Global Payments Newsletter, August 2020 | Lexology

Key developments of interest over the last month include:

  • United Kingdom: HM Treasury publishes Call for Evidence for Payments Landscape Review, seeking industry input on how payment systems could be improved. The deadline for submissions is 20 October 2020.
  • Canada: The Financial Data Exchange, an industry-led initiative to develop an API standard for open banking, launches.
  • Europe: The European Data Protection Board consults on guidelines on the interaction between PSD2 and the GDPR, which covers topics such as the meaning of “explicit consent”. The deadline for submitting feedback is 16 September 2020.

Regulatory Developments

United Kingdom: HM Treasury publishes Call for Evidence for Payments Landscape Review

On 28 July 2020 HM Treasury published a Call for Evidence which serves as the first phase of its Payments Landscape Review.

The government is seeking feedback on the progress that has been made in advancing its objectives in the payments space, and input on what more could be done. The topics which the Call for Evidence covers include:

  • What can the industry, regulators and government do to promote open access, ensure that payment networks benefit end users, and maintain stable and efficient payment systems?
  • What can be done to make person-to-business payments more efficient?
  • What trends does the industry see in payments chains and cross-border payments, and what opportunities and risks do they come with?

The Call for Evidence will close on 20 October 2020. Following this, the government will publish a summary of responses and detail next steps for the review.

Canada: Open banking initiative, Financial Data Exchange, launches

On 29 July 2020 the Financial Data Exchange announced its launch. Its aim is to develop a secure and interoperable API standard for sharing consumer data. It is an industry-led initiative and its Working Group consists of 31 members, ranging from financial institutions and payment networks to fintechs and consumer groups.

Interested organisations are invited to join the Financial Data Exchange as members and contribute to this open banking initiative.

Europe: European Data Protection Board (EDPB) consults on guidelines on the interaction between PSD2 and the GDPR

On 17 July 2020 the EDPB published “Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR” for public consultation. These guidelines aim to provide guidance on the data protection aspects of PSD2, with a focus on the processing of personal data by account information service providers (AISPs) and payment initiation service providers (PISPs).

The topics that the guidelines cover include:

  • The application of the GDPR’s lawful grounds for processing and key principles in the context of PSD2.
  • Clarification that “explicit consent” under PSD2 is a separate and additional requirement of a contractual nature, and different from the GDPR’s concept of consent.
  • The legitimacy of processing “silent party” personal data. For example, a payment service user may consent to sharing transaction data which would include some data relating to third parties with whom the user contracted (called “silent parties”).
  • The processing of special categories of personal data by PISPs and AISPs.

The deadline for submitting feedback is 16 September 2020.

Italy: Bank of Italy publishes explanatory document on the relationship between payment services regulation and data protection

On 15 June 2020 the Bank of Italy published an explanatory document which explores the relationship between PSD2 and the GDPR, under which payment service providers (PSPs) must comply with data protection provisions separately and in addition to PSD2.

The document points out the need for greater harmonisation, especially in relation to the definition of sensitive data and the nature of consent to be provided by the payment service user. This is because PSD2’s definition of “sensitive payment data” refers to data which may be used to carry out fraud, e.g. security credentials, while the GDPR considers sensitive data to be data relating to personal characteristics such as ethnicity and religious belief. Although these definitions do not conflict with each other, the Bank of Italy notes that PSPs may need to consider carefully any circumstances where the two concepts overlap.

In relation to consent, the Bank of Italy notes that consent under PSD2 has a contractual nature whereas consent under the GDPR is not necessarily contractual if the use of personal data is functional to performing an agreement.

See further information here.

United Kingdom: HM Treasury consults on regulating the promotion of cryptoassets

On 20 July 2020 HM Treasury published a consultation on cryptoasset promotions. It proposes to expand the perimeter of the financial promotion regime to enhance consumer protection while the government continues to consider its approach to the broader challenges of cryptoasset regulation. To bring the relevant activities into scope, the government proposes to amend the Financial Promotions Order (FPO) to include certain unregulated cryptoassets in the list of controlled investments and amend a number of the current controlled activities.

