How will the FCA’s proposed Consumer Duty affect non-bank payment firms?

At a glance 

• This blog discusses how the FCA’s proposed Consumer Duty will affect non-bank payment services providers (PSPs; payment firms) [1]. It follows our previous blog, which covers the key impacts for firms across the financial services sector.
• The non-bank payment services sector has grown rapidly in recent years, both in size and complexity. The inclusion of non-bank PSPs in the scope of the Consumer Duty is the latest step in a shift from rules-based regulation to outcomes-based regulation, reflecting the increased risk of consumer harm resulting from the growth of the sector.
• Implementing the Consumer Duty requirements will require payment firms to significantly enhance their conduct risk frameworks and capabilities, as well as to consider how their strategy and culture will enable them to deliver good customer outcomes.

Overview 

In December 2021, the FCA published its second consultation on its new Consumer Duty, which it is proposing to require firms to implement by 30 April 2023. As we outlined in our earlier blog, the FCA intends to create a ‘paradigm shift’ in the treatment of consumers across retail financial services. The rules will apply to non-bank payment firms in the same way as they will to other retail financial services (FS) firms.

The new rules include the following:

• A new Consumer Principle: “A firm must act to deliver good outcomes for retail customers”.
• Cross-cutting rules that firms must:
  • Act in good faith towards retail customers;
  • Avoid foreseeable harm to retail customers; and
  • Enable and support retail customers to pursue their financial objectives.
• Specific rules relating to four interconnected consumer outcomes:
  • Products and services;
  • Price and value;
  • Consumer understanding; and
  • Consumer support.
• Rules setting out how firms monitor and oversee the outcomes customers experience.

Context: Changing regulation in payment services 

Non-bank PSPs are regulated by the FCA under the Payment Services Regulations (PSRs) 2017 and Electronic Money Regulations (EMRs) 2011. Historically, the comparative simplicity of payment products and the view that they pose a lower risk of consumer harm has resulted in payment firms being subject to fewer FCA rules compared with other retail FS sectors. As a result, compliance has focused on meeting legal obligations set out in financial crime legislation and the relatively narrow and prescriptive rules under the PSRs and EMRs.

In 2019, the FCA extended its Principles for Businesses to non-bank payment firms in order to ensure a consistent approach to the way it regulated firms providing payment services, whether they are authorised under FSMA (such as banks) or under the EMRs or PSRs. Importantly, this resulted in a move towards more principles-based regulation, requiring greater understanding and management of conduct risk on the part of non-bank payment firms.

In its most recent Perimeter Report, the FCA stated it saw value in extending the Senior Managers and Certification Regime to payments firms, and was working with HM Treasury on the issue.

The inclusion of non-bank PSPs within the Consumer Duty marks a further shift in the FCA’s expectations for the sector. Across retail FS, the scale of work needed to implement the Consumer Duty will be determined as much by the maturity of each firm’s existing conduct risk approach, as by the risks their products pose to consumers. As non-bank PSPs have primarily faced into rules-based regulation, they are less likely to have extensive frameworks which support the management and oversight of conduct risk. As a result, many firms will find they have significant work to do, both to interpret the new Consumer Duty rules and to build the capabilities needed to comply with their requirements.

The following sections consider key aspects of the Consumer Duty from a non-bank payments perspective, before looking at what actions firms should take now to ensure they are ready to meet the FCA implementation deadline.

Monitoring and Governance 

The FCA is enhancing requirements for firms to monitor the outcomes which customers experience. Where firms identify that they are failing to deliver good consumer outcomes, they will need to investigate the root causes and address the situation. While specific testing activities are prescribed for certain outcomes such as consumer understanding, these form part of wider testing activities which must cover the broader delivery outcomes in line with the Consumer Principle.

Outcome testing has become an established discipline within retail conduct risk management. It involves looking at end-to-end customer journeys and considers whether the actions taken by the firm have resulted in fair outcomes. Critically, it goes beyond testing compliance with individual rules: a firm may have complied with all relevant rules but still have delivered a poor outcome.

