Speech delivered by Karina McTeague, Director of Retail Banking Supervision at the FCA, at the Westminster Business Forum on retail banking and payments.
Speaker: Karina McTeague, Director of Retail Banking Supervision
Event: Westminster Business Forum on retail banking and payments, London
Delivered: 16 November 2017
Note: this is the speech as drafted and may differ from the delivered version
- The revised Payment Service Directive (PSD2) is a vital part of transitioning society to an ever more digitised world with appropriate security and privacy. This is in the interests of all firms as it ensures public trust and confidence not only in individual firms, but also in the payments market as a whole.
- As the lead regulator for payment services, the FCA is deeply involved in updating our existing regulatory regime for PSD2, including engaging closely with HM Treasury (HMT), the European Banking Authority (EBA) and the Open Banking Implementation Entity.
- We have built up our Payments capability and capacity - with a remit covering payments across wholesale and retail sectors. In addition, we will develop our current supervisory strategy to bring in Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).
In April, we published the FCA’s Business Plan, alongside our Mission. In that document we also described, for the first time, how we segment the financial markets we regulate into 7 sectors, of which retail banking is one.
And we set out our 3-5 year view for each of those sectors.
Looking across those 7 sectors, we identified 6 themes which are common to all and which are, essentially, long term in nature and are therefore likely to receive continuing focus year on year:
- Firms’ culture and governance
- Financial crime and anti-money laundering
- Promoting competition and innovation
- Technological change and resilience
- Treatment of existing customers
- Consumer vulnerability and access
You can see how all of these apply to Retail Banking.
We are also looking closely at how retail banks are implementing and embedding:
- the Senior Managers & Certification Regimes
- the remedies proposed by the Competition and Markets Authority
And, we are looking closely at how retail banks are addressing ongoing issues such as financial crime, anti-money laundering, and PPI complaints handling. So there is a lot going on in the retail banking space.
However, I want to talk about two things:
- our strategic review of retail banking business models
- the second Payment Services Directive (PSD2)
Both of which are particularly pertinent in the fast evolving world of retail banking.
A paradigm shift in retail banking (R2B2)
In our view, competition issues persist in retail banking. Why?
We see that incumbent banks have enjoyed the benefits of exclusive access to their customers’ data, but have had little incentive, to date, to utilise that market advantage to innovate to the benefit of their customers.
In addition, there has been little successful challenge in the provision of current accounts.
We believe that is about to change.
There is a confluence of changes that, together, could bring about a paradigm shift in retail banking. These changes include:
- technology - in the form of digitisation
- social trends - in the form of demographics and consumer behaviours
- economic and political forces – ‘lower for longer’ interest rates (the Bank of England’s recently announced rate rise is the first increase in over 10 years); and Brexit
- regulatory interventions - such as ring-fencing and the remedies introduced by the Competition and Markets Authority
- new entrants - encouraged by the prospect of PSD2 and Open Banking (which I’ll come on to later)
So, the environment is ripe for a paradigm shift. But:
- in what direction
- with what impact, and
- to what end?
These questions have formed the genesis of our strategic review of retail banking business models which we launched earlier this year.
The review stems from our concern that, as each of these moving parts pulls and pushes at the structures of current retail banking business models:
- The promise of innovation and improved competition may be stifled.
- The law of unintended consequences may take grip with potential harm to consumers if, for example, firms focus more on their profitability and market share, than ensuring good customer outcomes.
As a forward-looking regulator we need to be in a position to be proactive at this pivotal time of change.
So the purpose of our strategic review of retail banking business models is to:
- assess the impact of these aggregated changes on retail banking business models
- consider the implications for consumers and competition
- ensure our regulatory approach remains fit for purpose
History tells us that conduct issues often arise when firms have not fully understood how they make money, and the incentives that creates.
Phase 1 is a discovery phase: In this phase we want to build a robust base, evidencing which areas of retail banking are profitable, which are less so, and why. To help build this base, we have gone out to 45 firms comprising a cross-section of banks, building societies and credit unions. Phase 1 work was launched in April this year and was followed by an information request earlier this month. We expect to share initial findings mid-2018.