The government considers that applying the financial promotion regime to too wide a range of cryptoasset activity could stifle innovation without a proportionate benefit to consumer protection. Accordingly, the proposed definition of “qualifying cryptoassets” (that is, the unregulated cryptoassets to be covered by the FPO as controlled investments) includes only those cryptoassets that are both fungible and transferable.

The government has identified the most relevant controlled activities and intends to amend them to incorporate activities in relation to the buying, selling, subscribing for or underwriting of qualifying cryptoassets. In the government’s view, the financial promotion restriction exemptions for qualifying cryptoassets should generally be consistent with the approach taken to exemptions for other controlled investments. However, the government proposes to add a new FPO exemption to ensure that vendors merely offering to accept cryptoassets in exchange for goods or services, and buyers merely offering cryptoassets to pay for goods or services, in the same manner as they would accept pound sterling payments, are not captured.

The consultation closes on 25 October 2020. The government does not propose to introduce a transitional period before the proposed FPO amendments come into force. In parallel with this work, HM Treasury also published a consultation on limiting authorised firms’ ability to approve the financial promotions of unauthorised firms by requiring them to obtain prior FCA consent. It advises that the two consultation papers should be read in conjunction with each other.

United Kingdom: Government launches Fintech Strategic Review

On 20 July 2020 HM Treasury announced the launch of the Fintech Strategic Review and published its terms of reference. The review will be conducted independently and identify priority areas for policy makers and the industry to support fintechs in the UK.

The review will consist of five workstreams:

  1. Building and developing the relevant skills and talent.
  2. Attracting investment and funding.
  3. Supporting regional fintechs.
  4. Developing policy that fosters innovation and promotes competition.
  5. Promoting the UK’s fintech sector to overseas markets.

The Fintech Strategic Review will culminate in a report with recommendations to HM Treasury in 2021.

United Kingdom: HM Treasury publishes policy paper of Joint Authorities Cash Strategy (JACS) Group on safeguarding the UK’s cash infrastructure

On 15 July 2020 HM Treasury published a policy paper of the Joint Authorities Cash Strategy (JACS) Group on safeguarding the UK’s cash infrastructure. The JACS Group is chaired by HM Treasury and includes representatives from the FCA, the Bank of England (BoE) and the Payment Systems Regulator (PSR).

The paper provides an update on developments within the UK’s cash infrastructure and the work of the JACS Group members, including the state of, and key pressures on, the overall end-to-end infrastructure across the UK. The paper also outlines major industry initiatives that JACS Group members are tracking and engaging with, as well as actions the members themselves are undertaking.

Next steps for the JACS Group include:

  • Informing the development of the planned legislation to protect access to cash.
  • Continuing to ensure a co-ordinated regulatory approach to monitor trends, including COVID-19 impact, and oversee the UK cash infrastructure.
  • Alongside the development of legislation, the FCA and PSR will work with stakeholders on how the industry can provide an appropriate and sustainable model for accessing cash. A public consultation, led by the Wholesale Distribution Steering Group (WDSG) (chaired by the BoE), on potential end-state models for a new wholesale cash distribution system is expected during summer 2020.

United Kingdom: Payment Systems Regulator (PSR) Panel publishes annual report

On 29 July 2020 the PSR Panel published its annual report (2019-2020) which reflected on the following priority issues:

  • Access to cash: The PSR Panel has been working with the PSR to consider the reasons why access to cash is important for certain groups of people, e.g. those from disadvantaged socio-economic backgrounds and those in remote areas. The PSR Panel encourages providers to maintain and promote access to cash.
  • Authorised Push Payment (APP) scams: The PSR Panel encourages the PSR to lead the sector to develop a more permanent and harmonised solution to “no-blame” APP scams.
  • Card-acquiring: The PSR Panel urges the PSR to move more quickly in relation to its review of card-acquiring services so as to avoid being outpaced by industry developments.

United Kingdom: Payment Systems Regulator (PSR) announces development of future strategy

On 29 July 2020 the PSR announced that it is developing its future strategy. [with a view to publishing a draft strategy for consultation at the end of 2020 or the beginning of 2021.]

