Every morning I park at the train station and, like many people, pay the parking tariff by mobile phone rather than search through my wallet hoping that I have enough spare change, which usually is not the case.
Mobile banking and payment services have grown considerably in the UK and are becoming part of our everyday lives. Research has shown that one in five adults in the UK have already made a payment using their mobile phone, more than a quarter of us use our mobile phones to check our bank balance and more than half of us would pay with our mobile phone if it were an option at the local supermarket.
Unsurprisingly all this activity has attracted the attention of the regulator. In its 2012/2013 risk outlook and 2013/2014 business plan, the FCA mentioned that the increasing popularity of mobile banking would lead it to carry out thematic work to assess potential risks.
In August the FCA published a thematic review (TR13/6) which set out at a high level its plans and concerns for mobile banking services.
What does the FCA want to see in this area? The FCA wants to see innovation that provides consumers with products that match their expectations. To achieve this firms should:
• Have a clear strategy and sustainable business model for mobile banking.
• Consider the requirements of the consumer during each stage of product development from design through to distribution.
• Understand the risks to consumers from mobile banking and take appropriate measures to address these to provide services aligned with the interests of consumers.
• Test the robustness of IT systems, including transactional security.
• Provide consumers with information that is fair, clear and not misleading.
• Respond to customer complaints and queries in a fair and reasonable manner, treating customers fairly at every stage.
Firms should also consider the risks that mobile banking present to consumers. For example:
• Fraud: how does the firm mitigate the risk of fraud and what measures does it have in place to protect consumers?
• Security: when downloading a mobile banking application how are the risks of malware and viruses mitigated? Are clear warnings given only to download applications from official stores and is anti-virus software provided?
• Use of third parties particularly in relation to IT systems: when there are a number of third party suppliers in a chain is it clear who is responsible for any issues experienced by consumers?
Money laundering systems and controls are another important issue. Firms must have in place systems and controls that identify, assess and mitigate the risk of financial crime. The FCA has stated that as mobile banking services are new services for consumers to access and transfer funds, firms must put in place proportionate and risk-sensitive systems and controls. The regulator has said this is especially relevant when the services are not linked to the customer’s current account. In such instances firms should consider additional checks to identify the payee and recipient.
The FCA will conduct further work in this area, testing a sample of firms to see if its expectations are being met and customers are being fairly treated. It intends to provide a further update later in 2014.
Simon Lovegrove is a lawyer with the financial services team at Norton Rose Fulbright LLP
