Fintech, digital assets, payments and consumer credit | UK Regulatory Outlook November 2024

Third HM Treasury consultation on regulation of BNPL products

On 17 October 2024, HM Treasury published a consultation paper on draft legislation on the regulation of buy now, pay later (BNPL).

In the consultation, HM Treasury seeks views on the legislation that will bring BNPL products within the scope of regulation. It intends to:

• Take certain agreements, referred to as "regulated deferred payment credit agreements", out of the scope of the exemption in article 60F(2) of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544) (RAO). Credit broking activities that relate to these agreements will be excluded from regulation unless the activity is carried out in the home of a customer.
• Disapply certain information requirements in the Consumer Credit Act 1974 (CCA) in respect of these agreements. The Financial Conduct Authority (FCA) will develop rules on a disclosure regime for BNPL agreements in line with its consumer duty.
• Amend the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (SI 2005/1529) (FPO) to ensure that financial promotions communicated by unauthorised persons offering third-party BNPL agreements will need to be approved by an authorised person.
• Establish a temporary permissions regime (TPR) that will allow unauthorised firms to continue to conduct their BNPL lending activities until their application for full authorisation has been processed.
• HM Treasury has also published a draft version of the Financial Services and Markets Act 2000 (Regulated Activities etc) (Amendment) Order 2025, which contains the relevant amendments to the CCA, the RAO and the FPO, as well as the legislative framework for the TPR.

The deadline for responses is 29 November 2024. HM Treasury intends to bring forward legislation as soon as parliamentary time allows. The FCA will then consult on detailed rules, focusing on the disclosure requirements that should apply to BNPL agreements. Firms will be subject to full regulation 12 months after the legislation is made.

FCA blog on cryptoasset businesses registering under MLRs 2017

On 21 October 2024, the FCA published a blog by Val Smith, FCA head of payments and digital assets, Authorisations Division, on cryptoasset businesses registering under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017).

The FCA is often asked about the number of cryptoasset businesses it has registered, as well as the process itself. Some have suggested the FCA is too tough on cryptoasset businesses, setting the bar too high for registration. It has even been said that the FCA's approach could stunt innovation and call into question the UK's position as a global financial leader. Ms Smith makes the following points:

• The FCA never turns applications down out of hand but treats the risk of businesses being used for money laundering extremely seriously. Relaxing standards and creating a race to the bottom will not ensure people and markets are protected. Innovations built quickly on unsafe, unregulated and untrusted foundations become a house built on sand, likely to collapse.
• The FCA knows the cryptoasset industry is still developing and that adapting to new regulatory processes can be challenging. Cryptoasset businesses are encouraged to engage with the FCA early through pre-application meetings and use the wide range of practical support the FCA offers throughout the registration process.
• No two registration applications are ever the same. The FCA's guidance, pre-application meetings and practical examples are there to help each individual applicant. Its decision on whether to register a cryptoasset business is not just based on the controls and systems that business has in place. The FCA looks at the environment it operates in, the people involved in its processes and the customers it wants to reach. All this means the time it takes to reach a decision can and will vary.
• Although the number of cryptoasset businesses being registered remains under the spotlight, the FCA will only register businesses that meet the required standards. It will continue to weed out cryptoasset businesses that can cause harm.

FCA launches target action against finfluencers

On 22 October 2024, the FCA issued a press release announcing that it has launched a targeted campaign against finfluencers who may be carrying on illegal activity in respect of financial services products. The FCA has used its criminal powers to interview under caution 20 finfluencers who attended voluntarily. It states that it has also issued 38 alerts against social media accounts operated by finfluencers that may contain unlawful promotions.

The FCA explains that finfluencers are trusted by their followers who are often young and potentially vulnerable people attracted to their lifestyle. According to the FCA, nearly two-thirds of those aged between 18 and 29 follow social media influencers, 74% of those said they trusted their advice and nine in ten young followers have been encouraged to change their financial behaviour.

Steve Smart, joint executive director of enforcement and market oversight, warns finfluencers that they must check the products they promote to ensure that they are not breaking the law and putting their followers' livelihoods and life savings at risk. The FCA announced in May 2024 that it had brought charges against nine finfluencers in connection with an unauthorised FX trading scheme.

The FCA published social media guidance in March 2024 to help clarify its expectations of firms and other persons communicating financial promotions on social media, indicating how firms can approach complying with their existing regulatory obligations.

