Hogan Lovells 2024 Election Impact and Congressional Outlook Report
Regulatory Developments: Payments
Regulatory Developments: Digital Assets
Market Developments
Surveys and Reports
Key developments of interest over the last month include: the UK FCA publishing a consultation on two-stage reforms to the payments and e-money safeguarding regime; the U.S. Consumer Financial Protection Bureau announcing a Personal Financial Data Rights rule to accelerate responsible open banking; and the Monetary Authority of Singapore consulting on its regulatory approach to digital token service providers.
The Hogan Lovells PSD3 Impacts Report is now available, offering critical insights into the rapidly evolving EU payments regulatory environment. The report is designed to help industry players get ahead of the game in pinpointing where the PSD3 and PSR proposals are likely to impact their businesses.
Our Payments Conference, Pay it Forward, will be taking place on Wednesday, 20 November 2024. The payments industry has seen enormous change in the past few years and the pace of this change continues to accelerate. Our conference this year will explore this evolution in the context of increasing geopolitical and economic uncertainty and rapid technological innovation. You can see the agenda and RSVP for the conference here.
United Kingdom: FCA consults on two-stage reforms to payments and e-money safeguarding regime
On 25 September 2024, the FCA published a consultation paper on changes to the safeguarding regime for payment and e-money firms.
The FCA believes that there is a continuing problem with poor safeguarding practices across the industry due to poor implementation of the current regulatory framework under the Payment Services Regulations 2017 (PSRs) and the E-Money Regulations 2011 (EMRs). The potential impact that firm failure could have on customers has increased with the growth of the non-bank payments sector and the complexity of firms’ business models.
Deficiencies in the current safeguarding rules were also noted in HM Treasury’s Payment Services Regulations Review and Call for Evidence (January 2023), in which it was suggested that, in line with the repeal of assimilated EU law under the Financial Services and Markets Act 2023, responsibility for developing detailed safeguarding requirements could be transferred to the FCA (given its experience of the client assets regime (CASS)).
The proposed changes to the safeguarding regime would be made in 2 stages:
Take a look at this Engage article for more on the FCA’s proposals. The consultation closes on 17 December 2024.
The exact timeline is as yet unclear. The FCA plans to publish final interim rules within the first six months of 2025. There would then be a 6-month transition period to implement the changes in the interim rules. When HMT revokes the safeguarding requirements in the EMRs and PSRs, the FCA will publish the final end-state rules (including new rules for when a payments or e-money firm fails or where a third-party used for safeguarding purposes fails). Firms would be given another 12 months to implement these additional changes.
United States: Open banking - CFPB finalises Personal Financial Data Rights rule
On 22 October 2024, the Consumer Financial Protection Bureau (CFPB) announced that it had finalised a rule – the Personal Financial Data Rights rule - giving consumers greater rights, privacy, and security over their personal financial data. According to the CFPB’s press release, this is its ‘first significant rule to accelerate responsible open banking in the U.S.’
Consumers will be able to access and share data relating to bank accounts, credit cards, mobile wallets, payment apps, and other financial products. The objective is to facilitate more consumer choice over financial products and services, leading to improved competition and innovation.
Regarding the payments market in particular, the rule will help to boost competition by enabling consumers to securely share payments information, facilitating the use of “pay-by-bank” products. These products enable consumers to make payments as well as move money between their own accounts.
Financial providers must make the data available free of charge.
The rule will be implemented in phases, with larger providers subject to the rule sooner than smaller ones. Financial firms will be required to comply based on their size. The largest institutions will have to comply by 1 April 2026, while the deadline for the smallest covered institutions is 1 April 2030. The CFPB points out that certain small banks and credit unions are not subject to the rule.
The press release also mentions that in June 2024 the CFPB finalised a rule setting out the qualifications to become a recognised industry standard setting body, which can issue standards that companies can use to help them comply with the new Personal Financial Data Rights rule.
The CFPB plans to develop additional rules to address more products, services and use cases.
Take a look at this Engage article for more on this development.
