Volume: 11 Issue: 12
(December 2017)

News

The UK’s Payment Systems Regulator (‘PSR’) published on 7 November 2017 its report and consultation on authorised push payment (‘APP’) scams (‘Report’), which details the work the PSR, the Financial Conduct Authority (‘FCA’) and industry have carried out over the past year to tackle such scams, where consumers are tricked into authorising the transfer of money from their own account to another, fraudulent account. The work on APP scams follows the first-ever ‘super-complaint’ to financial regulators, which was filed by consumer body Which? as a designated body under the Financial Services (Banking Reform) Act 2013 and received by the PSR in October 2016; the super-complaint expressed concerns about the level of protection for consumers in respect of APP scams. / read more

The Royal Bank of Scotland (‘RBS’) launched on 20 November 2017 an automated online investment service - the NatWest Invest platform - which it claims makes it the first high street bank to offer a robo-advice service in the UK. NatWest Invest will charge £10 plus fees to invest, and will be open to customers with the relatively low amount of £500 to invest as a lump sum. “This signals the long-awaited entry of incumbents into a developing market that is being supported by policymakers and legislators,” comments Adrian Shedden, Head of FinTech at Burges Salmon LLP. “Of course, this all coincides nicely with PSD2 and Open Banking going live in January 2018. A cynic might say this is high street banks making a last minute play for customer retention before platforms are armed to facilitate their services using Open APIs.” / read more

Features

In October 2017 the US Consumer Financial Protection Bureau (‘CFPB’) published a set of consumer protection principles, the ‘Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation.’ The Principles have been released in the context of a market in which companies, including many FinTech companies, access consumers’ account data, with consumer consent, and then provide services to consumers which utilise data from consumer accounts, for example to provide services such as account and transaction verification. The Principles aim to work towards the CFPB’s vision for a “robust, safe, and workable data aggregation market that gives consumers protection, usefulness, and value.” Barrie VanBrackle, Partner at Orrick, Herrington & Sutcliffe LLP, analyses each of the CFPB’s Principles and considers what the stakeholders have to say about them. / read more

Eduardo Flores Herrera, Partner at Creel, García-Cuéllar, Aiza y Enriquez, S.C., discusses in detail Mexico’s draft FinTech Law and the delicate balance that will have to be struck to ensure that the FinTech market is allowed to thrive, whilst being adequately regulated. / read more

The UK’s Financial Conduct Authority (‘FCA’) published in October 2017 a summary of the first year of operation of its regulatory sandbox, highlighting the concerns it has had as well as the sandbox’s successes, as Sue McLean and Nina Moffatt of Baker McKenzie discuss. / read more

In this article, Andrew Whaley, VP Engineering, at Arxan Technologies - a technology company specialising in application attack prevention and self-protection solutions - discusses the dawn of Open Banking under the revised Payment Services Directive (‘PSD2’) from the perspective of securing the interconnectivity that will be created under PSD2. Specifically, Andrew voices concerns that despite the European Banking Authority’s guidance on how banks should handle third party access to customer data, there is still a lack of standardisation on how the interconnectivity of PSD2 should be achieved and secured, and explains that this has serious implications for security. / read more

Andrew Galvin and Kate Montano of HWL Ebsworth Lawyers describe here their views on the Enhanced Regulatory Sandbox currently proposed by Australia’s Department of the Treasury. Andrew and Kate believe the Enhanced Regulatory Sandbox corrects many of the shortcomings of the current regulatory sandbox; most critically, payments businesses would be able to access the Enhanced Regulatory Sandbox to issue their own facilities, and that the Enhanced Regulatory Sandbox would, functionally, acclimatise FinTechs to, and ease their passage into, the Australian financial services regulatory environment. However, in this article Andrew and Kate also outline why they believe policymakers in Australia have yet to engage in ‘blue sky thinking’ on the appropriate regulation of FinTech and payments businesses. / read more

The transposition of PSD2 into French law has now been finalised with the adoption of two decrees dated 31 August 2017 and five ministerial orders dated 2 September, which supplement a number of other legislative instruments, predominately implementing ordinance 2017-1252 of 9 August 2017. Mathieu Françon of Bredin Prat details here the French transposition of PSD2. / read more

Following the entry into force of Regulation (EU) 2015/847 on information accompanying electronic transfers of funds in June 2015, the European Supervisory Authorities (comprised of the European Banking Authority, the European Insurance and Occupation Pensions Authority and the European Securities and Markets Authority, together the ‘ESAs’) have recently issued a set of guidelines on the steps that payment service providers (‘PSPs’) and intermediary PSPs (‘IPSPs’) can take in order to ensure compliance with the Regulation. Here, Robert Courtneidge, Elizabeth Kilburn and Giedre Mitkute of Locke Lord LLP explain the purpose of the Guidelines and what is required of PSPs and IPSPs. / read more

About Payments & FinTech Lawyer

The monthly publication covering legal, regulatory and policy developments relating to the fast-moving payments and FinTech sectors. Key topics include mobile payments, e-money, prepaid and other payment cards, online banking, digital currencies such as Bitcoin, card fraud and other cyber crime, RegTech, robo-advice, P2P lending, and crowdfunding, as well as regulatory regimes such as the Second Payment Services Directive (PSD2), the Payment Accounts Directive, and the Fourth Anti-Money Laundering Directive / read more