The PSR is requesting input, before formally consulting, on three key themes with high-level target outcomes:

  • Innovation and future payment methods: How can the PSR promote a choice of payment methods that suits the needs and preferences of people and businesses? (Target outcome: the payments industry will be agile and innovative so that consumers can access appropriate payment methods.)
  • Competition: What role does the PSR play to ensure that competition is effective at all levels of the payments chain? (Target outcome: effective competition at all levels of the supply chain, with detailed economic regulation acting where competition is not enough.)
  • Choice and availability of payment methods: How does the PSR ensure that enough options are available to allow all people and businesses to make the payments they need and want to make? (Target outcome: all people and businesses can make the payments they need and want to make.)

The PSR will work closely with the FCA, the Bank of England and HM Treasury when developing its strategy. It notes in particular HM Treasury’s Payments Landscape Review, which will help to inform its strategy (see the separate item on this development).

Over the next three months, the PSR will publish a specific set of questions on each theme (starting with the ‘Innovation and future payment methods’ theme, launched on 29 July 2020), along with a series of related content pieces to stimulate thinking and debate. Contributions to all themes are allowed until the engagement phase ends in September 2020. After this, the PSR will produce a full draft strategy which it will consult on at the end of 2020 or beginning of 2021. From the week commencing 7 September to 16 October 2020 the PSR will hold panel events, regional “virtual” roadshows and ongoing engagement with social media across all themes.

United Kingdom: Lending Standards Board (LSB) launches review of Contingent Reimbursement Model Code (CRM Code); PSR publications on APP scams and competition and innovation in real-time payments

On 15 July 2020 the LSB launched its review of the CRM Code by publishing a consultation paper. The CRM Code was established in May 2019, and is a voluntary industry code in relation to authorised push payment (APP) scams. The consultation asks for input on four areas:

  1. Implementation: The LSB seeks to determine what challenges firms have experienced in adopting the CRM Code and how it could be improved.
  2. Customer experience: The LSB would like to know whether the CRM Code has reduced the number of APP scams and successfully helped victims.
  3. Prevention measures: The LSB asks whether consumer education measures and Confirmation of Payee are successfully supporting the CRM Code.
  4. Resolving claims: The LSB would like to know what challenges firms face when deciding whether to reimburse a customer.

The consultation will close on 30 September 2020. On 6 August 2020 the PSR published an article by Genevieve Marjoribanks, PSR Head of Policy, which supports the LSB’s review. The statement also notes the need for a long-term reimbursement model for victims in “no blame” scenarios, which may mean a departure from the current voluntary approach.

On 4 August 2020 the PSR published a statement by Genevieve Marjoribanks on driving innovation and competition in real-time payments. The PSR is looking at what consumer protections are available now and whether they adequately protect people who use bank transfers to make payments. It wants to achieve greater protection for people when making and receiving payments. With this in mind, the PSR is assessing what else it and the payments industry can do to achieve this. Ms Marjoribanks also discusses open banking and the potential growth of the Faster Payments Scheme (FPS), and refers to the PSR’s work on APP scams.

At this stage, the PSR is just sharing its thinking and proposed approach. Going forward, it will work with HM Treasury and the Open Banking Implementation Entity, as well as with the industry, to ensure there is a cohesive approach, and avoiding duplication, to achieving the best outcomes for consumers.

United Kingdom: Bank of England (BoE) confirms timings for launch of ISO 20022

On 10 August 2020 the BoE confirmed that its plans for the ISO 20022 standard to go live in April 2022 still remain, but on a like-for-like basis. This is to assist direct participants in preparing for SWIFT’s adoption of ISO 20022 in late 2022.

The BoE will conduct further analysis on whether it should allow enhanced data to be sent and received before or after the planned cutover to the new core settlement engine in April 2023. An update and supporting documentation will be published in September 2020.

Europe: European Commission adopts legislative proposal for Regulation on cross-border payments

On 17 July 2020 the European Commission adopted a legislative proposal for a new Regulation on cross-border payments in the EU. The Annexes to the proposed Regulation have been published separately.

The proposed Regulation purports to codify the existing Regulation on cross-border payments (924/2009) as per European Commission policy, since it has been amended at least ten times. The new Regulation will therefore repeal and replace Regulation No 924/2009, but will preserve its content.

The Council of the EU and the European Parliament will consider the proposed Regulation using the accelerated legislative process that applies to codification proposals. The new Regulation is intended to enter into force on 20 April 2021.

