Share this post
2024 reshaped payments with instant payment mandates, crypto regulations, and enhanced consumer protection, driving innovation and security.
In 2024, payments regulation underwent seismic shifts, with reforms spanning fraud prevention, digital innovation, and consumer protection, collectively redefining the industry’s future. From safeguarding consumers against fraud to accelerating innovation in digital payments, regulators across the globe have introduced sweeping reforms aimed at addressing the challenges and opportunities of an increasingly digital and interconnected economy.
This year, we’ve seen the European Union bolster instant payment adoption, the UK enforce stringent measures to tackle authorised push payment fraud, and the US extend oversight to major digital payment providers. These changes are not just reshaping the way payments are processed however, also redefining the responsibilities of firms operating in this space.
Instant Payments Regulation (IPR)
The year started off with the European Parliament and the Council kicking off proceedings with the Instant Payments Regulation (IPR) on March 13. The aim of the regulation was to mandate Payments Service Providers (PSPs) to offer credit transfers in euros and instant credit transfer services. The IPR was brought in with the intention of instant payments across the EU, enhancing the speed and efficiency of transactions.
The IPR mandated that charges for instant credit transfers must not exceed those for standard credit transfers of the same type. This regulation compels PSPs to reassess their pricing models, potentially leading to revenue adjustments and necessitating strategies to offset reduced margins.
As part of this, PSPs are required to offer services that verify the payee’s identity before executing a credit transfer. This measure aims to enhance security and reduce fraud but requires PSPs to develop or integrate verification systems, potentially increasing operational costs. Data published this year indicated that 75% of payment industry professionals identified instant payments as an essential technology for winning payment solutions.
Markets in Crypto-Assets (MiCA)
As instant payments gained traction, regulatory focus turned to another rapidly evolving area: crypto-assets. In June, the European Union initiated the phased implementation of the Markets in Crypto-Assets (MiCA) regulation, marking a significant advancement in the regulation of digital assets. MiCA aims to establish a comprehensive and harmonised framework for crypto-assets across EU member states, enhancing investor protection and ensuring financial stability while fostering innovation within the crypto sector.
The enforcement of MiCA provides clear guidelines for the issuance and management of stablecoins, reducing legal uncertainties and fostering confidence among market participants.
In response to MiCA’s requirements, several crypto exchanges and service providers adjusted their offerings. For instance, some platforms delisted certain stablecoins that did not comply with the new regulations, ensuring adherence to the EU’s legal framework.
MiCA’s primary aims were to impose stringent requirements on stablecoin issuers in order to protect consumers from potential risks associated with unregulated digital assets, promoting a safer environment for crypto transactions.
On the regulation, Veriff’s Aleksander Tsuiman said in June: “Despite the opportunities, crypto poses several drawbacks, from price swings to illicit transactions. Additionally, the MiCA regulation could create new challenges. For instance, the new legal and regulatory framework means businesses dealing in crypto must review their policies and procedures and prepare for increased disclosure, transparency, and compliance with tighter regulations. Furthermore, the stage has been set for more regulatory changes across the world, creating uncertainty over future needs and obligations.” at the time.
By December this year, the remaining provisions of the MiCA regulation are set to be fully applied, bringing comprehensive oversight to the crypto-assets market within the EU. This includes requirements for crypto-asset service providers to obtain authorisation and adhere to specific operational standards to enhance market integrity and consumer protection.
Consumer Duty
While the Consumer Duty was initially put into place in 2023, an extended deadline of July 31 was set for closed products and services. The Duty, which was introduced by the Financial Conduct Authority (FCA), was brought in to enhance consumer protection within financial services. Its primary aims were to requires firms to prioritise delivering good outcomes for retail customers, ensuring products and services meet their needs and expectations while minimising foreseeable harm.
