Payment Matters No. 49

Share this post

Welcome to the latest edition of Payment Matters, our regular legal update exclusively for organisations involved in the payments market. In this edition, we discuss the implications from developments and updates from the last three months that you should be aware of, and the potential impact on your business. This edition includes developments in Open Banking, PSD2, EU cross-border payments, and the ECB-backed drive for Instant Payments.


1. UK Finance publishes plans for Open Banking and the Competition and Market Authority (CMA) consults on the Open Banking “Future Entity”
2. The Financial Conduct Authority (FCA) consults on changes to the SCA-RTS, Approach Document and Handbook
3. Changes to UK contactless card payment limits
4. Developments in Open Finance – FCA issues Feedback Statement and Berlin Group publishes a first version of its Certification Process document
5. The EBA seeks to ensure the removal of obstacles to account access under the revised payment services directive (PSD2)
6. The introduction of Confirmation of Payee (CoP) and the Contingent Reimbursement Model (CRM) for payment initiation service provider (PISP) payments
7. The Lending Standards Board (LSB) publishes its report on the CRM Code
8. The Payment Systems Regulator (PSR) issues calls for views on APP scams and protection in interbank payments
9. The European Central Bank (ECB) issues Opinion on proposed codified Regulation on cross-border payments in EU
10. European Commission publishes targeted consultation on SFD review
11. Towards Instant Payments as the new normal

1. UK Finance publishes plans for Open Banking and the Competition and Market Authority (CMA) consults on the Open Banking “Future Entity”

In June 2020, UK Finance (in partnership with Accenture) published the Open Banking Future State as part of Phase 1 outlining a model and recommendations for the provision of Open Banking Services. The report stated that the final CMA Roadmap would see the Open Banking implementation phase complete and the need for the Open Banking Implementation Entity (OBIE) and the functions it carries out in the wider banking system to continue but evolve. The model proposed that the OBIE should transition to become a new industry open banking services company funded by the participants. At the request of the CMA, UK Finance (in association with Baringa Partners LLP and Eversheds Sutherland) published a Phase 2 follow-up report (Open Banking Futures: Blueprint and Transition Plan) on March 2nd 2021. This report expands on the initial proposals and focuses on the transition map for the “Future Entity”, details of the entity structure and capabilities and the corporate governance and funding plans for the newly created company.

Following on from the UK Finance publication of the blueprint and transition plan the Competition and Markets Authority (CMA) launched a consultation. The CMA consultation closed on 29 March 2021.

What this means for you

The structure of the “Future Entity” will have a significant impact on all parts of the UK Open Banking ecosystem. A structure needs to be set up which ensures accountable leadership, sufficient resourcing, equitable funding and that all stakeholders are represented rather than any part of the ecosystem having too much influence. Separate monitoring is also being considered in order to ensure compliance with the regulatory standards.

Getting this right will be critical, particularly seen as the Future Entity’s work will now extend beyond the CMA’s Retail Banking Order and will enable firms to meet their PSD2 obligations efficiently and to provide services that meet the industry’s expanding open banking requirements. The inclusive stakeholder engagement we have seen from UK Finance so far needs to continue.  The market must now lead the development of open products and services and help competition flourish in a cost effective and agile way.

Return to top ^

2. The Financial Conduct Authority (FCA) consults on changes to the SCA-RTS, Approach Document and Handbook

The FCA has published a consultation in relation to its proposed changes to the UK SCA-RTS, the Approach Document and the Handbook. Some of the key proposals include:

  • introducing a new rule so that third party payment providers (TPPs) will need to re-confirm the customer’s consent every 90 days to continue accessing account information without the customer actively requesting the information;
  • introducing a new exemption for strong customer authentication (SCA) which means that account servicing payment service providers (ASPSPs) will not need to apply SCA every 90 days when the customer accesses their account through an account information service provider (AISP);
  • mandating the use of dedicated interfaces (e.g. APIs) for certain types of payment accounts which are accessible online. Subject to some exclusions, this will generally include: personal and SME ‘current accounts’, ‘payment accounts’ as defined under the PARs, ‘payment Accounts’ which would fall under the PARs but are held by SMEs and credit card accounts held by consumers or SMEs;
  • changing the UK SCA-RTS so that technical specifications and a testing facility will only need to be made available to TPPs from the launch date of new products and services (rather than 6 months in advance of any such launch);
  • amending the Approach Document to reflect the guidance on SCA factors set out in the Opinion of the European Banking Authority (EBA) on SCA elements (e.g. clarifying that static card details will not constitute a valid knowledge or possession factor); and
  • amending the Approach Document to reflect guidance issued via the EBA’s Q&A tool (e.g. clarifying that the payee’s PSP will be ultimately liable for an unauthorised transaction where it applies an SCA exemption).