Global: P20 publishes report on best practice for the payments industry post-COVID-19

On 28 July 2020 P20 published a report which sets out the thinking of several industry leaders after conducting interviews on the challenges raised by COVID-19 and how the payments industry could address them.

The report ends with a list of 20 best practice steps which include:

  • Reaching out proactively to regulators with ideas and concerns, e.g. in relation to payment fraud.
  • Educating employees about the increased cybersecurity risk while working remotely and ensuring that remote working tools are secure.
  • Treating financial inclusion as a crucial aspect of product development so that vulnerable customers are not left behind.
  • Developing detailed contingency plans to prepare for worst-case scenarios.
  • Reviewing crisis management plans and running crisis scenario drills regularly.
  • Engaging existing customers and suppliers so that problems are identified and addressed.

This report will be discussed further at P20’s virtual Global Payments Conference which is due to take place in September 2020.

Europe: Euro Banking Association (EBA) launches Request to Pay survey

On 5 August 2020 the EBA announced the launch of a survey to obtain input from businesses on their expectations for Request to Pay, its potential use cases and what challenges they anticipate. This is to drive discussion to help prepare for the new Single Euro Payments Area Request to Pay process which the European Payments Council will introduce in November 2020. The first Request to Pay products for businesses and consumers are expected to be launched in 2021.

The survey will close on 9 October 2020, after which the responses will be anonymised and aggregated to be published on the EBA’s website. This will be followed by a Request to Pay Round Table which the EBA will host for key stakeholders in November 2020.

Europe: European Commission publishes report on cybersecurity

On 23 July 2020 the European Commission’s Joint Research Centre published a report on the challenges related to cybersecurity and possible solutions. The report notes the increasing risk of cyber-attacks as more devices and systems become digitalised.

Some of the challenges the report identifies include the lack of competition in the cybersecurity sector and the need for greater consumer awareness about how to use digital services securely.

The potential solutions identified by the report include:

  • Educating end-users and employees about cybersecurity.
  • Ensuring cybersecurity products and services are interoperable across different systems.
  • Increased transparency around cyber incidents.
  • Increased collaboration between Member States in terms of research and policy-making.

United Kingdom: HM Treasury consults on economic crime levy

On 21 July 2020 HM Treasury published a consultation on an economic crime levy. This levy, which would be imposed on entities subject to AML regulation, was proposed in the 2020 Budget. The government hopes to raise approximately £100 million per year through the levy, which will be used to fund the government actions outlined in the 2019 Economic Crime Plan.

The consultation seeks views on how the levy should be designed, calculated and distributed across the AML regulated sector so that it operates proportionately and effectively. The consultation also includes a call for evidence on private sector investment on counter fraud measures.

The consultation will close on 14 October 2020.

Luxembourg: Bill to modernise dealing in dematerialised securities recognises use of distributed ledger technology

On 27 July 2020 the Luxembourg government introduced a bill (the Bill) which will, among other things, modernise the Law of 6 April 2013 on dematerialised securities (the Law). The Bill is a continuation of the work started by the law of 1 March 2019 amending the amended law of 1 August 2001 on the circulation of securities in the European Union. It aims at expressly recognising the possibility of using secure electronic registration mechanisms, including distributed registers or ledgers, in the context of dealing in dematerialised securities.

Under the Law, both the issuance of dematerialised securities and the conversion of issued securities into dematerialised securities must only be registered in an issuance account held with a settlement institution or a central account holder. For the sake of clarity and legal certainty, the Bill aims at defining the issuance account, while stating that this account may be maintained and the entries of securities may be made in or through secure electronic registration mechanisms.

As with the law of 1 March 2019, the Bill contributes to Luxembourg’s efforts to promote innovation in the financial sector by bringing the existing legal framework up to date with technological developments.

The Bill is however still in the early stages of the Luxembourg legislative procedure.

United States: Office of the Comptroller of the Currency (OCC) clarifies banks’ ability to safeguard cryptocurrency

On 22 July 2020 the OCC published an opinion confirming that national banks and federal savings associations can provide custody services for cryptocurrencies, including cryptographic keys. The opinion acknowledges that although financial assets have evolved over the years, the banks’ authorisation to provide custody services remains applicable. However, banks should understand the risks that come with cryptocurrency and carry out the appropriate due diligence.