Global: Key takeaways from P20 report on open banking: delivering the opportunities
On 14 October 2024, leading payments industry body P20 published a report ‘Open Banking: Delivering the Opportunities’ containing a series of interviews with experts from industry and government, including Hogan Lovells' payments partner Roger Tym, looking into the opportunities open banking presents and how to realise its potential. The experts discuss a range of topics relevant to the successful further development of open banking, notably, ways to ensure security, regulation and governance requirements, ways to foster collaboration between parties and the importance of financial inclusion.
Take a look at this Engage article for the key takeaways from the report.
United Kingdom: Payment Services (Amendment) Regulations 2024 published
On 9 October 2024, the Payment Services (Amendment) Regulations 2024 (Payment Delay Regulations), accompanied by an explanatory memorandum, were published (following publication of the final draft by HM Treasury on 3 October).
The Payment Delay Regulations amend the Payment Services Regulations 2017 to enable payment service providers (PSPs) to delay the execution of an outbound sterling payment within the UK by up to four business days from the time a payment order is received if they have reasonable grounds to suspect fraud or dishonesty by someone other than the customer.
See this Engage article for more on this development.
Australia: Draft Scam Prevention Framework published
On 4 October 2024, the Australian government closed its Scams Prevention Framework consultation, which contained draft legislation designed to introduce a ‘whole-of-ecosystem’ approach to reducing financial scams by increasing obligations on banks and social media platforms to take preventive steps and reimburse customers.
The industry group for Australia’s startup sector, Fintech Australia, has reportedly given its support for the government’s proposals, but added recommendations of its own. These recommendations include using regulatory sandboxes, ensuring obligations are proportionate to consumer risk and introducing a more precise definition of ‘scams’.
United Kingdom: APP fraud mandatory reimbursement regime takes effect
On 7 October 2024, the mandatory reimbursement regime for authorised push payment (APP) fraud in the Faster Payments System (FPS) and CHAPS came into force.
Following a short consultation earlier in the month, on 25 September the Payment Systems Regulator (PSR) and the Bank of England confirmed the decision to reduce the maximum level of reimbursement for both the FPS and CHAPS APP fraud mandatory reimbursement requirements from £415,000 to £85,000 per scam claim. On 2 October, the PSR published a policy statement explaining the decision in more detail. For more on the policy statement, see this Engage article.
For a quick reference guide to the key aspects of the new regime, next steps for in-scope PSPs and what they need to consider when applying the new rules, take a look at this Engage article: ‘UK APP fraud: What in-scope PSPs need to know about the new mandatory reimbursement regime’. Among other things, the article refers to the two FCA Dear CEO letters – one to banks and building societies, and one to payment and e-money institutions – that were published on the regime’s go-live date of 7 October and outline the FCA’s expectations in relation to fraud reimbursement.
The draft legislation will now be finalised and a bill is set to be introduced to Parliament in November.
United Kingdom: Fraud, Error and Debt Bill to be brought forward to tackle fraud
On 24 September 2024, it was announced that the government will bring forward the Fraud, Error and Debt Bill in the current Parliamentary session, with the aim of cracking down on social security fraud. It is expected to save £1.6 billion over the next five years.
Among other things, the legislation will give the Department for Work and Pensions the power to require banks and financial institutions to share data to provide evidence of potential benefit overpayments.
A Code of Practice will be consulted on during the passage of the Bill to provide assurance on safe use of the new powers.
Further details on the scope of the legislation will be set out when the Bill is introduced.
Australia: Government to crack down on card surcharges by 2026
On 15 October 2024, the Australian Government announced in a press release that it would be commencing work on reducing debit card surcharges (subject to further work by the Reserve Bank of Australia - RBA). The developments seek to ease costs for consumers and small businesses in light of the declining use of cash and rise of electronic payments. In the press release, it was stated that a total ban on debit card surcharging could, once approved by the RBA, commence from 1 January 2026.
The government is injecting $2.1 million AUSD into the Australian Competition and Consumer Commission to enable it to tackle excessive surcharges immediately whilst the RBA’s review is underway.
United Kingdom: FCA publishes findings from multi-firm review of payments firms’ implementation of Consumer Duty
On 9 October 2024, the FCA published its findings from a multi-firm review of 23 payments firms to determine how those firms have implemented the consumer duty.
Firms were drawn from across the payments portfolio and included e-money issuers, merchant acquirers, money remitters, and open banking firms, with part of the review looking at how far firms have considered the specific payments sector risks set out in the FCA’s February 2023 Dear CEO letter​.