What this means for you

Some of the proposals included in the consultation are simple updates to the FCA’s guidance to reflect existing industry practice and guidance which had already been issued by the EBA.  However, some of the changes will have an impact on UK financial institutions which will require significant changes to operational processes. For example, any institution who currently provides access to TPPs via a modified customer interface will potentially be required to build and implement a new dedicated interface (requiring additional resource and costs). On the other hand, some of the proposals may have a beneficial impact on certain institutions, including the removal of the requirement to launch a testing facility and specifications 6 months before a new potential product launch and the creation of a new SCA exemption for customers accessing their accounts through AISPs. Therefore, we would recommend that all payment service providers (PSPs) review and feedback on the areas of the consultation which are likely to impact their business. The deadline for providing responses to this consultation is 30 April 2021.

Return to top ^

3. Changes to UK contactless card payment limits

The FCA has confirmed that the thresholds for not applying SCA to contactless payments under Article 11 UK SCA-RTS will increase, so that more transactions can be exempt from the application of SCA. In particular, the FCA has confirmed that

  • the single threshold limit which applies to all transactions will be increased from £45 to £100; and
  • the threshold limit for the cumulative amount of previous contactless electronic payments since the last application of SCA will be increased from £130 to £300.

What this means for you

The FCA has increased the regulatory limits to enable the industry to make changes to the current contactless solution by setting higher maximum thresholds. This does not translate into an immediate change for consumers and businesses. Any increase to the contactless limit available to customers will be determined by the industry, up to a maximum of £100. Individual card issuers will also be free to set their own cumulative limit up to £300. We anticipate that any such changes will be implemented by the industry later this year.

Return to top ^

4. Developments in Open Finance – FCA issues Feedback Statement and Berlin Group publishes a first version of its Certification Process document

On 26 March the FCA issued a Feedback Statement following its Call for Input to explore the opportunities and risks arising from Open Finance and to inform the FCA’s regulatory strategy towards Open Finance. The Call for Input was first published in December 2019 but the FCA gave stakeholders until October 2020 to respond due to the coronavirus pandemic. The 169 responses to the Call for Input show that Open Finance could have a number of benefits, including increasing competition, spurring innovation, empowering customers to make more informed decisions and improving access to a wider range of financial products and services. The feedback also addresses some of the challenges which arise with Open Finance, including questions regarding data ethics, consumer protection and the implementation being a significant undertaking for firms. Overall, a regulatory framework was considered as essential if Open Finance is to develop successfully.

Following the FCA’s Feedback Statement, the FCA will support the Government as it considers the legislation required on Open Finance. This will include sharing expertise from the open banking journey and supporting the Government in relation to the development of any future legislation. The FCA also intends to play a role working with industry to convene working groups relating to the development of common standards.

In other Open Finance related developments, on 29 March 2021 the Berlin Group published a first version of its Certification Process document. According to the Berlin Group, the certification process should ensure a high quality of Open Finance implementations and describes a possible certification and approval ecosystem model for the Berlin Group openFinance API Framework. This follows the Berlin Group’s announcement on October 26, 2020 that they were to start work on a full Open Finance API Framework.

What this means for you

Open Finance has the potential to transform the financial services sector and it will be key for businesses to consider and engage in any consultations, both relating to the development of a legislative framework and in the development of common industry standards. It is also key that businesses take an early look at the opportunities which could arise for them as a result of Open Finance. This will allow those businesses to take early advantage of such opportunities and ensure that they do not lose their competitive edge.

Return to top ^

5. The EBA seeks to ensure the removal of obstacles to account access under the revised payment services directive (PSD2)

The EBA has issued an opinion to national competent authorities explaining that it expects all authorities to take supervisory action against ASPSPs who continue to create obstacles to the provision of account information and payment initiation services in their dedicated interfaces. The opinion notes that competent authorities should all take action by 30 April and set a deadline for ASPSPs to remove any such obstacles. In the event that the ASPSPs fails to remove the obstacles, the EBA expects national authorities to take more effective supervisory measures to ensure compliance with the applicable law. This may include the revocation of any exemptions from the requirement to build a contingency mechanism under Article 33(6) of the RTS.

What this means for you

There continues to be an increased focus on the effectiveness of PSD2 and whether the introduction of new regulated TPPs has enhanced competition across the market. The EBA is particularly keen to remove any obstacles which are preventing this competition-enhancing objective of PSD2 from materialising in full. Therefore, we would anticipate an increased focus from national competent authorities on potential obstacles to the provision of these services over the next few weeks. To this effect, you may want to review the EBA’s Opinion on what constitutes an obstacle under PSD2 to assess whether you need to make any immediate changes to your dedicated interface.