Malaysia: Securities Commission Malaysia seeks industry input on regulation for digital asset wallet providers

On 23 July 2020 the Securities Commission Malaysia announced that it is seeking industry input on the development of a regulatory framework for digital asset wallet providers. It has defined digital asset wallet providers as those who provide custody services for digital asset owners.

Existing digital asset providers and interested stakeholders are encouraged to contact the Securities Commission Malaysia to arrange an engagement session. This should be done by 14 August 2020. The resulting regulatory framework will be incorporated into the Guidelines on Digital Assets.

France: Central bank announces candidates selected for central bank digital currency (CBDC) testing

On 20 July 2020 the Banque de France announced the candidates it has selected to participate in CBDC experimentation, following a call for applications, with experiment proposals, in May 2020. The candidates include Société Générale, HSBC and Accenture.

The selected experiment proposals include:

  • Exploring what regulation in CBDC is needed to improve cross-border payments.
  • Reviewing how CBDC could be made available.

The Banque de France will work with the selected candidates to conduct these experiments over the coming months.

The Philippines: Central bank considers central bank digital currency (CBDC)

On 29 July 2020 it was reported that the Philippine central bank, Bangko Sentral ng Pilipinas, has set up a committee to consider the feasibility and impact of issuing CBDC. This was announced by Governor Benjamin Diokno at a virtual briefing. The initial findings of the committee are expected to be released in August 2020.

India: Central bank announces pilot scheme for offline digital payments

On 6 August 2020 the Reserve Bank of India announced a pilot scheme for small-value offline payments. This follows its Statement on Developmental and Regulatory policies in which it expressed its concerns that the lack of internet connectivity, especially in remote areas, is hindering the adoption of digital payments.

The pilot scheme therefore aims to encourage the development of offline digital payment solutions by allowing authorised Payment System Operators to provide these solutions, subject to certain conditions.

The pilot scheme will end on 31 March 2021, after which the Reserve Bank of India may decide to formalise the system.

Payment Market Developments

Hong Kong: HSBC partners with HKSTP to boost open banking innovation

On 13 July 2020 Hong Kong Science and Technology Parks Corporation (HKSTP) announced its collaboration with HSBC to develop the API EcoBooster programme. Through API EcoBooster, start-ups and developers will be connected to HSBC’s digital banking specialists to co-create API solutions in various areas, ranging from digital payments to retail lending. API EcoBooster will also be supported by beNovelty who will provide technology mentoring and arrange technology sandboxes containing banking APIs and mock data to facilitate testing. Registration for API EcoBooster is open to developers around the world, and applicants will need to submit their proposals online. The deadline for submissions was 14 August 2020, and now HKSTP and HSBC will select 30 proposals.

Spain: Major banks complete proof of concept for blockchain-based interbank payments

On 15 July 2020 Iberpay, which manages Spain’s retail payment system, SNCE, announced the successful completion of a proof of concept for interbank payments and settlement based on blockchain technology. This testing was carried out with the help of five major banks: Banco Sabadell, Banco Santander, Bankia, BBVA and CaixaBank.

The blockchain network that was developed, Red-I, facilitated instant payments by generating smart contracts. Following the successful proof of concept, the banks are reported to be looking at exploring the use of Red-I beyond banking networks.

United Kingdom: Cryptocurrency platform Wirex becomes a principal member of Mastercard

On 20 July 2020 Wirex announced that it has become a principal member of Mastercard, and is the first cryptocurrency-native platform to do so. Wirex is a digital payment platform which issues payment cards that allow users to spend both fiat and cryptocurrencies. The platform also allows users to purchase and exchange such currencies. Through this membership, Wirex seeks to leverage Mastercard’s network and promote the use of cryptocurrency.

Australia: eftpos aims to develop micropayments solution using stablecoins

On 23 July 2020 debit card network, eftpos, announced a partnership with Hedera Hashgraph to develop a proof of concept which uses digital stablecoins for micropayments. They will use a stablecoin based on the Australian dollar to test micropayments for online content, e.g. pay per page and pay per second. If the proof of concept is successful, eftpos hopes to overhaul the traditional paywall solution.

