2021 Regulatory Environment of Fintech, Cryptocurrency, and Infrastructure Payment

Australia

In the past 2-3 years Australia has had very few implemented regulations regarding payments on big tech/fintech, cryptocurrency, least-cost routing, open banking, data and privacy, and/or infrastructure. It appears that the latest regulations on these topics have been mostly implemented before 2018 as we were only able to identify one additional new regulation implemented in the country related to FinTech, which details are provided below.

FinTech: New Sandbox Regulations

  • In May 2020, new regulations to expand the regulatory sandbox for Australian Fintechs “received royal assent,” which were expected to launch in September 2020.
  • These rules would eliminate the prohibitively high limit of 100 retail clients “while remaining within the AUD 5 million exposure limitation. Additionally, they “increase the breadth and depth of financial services provided, including credit and non-cash payment options.
  • Australian authorities have plans of implementing new regulations related to payments in the areas of interest. For example, the Council of Financial Regulators intends to establish a new regulatory framework for digital wallets that divides responsibilities between corporate and prudential regulators and adjusts the regulatory burden according to a company’s size.
  • Additionally, it has been suggested that the Australian government may expand its data-sharing program to allow non-banks to make payments and switch customers out of existing bank accounts, putting major banks under increased competitive pressure and assisting new digital banking businesses in establishing themselves.
  • In November 2019, the Bank started a Review of Retail Payments Regulation, which is expected to be finished by 2021.
  • In 2020, the Bank made a submission to the Treasury’s Inquiry into how the CDR (Consumer Data Right) could be “expanded to enhance competition and innovation in the digital economy.”
  • In May 2018, after considerations of the Board as to whether formal regulation was required to ensure LCR (least-cost routing) functionality, and based on commitments made by major acquirers, “the Board determined that regulation was not required at that time.”

U.K.

Over the past three years, various regulations have been introduced regarding payments in the UK. They include the Payment Services and Electronic Money (Amendment) Regulations 2020, the Strong Customer Authentication regulation that guides institutions on how to check that the person trying to make a payment is permitted to do so, and the introduction of the ISO 20022 regulation to standardize financial messages for payments. Detailed information is below.

The Payment Services and Electronic Money (Amendment) Regulations 2020

  • On 16 November 2020, the Payment Services and Electronic Money (Amendment) Regulations 2020 were published on the legislation.gov.uk website.
  • The regulation amended the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 to allow small electronic money institutions, electronic money institutions, authorized payment institutions, and small payment institutions to apply sections 93(4) and 233-236 of the Banking Act 2009, with modifications.
  • The amendment empowers HM Treasury to issue rules amending insolvency legislation relevant to institutions, including the establishment of an institution-specific insolvency system. HM Treasury will use its authority to establish a Special Administration Regime for payment and electronic money institutions.

Strong Customer Authentication Regulation

  • Banks and other payment service providers are required to comply with new regulations dubbed Strong Customer Authentication (SCA) that took effect on 14 September 2019. The new regulations specify how institutions will verify that the individual attempting to make a payment is authorized to do so.
  • The new regulations were implemented to increase payment security and decrease fraud during the authentication process.
  • The Financial Conduct Authority (FCA) mandates institutions to create SCA solutions that work for all segments of the consumer population, which includes providing clients with a variety of authentication options.
  • Due to the effect of the Covid epidemic, the FCA has delayed the implementation date for SCA for e-commerce by six months to 14 September 2021 in order to minimize disruption to merchants and customers.
  • After 14 September 2021, any institution that fails to comply with the SCA’s criteria will be subject to full FCA supervision and enforcement.

Authorised Push Payment Fraud Regulation

  • On 14 December 2018, the FCA extended the jurisdiction of the Financial Ombudsman Service (FOS) in a published policy statement. The policy change requires the FOS to examine complaints from payers who are allegedly the victim of Authorized Push Payment (APP) fraud against the payee’s payment service providers (PSPs) that receive the money in the relevant transaction beginning 31 January 2019.
  • As of 13 January 2018, FOS may now examine complaints regarding actions or omissions relating to a payee’s PSP cooperating with the payer’s PSP to assist in recouping money from a payment transaction when inaccurate information were supplied.
  • When a payer’s PSP receives a complaint, it determines whether it can react or if the complaint should be sent to the payee’s PSP, which is required to address complaints about suspected APP fraud in accordance with the FCA’s Dispute resolution procedures.

Introduction of ISO 20022 Regulation

  • ISO 20022 is a worldwide messaging standard for transmitting data. It was established to create a consistent financial message standard for payments. Payment schemes in the UK, such as Bacs, CHAPS, and Faster Payments, and others globally, currently use different message formats, making it difficult to re-route payments using a different scheme, or send and receive international payments.
  • The Bank of England issued a consultation document in June 2018 introducing ISO 20022, with the primary recommendations being that UK.Pay will align ISO 20022 and implement the CCM throughout Bacs and Faster Payments beginning in 2021.
  • Due to the complexity of the multi-phase procedure, complete implementation will take place in 2024 and beyond.