Return to top ^

6. The introduction of Confirmation of Payee (CoP) and the Contingent Reimbursement Model (CRM) for payment initiation service provider (PISP) payments

On 2 February the OBIE published a consultation on CoP and the CRM Code, and its implications for open banking payment journeys. As part of the consultation, the OBIE considered various use cases for PISP payments (e.g. P2P payments, payments made to merchants) and analysed whether those types of payments were as susceptible to fraud as the payments which are currently covered by CoP and CRM.

One of the key questions raised as part of the consultation was which party should perform CoP checks and provide CRM warnings for PISP payments (i.e. should this be the PISP or the ASPSP), which raised subsequent questions on how the liability model would work in each circumstance.

The OBIE also considered the effectiveness of warning messages, following consumer research. The consumer research findings in the consultation paper were provisional, and we can expect more detailed conclusions in the next phase of the consultation.

The consultation closed on 1 March 2021. After discussion with the Implementation Entity Steering Group, an update is due to be published by the OBIE with next steps. The ultimate output of the consultation process is expected to be recommendations to Pay.UK and to the Lending Standards Board.

What this means for you

We expect that many fraud teams will welcome the inclusion of PISP payments within CoP and CRM, but there are still many practical questions to be addressed as to how such checks and warnings will be implemented in practice. In particular, which party will take responsibility for the checks and warnings needs careful consideration, especially since that party will have control over the level of friction in the journey, but is also likely to need to take on liability where things go wrong. We suggest that firms pay close attention to the next update from the OBIE where we should be given more insight into the feedback provided to the consultation and the likely next steps.

Return to top ^

7. The Lending Standards Board (LSB) publishes its report on the CRM Code

The LSB has published a report following its review of the effectiveness of the implementation of the CRM Code and its impact on consumers and the industry. You can find a copy of the report here.

What this means for you

The report details a number of recommendations, including changes to ensure that the CRM Code reflects the evolving nature and complexity of authorised push payment (APP) scams and to ensure that it is able to provide effective protection for consumers. The LSB has begun work on a number of the recommendations and will be undertaking more activities in relation to the CRM Code during the course of 2021 (as detailed in the LSB’s roadmap here). The LSB also intends to issue a specific Call for Input on some of the recommendations which will require further input from the industry in order to ensure that they are implemented effectively. This is expected by the end of quarter 1, 2021. Therefore, we recommend that all institutions who have signed up to the CRM Code, or intend to sign up to the CRM Code, follow each of these developments, work with the LSB and ensure that the CRM Code is implemented effectively across your business.

Return to top ^

8. The Payment Systems Regulator (PSR) issues calls for views on APP scams and protection in interbank payments

On 11 February the UK PSR published two calls for views focusing on greater protections for everyone using payment systems. The first relates to protections against Authorised Push Payment (APP) scams, which has been a key focus for the PSR in recent years. The second call looks at consumer protection in interbank (bank-to-bank) payments.

APP scams occur when fraudsters trick account holders into instructing a payment be made which they believe to be legitimate but which is sent to a fraudulent account holder. The bank or account provider of the defrauded account holder is usually acting on their legitimate instructions so normally wouldn’t be at fault. The PSR is proposing to combat this fraud by introducing three measures to payments made via Faster Payments and Bacs Direct Credit:

  • making banks and building societies publish their APP scam data (including reimbursement and repatriation levels),
  • requiring banks and building societies to adopt a standardised approach to sharing data thereby helping to identify these scams to stop them before they actually occur.
  • changing payment system rules to achieve a minimum standard of protection for customers across all banks and building societies.

There is an increase in payments being made by direct transfer from one bank account to another (interbank payments). A large number of these are via smartphone apps or online banking and the PSR is keen to understand whether current protections in place are sufficient and that the makers of interbank payments are not disproportionately harmed as their usage increases.

What this means for you

Banks and other account providers will need to monitor any proposed changes carefully to ensure that, among other things, their data systems and permissions are configured to enable the publication and sharing of data as efficiently as possible. It will also be important to provide views and responses to both calls to ensure a representative outcome is achieved. The closing date for views and responses to both calls is 8 April.

Return to top ^

9. The European Central Bank (ECB) issues Opinion on proposed codified Regulation on cross-border payments in EU

On 25 January the ECB published an Opinion on a proposal for a regulation on cross-border payments in the European Union. The proposed regulation intends codifying the existing regulation on cross-border payments, Regulation (EC) No 924/2009. Although the ECB generally welcomes the codification exercise, it notes in the explanatory memorandum of the proposed regulation that instruments affected by codification do not contain substantive changes, but only formal amendments as are required by the codification exercise itself.