Points from the FCA’s findings include:
The FCA expects firms to consider its findings and whether they apply to them. Firms that identify gaps in their compliance with the FCA’s rules should act immediately, putting plans in place to address shortcomings.
The FCA has also recently published other findings relating to the Consumer Duty which contain points of cross-sector relevance:
United Kingdom: Government publishes updated BNPL proposals
On 17 October 2024, HM Treasury (HMT) published its long-awaited response to the February 2023 consultation on its proposed approach to bringing Buy-Now Pay-Later (BNPL) within the FCA’s regulatory perimeter. See our Engage article on the initial consultation here.
Whilst BNPL regulation is clearly a priority for the government, realistically it’s unlikely that BNPL products will be regulated until 2026 at the earliest. BNPL products will become regulated 12 months from the Statutory Instrument (SI) being made (Regulation Day). The draft SI published alongside the consultation will first need to be laid before Parliament.
Whilst the consultation outlines the government’s general approach to regulation, detailed rules must be set by the FCA who will consult and finalise those rules prior to Regulation Day. What BNPL regulation will look like in practice therefore still remains unclear.
The deadline for responses to this latest consultation is 29 November 2024.
For more on this development, take a look at our Engage article.
United Kingdom: PSR publishes updated powers and procedures guidance
Following an October 2023 consultation, on 20 September 2024 the Payment Systems Regulator (PSR) published an updated version of its powers and procedures guidance. It also published a response paper to the 2023 consultation, explaining the additional amendments that have been made to the text consulted on.
United Kingdom: UK Finance announces outcome of latest work on new payment and settlement capabilities in banking sector
On 17 September 2024 UK Finance (UKF), a UK financial services industry body, announced the successful outcome of its regulated liability network (RLN) experimentation phase.
Since April 2024, UK Finance has been working with eleven of its members (including the largest banks) and other partners on a new UK RLN experimentation phase, which is a new type of financial market infrastructure that can deliver new capabilities for payments and settlement, including tokenisation and programmability.
The work looked at various technical, legal and business case questions relating to the development of a "platform for innovation". The main conclusions included the following:
UKF and its members welcome further engagement with regulators and other public bodies as the industry continues to drive innovation in payments markets.
UKF is of the view that the RLN could help the industry to develop the proposals on innovation in money and payments which were explored by the Bank of England in its recent discussion paper.
United Kingdom: Bank of England publishes response to discussion paper on longer RTGS and CHAPS operating hours
On 3 October 2024, the Bank of England (BoE) published a response paper to its February 2024 discussion paper on longer Real-Time Gross Settlement (RTGS) and CHAPS operating hours.
There is confirmation that the BoE is minded to extend RTGS and CHAPS settlement hours. It is expecting to adopt a phased implementation approach over several years, with no extension before 2027. According to the BoE, there is a strong case for a first-stage extension of 4.5 hours in the morning, so that settlement starts at 1.30 am, and currently plans to move to near 24x7 around the turn of the decade.
The BoE plans to work with industry over the coming months to shape future RTGS and CHAPS settlement hours, the transition to the new hours and the new operating and service support model. This will include considering what flexibility to offer participants around usage of non-core hours and the level of service support the BoE will provide during non-core hours.
The BoE will publish a consultation paper in 2025 setting out a more detailed proposal on its plans for completion of the project and the interim stages.
United Kingdom: Financial Services Regulatory Initiatives Forum publishes interim Regulatory Initiatives Grid
On 15 October 2024, the Financial Services Regulatory Initiatives Forum published an interim version of the Regulatory Initiatives Grid, which covers initiatives affecting firms from October 2024 to March 2025.
The Forum explains that it has published an interim version of the Grid as it is unable to publish a complete Grid in 2024 because of the replanning required due to the change of government.
The Forum plans to publish the next version of the Grid in its usual format in 2025.
European Union: ECB consults on amendments to SIPS Regulation
On 18 October 2024, the European Central Bank (ECB) published a consultation on a recast version of the ECB Regulation on oversight requirements for systemically important payment systems (765/2014) (SIPS Regulation), along with a related press release. The ECB has also published the proposed text of the recast SIPS Regulation and a tracked changes version, comparing it to the current text.
