From a European Union (EU) perspective, Koch reported an increased appetite for regulatory intervention in the payments space. He noted the push for near real-time payments across the continent and attempts to address market fragmentation. At the same time, there are some notable gaps and inconsistencies in existing legislation, while changes and innovation in technology presents challenges.
Keeping Up With the Industry
Regulators in the payments space face a level of complexity, as industry trends are always changing – as indeed is commerce itself. Koch cited a quote from online fashion retailer Net-a-Porter founder Natalie Massene,t to illustrate how retail is becoming much more about content and content delivery: “We are a technology company, a media company, a retailer and a service company all in one.”
The other trend regulators must deal with is that disruption to finance is part of a wider trend. The collaborative consumption and sharing economy is led by companies that – in many cases – are operating without inventories – they match buyers to sellers and borrowers to lenders. Koch expects that this will really drive change in the provision of finance and payments.
Impact of New Requirements
Various regulatory steps have been taken in an attempt to keep up with the speed of change in the payments world. A key development in Europe is the revision of the Payment Services Directive (PSD) to create PSD2. The objectives of PSD2 are to modernise the legal framework in line with technical and market developments, promote innovation, increase customer choice and consumer protection, and to enhance security for online payments.
PSD2 contains new rules designed to open up access to payments to third-party providers. The European Parliament (EP) is adamant that banks and credit card companies must give certain access to licensed third-party providers. PSD2 provides customers with the right to be provided with information that informs them about the extent of any access given. Additionally, banks and account services providers in the UK are now barred from treating payments that go through third parties differently than those that go directly through them. PSD2 also provides some surety that payment services providers (PSPs) will be able to block accounts where they have a good understanding that there is probability or evidence of fraud.
At the same time there is concern about liability. Where there are payments involving more than one payments provider or institution, the key question from a regulatory perspective – as well as a commercial perspective – is who bears the loss if something goes wrong? Koch said that this is addressed within PSD2. It is set out that the original PSP should take accountability for the loss, but a number of the revisions in PSD2 stipulate that the original PSP has the right of recourse to the third-party provider, when that provider has initiated the issue that needs addressing.
In terms of the implementation progress of PSD2, last month political agreement on the revisions was reached between the European Commission (EC), the EP and the Council of Ministers. Koch noted that while the framework is now in place, there is still work to do in terms of the technical detail. Many of these aspects have been passed to the European Banking Authority (EBA) to resolve, but he warned that these would take time to resolve.
Regulation of interchange
Alongside the PSD2, the other main theme of recent European payments legislation is the regulation of interchange fees for card-based payments, which took effect this week from 8 June. Among the features of that piece of regulation is that European member states have the ability to flex some of the caps in a domestic context. Koch said that there are several few ambiguities as to how this will be implemented, which the industry is currently working through. These include issues such as defining what a merchant card is; how to identify non-regulated from regulated cards; what is in scope and what is out of scope; and how both consumers and retailers are informed of the new rules of acceptance.
A Challenging Climate
Koch concluded his presentation by noting that regulators are struggling with the pace of change in technology. Despite this, there are clear signs that they are keen to promote a competitive environment; one allowing the development of new services that meet new consumer needs.
A challenge for the regulators is to be forward-looking and relevant. Conversations that the UKCA has had with retailers shows them to be less interested in the payment mechanism with which the transaction takes place. Instead, they are focussed on the transaction costs and the frictionless nature of transactions. He suggested that regulatory concerns about authentification could stand in the way of some of those objectives.
Turning to payment services infrastructure, Koch referenced
a previous panel discussion
in noting that there are pressures on the incumbents to open up their networks. The challenge for payments systems is to maintain their relevance in this environment, rather than simply fading away to become purely the ‘plumbing’ for the industry. Koch believes that the current incumbents of the payments services infrastructure space will need to develop very carefully thought-out strategies in order to remain relevant.
Businesses should look to identify the strategic opportunities presented by GDPR rather than simply seeing regulatory hurdles as an additional constraint, costs or obligation for the compliance officer.
A series of governments are now very worried about the idea of bitcoin and these currencies because customers would be able to make sustainable ongoing transactions and payments without having to ever introduce the use of a typical financial model or banking system. To combat this potential threat, several countries including major central banks like the Bank of England and the Bank of Israel will be launching their own version of a cryptocurrency. This could bring big advantages to customers.
The new EU General Data Protection Regulation of the European Union will have a wide impact on how data of EU citizens can be stored – and business are well advised to not take it lightly.
New Thomson Reuters research into Know Your Customer (KYC) related challenges impacting financial institutions (FIs) and their corporate clients reveals that many of the issues raised by the company's 2016 survey remain.