Latest from the FCA, including Tesco Bank cyber attack fine and PSD2 rules and guidance consultation. Other sector news.
Financial Conduct Authority (FCA)
In a speech delivered at the FCA’s Annual Public Meeting on 11 September 2018, Chief Executive Andrew Bailey spoke, among other things, about operational risks – a new source of risk to the FCA’s objectives. He touched on the four themes of operational resilience (including cyber risk), the impact of technological change and innovation, the challenge of financial crime, and data issues (which he referred to as “the fastest rising risk on our landscape”). In his speech at the same event, FCA Chair Charles Randell discussed the impact of technological developments and the FCA’s serious approach to financial crime.
In the introduction to the FCA’s latest Regulation round-up, Mr Randell encouraged stakeholders to respond to the FCA’s Discussion Paper on a Duty of Care, which was published in July 2018 alongside the FCA’s Approach to Consumers paper. He said that: “Everyone in the financial services system has an almost Hippocratic duty to treat customers fairly. Access to credit can enhance quality of life – as long as the debt is collected with a focus on affordability and the welfare of the customer. For many people, however, having financial resilience in the form of rainy day savings is a key protection against the problems that life can bring…We now live in a world where people work, save and borrow in a fundamentally different way to the way they did 10 years ago. But it is my sincere belief that if regulators and financial service firms are closely attuned to the needs of vulnerable customers we will be able to rebuild the trust in financial services which was lost 10 years ago”. Comments are requested by 2 November 2018.
Around the time that this edition of the Regulatory round-up was due to go to press, the FCA fined Tesco Bank £16.4 million for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber attack in November 2016. See the press release for details.
The FCA is consulting until 12 October 2018 on new rules and guidance to implement the revised Payment Services Directive. It is proposing changes to reflect final regulatory technical standards on security and new fraud reporting requirements published by the European Banking Authority. It is also proposing new complaints reporting rules about authorised push payment fraud. The FCA intends to publish its final position in early 2019.
On 27 September 2018, the FCA published a thematic review report on the impact of credit broking remuneration models at the point of sale. See the FCA’s webpage for a brief summary of the scope, findings and next steps.
The FCA has completed its review of retail banks’ use of outsourcing. It says that, overall, it did not identify significant concerns. See the latest Regulation round-up for details.
The latest mortgage lending statistics were published by the FCA and Bank of England on 11 September 2018. Mortgage lending activity increased in the second quarter of 2018 compared with the previous quarter. Among other things, new commitments are at their highest level since the first quarter of 2008 and there has been an increase in the amount of lending to first time buyers.
Other sector news
The Money Advice Trust published a new report, ‘A decade in debt’, which looks at how the UK’s debt landscape has changed in the ten years since the financial crisis. In her foreword to the report, the Money Advice Trust’s Chief Executive says that ten years ago a typical caller to National Debtline was struggling to pay credit cards, personal loans or perhaps a mortgage, whereas today, callers are struggling with smaller but trickier debts – often arrears on everyday household bills. The report looks at trends across different types of debt, and sets out recommendations for consideration by government, regulators, creditors and the advice sector. A summary of the recommendations starts on page 44. Pages 19 to 22 of the report focus on consumer credit. The Money Advice Trust recommends, among other things, that the FCA extends the principle of capping the cost of credit at 100% of the amount borrowed to the rent-to-own and home-collected credit sectors, and reconsiders its decision to exclude guarantor lending from immediate action within its high-cost credit review.
The Creditworthiness Assessment Bill is due to have its second reading debate in the House of Commons on 26 October 2018. This is the first opportunity for MPs to debate the main principles of the Bill. The Bill seeks to impose a requirement on the FCA to make rules to ensure that firms carrying on credit-related regulated activities and connected activities, and those entering into or varying a regulated mortgage contract or home purchase plan, take into account rental payment history and council tax payment history when assessing a borrower’s creditworthiness.
On 6 September 2018, the National Audit Office published a report, ‘Tackling problem debt’. The stated aim of the report is to “evaluate and conclude on HM Treasury’s overall approach to over‑indebtedness, and how well it brings together government’s and other stakeholders’ various activities and interventions to meet its objectives”. See the press release for details and a link through to the report. Key findings, on identifying the problem and coordinating the approach to over-indebtedness, preventing over-indebtedness, and managing problem debt, are set out on pages 7 to 10. Recommendations can be found on page 11. Citizens Advice and debt charity StepChange have both responded to the report.