In October this year, the FCA published findings from a review of 23 payment firms’ implementation of the Consumer Duty. It revealed a significant variance in compliance across the sector. Firms that were systematic in their implementation, actively scrutinising their processes in light of the Duty, tended to be more compliant. In contrast, firms relying on pre-existing processes and controls without thorough reassessment were less compliant.
The Consumer Duty represents a significant shift in the UK’s regulatory landscape, placing consumer outcomes at the forefront of financial services operations. This required a rigorous evaluation of products, services, and internal processes to ensure alignment with the Duty’s principles for payments firms.
In April, Teresa Connors, managing director at Payment Matters and a member of TPA’s Regulator working group, noted that the FCA’s evaluation of various firms’ Consumer Duty plans shows both successful implementations and areas needing further work. She commented, “The feedback pertains to the broader financial services market, and while not all comments are directed specifically at payment firms, the assessment highlights where the FCA identifies gaps or weaknesses in implementation. Although this evaluation provides valuable insights into both effective and ineffective practices across all Consumer Duty measures, the overall message for financial services is one of ‘improvement.’
UK's authorised push payment (APP) fraud reimbursement
The implementation of the UK’s authorised push payment (APP) Fraud Reimbursement regulation on October 7, 2024, marked a significant advancement in consumer protection within the financial sector. This regulation mandates that payment service providers (PSPs), including banks and payment firms, reimburse victims of APP fraud, addressing the substantial financial losses consumers face due to such scams.
The regulation established uniform reimbursement protocols across all PSPs and, as a result, eliminated inconsistencies and ensured equitable treatment for all victims.
By holding PSPs financially accountable for fraud losses, the regulation motivates these institutions to implement more robust fraud prevention measures, thereby reducing the incidence of APP fraud.
According to Thistle Initatives’ Senior Associate Rohan Chakhraborty, “The emphasis of the requirement to have ‘reasonable grounds to suspect’ fraud or dishonesty on the part of someone other than the payer not only meant that PSPs had increased flexibility in effective APP fraud mitigation, but that the indirect effect of such mitigative processes on legitimate payments could also be addressed.”
This requirement to evaluate the effects of these changes on a PSP’s relationship with the payer corresponds with the FCA’s priorities for PSPs within the Consumer Duty. This alignment is a crucial aspect of the regulator’s guidance (FG24/6), designed to assist PSPs in navigating the Amendment Regulations.
PSPs were required to enhance their fraud detection and prevention systems to mitigate potential losses. This includes investing in advanced technologies and staff training to identify and prevent fraudulent activities.
The obligation to reimburse victims imposes a direct financial responsibility on PSPs. To manage this, some institutions have introduced measures such as a claim excess fee of up to £100 per case, though this does not apply to vulnerable consumers. Additionally, the maximum reimbursement per claim is capped at £85,000, aligning with the Financial Services Compensation Scheme limit.
At the time, Riccardo Tordera, director of policy and government relations at The Payments Association said: “The PSR’s U-turn on the APP fraud threshold is a victory for the industry, particularly for The Payments Association.”
Some PSPs expressed concerns regarding the timeline for implementing the necessary systems and processes to comply with the regulation. Despite requests for delays, the Payment Systems Regulator (PSR) maintained the October 7, 2024, deadline, emphasising the urgency and need to protect consumers.
Chakhraborty added: “In their finalised guidance, the FCA touches on the threshold to suspect fraud or dishonesty, which not only should be marked by ‘objective factual foundation’, but such assessment should be driven by the crucial Consumer Duty cross-cutting rules to ‘avoid foreseeable consumer harm’ and deliver on positive customer outcomes. This importantly underscores the FCA’s concern that in the process of calibrating processes to mitigate fraud risk, PSPs may inadvertently create unreasonable barriers to consumers.”
Looking ahead, the regulatory milestones of 2024 will serve as a blueprint for balancing innovation with consumer protection in an increasingly digital economy. As firms adapt, the payments sector is poised to emerge stronger, more secure, and better equipped to meet the challenges of tomorrow.