The SIPS Regulation sets out the oversight requirements for both large-value and retail payment systems of systematic importance, and it applies to payment systems operated both by central banks and by private operators.
The main changes that the ECB intends to make to the SIPS Regulation relate to the definition of a SIPS operator, governance, cyber risk, and outsourcing.
The consultation closes on 29 November 2024.
Global: BIS CPMI publishes reports on interlinking payment systems and role of APIs
On 15 October 2024, the BIS Committee on Payments and Market Infrastructures (CPMI) published two reports to the G20 providing key insights and recommendations on the interlinking and interoperability of payment systems to enhance cross-border payments:
According to an accompanying press release, the CPMI will continue its engagement with stakeholders to disseminate the findings of the two reports, facilitating their practical implementation and promoting the interlinking of FPS for cross-border payments and harmonisation of APIs.
Singapore: Consultation paper on regulatory approach to digital token service providers
On 4 October 2024, the Monetary Authority of Singapore (MAS) published a consultation paper: ‘Consultation Paper on Proposed Regulatory Approach, Regulations, Notices and Guidelines for Digital Token Service Providers issued under the Financial Services and Markets Act 2022’ (P010-2024).
The consultation paper sets out the MAS’ proposed regulatory framework for digital token service providers (DTSPs) under Part 9 of the Financial Services and Markets Act 2022. DTSPs comprise: (a) individuals and partnerships who, from a place of business in Singapore, carry on a business of providing a digital token service outside Singapore; and (b) Singapore corporations that carry on a business, whether from Singapore or elsewhere, of providing a digital token service outside Singapore.
The MAS details a licensing requirement, with DTSPs operating from a place of business or incorporated in Singapore required to suspend or cease operations unless a licence is obtained (or they are excepted). The MAS envisages that DTSP licences will be granted sparingly. It will review applications for a DTSP licence on a case-by-case basis. Licensed DTSPs will be subject to ongoing reporting requirements and licences can be revoked.
Other key proposals include governance requirements, cyber hygiene requirements and anti-money laundering and counter-terrorism financing compliance. The MAS intends to issue further instruments to implement these proposals.
The deadline for comments on the consultation is 4 November 2024.
Hong Kong: Second stage of tokenisation pilot launched
On 23 September 2024, the Hong Kong Monetary Authority (HKMA) announced that it had commenced Phase 2 of the e-HKD pilot. The second stage will move deeper into innovative use cases for new forms of digital money, including e-HKD and tokenised deposits that could be used by individuals and corporates.
In Phase 2, 11 groups of firms from various sectors will explore use cases across three main themes: settlement of tokenised assets, programmability and offline payments.
The HKMA will work with the selected firms in the next 12 months, with the aim of publicly sharing the key learnings from Phase 2 by the end of 2025.
European Union: Recent MiCA related developments
Recent publications relating to the Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA) include:
United Kingdom: FCA and Bank of England open Digital Securities Sandbox
On 30 September 2024, the Bank of England (BoE) and the FCA announced the opening of the Digital Securities Sandbox (DSS) which will be operational until December 2028. The DSS was formed following a consultation process launched by the BoE and the FCA, and provides a means for testing how legislative changes around digital securities affect the market.
The DSS is intended to support firms’ innovation and ideas relating to digital assets, such as the use of distributed ledger technology (DLT) in the financial services sphere.
According to the announcement, firms are able to arrange pre-application meetings with regulators to better understand requirements.
The BoE and the FCA have also published guidance for firms intending to operate in the DSS as well as an application form. Applications close in March 2027.
See this Engage article for more on this development.
UAE: Dubai regulator fines unlicensed crypto entities
On 9 October 2024, Dubai’s Virtual Assets Regulatory Authority (VARA), one of the bodies overseeing the crypto industry in the UAE, announced it had fined and issued cease-and-desist orders against seven entities for operating without required licences. Fines issued range from AED 50,000 to AED 100,000 per entity. VARA did not reveal the names of the entities. VARA warned that its announcement was a market notice to avoid engaging with unlicensed firms given the financial, reputational and legal consequences of doing so.
India: Crypto discussion paper on hold
On 9 October 2024, it was reported that India’s crypto discussion paper, expected in September, has been delayed. This is likely to be due to financial authorities focusing on other matters given it is an election year. India does not yet have comprehensive crypto legislation and the discussion paper is expected to be a step in that direction.