PSR seeking feedback from industry on impact of card-acquiring remedies

On 21 October 2024, the Payment Systems Regulator (PSR) published a press release announcing that it is seeking feedback from businesses on its card-acquiring remedies, which came into force in 2023 (see this Regulatory Outlook).

The PSR has been closely monitoring businesses' efforts to implement the remedies effectively. It is now enhancing its engagement with businesses and trade bodies to get better insights on the practical impact of the remedies. In particular, it is looking at:

• Whether businesses found it easy to locate the online quotation tool (OQT) and the summary box under Specific Direction 14. Also, how accurate they found the OQT and summary box when compared to the actual prices they paid for their acquiring services.
• Whether businesses have seen the trigger messages provided under Specific Direction 15 and if they have ever acted on them.
• Whether businesses have had any issues with hiring, or terminating the hire of, point-of-sale terminals since the 18-month contract limit set out in Specific Direction 16 was imposed.

The PSR will continue to monitor compliance in this area and is planning to run engagement sessions with industry in the next few months. Further information on its website will be available for businesses to join the discussions. Direct engagement and feedback from individual business users is also welcomed via the PSR's CAMR compliance mailbox.

The feedback gathered will help inform the PSR's remedies progress report, which it plans to publish in 2025.

The PSR introduced the card-acquiring remedies to make it easier for SME businesses across the UK to compare prices, negotiate better deals and switch providers if needed.

FCA findings from multi-firm review of consumer credit firms and non-bank mortgage lenders

On 23 October 2024, the FCA published its findings, on a webpage, following a multi-firm review of consumer credit firms and non-bank mortgage lenders (collectively firms).

During the second half of 2023 and the first half of 2024, the FCA conducted a review of a sample of firms to assess their approach to financial resilience and the potential for consumer harm arising from weaknesses in financial resilience. It reviewed firms covering a wide range of business models, operating under different prudential regimes and regulatory requirements.

Overall, it found that the majority of firms could improve their approach to risk governance and risk management. In particular, firms did not always identify and monitor their firm's risks and financial metrics to give a greater insight into the challenges they face.

The FCA's key findings include the following:

• Identifying risks relevant to the business. The FCA identified some firms that had an inadequate approach to identifying the risks that could affect their business. For example, some firms failed to fully consider important external risks such as credit, counterparty, liquidity and funding, operational and market risk.
• Setting risk appetite and establishing appropriate systems and controls. Most firms had an underdeveloped approach to identifying, assessing, monitoring and managing risks, that is, their risk management framework was not fully developed. The FCA expects firms to develop an approach that is appropriate to the size and scale of their business, and which enables the management team to have clear sight of potential issues. This should include mechanisms that provide early warning and relevant performance measures that trigger specific actions.
• Undertaking stress testing and considering wind-down planning. The FCA found that there was a lack of adequate wind-down planning undertaken by firms. To reduce the impact of failure, it expects firms to consider the scenarios leading to financial stress, explore recovery options and plan for winding down the business in an orderly way.

The FCA has grouped its observations under the two different categories of firm it reviewed, with examples of good practice and suggested areas for improvement. All firms operating in the consumer credit and non-bank mortgage lending market should review its findings for both sectors and assess their own approaches and procedures.

It will continue to consider firms' approaches to managing financial resilience and the risk of harm to consumers as part of its ongoing supervisory work.

BoE speech on AI and financial stability

On 31 October 2024, the Bank of England (BoE) published a speech by Sarah Breeden, BoE deputy governor, financial stability, on AI and financial stability.

In the speech, Ms Breeden considers the implications for financial stability of the increasing power and use of AI, particularly generative AI models, and how central banks and financial regulators should respond. She argues that these bodies should focus on the following issues:

• The technology-agnostic approach to micro-prudential supervision. She notes that financial regulators have tended to adopt a technology-agnostic approach to addressing AI risks. This means expecting firms to meet regulators' existing rules, regardless of the technology being used.
• Possible macro-prudential interventions. Ms Breeden argues that central banks and regulators should consider the possible need for macro-prudential interventions to support the stability of the financial system. She highlights potential AI risks concerning interconnectedness and trading behaviours.

