Globally, the scope and scale of the payments market continues to grow exponentially. Propelled by a focus on open banking and, most recently, the increased pace of adoption of digital solutions in response to Covid-19, financial institutions, fintechs and payments firms have continued to develop their services and adapt to changes in technology.
In a nutshell:
At the same time, new entrants – from technology to social media companies – are increasingly integrating payments propositions into their products: Facebook Pay continues to be rolled out internationally; WhatsApp Pay recently launched in India; and WeChat Pay continues to proliferate the Chinese market. Likewise, continued developments in cryptoassets, distributed ledger technologies and central bank digital currency threaten to change the very nature of the underlying property being transferred.
In the wake of these multifaceted changes to the market, global regulation must keep pace and respond – How should new entrants be regulated? What are the new risks to customers? Can (and should) law and regulation be cast in a technology-neutral way? As we look to 2021, legislators and regulators will increasingly have to grapple with these questions.
The ever-changing face of payment services regulation
The pace of change is significant. Often, law and regulation has to be amended before it has even become business as usual. In Singapore, the Payment Services Act (PS Act) came into force on 28 January 2020, extending the regulatory perimeter to include domestic money transfers, merchant acquiring and certain digital payment token (DPT) services (ie dealing in and facilitating the exchange of DPT). Less than a year later, and with licenses still in the process of being issued, the PS Act is already being amended to extend the regulatory perimeter even further in 2021 to include DPT transfer and custodian services. In Europe, the European Commission has announced its intention to review the second Payment Services Directive 2015 (PSD2) at a time when the Strong Customer Authentication (SCA) regime prescribed by PSD2 is not even being enforced for all payment service providers yet. In Australia, in October, the Government announced a review of the two-decade old regulatory architecture of the Australian payments systems and the central bank (the RBA) is reviewing specific payments activities.
One thing that the pandemic has shown is how much we depend on digital technology to keep things running in the middle of restrictions and lockdowns.”
Jurisdictions in Asia have often been the first-adopters of new payments technology (WePay has been used for over half a decade in China); many adopted mobile payment solutions without first using card-based payments as a stepping stone. Even so, jurisdictions in Asia continue to innovate rapidly and re-legislate to keep up with the market – and one of the major concerns continues to be financial crime and anti-money laundering. The changes to the PS Act in Singapore, and a new Omnibus Act being consulted on, will align Singapore with the enhanced Financial Action Task Force (FATF) Standards applicable to virtual asset service providers and introduce additional requirements to mitigate money laundering, terrorism financing and proliferation financing risk arising from certain business models. Likewise, on 3 November 2020 the Hong Kong Securities and Futures Commission announced a legislative proposal to introduce a new licensing regime for virtual asset trading platforms under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615). Although the proposed regulatory regime is not expected to go as far as the changes to the PS Act in Singapore, it will still tailor a licensing regime for virtual asset exchanges – which are by far the most prevalent and developed embodiment of virtual assets services (in terms of both scale and complexity) seen in Hong Kong.
Meanwhile, in the UK, continental Europe and Australia governments and regulators are undertaking more holistic reviews of payments systems regulation – at a time of increasing regulatory focus on non-bank payments firms (especially in the context of the Wirecard insolvency and the strain Covid-19 has put on the operational resilience and stability of smaller firms). In the UK, Her Majesty’s Treasury (HM Treasury) has announced various consultations, including a Payments Landscape Review and the relaunch of HM Treasury’s independent Fintech Strategy Review. Although the results are not realistically expected until 2021, alongside broader initiatives like the UK Future Regulatory Framework (FRF) Review, the reviews potentially represent the start of broader changes to payments regulation in the UK – particularly in light of the UK’s new legislative autonomy conferred by Brexit.
In Europe, on 24 September 2020 the European Commission published its Digital Finance Package, which is comprised of the Digital Finance Strategy and the Retail Payments Strategy. The Digital Finance Strategy is designed to make Europe's financial services more digital-friendly and to stimulate responsible innovation and competition in financial services; it is a package of several proposals for EU regulations, including in relation to the regulation of markets in cryptoassets (the “MICA” proposal – see our article here), a pilot regime for market infrastructures based on distributed ledger technology, and digital operational resilience for the financial sector (the “DORA” proposal – see our article here). The Retail Payments Strategy identifies key priorities and objectives for retail payments in Europe over the next four years and, among other things, is designed to make it easier for consumers to pay in shops and make e-commerce transactions safely and conveniently. To achieve these objectives, the Retail Payments Strategy proposes various regulatory changes, including expanding the regulatory perimeter prescribed by PSD2 to include certain currently unregulated entities (such as technical service providers), ways to promote the use of electronic identity (eID) to support the fulfilment of the SCA regime, the scope of consumer protection (eg rights to refunds) and money laundering and terrorist financing matters.
Payments infrastructure: tearing out the roots
Licensing is a game-changer, because it provides certainty and confidence to investors, unlocking massive participation as it drives the increasing use of our platform by the global institutional investor community."
As the shape of the payments market continues to change and firms continue to innovate, the demand for governments and regulators to update and modernise (in some cases outdated) payments infrastructure continues to grow with a focus on faster payments. This is a priority for many regulators and governments worldwide. Globally, many jurisdictions (including the UK, the EU and in Asia, such as China, Japan and India) have adopted and are in the process of implementing the ISO 20022 payment messaging standard. However, many local legislators and regulators are also taking local steps to improve the local payments infrastructure.
In the UK, this has been a key priority for a number of years since the creation of the New Payment System Operator (now called Pay.UK) in 2017. Pay.UK remains responsible for delivering the UK’s New Payments Architecture, an ongoing project to consolidate the UK’s retail payment rails (BACS and Faster Payments) to establish an upgraded and easily accessible payments system. This is also a theme in Australia, where the Government launched the New Payments Platform, an open infrastructure designed to facilitate and support fast payments in Australia and has a roadmap for future capability development planned for the platform.
Similarly, in Europe the European Commission continues to take steps to continue improving its new payments infrastructure. One of the major objectives of the European Commission’s Retail Payments Strategy is to ensure that instant payments are carried out smoothly in the EU in a near future. As part of the Retail Payments Strategy, the European Commission will examine the number of payment service providers and accounts able to send and receive SEPA instant credit transfers – with a view to deciding whether to propose legislation requiring payment service providers to adhere to the SEPA Instant Credit Transfer scheme by the end of 2021.
The year ahead
Legislators and regulators globally are renewing, updating and potentially planning wholesale changes to regulation of the payments market and the very infrastructure on which payments are made. As these plans to adapt to an ever-changing market come to fruition, all players in the market – financial institutions, fintechs, payments firms and new entrants – will need to prepare to navigate, stay ahead of and even take advantage of opportunities in the new and ever-changing web of global regulatory payments regimes.
More FSR Outlook 2021 articles
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2021