraging that great progress is also being made on the Open Government data initiative.

Image from 1Million1Shot.

Thursday 26 May 2011

An EU Contract Law? Too Tough To Digest

A hat-tip to Mayer Brown for the heads-up on the latest in the saga of a proposed European Contract Law. We have until 1 July to send feedback on 189 individual articles included in a 'feasibility study'. The Commission will then consider that feedback, together with the results of an earlier consultation.

As I have posted previously in another place, I'm not terribly supportive of a new European Contract Law. It doesn't fix any real problem, and it won't catalyse a single, cross-border market - notwithstanding the rationale advanced by the European Commission. The example used is:
"An Irish consumer buys an MP3 player online from a French retailer. In this case, Irish contract law would apply if the French retailer has designed his website for Irish consumers."
This is a strange scenario, littered with odd assumptions. Besides, there are notable instances of successful cross-border retailing in the EU that rely on the law of a single Member State as the law of the contract. And choice of law is the least of the barriers to setting up such an operation, as the European Commission itself discovered in the context of the reform of laws related to consumer rights and consumer credit. In particular, a May 2007 study by Civic Consulting revealed that:
“the main [non-regulatory] barriers hindering selling of consumer credit products in other EU Member States are different language and culture; consumers’ preference for national lenders; credit risk for lenders – no access to creditworthiness information; problems related to tax, employment practices etc.; difficulties to penetrate local market; different consumer demand in different Member States; lack of consumer confidence in a brand; differing stages of development of consumer credit; and lack of adequate marketing strategies.”
Furthermore, the law should follow, not lead commerce (though I realise that is a common law, rather than a civil law view). Otherwise, it acts as a hurdle to innovation and market development, and only those who are 'good at regulation' (incumbent players) will cope.

A pan-European contract law also conflicts with the principle already enshrined in various financial and other regulatory frameworks that, in general, the law in a corporation's home Member State should govern that corporation's cross-border EU activities. In fact, given the preponderance of any EU-based cross-border retailer's trade is with the citizens of its home state (with the exception of retailers based in Luxembourg) this proposal would seem to envisage retailers either imposing European Contract Law on their local customers, or creating separate set of terms for cross-border customers. I don't see how either is helpful, other than to generate work for the likes of... well, me.

But I'm not in the business of creating more hurdles for cross-border trade. So, while I will of course personally attempt to digest yet another European dog's breakfast, I propose to focus my drafting energies on an exclusion clause that will mean my clients and their customers won't have to.

Apply within ;-)

Tuesday 17 May 2011

Would You Like A Cookie?

The law that applies to ‘cookies’ is changing with effect from 26 May 2011. Within a year from that date, not only must the user be given clear and comprehensive information about the purposes of cookies and use of the data they collect; but cookies can also only be placed on the user’s device after the user has given his or her consent. There is an exception where such storage or access is strictly necessary for the provision of a service that has been requested by the user (as well as where the cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network). The UK Information Commissioner has issued guidance on how to comply.

How best to obtain consent?

This is likely to vary according to the type of cookie being set and the use to which the information is put. Cookies may be either "Session” cookies, which are temporary and deleted as soon as the user closes his or her browser; or "Persistent” cookies, which are stored on the user’s device hard drive until they expire or are removed. Where a persistent cookie is set, the consent only needs to be obtained prior to it being set the first time.

Of course, users can configure their browser to warn them whenever a new cookie is about to be stored; clear the cookies that have previously been set; and/or block specific cookies in advance. Or they can choose not to visit a website or use a service whose cookies they don’t want to receive. However, the Information Commissioner has found that most browser settings are not sophisticated enough to allow the service provider to assume the user has given his or her consent to allow your website to set a cookie. So, the Commissioner has advised that consent must be obtained in some other way.

If you are changing your terms for the use of your web site or web-based service, you have to make users aware of the changes and specifically that the changes refer to your use of cookies. You then need to gain a positive indication that users understand and agree to the changes. This is most commonly obtained by asking the user to tick a box to indicate that they consent to the new terms. Where a third party sets its own cookies or similar technologies onto “your” users’ devices, you will need to ensure your users’ consent is obtained either by you or the third party.

