On 22 November 2024, the Financial Conduct Authority (FCA) published finalised guidance FG24/6: Guidance for firms that enables a risk-based approach to payments.

Background

The Payment Services (Amendment) Regulations 2024, which came into force on 30 October 2024, amended the Payment Services Regulations 2017 to extend the amount of time that a payment service provider (PSP) has to process an outbound payment where there are reasonable grounds to suspect fraud or dishonesty.

HM Treasury asked the FCA for guidance in support of those Regulations, to explain how it expects PSPs to apply these legislative changes (taking into account feedback from stakeholders). The FCA consulted, in GC24/5, on adding this guidance to its Approach Document, along with guidance on delaying inbound payments where a PSP suspects fraud.

The finalised guidance

Having considered feedback to GC24/5, the final guidance (which is set out in an updated version of the Approach Document) sets out:

  • The requirements for delaying outbound payments and determining whether the threshold for ‘reasonable grounds to suspect’ has been met.
  • How PSPs should use the payment delay window.
  • Obligations on PSPs if they delay an outbound transaction.
  • The treatment of suspicious inbound payments.

The updated Approach Document took effect from 22 November 2024.

On 9 September 2024, the Financial Conduct Authority (FCA) published a Guidance Consultation, GC24/5, setting out proposed changes to its Payment Services and Electronic Money Approach Document to support new legislation to tackle authorised push payment (APP) fraud.

Background

The Payment Systems Regulator has introduced an APP fraud reimbursement requirement within the Faster Payments System, which will come into effect on 7 October 2024. The requirement will require banks and other payment service providers (PSPs) to reimburse payment service users who fall victim to APP fraud in most cases.

HM Treasury has published proposed amendments to the Payment Services Regulations (PSRs 2017) to enable PSPs to delay making a payment transaction where they have reasonable grounds to suspect fraud or dishonesty, with the aim of increasing firms’ ability to tackle APP fraud while minimising the impact on legitimate payments.

FCA’s proposals

To support this policy, the FCA is proposing changes to the guidance set out in its ‘Payment Services and Electronic – Our Approach’ document (the Approach Document), to explain how PSPs should apply the legislative changes to minimise the impact on legitimate payments. It is also consulting on changes to the Approach Document itself, which explain how the FCA expects PSPs to address suspicious inbound payments while continuing to process payments quickly and efficiently.

Next steps

The deadline for responses to GC24/5 is 4 October 2024. The FCA plans to update the draft guidance following that date to reflect feedback from stakeholders, and to publish a revised Approach Document for payment services by the end of 2024.

On 19 March 2024, the Financial Conduct Authority (FCA) published a Guidance Consultation, GC24/1, on proposed amendments to FG21/4: Guidance for insolvency practitioners (IPs) on how to approach regulated firms.

FG21/4, published in May 2021, was introduced to help IPs comply with FCA rules and guidance as well as relevant legislation which aim to achieve better outcomes for consumers and market participants following a failure of a regulated firm.

GC24/1 sets out proposed changes to update and improve the existing guidance in FG21/4, in light of changes in the legal framework affecting firm failure (for example, the coming into force of the Payment and Electronic Money Institution Insolvency Regulations 2021), changes in the regulatory framework (for example, the introduction of the Consumer Duty), and changes in the UK economic climate (including significant changes in interest rates). The FCA has also received feedback that, in some areas of the guidance, it could improve clarity or provide more information, so it is proposing amendments to address that feedback.

The proposed guidance is aimed at IPs appointed over firms solely authorised or registered by the FCA, but may also be relevant for IPs appointed over firms that are dual regulated by the FCA and the Prudential Regulation Authority.

The deadline for responses to GC24/1 is 30 April 2024.

The Financial Conduct Authority (FCA) has published revised guidance on its approach to insurance business transfers under Part VII of the Financial Services and Markets Act 2000. The publication of the final guidance follows a consultation launched in July 2021.

The revised guidance (FG22/1) replaces previous guidance (FG18/4) first published in May 2018. The revised guidance reflects feedback received from stakeholders and the experience of reviewing Part VIIs undertaken in the past few years.

