The first Payments Services Directive (PSD) came into force in 2007, followed by several updates PSD2 in 2018 and the Electronic Money Regulations 2011 ( EMR).
The FCA, however, did not establish a dedicated team for the sector until 2017 at the earliest. Early on it had less than one full-time employee dedicated to EMIs, while it authorised 200-300 EMIs a year. Meanwhile the EMI, payment services markets had, officials said, moved ahead of the regulator which faced a steep learning curve.
The 2018 Premier FX scandal was probably the catalyst for the FCA to increase headcount, visit conduct a multi-firm review and publish two “Dear CEO” letters ( 2019 and 2020) as well as finalised guidance, officials said.
The 2019 multi-firm review covered 11 non-bank payment service providers (PSPs) to assess how well they met the requirements
for safeguarding service users’ funds set out in the Payment Services Regulations 2017 (PSRs) and EMRs. The FCA reported poor safeguarding understanding and compliance. Firms were required to attest they had carried out a review of safeguarding arrangements and were satisfied they were compliant.
SOME EMIs ALREADY SYSTEMICALLY IMPORTANT
No one yet knows how systemic EMIs’ and APIs’ safeguarding and financial sustainability issues are, including the FCA, because it will have been unable to visit many. It is simply a matter of the number of firms versus FCA resources.
Officials suspect, however, there is enough of a minority in trouble to merit more regulatory attention if not intervention. It is at times such as these, they said, when Ponzi scheme frauds are revealed and finding a hole in firms’ safeguarding account is more likely too.
“It’s interesting the regulator is locking onto client assets. It’s always been a risk but now they’re putting it up there as the number-one risk. I think where this is going is the payment providers are going to be regulated as if they are any other financial institution. They got a bit of leeway because they were new entrants and the regulators have a competition and innovation mandate,” Byrne said.
The Bank of England’s Financial Policy Committee’s July 2019 Financial Stability Report expressed concerns about EMI’s impact on wider financial stability.
“It has become increasingly difficult, within the current framework, for any one of [the UK regulators] to assess risks across the overall payments network. Where innovators are seeking to develop new payment methods and infrastructures, the Bank will be vigilant to the potential impacts on the stability of the financial system,” it wrote.
The committee said it would assess “developments in the scope and nature of regulation for payments and other innovative financial services to ensure the approach reflects their systemic importance”.
How far regulators will go with further EMIs rules will depend on how big the risks become. Regulators’ innovation and competition mandate means these firms have benefited from a less stringent regime as countries sought to be attractive to EMIs and fintechs more generally.
“There’s a fairly delicate balance between encouraging these companies to invest and establish businesses in the UK, and regulating their activities. As the number of people who switch to using these services, as opposed to traditional ones, increases, the risks will crystallise. A lot of fintechs are geared more toward tech rather than financial services and some may lack compliance expertise and financial experience. Also, traditionally, a lot of tech companies fail. That’s the model. But when financial services firms fail, there are consequences for a lot of people,” said Mathew Orr, a senior associate in Shearman & Sterling’s litigation practice in London and who formerly worked at the FCA.
ACT LIKE A BANK, OFFER BANK-LIKE SERVICES BUT… NOT A BANK
Already a small number of these EMIs have amassed large market shares and even though they are not banks, they behave like them offering bank-like services while not being a bank and, crucially, providing no FSCS protection.
“When a small number of payment providers have a large part of the market share they are going to be systemically important utilities just like banks are, but they aren’t run like that. If you have a tech company that’s an essential part of the [financial] infrastructure and its propped up by private equity funds that’s never been profitable it doesn’t matter what the regulators do. What the regulators need to do is look at whether [a business model] is sustainable and profitable. The issue with the payment providers is they’ve got to a place where they’ve acquired enormous scale and have amassed huge amounts if investor capital, but if they’re loss making, they’re not sustainable. If you look at all the banks and all the sustainability criteria they have to meet, you have to ask the question — the banks would not be left to run their businesses like this?” Byrne said.