Essential Guide for Payment Companies: UK Regulatory Outlook in 2023 (+ Timeline)

It looks like 2023 could be challenging for Payment and e-Money companies.

The FCA appears to have made a New Year’s resolution to intensify its supervision of the sector and their March 2023 letter “FCA Priorities for Payment Firms” confirmed as much.

A new far-reaching Consumer Duty is on the horizon and the Payment Services Regulator’s work on Authorised Push Payment fraud could see Payment firms out-of-pocket if a scam is committed using their services. 

To top it off, high inflation, banking crises (think SVB Bank and Credit Suisse) and other “black swan” events have only intensified the focus on Operational Resilience.

So, how can you hope to deal with all of this while focusing on growing your business?

Well, forewarned is forearmed, and in this blog, we identify the major trends you should be aware of and how you might navigate them. Plus, we provide a timeline which contains all the key events you’d need to stay ahead of. To grab the timeline, hit the download button.

ComplyFirst Regulatory Timeline 2023

The FCA Has Sharper Teeth

The FCA team responsible for supervision of the Payments sector, formerly the Payments Supervision Department has been renamed the Payments Market Intervention Department. The rebrand signals a shift to an increasingly proactive regulator.

Aside from the new name, the FCA has made it clear to expect a tougher approach. Their March 2023 Dear CEO letter titled “FCA Priorities for Payment Firms”, outlines their long list of expectations and the consequences for failing to meet standards. 

Further evidence of a more proactive FCA, is their increasing use of Section 165 Information Requests and Section 166 Skilled Person Reviews. Both are demanding because you need to produce information and documents to tight timeframes.

To be able to rapidly respond to the FCA it’s critical that you can evidence your compliance at a moment’s notice. Because, as regulators have told us time and time again, “If it’s not written down, it didn’t happen”. 

What Will the New Consumer Duty Mean for Your Business?

In July 2022, the FCA published its final rules and guidance on the New Consumer Duty which sets a higher bar for the standard of care that firms give consumers. 

Consumer Duty will have a far-reaching impact as it applies to all regulated firms (yes, we’re looking at you!). You have until July 2023 to implement the requirements for all new and existing products or until July 2024 for products and services that are no longer on sale.  

The Consumer Duty requires firms to act in good faith, avoid causing foreseeable harm and enable and support customers to pursue their financial objectives. 

To do this in practice the FCA expects you to have a framework in place to:

  • Identify, assess, and manage the risks which might impact your customers from getting good outcomes;
  • Spot where customers are getting poor outcomes and understand root cause;
  • Have processes in place to adapt and change products and services, policies, and procedures to address any issues identified.

Remember, that the Duty will apply across all areas of your business including:

  • Products and services
  • Pricing
  • Consumer understanding
  • Training
  • Customer support.

To properly get to grips with Consumer Duty, you need to put yourself in your customers’ shoes and consider their experience from end-to-end. From their first interaction with you – whether in your store or on your App – to their last – consider the full lifecycle. It may be helpful to consider customer reviews on TrustPilot or to commission customer surveys to help you identify trends and assemble your new framework.

Above all, you need to document the steps you’ve taken to ensure compliance with the Consumer Duty and always have in the back of your mind the need to evidence compliance quickly to a regulator upon request. 

Operational Resilience Will Remain Top of The FCA’s Priority List

You might remember completing your Operational Resilience self-assessment before the end of March last year. But that wasn’t the end of the road.

High inflation, recent banking crises and “black swan” events continue to make Operational Resilience one of the top talking points for 2023.

This year you need to continue to build your operational resilience capabilities and act on any findings from your initial March 2022 assessment. You’ll also need to put your firm’s Operational Resilience to the test. The FCA has specified several “severe but plausible” scenarios that you must follow when testing. You can read more about that in Building Operational Resilience: Feedback and Final Rules.

You have until end of March 2025 to improve and test your Operational Resilience.

Tip: Don’t confuse Business Continuity Planning with Operational Resilience – the FCA won’t like that one bit. Business Continuity focuses on potential harm to your firm’s reputation or bottom-line following a disruption. Whereas Operational Resilience requires you to focus on potential harm to your customers. Big difference!

Authorised Push Payment Scams Could See YOU (Not Your Customer) Out-of-Pocket

Authorised Push Payment scams happen when a person or business is tricked into sending money to a fraudster. The latest figures show that nearly £250 million was lost to APP scams in the first half of 2022.

The Payment Services Regulator (PSR) is on a mission to solve APP Fraud and has published proposals in their September 2022 consultation ‘Authorised push payment (APP) scams: Requiring reimbursement’ consultation.

We’ve read the lengthy Consultation, so you don’t have to – here’s what you need to know. The PSR want to see:

  • All Payment Service Providers (PSPs) sending payments over the Faster Payments System reimbursing APP scam victims (subject to a £100 threshold), including consumers, micro-enterprises, and charities (except for fraud or gross negligence by the payer)
  • Sending PSP’s reimbursing victims as soon as possible, and no more than 48 hours after the fraud is reported. If the PSP has reasonable grounds for suspicion that the alleged victim acted fraudulently or with gross negligence, it will have more time to investigate and can delay reimbursement.
  • The costs of reimbursement are to be split 50:50 between sending and receiving PSPs.

Small firms should pay close attention to the PSR’s work because the proposals could have an outsized impact on them. If a small firm receives a large reimbursement claim it could potentially put them out of business!

The PSR has noted the potential impact on small PSPs and says that they continue to work with the FCA on how risks to small PSPs will be managed.

The PSR plans to publish its final regulatory requirements later this year.

How Can You Best Navigate the Changes?

With so much to grapple with in 2023, it makes sense to clear some stuff off your desk in readiness. Why not start with automating your FCA regulatory reporting? ComplyFirst’s platform collects your regulatory data, applies logic straight from the FCA rulebooks, validates the data and submits the report to the FCA RegData platform. Elegant and effective, it’ll save you time and money and mean you’ve one less thing to worry about. To find out more, book a 30-minute session with our founder, and financial regulation nerd, Fiona Jelly.

Limited to 5 places per month!