In our experience, many non-bank PSPs do not have specific outcome testing capabilities. Over the coming year, firms will need to design and build effective and efficient testing capabilities which are proportionate to the risks inherent in their products. Our guide on outcome testing explains how firms can implement outcome testing and why this is critical to effective conduct risk management.

Firms will also need to produce an annual report for their boards setting out the results of their consumer outcome monitoring. Boards will be required to approve this report, and confirm they are satisfied the firm is complying with its Consumer Duty obligations and that its future business strategy is also consistent with these.

All firms will need to ensure their boards receive sufficient training to discharge these obligations effectively. Boards of non-bank payment firms may need particular support, depending on how much experience senior leaders have of the FCA and outcomes-based regulation. This experience may be more limited in firms where the background of senior leaders is primarily in technology rather than financial services, or where they are more familiar with rules-based regulators in other jurisdictions.

Products and Services Outcome 

Under this outcome, firms must have product governance arrangements, including processes for the approval and monitoring of each product. Firms must identify the target market for each product, and assess its needs, characteristics, and objectives, including where this is likely to include characteristics of vulnerability. Firms must assess the risks that each product may pose, ensuring product design will prevent or mitigate customer detriment and that products are only sold to the intended customers.

The non-bank payments sector is characterised by dynamic innovation. But in an iterative development environment, the final product may serve a fundamentally different purpose to that originally conceived. For example, an app initially aimed at small businesses with one set of needs and characteristics might morph or extend its functionality into an app for consumers, whose needs and characteristics will be very different [2]. Payment firms will need to ensure that product governance frameworks are equally dynamic to enable effective product approval as products are adapted. This is likely to require close and agile working between developers and conduct risk experts.

While some payment products remain relatively simple and low-risk to consumers, many firms are innovating features to challenge banks and other sectors where the risk to consumers is likely to be higher. For example, several firms offer, or are planning to offer, consumers the option to pay with cryptoassets, some of which fall outside the current regulatory perimeter. Regulators and others have been vocal about the risk of consumer harm, and it seems likely that elements of these services will be brought within the FCA perimeter in future. It will be particularly important that payment firms implement robust product governance arrangements where they currently offer higher-risk products, or plan to do so in future.

Payment firms may expect that innovative products will generally be adopted by younger and more tech-savvy consumers, who they may consider are likely to have fewer characteristics of vulnerability. However, the FCA considers that where products are offered to the mass market, this is likely to include consumers with vulnerable characteristics. This might include non-first language English speakers using remittance services to send international payments, or vulnerable customers at risk of being scammed into making payments to fraudsters. And while many customers may be younger and more tech-savvy, this does not necessarily mean they are confident with money or alert to risks such as lack of depositor protection. Payment firms will need to ensure vulnerability is identified at the product design stage so that the needs of vulnerable customers are understood and built into communications and customer service design in line with their obligations under the Consumer Understanding and Consumer Support outcomes.

Price and Value outcome 

The price and value outcome requires firms to carry out a value assessment on their products to ensure a reasonable relationship between the costs paid by the consumer and the benefits they receive in return.

The FCA has recognised the potential for the non-bank payments sector to increase competition and improve consumer outcomes through offering services at lower cost than traditional payment services offered by banks. Many payments products are free at the point of use, while the market for services such as international money transfers is highly competitive on price.

However, the FCA’s draft guidance points out that costs are not necessarily financial, but also include non-monetary costs such as use of consumer data where consumers knowingly or unknowingly ‘pay’ with their data, privacy or attention. Where revenue from consumer data forms a material part of a payment firm’s business model it will be important that it can articulate how this is fair relative to the value of the services received. The FCA has recently confirmed that it is looking at how data is monetised, and what level of transparency is required in terms of how consumers provide that data. Firms should therefore expect much greater scrutiny of business models which rely on consumer data to be profitable.