On 28 September 2018, Citizens Advice lodged a ‘super-complaint’ with the Competition and Markets Authority (CMA), calling on the regulator to take action to stop long-term customers being penalised for their loyalty. Research across five essential markets including home insurance, mortgages and savings, found that British consumers lose £4.1 billion a year to this ‘loyalty penalty’. See the press release, the CMA’s press release and the FCA’s statement.
The Advertising Standards Authority ruled that a television advertisement promoting information about a company’s short-term loans breached the UK Code of Broadcast Advertising because the representative APR was given less prominence than the incentive to apply for credit.
New data from UK Finance shows that a total of £503.4 million was stolen by criminals through authorised and unauthorised fraud in the first six months of 2018 and that, during the same period, the finance industry prevented £705.7 million of unauthorised fraud. See the press release and the response of the Payment Systems Regulator (PSR).
The Authorised Push Payment Scams Steering Group is consulting until 15 November 2018 on a draft voluntary industry code for the reimbursement of victims of authorised push payment scams. The Group was set up by the PSR in March 2018 to lead the development of a code. The final version is expected to be ready in early 2019. See the PSR’s press release and the UK Finance response to the draft code.
On 17 September 2018, the Lending Standards Board published its first summary report on banks’ application of the Access to Banking Standard, the overall principle of which is that customers and relevant stakeholders of a bank branch that is closing will be provided with clear, understandable, accessible documentation and information about that specific closure as soon as the bank is able to do so, what it will mean for them and how they can continue to bank following its closure. See the response of consumer organisation Which? to the report. In related news, the government’s response to a Scottish Affairs Committee report on Royal Bank of Scotland branch closures was recently published. It says that the decision to close a branch is a commercial decision for the management team of the bank, and government policy is not to intervene in those decisions.
On 12 September 2018, the PSR responded to LINK’s first ATM ‘footprint report’, published the same day, showing the coverage of ATMs in the UK. LINK is the UK’s largest cash machine network. A number of ‘protected’ ATMs (free to use ATMs which are one kilometre or more away from another free to use ATM) closed between 1 February and 1 July 2018. The Chair of the Treasury Select Committee warned that the PSR’s regulatory action requiring LINK to set out more explicitly how it will maintain the broad geographic spread of free to use ATMs across the UK, may be “too little, too late”. The PSR is consulting until 9 October 2018 on a draft specific direction to LINK to make sure it does all that it can to deliver on the commitments it has made regarding free access to cash, including having suitable arrangements in place to ensure the ongoing availability of protected ATMs.
On 19 September 2018, the Treasury Select Committee published a unanimously-agreed report on crypto-assets as part of its inquiry into digital currencies and distributed ledger technology.
On 3 September 2018, the European Parliament’s Civil Liberties, Justice and Home Affairs Committee approved new EU rules to protect citizens against non-cash payment fraud, such as credit card theft, skimming or phishing. See the press release for details.
In a speech delivered on 6 September 2018, the European Commission Vice-President for the Euro and Social Dialogue spoke about digital challenges for the financial sector and the goals of the Commission’s FinTech action plan, published in March 2018, one of which is to ensure the cyber resilience of the financial sector. The Financial Stability Board published the consultation responses to its draft cyber lexicon, comprising a set of 50 core terms related to cyber security and cyber resilience in the financial sector; and payment, clearing and settlement operators met on 14 September 2018 at a roundtable in Paris to discuss global cyber resilience. See the press release. For more on cyber security, see the Data Protection section of this Regulatory round-up.
On 12 September 2018, MEPs approved new measures to combat terrorist financing, by preventing money laundering and tightening cash flow checks. See the press release for details. Member states will have 24 months from the date of entry into force of the criminalisation of money laundering directive to bring the new rules into force.
A reminder that one year has now passed since the Criminal Finances Act 2017 took effect, introducing a new criminal offence for corporates of ‘failing to prevent the facilitation of tax avoidance’. An offence is committed if an organisation fails to prevent its staff or connected parties such as agents from facilitating another person’s tax avoidance, even if the business was unaware of activities in question. The only defence is to demonstrate that the organisation has appropriate preventative measures in place. There are similarities to other financial crime legislation, in particular the Bribery Act 2010. HMRC originally gave businesses some leeway to put the necessary steps in place. Twelve months on, if you have any queries arising from the Act, or require any assistance in relation to compliance, please do not hesitate to contact Sarah Bruce, one of the Directors in our Tax team, who will be very happy to help.