United Kingdom: Mastercard enrols Request to Pay solution with Pay.UK

On 28 July 2020 Exela Technologies, which is helping Mastercard to develop a Request to Pay solution, reported on the solution’s enrolment onto Pay.UK’s Request to Pay framework. Request to Pay provides audit trails for billers and allows for two-way communication between the payer and payee during payment transactions.

Exela and Mastercard have completed the first phase of the product by building a data repository. They are now planning to finalise the biller application.

United Kingdom: Nutmeg launches payment initiation service

On 30 July 2020 wealth management app, Nutmeg, published an article which talks about its partnership with TrueLayer to recently launch a payment initiation service. It explains how this use case for open banking allows for more efficient and cost-efficient payments in comparison to bank transfers. Since users will no longer have to manually input payee details, Nutmeg explains that errors and delays would be avoided thanks to this new function.

Southeast Asia: Grab expands financial services offering

On 4 August 2020 fintech platform, Grab Financial Group, launched its “Thrive with Grab” strategy by announcing a new range of financial products and services. Among these is a “buy now, pay later” solution for e-commerce websites. This solution allows customers to either break down their purchase into monthly instalments or defer their payment to the following month. The solution will go live in Singapore and Malaysia in October 2020.

France: Société Générale offers digital replacements for lost or stolen cards

On 7 August 2020 Société Générale announced that it now offers its customers access to a digital version of their payment card in the event of loss or theft. This would remove any inconvenience caused by the time it takes for a physical replacement to be made and sent to the customer.

The press release explains how this will work in practice. Immediately after reporting their card lost or stolen, customers will receive a text message informing them that a digitalised version of their new payment card is available on their smartphone.

Hong Kong: InvestHK announces Global Fast Track Programme

On 10 August 2020 InvestHK announced its Global Fast Track Programme which aims to boost fintech innovation. Through this programme, fintechs will be able to pitch their solutions to the regulator, the Hong Kong Monetary Authority, and major financial institutions and corporates. There is up to US$1 million of investment on offer per project, subject to due diligence, business discussions and final approval. The programme targets fintechs from nine different areas, one of which is payments. 10 fintechs per area will be given the opportunity to pitch. The deadline for applications is 31 August 2020.

Surveys and Reports

Global: Juniper Research estimates US$35 trillion of business-to-business (B2B) cross-border payments in 2022

On 20 July 2020 Juniper Research published its research findings on B2B cross-border payments. It predicts the global value of B2B cross-border payments will grow by 30% to reach US$35 trillion in 2022, though it notes that this figure could have been higher had there been no COVID-19 pandemic.

Juniper Research also predicts a more competitive market for those providing these payment services as businesses will require more cost-effective solutions while recovering from the effects of COVID-19. It also expects instant payments to grow with the adoption of ISO 20022 around the world, and encourages the exploration of blockchain technology.

Global: Blackhawk Network reports increasing popularity of digital wallets

On 20 July 2020 Blackhawk Network announced the publication of its 2020 Multinational BrandedPay report which looks at digital wallets. The report is based on survey data consisting of more than 12,000 responses from consumers based in eight countries around the world.

The press release reports that 88% of respondents used a digital wallet. However, it also found that consumers who currently don’t use a digital wallet tended not to be interested in using one in the future. Some of the reasons behind this include a lack of knowledge about how digital wallets work, how secure they are, and what benefits they bring.

In addition, 53% of respondents said that they shop online more often than they shop in-store, while 40% responded that they use their mobile phones to shop online. In both the US and the UK, over 70% of respondents expected permanent changes in their shopping habits post-COVID-19.

According to the country-by-country breakdown, among those surveyed, Australians seem to be the least likely to shop online or use a digital wallet. In contrast, consumers in Germany and the Netherlands displayed the greatest engagement with digital wallets.

Global: Visa research shows behavioural change in consumers due to COVID-19

On 4 August 2020 Visa published its “Back to Business Study” which sets out the findings from surveys conducted with small and micro businesses (SMBs) and consumers. Responses came from eight countries spanning a range of continents.

The key payments-related takeaways include the following:

  • 78% of consumers have changed their payment preferences due to safety concerns.
  • 70% of consumers used a new payment method for the first time since the COVID-19 pandemic started.
  • There are certain obstacles which persuade some SMBs against moving business online, including data privacy and security concerns and the cost involved in using digital infrastructure.