Consumer Understanding outcome 

This outcome aims to address the inherent information imbalance between firms and consumers, and requires firms to test, monitor and adapt communications to support consumer understanding. This goes further than the current requirements under Principle 7, with opportunities and challenges for payment firms.

Payment firms may have fewer communications to test and monitor than firms in other sectors, given their limited product range and communication channels. The FCA has indicated testing is less likely to be required where there is no meaningful risk of harm to consumers, and the relative simplicity of some payment products and customer journeys may reduce the number of communications which need to be tested. Some payment firms have also led the industry in drafting communications such as terms and conditions documents in plain English, making complex concepts easily understandable.

In contrast, many payment firms may lack the established communications processes, controls and expertise that firms in other sectors will already have in place, for example, to approve financial promotions. Some payment firms outsource communications including website and social media content to third party marketing agencies, and will need to implement controls and oversight to ensure these communications meets the consumer understanding outcome. New entrant payment firms also have to compete hard to get their brand known, so will need to develop an approach to communications which strikes a balance between delivering the consumer understanding outcome while still getting consumers’ attention in the market.

Consumer Support outcome 

This outcome requires firms to ensure the level of customer support they provide meets the needs of their target market and enables consumers to act in their best interests. The FCA emphasises that where the level of support is insufficient for consumers to realise the full benefits of the product, then the product is unlikely to be fit for purpose or value for money, and therefore the other consumer outcomes are dependent on this outcome being delivered.

Many payment firms operate streamlined customer support models, delivered primarily online, with customer contact handled by third party outsourcers who may not specialise in serving UK retail FS customers. Customers can face significant harm, even when using simple payment products, if they do not receive appropriate support when things go wrong. This might include where:

• They made a payment by mistake or have been scammed;
• An urgent payment goes missing or is delayed;
• They have a complaint.

The risks of harm will be higher where the customer is more reliant on the payment service, for example, where a consumer holds large cash balances in an e-money account or where an SME customer relies on a particular payment product in order to transact business.

Firms are required to ensure consumers do not face unreasonable barriers when making enquiries or complaints. For example, a customer who needs to contact the firm urgently to cancel a payment is likely to face barriers if they are required to contact the firm via a specific channel (such as webchat), face long queues to speak to an under-resourced contact centre, or is passed between different teams who do not know how to help. ‘Sludge practices’ which deter customers from acting in their own interests may include poorly designed websites that make it difficult to find key information, for example if customers have to click through numerous pages to find information about how to complain.

Key actions 

With just over a year until the new rules are expected to come into force, non-bank payment firms should now be taking the following steps to get ready for the Consumer Duty:

• Ensure the board and senior leaders are aware of the Consumer Duty, its scope and potential impact on the firm;
• Examine the FCA’s draft rules to ensure they are understood in the context of the firm and its products and activities;
• Perform a gap analysis against current practices, frameworks and capabilities to identify and prioritise key areas requiring development and assurance over the coming year;
• Consider how the business model and future strategy are consistent with the FCA’s enhanced expectations of firms under the Consumer Duty;
• Assess the extent to which firm culture is consistent with the Consumer Duty and how this can be shifted where required.

Conclusion 

The Consumer Duty marks a significant shift in the way the FCA expects non-bank payment firms to protect customers from harm. The fact that the sector is being held to the same demanding standards as other retail FS sectors reflects how the sector has grown in importance, as well as the growing complexity and risk of certain payment products. Many payment firms will need to build their conduct risk capabilities significantly to manage their obligations under the Consumer Duty. Firms will also need to consider how their strategy and culture will enable them to deliver good consumer outcomes while continuing to innovate and challenge in the market.

[1] Authorised payments institutions (APIs), authorised electronic money institutions (EMIs) and registered account information service providers (RAISPs). 

[2] The Consumer Duty applies to products PSPs provide to micro-enterprises and charities, as well as those they provide to consumers.