Europe: EIB announces plans to boost European fintech funding
On 8 October 2024, it was reported that the European Investment Bank (EIB) had announced a set of proposals aimed at increasing funding for fintechs and startups across Europe. This initiative, presented to finance ministers during a meeting in Luxembourg, is part of the EU’s broader effort to enhance its capital markets and attract innovative startups, which often move to the United States due to easier access to financing.
Key elements of the plan include expanding the European Tech Champions initiative, a fund of funds launched last year to support European unicorns. Additionally, the EIB, owned by the EU’s 27 member states, proposed increasing equity and venture debt investments and establishing a new fund dedicated to financing acquisitions and the listing of tech startups by European companies.
This funding strategy is also designed to help Europe remain competitive with China and the United States in developing new, climate-friendly technologies, which are crucial for the EU to achieve its ambitious goal of net-zero CO2 emissions by 2050.
United Kingdom: Meta data-sharing partnership with UK banks to prevent fraud
On 2 October 2024, it was announced that Meta – the owner of platforms such as Facebook, Instagram and WhatsApp – is expanding a data-sharing partnership with UK banks to help prevent fraud.
The Fraud Intelligence Reciprocal Exchange (FIRE) programme allows banks to share fraud intelligence with Meta to combat scams on their platforms. A pilot of the programme led to approximately 20,000 accounts being removed from Meta’s platforms. A notable triumph from the pilot involved the takedown of a large concert ticket scam network targeting people in the UK and U.S. NatWest and Metro Bank are the first banks in the UK to participate, with more scheduled to join.
South Africa: Mastercard introduces real-time card payments
On 8 October 2024, Mastercard announced that South Africa would be the first country in the world to benefit from Mastercard’s real-time card payments. For the first time, all merchants in South Africa accepting Mastercard will receive instant payouts. This will give businesses better cashflow management and faster funds availability. This development aligns with the South African Reserve Bank’s (SARB) National Payments System Strategy Vision 2025, which highlights the importance of financial inclusion by evolving payment systems to meet the needs of people and businesses.
Trinidad and Tobago: NPCI International Payments real-time payments system to launch
On 30 September 2024, it was reported that the Ministry of Digital Transformation of Trinidad and Tobago had signed a deal with NPCI to deploy its real-time payments system to both person-to-person and person-to-merchant transactions. This will expand digital payments in the country and foster financial inclusion.
The system is based on India’s Unified Payments Interface (UPI) instant payment system which was launched in 2016 and has now handled over 100 billion transactions. NPCI has already struck deals with Peru, Namibia and Nepal this year to roll out the system.
Germany: Boerse Stuttgart uses blockchain to reduce settlement times
On 1 October 2024, it was reported that exchange operator Boerse Stuttgart had found that when using blockchain-based securities and central bank money, settlement times could be reduced from two days to just a few minutes.
Global: Gold tokenisation pilot completed
On 3 October 2024, it was reported that post-trade body Euroclear had completed its pilot of the tokenisation of gilts, gold and Eurobonds. Euroclear partnered with blockchain firm Digital Asset and the World Gold Council in the pilot, which took place over June and July and included 27 market participants. More than 500 transactions were completed during the pilot.
Trials were carried out with six banks – Commerzbank, Deutsche Bank, DZ Bank, LBBW, Bankhaus Metzler and V-Bank – and the Deutsche Bundesbank as part of the ECB’s wholesale blockchain settlement trials. The partners tested a large number of transactions with five tokenised securities including bonds, funds, and a share. The partners were connected to Boerse Stuttgart's blockchain-based settlement solution. The system was also linked to the Deutsche Bundesbank's trigger solution and therefore to the traditional euro payment system.
Global: DTCC announces industry sandbox
On 15 October 2024, the Depositary Trust and Clearing Corporation (DTCC), a global financial services company providing clearing and settlement services for various securities products, launched the DTCC Digital Launchpad, an industry sandbox intended to scale the adoption of digital assets. The Launchpad will act as an open ecosystem enabling market participants, technology providers and others to collaborate on pilots and build digital market infrastructure to help transform capital markets.