Extending Principles for Business to Payment Services and E-money

  • On 1 February 2019, the FCA issued a policy statement confirming that it was proposing measures to put payment services and electronic money under the ambit of the Principles for Businesses (PRIN) and the Banking Conduct of Business Sourcebook’s communication standards provisions (BCOBS). On 1 August 2019, the revised regulations and guidelines took effect.
  • This policy statement reaffirmed the FCA’s Handbook revisions by expanding the applicability of the FCA’s PRIN to the provision of payment services and the issuing of e-money by specified payment service providers and e-money issuers.
  • The FCA also expanded the scope of the Banking Conduct of Business Sourcebook’s particular communication rules and guidelines to include interactions with payment service and e-money clients.
  • Additionally, the FCA updated its regulations and guidelines on the communication and marketing of currency transfer services, which apply to payment services and the issue of electronic money that include currency conversion.

U.S.

There are some updates for the regulatory environment of fintech, cryptocurrency, and infrastructure payment in the US in the past 2-3 years. However, these updates include proposals and projections rather than implemented policies. Further information is available below.

Fintech

  • The announcement from the Office of the Comptroller of the Currency (OCC) in July 2018 provided that it would start “accepting special purpose national bank charters from fintech companies that receive deposits, pay, or lend money.”
  • As such, fintech companies that send in such applications, if accepted, would become subject to the same federal regulations, reporting requirements, laws, and supervision as national banks. They would also be held to similar standards for “safety and soundness, fair access, and customers’ appropriate treatment.”

Cryptocurrency

  • In December 2020, the US Treasury Department proposed new rules requiring banks and other financial institutions to collect and disclose the names of persons engaged in certain digital transactions, including payments for unhosted wallets.
  • The regulations compel the financial institutions to report such digital transactions as they would cash transactions as mandated since 1970.
  • The proposed limits for such digital transactions are equivalent to existing limits for cash transactions, i.e., a $10,000 limit for non-wire digital transactions and $3,000 for wire transactions.

Infrastructure

  • The Federal Reserve (Fed) announced in August 2019 that it would be creating a real-time payment (RTP) system in 2023 or 2024 that would serve for interbank transactions.
  • The new RTP system will be accessible to all banks having a reserve account at the Fed, and institutions that use it will be required to make those monies promptly available to their clients upon notification of the settlement.

EU

There are several post-2018 regulations affecting payment structures in the EU region. In some instances, these regulations are revisions of pre-existing rules with the overall goal aiming at facilitating secure, easy, and efficient payment systems across the EU. The most recent payment regulations are discussed herein.

Open Banking

  • Despite being a relatively new banking framework, open banking regulations are fully developed in most EU countries. The amended Payment Services Directive is one such legislation (PSD2).
  • The PSD2 directive came into effect in January 2018 and was implemented by all banking institutions across Europe by September 14, 2019.
  • This directive seeks to entrench more robust customer authentication policies to minimize risks associated with fraudulent online transactions. In brief, it stipulates that anyone within the EU region completing payments of “over £30 must provide two-factor authentications.”
  • In effect, it allows customers to pay directly from their bank accounts and enable third parties to access this information.
  • The directive is critical to fast-tracking the adoption of open banking through which customers can share their personal information via application programming interfaces (APIs).
  • Similarly, under the PSD2 framework, the EU has banned all surcharges on specific payment methods. Effective January 13, 2018, the majority of provisions stipulating additional fees for payments made via direct debit or debit/credit cards, bank transfers will be illegal.

Data and Privacy

  • The European Union’s General Data Protection Regulation (EU-GDPR) took effect in all EU member states on May 25, 2018.
  • Fundamentally, it seeks to regulate EU law on data privacy and protection by streamlining issues such as the transfer of personal data within and outside the EU region and the European Economic Area (EEA).

Cryptocurrency

  • The existing regulation regarding cryptocurrency transactions in the EU is a 6-year old regulation (Directive (EU) 2015/849) (also known as the 4th AML Directive) passed by the European Parliament in May 2015.
  • It outlined the measures to prevent the exploitation of such financial systems to facilitate illegal practices such as money laundering and terrorist financing.
  • The deadline for a more comprehensive cryptocurrency regulatory framework has been set for 2024 following calls by five European finance ministers to put in place “very strong and very clear rules” regarding cryptocurrency.

Big Tech Data /FinTech

  • The European Commission has launched two pieces of legislation this year (2021) that aim to implement sweeping rules meant to curb the influence of big tech companies with immense potential to harvest data.
  • The Digital Market Act (DMA) seeks to create a level playing field for all companies by, among other things, regulating self-preferencing (where search apps developed by a company only display results generated by the same company).
  • Similarly, the DMA act aims to allow digital product users to uninstall apps that come pre-installed with the devices. The legislation also proposes that performance metrics be shared freely with publishers and advertisers.
  • The second legislation is the Digital Service Act (DSA). This legislation is designed to address the proliferation of harmful and illegal content by asking hosting platforms to take such content down.
  • The EU will adopt crowdfunding law (Regulation of European Crowdfunding Service Providers – ECSP) in November 2020.
  • This law lays down the rules across the EU to provide lending- and investment-based crowdfunding services within the domain of business funding.
  • It provides a single set of rules for applying for an EU passport to make it easier for such platforms to offer services across the EU using a single authorization.
  • The new rule essentially offers alternative sources of funding to bank financing.

Infrastructure

  • In September 2020, the EU adopted a retail payment strategy to develop the EU payments market to enable the region to reap the full benefits of innovation and opportunities associated with digitalization.
  • The framework seeks to create conditions that will make it possible for the development of instant payments and EU-wide payment solutions underpinned by cost-effectiveness.
Previous Post
Next Post