For sites with subscribers who must log-in to gain access, you could prompt the user to agree amendments to your privacy policy to cover the use of cookies at time of next log-in. More challenging is how to obtain consent to cookies from users who don't log-in or necessarily interact with your site in a way that would enable you to display terms of consent that could be agreed. The Information Commissioner has suggested that web site owners “place some text in the footer or header of the web page which is highlighted or which turns into a scrolling piece of text when you want to set a cookie on the user’s device. This could prompt the user to read further information (perhaps served via the privacy pages of the site) and make any appropriate choices that are available to them.”

Whichever way you decide to meet the challenge, you'll need a psychiatrist on standby for your digital design team ;-)


Image from Jefferson Park.

Tuesday 10 May 2011

What Is Identity, Anyway?

I was a pleasure to join a CSFI round-table discussion on identity today. It was the latest in a series of discussions to elucidate the problems with the current approach to identifying customers (and providers) in the financial services context. Subsequent discussions will focus on potential improvements and alternative solutions.

It was a broad-ranging discussion, as you'd expect, and tough to do justice to everyone's remarks, but worth a quick summary. Dr Ian Brown of the Oxford Internet Institute set the context in terms of the various meanings of 'identity' and how other disciplines view it. However, he doesn't believe it's helpful to think in terms of 'identity' itself, as opposed to 'reputation', for example. And it's not actually necessary in many cases for someone to be identified (e.g. a tube journey). People's attitudes to privacy vary with context: students have been shown to disclose more in their responses to an informal student survey than to official university research questionnaires. Ian also explained how the technological landscape is evolving - and ought to be encouraged to evolve - including the work of David Chaum and others on how to ensure 'unconditional anonymity' or that transactions you undertake are not shown as related. He suggested that approach could be promoted via initiatives like Project Stork (a project to enable interoperability of EU member state ID cards).

Marc Dautlich of Olswang pointed out that "identity" itself is not legally prescribed, but explained the relevant provisions of the Data Protection Act and the offences created by the Identity Documents Act 2010 relating to the possession of false documentation with improper intent. However, he believes the law does not adequately address the fact that the consequences of misuse of identity or personal data vary greatly according to the context. His sense is that it would be more helpful in the future to regulate for appropriate outcomes rather than regulate identity or personal data itself.

My role was to say something about alternative legal approaches to identity.

From the outset, given the pan-European approach to regulating data protection and money laundering, it's important to consider the difference between common law and civil law attitudes to regulation. In common law jurisdictions the law tends to follow commerce, whereas in civil law jurisdictions there's an expectation that the law should stipulate what can and cannot be done. That means UK players can't sit back and leave market forces to reveal any need for new regulations to support a shift to a new identity model. The EC will be under pressure to regulate how the new paradigm should work, and to influence such regulation we would need to participate in the EU 'social dialogue'.

At any rate, 'identity' is not a constant, but flexible in terms of the data used to distinguish the subject from everyone else, the sources of that data, who controls it and the source of any requirement to identify the subject. Identity is contextual, as Ian mentioned. Some personal data we volunteer happily in a social media situation (or on reality TV), but less so in a formal or institutional situation. Often we have no control over the process. Money laundering regulation, for instance, casts an obligation on product providers to identify their customers by reference to official data.

An organisation's attitude to identity data also tends to be governed by whether the organisation is a 'facilitator' (which exists to solve its customers' problems) or an 'institution' (which primarilty exists to solve its own problems). Facilitators try much harder than institutions to ensure that their collection and use of personal data, and treatment of identity, is transparent and proportionate to the customer activity being facilitated, and 'friction' in the customer experience is kept to a minimum.

However, some institutional identity requirements may be disproportionate partly because the government views the institutions concerned as useful 'choke points' for imposing requirements for public policy purposes, like anti-terrorism or serious crime prevention.