Global: Visa launches tokenised asset Sandbox
On 3 October 2024, it was reported that Visa had released its Visa Tokenised Asset Platform (VTAP) to help financial institutions issue fiat-based tokens on blockchain networks. This will employ the company’s expertise in technologies like smart contracts to let banks issue and transfer fiat-backed tokens over blockchain networks.
Hong Kong: Regulators gearing up to license more cryptocurrency exchanges by end of year
On 8 October 2024, it was reported that the Hong Kong Securities and Futures Commission (SFC) plans, by the end of the year, to approve more cryptocurrency exchanges to operate in Hong Kong. The promise of future approvals comes after perceptions of the Hong Kong licensing regime being overly strict, with big name Coinbase failing to gain a licence despite being personally invited to set up in Hong Kong by a Legislative Council member.
United States: PayPal introduces crypto services for U.S. business accounts
On 25 September 2024, PayPal announced that it would enable U.S. merchants to buy, hold and sell cryptocurrency directly from their PayPal business account. Additionally, U.S. merchants will be able to transfer crypto to digital wallets. At launch, this functionality will not be available for New York State based businesses.
Global: BCG Global Payments Report 2024
On 14 October 2024, BCG published its Global Payments Report 2024 titled “Fortune Favors the Bold”. The report provides an in-depth analysis of the current state and future outlook of the payments industry. It highlights a slowdown in payments revenue growth across major markets.
Here are some key highlights from the report:
Overall, the report suggests that while the payments industry is maturing, there are still significant opportunities for growth and innovation. Companies that can adapt to the changing environment and meet investor expectations are likely to thrive.
Global: Chainalysis 2024 Geography of Crypto Report
In October 2024, Chainalysis, a blockchain data platform, published its report ‘The 2024 Geography of Crypto Report’ which provides an in-depth analysis of global cryptocurrency adoption and usage. This fifth annual report highlights the evolving landscape of crypto across different regions, emphasising the unique economic and cultural factors driving adoption.
Key findings include:
Global: CertiK report on crypto hackers
In Q3 2024, the blockchain cyber security firm CertiK published its Web3 security report regarding crypto scam data in Q3 2024. The report reveals that despite a decrease in hacks across the crypto sector compared to the previous quarter, the total value of loss from hackers increased. Despite 27 fewer incidents compared to Q2, there was a 9.5% increase in the value lost.
Only 4.1% of stolen funds were recovered in Q3, a sharp decline from the 14.4% recovered in Q2. Despite fewer incidents, the average loss per hack was $5.93 million, with the median loss at $120,529. The most significant phishing attack for this quarter involved a Bitcoin whale (ie a holder of large amounts of cryptocurrency) who suffered a $238 million loss in August.
With $387.8 million stolen across 86 incidents, losses from Ethereum far surpassed any other blockchain. It continues to be the main target for hackers.
United States and Europe: RedCompass Labs report on AI in payments modernisation
In September 2024, RedCompass Labs published their report ‘Is AI the future of payments modernization?’. 200 senior payments professionals in EU and U.S. banks were surveyed to get a better picture of their approach to AI in payments modernisation.
Key findings include:
United Kingdom: PYMNTS survey on how Zillenials are driving financial services innovation
In September 2024, PYMNTS Intelligence published findings from its July 2024 research titled “Generational Zillennial: Driving Financial Service Innovation”. The research draws on insights from a survey of 3,724 respondents.
Zillennials are a microgeneration of older Generation Z members and younger millennials, currently in their late 20s and early 30s. They are more likely to be mid or higher income than Generation Z, but carry several sources of debt such as student loans and outstanding credit card balances, and they are trying to save.
It was found that zillennials are leading the way in mobile-banking adoption but continue to interact with a diverse array of financial service providers. Most use mobile apps as their primary banking method, but predominantly, they do not choose digital-only banks. They have a variety of accounts, nine on average, which may include savings accounts, debit and credit cards, buy-now pay-later (BNPL) and cryptocurrency.
These young adults are more concerned about technology and the digital experience and customer care when deciding where to bank than the average customer who may look at proximity of bank branches or business hours. They are also more likely than the average customer to be interested in banking features and capabilities they are currently not using. The features that they cite more than other consumers for future interest include live support, planning and budgeting tools and digital on-boarding.