She sets out certain features of AI models that, in combination, mean that they warrant particular consideration in the context of financial stability. She states that the BoE will publish shortly the results of its periodic survey of how financial services firms in the UK are using AI and machine learning and that the Financial Policy Committee will publish early in 2025 its assessment of AI's impact on financial stability, which will set out how it will monitor the evolution of potential risks.

Court of Appeal ruling raises questions for UK credit brokers on disinterested duty and informed consent

A Court of Appeal decision in Johnson v Firstrand Bank Limited t/a Motonovo Finance has muddied the waters on fiduciary, agency relationships and disclosure of commissions in the motor finance industry – and driven a "coach and horses" through FCA rules and market understanding. See our Insight for details.

Treasury Committee launches inquiry into acceptance of cash

On 4 November 2024, the House of Commons Treasury Committee published a press release announcing the launch of an inquiry into the acceptance of cash.

A related call for evidence provides more information on the scope of the inquiry. It will focus on whether there is a need in the UK to regulate or mandate the acceptance of physical cash in the form of notes and coins. The inquiry will consider the need for legislation or regulation and potential costs to consumers and businesses. The inquiry will not examine the wider questions of access to cash or the tax implications of maintaining physical cash as a form of payment.

The call for evidence contains a list of areas where evidence is welcomed, including:

• The current state of, recent trends in, and forecasts for cash acceptance in the UK.
• Groups in society that disproportionately rely on businesses and public services accepting their cash.
• Whether there are parts of the economy that should always accept cash and how a requirement for cash acceptance affects financial services firms.

The inquiry webpage states that evidence can be submitted until 2 December 2024.

PSR Dear CEO letter to tech firms on APP fraud enabler data

On 8 November 2024, the PSR published a Dear CEO letter to tech firms explaining its proposals to publish data on the firms that are most commonly reported as enabling contact between fraudsters and victims.

In the letter, the PSR refers to its work on requiring mandatory reimbursement for victims of authorised push payment (APP) fraud, and adds that, in addition to this policy, it wants to take action to prevent fraud occurring in the first place. To achieve this, it needs to understand more about how fraudsters contact victims and earn their trust.

The PSR explains that in 2024, it required the 14 largest banking groups in the UK to provide data reported by victims on fraud committed in 2023. That data includes the frequency of fraudulent activity reported as being enabled via certain tech firms' platforms or services, as well as through other providers.

It plans to publish this data in the week beginning 9 December 2024 and alongside the Dear CEO letter it has sent each relevant firm data on its performance and how it ranks compared to other providers also identified in the data.

The PSR refers to the platforms and services that fraudsters use to contact victims and persuade them to make payments as "fraud enablers". It defines an "enabler" as an entity that a victim reported as either:

• A platform or service through which the fraudster made contact with the victim.
• A website or platform where the victim saw an advertisement or profile that led to an APP scam.

It proposes to publish fraud enabler data every year. Firms are invited to meet with the PSR or to comment by email on its plans by 5.00 pm on 4 December 2024.

Improvements to cross-border payments

On 21 October 2024, the European Central Bank (ECB) published a press release announcing that it has launched two initiatives to improve cross-border payments by interlinking fast payment systems.

The work builds on the Eurosystem's TARGET Instant Payment Settlement (TIPS) service. It will include:

• The implementation of a cross-currency settlement service in TIPS. As explained in a document, the service will allow instant payments originating in one TIPS currency to be settled in another TIPS currency and in central bank money. Initially, euro, Swedish kronor and Danish krone will be available for settlement. The settlement service serves as a basis for linking TIPS with other fast payment systems and settling cross-border payments beyond the EU.
• Exploratory work on linking TIPS with other fast payment systems. This will include developing links with partners outside the EU to improve cross-border payments globally.

ECB consults on amendments to SIPS Regulation

On 18 October 2024, the ECB published a consultation on a recast version of the ECB Regulation on oversight requirements for systemically important payment systems (SIPS Regulation), together with a related press release.

The main changes that the ECB intends to make to the SIPS Regulation relate to:

• The definition of a SIPS operator.
• Governance.
• Cyber risk.
• Outsourcing.

The ECB has also published the proposed text of the recast SIPS Regulation and a tracked changes version, comparing it to the current text. The deadline for responses is 29 November 2024.

The SIPS Regulation sets out the oversight requirements for both large-value and retail payment systems of systematic importance. It applies to payment systems operated both by central banks and by private operators.