In future, I suggested that we determine identity requirements from the consumer/customer standpoint, and ensure they are facilitative and proportionate (rather than simply a hurdle to be cleared). That may also mean solving public policy identification requirements in different ways. The semantic web represents an ideal opportunity to minimise identity issues. For instance, I've long been a proponent of the idea that you should have an applet on your computer that holds your personal profile and can interrogate product provider's semantic datafeeds to find, say, an insurance product that's right for you without requiring you to disclose your personal data.

I look forward to seeing the output of this round table process in due course.

Image from Brainstorm Services.

Thursday 5 May 2011

Do Other EU Countries' Data Protection Laws Apply To You?

A hat-tip to Claire Walker and Shona Kerr for their SCL article on the above question: "Location, Location … Guidance on Applicable Law in International Data Processing Scenarios" (cheap annual subscription applies).

The "guidance" referred to is the Opinion of the EU's Article 29 Data Protection Working Party of national data protection regulators. And, naturally, the answer to the above question is that "it depends".

In essence, the factors for businesses to consider are whether you are the data controller or processor, and whether you have an "establishment" in a given EU Member State and/or are sufficiently involved in processing personal data through "equipment" or some means of processing located in that country. There are helpful detailed examples in the Opinion, but ultimately it's a question of fact and degree that will benefit from discussion with the operational or IT staff who know what's actually going on. Guidance is also given on supervision and enforcement.

This sort of analysis is not exclusive to the law on personal data protection - many local laws and regulations may apply to your cross-border activities in another country, even if you don't operate a physical point of sale there (direct and indirect taxes being critical examples). But it's a useful illustration of the type of issues facing anyone operating on a cross-border basis.

Tuesday 3 May 2011

Week One: Build A Decent Framework

The first week in any new in-house role or project has many defining moments. Are you friendly and approachable, or nervous and shy? Do you listen respectfully before suggesting improvements, or arrogantly impose your own experience and expertise from the outset? Do you have a plan for how you'll approach your new role, or will you simply react to demands on your time?

One advantage to having worked in nearly a dozen businesses over the past twenty years or so is having the opportunity to experience many 'fresh starts'. Here are three steps I've learned to take each time:

1. Research the business and its products: You should've done this at interview stage (along with understanding the overall market context), but you probably didn't get the whole picture from company filings, web sites and other publicly available material. Depending on seniority, you may not get much more. Play the 'newbie' card while you can. Try to meet the lead business people and ask plenty of questions about their successes and key challenges. Ask each product manager to explain how his or her product works. Make a note of anything that surprises you - good or bad. Understand the business problem-solving methodology (if any), project planning framework (if any) and the end-to-end business processes that comprise or support the products - how customers are signed up, complaints are handled, how distribution works, the supply chains, how contractual rights are enforced. Due diligence reports, regulatory filings, major contracts, sales presentations and process maps all make great source material.

2. Figure out the top ten challenges for the business: This can be a hair-raising experience, especially in a young business or one that's poorly run. Try to be discreet, patient and under-react until you've figured out the list and considered how to align yourself with each challenge. A well-managed business will identify and prioritise its most significant challenges annually. In that case, figuring these out will involve a fairly easy discussion with the boss about the business planning cycle, the current plan and where you fit in. In other cases, there may be no clarity at all, and no process for achieving it - great opportunities for anyone with an analytical mind and a positive attitude. Clearly the annual revenue target, major product launches, acquisitions and any substantial new regulation will be likely to feature in the top ten. Addressing the organisation's substantial strengths, weaknesses, opportunities and threats should round out the list.

3. Figure out the top ten legal challenges: What the lawyers need to do should have become pretty clear by now. Of course you have to factor in your own major initiatives, like getting a handle on significant contracts, contested litigation, training and competence, ensuring appropriate records retention and so on. But some of that will be business as usual. The major challenges should involve cross-functional co-operation - including public affairs and PR.

I'm interested in your thoughts.


Image from De Madera Constructions.