.svg)
The UK’s Financial Conduct Authority (FCA) has written to payments firms outlining what they need to consider when implementing the Consumer Duty in its latest communication on the controversial new compliance requirement.
At the end of July this year, companies from an array of sectors will begin to come into scope of the FCA’s Consumer Duty requirement.
The aim of the Consumer Duty is to set higher level and more transparent standards of consumer protection across financial services, including firms in the wholesale market, even if they do not have a direct relationship with retail customers.
The FCA has talked it up as a way to help with many issues, including the role of bigtech companies in finance, although it has acknowledged that there will be challenges in implementing the outcomes-based regulation.
“For many firms, meeting the Duty will require a significant shift in culture and behaviour. We recognise that the implementation of the Duty comes at a challenging time,” the new letter issued by the FCA says.
However, the FCA defended the new requirement, suggesting that it will effectively help payments firms continue to build trust among consumers in using the “expanding range of products and services and enable the sector to continue to grow in a way that delivers consistently good outcomes for customers”.
Strong customer authentication (SCA), which was introduced by the FCA in 2022, features among the issues covered by the regulator.
“The Duty includes a requirement for firms to ensure that the design of the product or service meets the needs, characteristics and objectives of customers in the identified target market,” the FCA says.
In line with the duty, the regulator states that it expects payment service providers to develop SCA solutions that work for all groups of consumers.
“We encourage firms to consider the impact of strong customer authentication solutions on different groups of customers, in particular those with protected characteristics, as part of the design process,” the letter says.
This means that firms may need to provide several different methods of authentication to their customers, the FCA says, including ensuring that there are methods that do not rely on mobile phones, to cater to customers who do not have or want to use a mobile phone or need to make payments in areas without mobile phone reception.
Concerns about whether SCA friction could prompt groups being excluded has also been voiced by others previously.
Consumer group Which? warned in a 2022 alert that banks were too reliant on mobile phones for carrying out the extra security checks. Its survey of 4,438 current account customers in October 2021 found that 17 percent of those who make online card payments had issues passing new security checks.
Rethink account freezing
Poor financial crime controls among payments and e-money firms also came under the spotlight of the regulator in the letter.
This, the regulator warns, can lead to a higher risk of both the firm and its customers being targeted by criminals.
“One specific access issue which we would highlight as needing careful consideration by firms under the cross-cutting rules and consumer support outcome, is the freezing of individual customer accounts.”
The FCA says that this is reasonable in principle, but in practice some firms are freezing a disproportionate number of accounts, for too long, and without adequate explanation.
The FCA says that firms should consider their processes relating to freezing of accounts; for example, how to make such freezing less frequent, which could be done through better upfront onboarding and know your customer (KYC) controls and more accurate and intelligent transaction monitoring.
The regulator also argues that this issue should be less protracted, such as through better, and quicker, investigations and that it should also be better communicated and supported, especially for customers that are put into acute financial difficulties by the freeze.
The regulator also says that firms should consider their handling of alleged cases of fraud, especially authorised push payment fraud and of complaints about such.
“Whilst we appreciate that the facts of these can be hard to establish, firms should ensure that their treatment of customers who feel themselves to be victims and are distressed is not unduly harsh or unsupportive,” the letter recommends.
What else should firms consider?
The FCA summarises that it expects payments and electronic money firms to be able to demonstrate that they are satisfying themselves that their products and services are designed to meet the needs of consumers. This means they should perform as expected within their target markets.
Firms need to assess whether their products and services have features that could cause harm to groups of customers with characteristics of vulnerability, and what action they are taking to mitigate this risk of harm.
In particular, firms should assess the potential impact of any plans to cross-sell more to customers.
"We have seen cross-selling where the promoted products were appropriate for the original target market, but not necessarily appropriate for all of a wider group of customers, creating a risk that the latter purchase products which do not meet their needs," the regulator points out.
Payments and e-money firms must also share all necessary information with other firms in the distribution chain and ensure that they are receiving all necessary information themselves. They must check that their distribution strategies are being followed and that products and services are being correctly distributed to the target market.
The FCA has also called on firms to harness data and management information to monitor whether products are meeting the needs of their customers and that they are regularly reviewing data and taking "any necessary mitigating actions".