Changes introduced into the guidance include:

  • A requirement for the independent expert, when working on two consecutive Part VIIs, to demonstrate that they can act independently.
  • The requirement for the independent expert’s entire team to have sufficient skill and experience.
  • A new section on general expectations in the chapter on the FCA’s approach. The general expectations include an expectation that documents submitted to the FCA will be in near-final form and an expectation that applicants consider whether there are particular issues in the transfer that the FCA will wish to consider and proactively provide the FCA with such information.
  • A requirement for applicant firms to clearly explain the reason for the transfer and explain how they have satisfied themselves that the transfer will not have a material adverse impact on policyholders.
  • Applicant firms must show that they have considered both negative and positive impacts on policyholders including changes to claims philosophy, the impact of the proposals on vulnerable policyholders and statements previously made which policyholders might seek to rely on (including statements on policy documents or websites).
  • Expectations in respect of objections from policyholders and others. The revised guidelines require that objections are addressed in sufficient detail and should engage with policyholders.
  • Clarity that the FCA expects the independent expert’s report to show sufficient consideration of evidence that the transfer will not have a material adverse effect on policyholders. This will include looking at service levels such as claims handling and complaints, customer feedback. The independent expert should also review the firm’s employer’s liability tracing arrangement (where relevant).
  • An expectation that brokers and coverholders will co-operate with a request for data in relation to policyholder notification.
  • The requirement for policyholder communications to be easily understood (previously the guidance said understandable).
  • Phone lines to be open at appropriate times.
  • Proposals for non-postal communication. The FCA guidance says that it is open to considering alternatives means of communicating with customers (for example email).

View:  FG22/1: The FCA’s approach to the review of Part VII insurance business transfers

On 29 November 2021, the FCA published Policy Statement 21/19 ‘Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual’ (PS21/19).

Earlier this year the FCA issued Consultation Paper 21/3 ‘Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual’ (CP21/3). In CP21/3 the FCA consulted on regulatory technical standards on strong customer authentication and secure communication (SCA-RTS) and changes to ‘Payment Services and Electronic Money – Our Approach’ (AD) and the Perimeter Guidance Manual (PERG). In PS21/19 the FCA sets out its response to the feedback it received to CP21/3 and sets out final rules and guidance.

In terms of the SCA-RTS the changes include:

  • Creating a new SCA exemption in Article 10A. This would mean customers don’t need to reauthenticate with their account servicing payment service provider (ASPSP) every 90 days when accessing their account information through a third-party provider (TPP).
  • Requiring certain ASPSPs to provide dedicated interfaces to enable TPP access to customer account information for retail and SME payment accounts.
  • Amending requirements on providing interface technical specifications, testing interfaces and fallback interfaces by ASPSPs intended to let ASPSPs innovate and launch products and services more quickly.
  • Allowing ASPSPs with a deemed authorisation under the Temporary Permissions Regime (TPR) to rely in the UK on an exemption from setting up a fallback interface granted by a home state competent authority located in the EU.

The FCA has also updated the guidance in the AD on SCA to clarify its expectations of firms following questions from industry and several recent European Banking Authority and European Commission Q&A responses and opinions. The FCA has also made changes to AD guidance on prudential risk management and safeguarding customer funds to ensure firms are well run and that consumers are appropriately protected if a firm fails. The FCA has also made certain other general updates to the AD including changes to regulatory reporting requirements and amendments to reflect previous policy changes.

ASPSPs offering personal payment accounts in the scope of the Payment Account Regulations 2015, equivalent payment accounts held by SMEs and credit card accounts operated for consumers or SMEs will need to have a dedicated interface in place no later than 18 months after the rules come into force. The FCA strongly encourages ASPSPs to apply the new exemption from the obligation to carry out SCA as soon as practicable after it has come into effect. TPPs will need to reconfirm customer consent under Article 36(6) of the SCA-RTS no later than 4 months after the rules come into force.

 

On 28 January 2021, the FCA published Consultation Paper 21/3: Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual (CP21/3).

In the 2020/2021 Business Plan the FCA identified the payments sector as a priority for the next three years. The regulator has identified barriers to the future success and adoption of open banking as it grows in the UK and to address these it sets out in CP21/3 proposed amendments to the onshored technical standards on strong customer authentication and secure methods of communication (SCA-RTS).

Proposed changes to the SCA-RTS include:

  • Adding a new exemption from strong customer authentication (SCA) for when customers access their account information though an account information service provider (AISPs) (see paragraphs 3.6 to 3.15 of CP21/3).
  • Mandating the use of dedicated interfaces (such as application programming interfaces (APIs) by account servicing payment service providers (ASPSPs) to facilitate third party provider (TPP) access to retail and SME customers’ payment accounts (see paragraphs 3.16 to 3.23 of CP21/3).
  • Changing requirements for publishing interface technical specifications, availability of testing facilities, and fallback mechanisms by account providers (see paragraphs 3.24 to 3.30 of CP21/3).
  • Treating ASPSPs with deemed authorisation under the temporary permissions regime as exempt from the requirement to set up a fallback interface, where the ASPSP has an exemption from its home state competent authority (see paragraphs 3.31 to 3.39 of CP21/3).
  • Increasing the single and cumulative transaction thresholds for contactless payments from £45 up to £100 (or potentially a maximum of £120) and from £130 to £200 respectively (paragraphs 3.41 to 3.46 of CP21/3).