The ECB Opinion focuses on the provision of the proposed regulation which relates to the euro foreign exchange reference rates issued by the ECB. Article 4(1) of the proposed regulation requires PSPs and parties providing currency conversion services (DCCPs) at ATMs or at the point of sale to express the total currency conversion charges as a percentage mark-up over the latest available euro foreign exchange reference rates issued by the ECB (ECBRRs). The ECB is concerned that by referring to ECBRRs, market participants could be incentivised to trade at these reference rates. This would be contrary to their purpose of protecting the interests of customers of PSPs and DCCPs. The ECB recommends that references to ECBRRs in the proposed regulation be replaced with references to appropriate FX benchmark rates provided for under EU benchmark regulation.

What this means for you

PSPs and DCCPs should monitor these develops closely to ensure that they will be using the correct reference rates when the proposed regulation comes into force. There is no current indication of when the proposed regulation might come into effect.

Return to top ^

10. European Commission publishes targeted consultation on SFD review

On 12 February the Commission published a targeted consultation on the review of the Directive on settlement finality (SFD) in payment and securities settlement systems. The SFD was originally adopted in 1988, and regulates designated SFD systems used by participants to transfer financial instruments and payments. It was designed to protect duly designated systems and participants from the inherently unpredictable outcomes of the insolvency of other systems or participants. It does this by stipulating when transfer orders are final and not subject to reversal by insolvency proceedings and by ring-fencing collateral security provided for transactions undertaken within an SFD or in the monetary operations of the central banks of member states or of the ECB.

What this means for you

The last review of the SFD was undertaken in 2008/2009. The increased inter-operability of SFD systems will be a key focus of this review as well as the recognition of ‘close-out netting provisions’ and ‘financial collateral’. The EC is interested in the views of a wide range of direct and indirect participants of SFDs including credit institutions, investment firms, payment & e-money institutions, consumer interest groups, public authorities, CCPs and system operators. The consultation period ends on May 7, 2021, and the results will feed directly into a Commission report to the European Parliament and Council. Please let us know if we can help you with formulating any responses to the Review.

Return to top ^

11. Towards Instant Payments as the new normal

Gidget Brugman and Danielle van de Vijver

The Netherlands is leading the eurozone with respect to Instant Payments. In the Netherlands 90% of all single credit transfers between Dutch banks are Instant Payments. However, in the eurozone this percentage is approximately 15%. This is due to the fact that in most countries an Instant Payment is a premium payment method, which is only available to limited customers such as business customers or only for mobile payment transactions. In the Netherlands however, most banks are facilitating Instant Payments for every customer which makes transferring money via Instant Payments the new normal.

An Instant Payment supports a transfer in euro, where the amount is credited to a payment account within less than ten seconds. It does not matter when an Instant Payment is made, as Instant Payments can be transferred at any time of the day and every day of the year, regardless of whether this is in the weekend, a public holiday or in the middle of the night.

Instant Payments are based on a European standard ‘SPayments Association Instant Credit Transfer Scheme Rulebook’ (SCT Inst scheme) published by the European Payment Council. The SCT Inst scheme allows instant payment transactions in euro currency to any beneficiary within the eurozone within 10 seconds. The SCT Inst scheme was developed in 2017 to establish guidelines for real-time payments which was the first real-time payments regulatory framework in the region that addressed all EU countries. Additionally, TARGET Instant Payment Settlement (TIPS) was developed (as an extension of TARGET2). TIPS will support participants to comply with the SCT Inst scheme following the same process flows and liquidity transfers based on the participation criteria of TARGET2.

The European Commission is of the opinion that Instant Payments should be used as the normal way of transferring funds and therefore the European Central Bank (ECB) aims for full coverage across the eurozone. However, as participation to SCT Inst scheme is optional, action is required to improve the interconnectedness of infrastructures involved in the clearing and settlement of instant payments. Accordingly, ECB aims to ensure pan-European instant payments by the end of 2021.

Respectively, the Governing Council of the ECB has agreed to update the TIPS participation rules for PSPs and automated clearing houses (ACHs). This means that all PSPs which have adhered to the SCT Inst scheme and are reachable in TARGET2 should become reachable via TIPS. PSPs can be reachable via TIPS either as a participant or as a reachable party through the account of another participating PSP. Additionally, ACHs who offer instant payments should move from TARGET2 to TIPS.

What this means for you

The amendments to TIPS will enable PSPs to comply with the SCT Inst scheme and therefore provide instant payments, without depending on other PSPs or ACHs. For ACHs that provide instant payment services, the measures will also support them by allowing them to automatically include pan-European reachability as part of their service offer. The new measures which are adopted by the ECB will help PSPs and ACHs that comply with SCT Inst scheme to meet their legal obligation under the SPayments Association Regulation accordingly. By introducing these measures, the ECB is taking decisive steps to ensure instant payments as the new normal in the eurozone.

Return to top ^

For more information on any of these matters, please get in touch with our Payments lawyers

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?