In recent years the topic of mobile payments and the regulations covering them has been gradually climbing up the agenda of both banks and regulators.
You may well remember that in January 2012 the European Commission published a green paper on card, internet and mobile payments, which was then followed by a feedback statement. The trail then appeared to go cold until July 2013, when the Commission adopted a legislative package on the EU payments framework consisting of a revised Payment Services Directive and a Regulation on Multilateral Interchange Fees. At the time of writing both legislative proposals are still being negotiated in trialogue, and it is hard to predict when agreement might be reached. Should the legislative proposals be concluded by the beginning of 2015, the regulation would enter into force as of 2016 and the revised PSD would have to be entered into national law by 2017.
The regulatory spotlight on mobile payments has not just come from Europe, though. In August last year the FCA published an interim report setting out its initial views following thematic work on mobile banking and payments. More recently the FCA has published a final report. The reason for the regulatory interest is clear when you consider that a number of retail banks are now spending more than 5 per cent of their IT budget on mobile development, and that the FCA itself estimates that around 25 per cent of current account users are active users of mobile banking.
From a regulatory perspective the challenge is to encourage innovation and competition within the marketplace which does not come at the expense of consumer protection. The final report picks up on certain key themes that firms should bear in mind. These include:
• ensuring that consumers are clear about their rights and obligations when using mobile banking products and services. In particular, making sure they have the same regulatory protections when using these products and services as when making payments by other means;
• establishing that senior management have sufficient understanding of their products and services to ensure that they are right for consumers, and are delivered in the right way. In particular, effective challenge is provided both before the launch of the product and throughout the product lifecycle as functionality changes;
• seeing to it that high standards of security are maintained to protect consumers’ personal data; and
• ensuring that the regulated firm with ultimate responsibility for providing the mobile banking service has appropriate oversight over the key third parties involved in its delivery.
Obviously, the risk of financial crime, particularly money laundering, should always be uppermost in firms’ minds. They should ensure that they have the systems and controls in place to identify, assess and mitigate these risks.
From the interim report, firms providing mobile banking would also be well advised to keep in mind the following:
• to have a clear strategy and sustainable business model for mobile banking;
• to consider the requirements of the consumer during each stage of product development from design through to distribution;
• to understand the risks to consumers from mobile banking, and take appropriate measures to address these, to provide services aligned with the interests of their consumers;
• to test the robustness of their IT systems, including transactional security, thoroughly stress test their products and store sensitive data securely;
• to provide information to their customers that is clear, fair and not misleading, and appropriately targeting the intended audience; and
• to respond to customer complaints and queries in a fair and reasonable manner, treating customers fairly at every stage.
Simon Lovegrove is a lawyer with the financial services team at Norton Rose Fulbright LLP