The proposals to amend the guidance in the document ‘Payment Services and Electronic Money – Our Approach’ (AD) relate to four areas:

  • In particular the FCA is updating the AD to take into account updated Commission Q&As and the European Banking Authority opinion published in June 2019 on SCA, clarifying what constitutes a valid element for the purposes of SCA.
  • Prudential risk management and safeguarding customer funds. In May last year the FCA published a consultation on coronavirus and safeguarding customers’ funds. In the consultation the FCA proposed additional temporary guidance to strengthen payment and e-money firms’ prudential risk management and arrangements for safeguarding customers’ funds in the exceptional circumstances of the COVID-19 pandemic. On 9 July 2020, the FCA published its temporary guidance taking into account the feedback it received to the consultation. The FCA is now proposing, among other things, to make this temporary guidance permanent and incorporate in the AD.
  • Onshoring changes to reflect changes to the regulations and rules following the UK’s withdrawal from the EU and the end of the transition period, and the application of FCA rules and guidance to firms in one of the temporary permission schemes designed to enable EEA payment institutions, electronic money institutions and registered account information services providers to continue operating in the UK for a limited time after the end of the transition period.
  • General updates relating to areas such as reporting requirements.

The FCA is also proposing to made changes to chapter 15 of the Perimeter Guidance manual regarding certain exclusions from the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs). The changes are intended to help industry identify whether their business activities fall within scope of the PSRs or EMRs.

The deadline for comments on the proposals for contactless payments is 24 February 2021. The deadline for the remainder of the proposals in CP21/3 is 30 April 2021.

On 7 December 2020, the FCA published Guidance Consultation 20/5: Guidance for insolvency practitioners on how to approach regulated firms (GC20/5).

In GC20/5 the FCA sets out proposed guidance on how an insolvency practitioner should ensure regulated firms meet their ongoing financial services regulatory obligations following appointment. The FCA supervises regulated firms, including those in insolvency proceedings, while they continue to be authorised or registered. The FCA is not the regulatory authority for insolvency practitioners and insolvency practitioners generally act as officers of the court. The FCA has therefore engaged with the recognised professional bodies, who licence and regulate insolvency practitioners, on the proposed guidance. The proposed guidance is aimed at insolvency practitioners appointed over firms solely authorised or registered by the FCA. It may also be relevant for insolvency practitioners appointed over firms that are dual regulated by the FCA and PRA2

The layout of GC20/5 is as follows:

  • Chapter 1 (Introduction) explains the scope of the guidance and the FCA’s role in regulated firm failures.
  • Chapter 2 (Pre-insolvency) outlines considerations for insolvency practitioners before a regulated firm’s entry into an insolvency procedure, such as obtaining consent for out of court administration appointments and sharing court documentation with the FCA.
  • Chapter 3 (Entering insolvency) explains the FCA’s expectations on insolvency practitioners at the point of a regulated firm’s entry into an insolvency procedure and shortly thereafter, such as communications with clients and creditors.
  • Chapter 4 (Post insolvency) explains the FCA’s expectations on insolvency practitioners during an insolvency procedure, such as treatment of client assets and treating customers fairly.
  • Chapter 5 (Restructuring procedures) explains the FCA’s expectations when a regulated firm enters into a company voluntary arrangement, scheme of arrangement or restructuring plan.
  • Chapter 6 (Checklist) summarises the key steps from the guidance that an insolvency practitioner will need to consider when appointed over a regulated firm.

The deadline for comments on GC20/5 is 18 January 2021.

The FCA has updated its webpage on the UCITS Remuneration Code (SYSC 19E) stating that it does not plan to issue guidance on how to apply this code.

The FCA also notes that on 31 March 2016 the European Securities and Markets Authority (ESMA) published its final guidelines on sound remuneration policies under the UCITS Directive and Alternative Investment Fund Managers’ Directive (AIFMD). The FCA states that it is currently considering its “comply or explain” position and will communicate a final decision to ESMA in due course. In the meantime the regulator states that while the ESMA guidelines apply to payments of variable remuneration relating to full performance periods commencing after 1 January 2017, this does not affect the timing of the application of the UCITS Remuneration Code.

The FCA also states that there are many points of correspondence between the remuneration requirements of the UCITS V Directive and the AIFMD, and between the ESMA guidelines applicable to each Directive, which firms may want to review.

View FCA will not issue guidance on application of UCITS Remuneration Code, 18 November 2016