From that evidence base, we can determine better how competitive advantage in retail banking is created and maintained, and consider any potential conduct issues arising from current retail banking business models, including free-if-in-credit banking, digital conversion, and reduced branch use.
Phase 2 focuses on scenario analysis: In Phase 2, we will use our robust evidence base to evaluate the impact of different scenarios on retail banking business models and profitability, including a ‘lower for longer‘ interest rate environment, and changes arising from digital conversion, Open Banking, PSD2 and ring-fencing.
History tells us that conduct issues often arise when firms have not fully understood how they make money, and the incentives that creates.
So, having this analysis on a sector basis will also allow us, as regulators, to anticipate better the potential impact on firms’ business models and profitability, and to be more proactive by taking appropriate pre-emptive action to address any potential harm to consumers, market integrity or competition
PSD2 and Open Banking: opportunities
PSD2 is one of the key drivers of this potential paradigm shift in retail banking.
At this point, let me digress for a moment. I’m often asked what the difference is between the Payment Systems Regulator (the PSR), and the FCA.
The FCA regulates payment service providers, including banks, building societies, payment institutions (including merchant acquirers), and e-money firms and, under PSD2, we will also regulate Payment Initiation and Account Information Service Providers with effect from January.
The PSR regulates operators of payment systems designated by the Treasury, e.g. Bacs, CHAPs, Faster Payments, LINK, and providers of payments infrastructure. The PSR is responsible for ensuring payment systems are operated and developed to promote competition and innovation, and work in the interests of businesses and consumers that use them.
As the lead regulator for payment services, the FCA is updating our existing regulatory regime for PSD2.
We welcome the direction of travel that PSD2 sets, the intention behind the legislation, and the market outcomes it seeks to achieve - which chime closely with our own Mission and objectives.
PSD2, and the Payment Services Regulations, are timely. They step in as the world of payments is going through unprecedented change at an unprecedented pace:
- new entrants are extending the payment chains
- technology is delivering faster, more frictionless payments such as contactless
- consumers are moving at pace away from cash and cheques as their preferred payment method of choice
- fraudsters and cyber perpetrators are pushing at the boundaries of firms’ defences
If implemented correctly, in line with the FCA’s objectives, PSD2 could support:
- More competition and innovation in the interests of consumers by opening up access to the rich source of customer data available.
- Greater consumer protection by the provision of stronger standards of authentication.
- Enhanced market integrity by bringing Account Information and Payment Initiation services providers into the regulatory perimeter.
PSD2 is just about upon us now: - In simple compliance terms, it comes into force on 13 January 2018.
However, it would be a mistake to think of PSD2 only in compliance terms; or to expect some sort of ‘big bang’ on 13 January.
PSD2 is an enabler; a facilitator for greater consumer protection and greater competition.
But PSD2 can’t, and shouldn’t, be looked at in isolation.
This is the opportunity for the providers of retail banking and payments services to guide and educate consumers so consumers can benefit from the greater convenience promised by PSD2 and Open Banking.
For the benefits of PSD2 to be realised, there needs to be access through a common Application Programming Interface (API). And the Competition and Markets Authority’s (CMA) Open Banking remedy could provide such a solution.
As such, we are also engaging closely with HMT, the CMA, the EBA and the Open Banking Implementation Entity.
The introduction of PSD2 and Open Banking mark a significant step forward in a journey that will allow consumers to take control, not only of whose financial products they use, but of how they leverage their own data and information from their online payment accounts.
PSD2 and Open Banking should also be seen as an opportunity for the providers of retail banking and payments services to rise to the challenges that consumers will undoubtedly face in understanding what these changes actually mean for them.
This is the opportunity for the providers of retail banking and payments services to guide and educate consumers so consumers can benefit from the greater convenience promised by PSD2 and Open Banking and, importantly, so consumers can realise the benefits of having greater knowledge and control over their own finances.
In my view, the firms – banks, AISPs and PISPs - that will achieve sustainable success in this emerging new world are those that gain and maintain the trust of their customers – and their customers’ customers.
They are more likely to win that trust by:
- Treating their customers fairly. So, for example, helping their customers make informed decisions.
- When things go wrong, such as when a payment is made in error, ensuring consumers know what to do, and where to go, and what their rights are; providing clear complaints-handling processes and procedures.
- When a customer suffers loss, ensuring the customer is not caught in the middle of a dispute between firms fighting amongst themselves as to who is at fault.
- Finally, ensuring their systems and controls are sufficiently robust to protect customers’ data and keep customers’ credentials safe and secure.
PSD2 and Open Banking also illustrate some of the thorny issues the industry is facing.
As a regulator, we want the payments sector to work well. This means recognising the potential for positive change; but also the negative impacts that need to be mitigated.
We released our PSD2 Approach Document last month, providing guidance on the FCA’s approach to payment services and electronic money, as well as firms’ obligations.
I highly recommend firms read this.
We recognise, though, that whilst the PSD2 implementing legislation comes into effect in January, it seems unlikely that the Regulatory Technical Standards (RTS) that prescribe the safety and security requirements for PSD2 will be in place until mid-2019.
We expect firms to ensure that customers receive clear and consistent messages on open banking, and access to online accounts.
This means a ‘transitional period’. while we wait for these standards to come into formal effect.
We recognise that this creates uncertainty for businesses. So, in July, we and HM Treasury issued a joint publication which gives more information on our expectations of firms during this transition period.
Pending formal implementation of the RTS, we expect all firms to have in place policies and procedures to monitor, identify and prevent fraud - keeping their customers’ data safe and secure.
We will be reviewing the Fraud Reports submitted by firms to determine the effectiveness of their fraud detection and prevention capabilities, and to gain an overview of the sector.
Importantly, we expect firms to ensure that customers receive clear and consistent messages on open banking, and access to online accounts.
Public confidence is vital to the successful delivery of the strategic objectives of PSD2.
As well as providing opportunities to consumers, the introduction of Open Banking will also provide challenges for consumers.
Public confidence is vital to the successful delivery of the strategic objectives of PSD2. A key contributor to that confidence is that consumers hear consistent and balanced messages from across the industry about their roles. These messages include:
- Be alert: Consumers should be vigilant to fraud when using online payment initiation and account information services.
- Read the details and be data savvy: Consumers should always carefully read the terms and conditions of their financial services provider, and make sure they really understand what they’re signing up to.
- Check bank statements: Consumers should keep an eye on their bank statements and contact their bank if they don’t recognise a payment.
Our Payments Department
In response to these major changes, we are bolstering our payments capacity and capability in the FCA.
We’re extending our programme of proactive engagement with existing payment services institutions, as well as preparing to supervise the newly regulated AISPs and PISPs.
As part of our proactive supervision of payment institutions, we will be looking to see that:
- Firms’ culture is one that prioritises treating customers fairly, and doesn’t take inappropriate advantage of ill-informed, naïve or vulnerable consumers.
- Firms have sound systems and controls for effectively managing financial risks, such as safeguarding, and operational resilience.
- Firms have sound systems and controls to combat the risk that they are used for financial crime and money laundering purposes.
As we all know, customer consent is a foundation stone of PSD2 and Open Banking. Access to customers’ online accounts for the provision of account information or payment initiation services is only permitted with the customer’s consent.
So, at the FCA, we’re particularly interested in how firms help their customers understand exactly what it is they’re consenting to, such as:
- the degree of access they are providing to their account
- what account data will be shared, and with whom
- how their information will be used
From a sector perspective, we are stripping down the parts of the payments chains to:
- identify the component parts
- where they sit in relation to regulatory perimeters
- how liabilities are allocated
- where the money is made
This analysis will allow us to better identify gaps and uncertainties which may cause harm to consumers, or dent public confidence in the payments market.
Ultimately, it is consumers who should benefit from the increased competition and innovation promised by PSD2 and Open Banking, with room for the best banks and third parties to make sustainable profits, as the current landscape rolls out to a future which is not, as yet, completely formed.
What matters in all this is trust. So I would urge every firm – whether bank, building society, account aggregator, e-money or other payment institution – to put consumers at the heart of everything they do. It’s critical that the industry implements PSD2 well – for the benefit of the customers it serves, and their confidence in the industry