UK’s Taskforce Proposals for Payments Regulations and Data Protection

This analysis outlines key proposals in relation to payments and data protection following the Taskforce on Innovation, Growth and Regulatory Reform independent report, released on July 16, 2021, to address how the UK can seize new opportunities from Brexit. It aims to put the proposals in the context of wider developments taking place in UK payments regulation.

Background

Although financial service providers have had to adjust to a period of regulatory and economic uncertainty brought about by Brexit and the COVID-19 pandemic, the Financial Services Act 2021 (FSA 2021), which received royal assent on April 29, 2021, already marked one of the UK's first steps in shaping an independent regulatory regime for the financial services sector.

Following this, an independent Taskforce on Innovation, Growth and Regulatory Reform report was released on June 16, 2021 to set out a near-term vision for the future of UK regulation. It includes the following key proposals in relation to payments and data protection:

• Proposal 1.5: Using digital sandboxes to test innovation.
• Proposal 4: UK common law approach to regulating financial systems.
• Proposal 5: Delivering a UK framework that supports leadership in fintech.
• Proposal 5.1: Mandating an expansion of open banking to open finance.
• Proposal 5.2: Increasing competition in the banking sector by adopting a graduated regulatory approach for challenger banks.
• Proposal 5.3: Reducing anti-money laundering (AML) burdens on open banking/fintech services.
• Proposal 5.4: Accelerating plans for a UK central bank digital currency (CBDC) to launch a pilot in 12 to 18 months.
• Proposal 7: Replacing the General Data Protection Regulation (GDPR) with a new UK framework for data protection.

UK Regulatory Reform Centred around Competition and Innovation

The report does not specifically address payment service providers (PSPs) in full, with the exception of a proposal for reduced AML burden on account information services providers (AISPs) and payment initiation services providers (PISPs), currently in consultation, and PSPs’ role in facilitating retail CBDC payments. The two key changes outlined throughout the report are:

1. The UK’s move from codified law towards principles-based common law to increase competition both domestically and internationally.

2. The drive for the establishment of a framework that supports and nurtures digital innovation, including open finance and CBDC proposals.

Additionally, a similar perspective has been presented for a data protection reform overhauling requirements stemming from the GDPR to improve competition and innovation. Following the proposal outlined in the report, a consultation on reforms to the UK’s data protection regime was launched on September 10, 2021.

The following sections provide a detailed outline of the taskforce's proposals in relation to payments and data protection regulations, as well as a roundup of key regulatory developments in payments outside the proposal.

Proposal 1.5: Using digital sandboxes to test innovation

The Financial Conduct Authority (FCA) launched the world’s first regulatory sandbox in 2016 and the model has since been replicated internationally. The report proposes to continue its use to enable businesses and regulators to test and trial new business models, products and approaches while benefiting from reduced costs and time required to bring ideas to market, assess potential changes to regulation and identify consumer safeguards.

To optimise the use of sandboxes, the report proposes that:

• Regulators should be able to review and share the data and the lessons they learn from data with other relevant bodies.
• Sandboxes should be digital by default. Previously, sandboxes have been established in silos and the data has not been readily available in electronic format or for others to review.

Proposal 4: UK common law approach to regulating financial systems

The report also criticises the impact of the EU regulatory regime by stating that it has made the UK regulatory system in relation to financial services rigid and overly detailed. According to the contributors, the EU regime operates by deploying centrally determined interests over an individual or business activity. As such, the report proposes to move towards a more principles-based approach based on common law in order to more flexibly regulate the UK's financial systems.

The report, therefore, praised HM Treasury’s Financial Services Framework Review, which was announced in 2019 and is currently in the second phase of development, for proposing to move away from the EU approach. Phase II, which was launched in October 2020, seeks to introduce a blueprint for the future regulatory framework by building on the strengths of the Financial Services and Markets Act 2000 (FSMA) model, ensuring the responsibilities of the government, the parliament and the regulators are clearly defined and regulations can be adapted to the changing environment.

Proposal 5: Deliver a UK framework that supports leadership in fintech

In line with Proposal 4 above, the report also proposes that by overhauling EU regulation, the UK could implement a framework that supports leadership in fintech. The UK finance sector is regulated in such a way that has limited the capital that can be injected into innovative companies as a consequence of the way the pensions and insurance sectors are structured.

According to the report: “Reforming this judiciously, while maintaining necessary and proportionate protections, would help unleash latent innovation across the economy, through better availability of finance to businesses in their key ‘scale-up’ growth phase. Reforms to enterprise investment schemes and reporting (e.g. under MiFID II 2) will help further the UK’s position.”

Proposals 5.1 to 5.4 include specific recommendations aimed at achieving such a framework.

Proposal 5.1: Mandate the expansion of open banking to open finance

The global implementation of open banking was influenced by the adoption of the Payment Services Regulations (PSR) 2017, which transposed the EU’s revised Payment Services Directive (PSD2) into the UK’s legal system by introducing a framework for the regulation of certain categories of third-party providers, and the release of the Retail Banking Market Investigation Order 2017 by the Competition and Markets Authority (CMA) in the UK.

The Kalifa Review of UK Fintech that recommended that the government facilitate and mandate the sharing of data across various sectors, with priority given to expanding open banking to open finance, similar to the Australian approach, was praised in the report. The review was presented in March 2021 and identifies core priority areas that can support the fintech sector, covering matters that include policy and regulation and should be considered going forward.

Proposal 5.2: Adopting a graduated regulatory approach for challenger banks

According to the report, despite the existing framework for challenger banks, 90 percent of the retail banking sector is still dominated by nine large players. The current regulatory framework of “one size fits all” does not, therefore, adequately serve the potential of challenger banks’ development and competitive positioning due to higher regulatory costs they incur in relation to their turnover.

The proposal suggests implementing “a graduated regime” by the Bank of England and Prudential Regulation Authority, whereby the smaller banks are subject to a simplified regulation that gradually increases as the bank grows, while the largest banks should be aligned with the current EU standards, which are inherent in the system.

Proposal 5.3: Reducing AML burdens on open banking/fintech services

According to the report, open banking services that provide significant benefits to consumers, such as AISPs and PISPs, have sufficiently low or virtually non-existent money laundering risks associated with them. For consumers to take up open banking, the report suggests:

• Removing duplicative AML/know your customer (KYC) checks for AISPs and PISPs (that are already performed by banks).
• Reducing unnecessary costs for fintech businesses.
• Improving the consumer journey as a result.

A consultation addressing the proposal was issued on July 22, 2021 with a closing date of October 14, 2021, alongside a consultation on a ​​Review of the UK’s AML/CTF regulatory and supervisory regime.

As mentioned below (see FSA 2021 and Other Key Developments in Payments Regulation), this proposal is in contrast to payment institutions and e-money firms that have to comply with increased AML obligations as a result of FSA 2021.

Proposal 5.4: Accelerate plans for a UK CBDC - launch pilot in 12 to 18 months

Given global developments in CBDCs and the UK’s drive to compete at an international level, the report suggests it should be launching a CBDC pilot scheme within the next 12 to 18 months. To date, the Bank of England and HM Treasury have jointly created the CBDC Taskforce in order to coordinate the exploration of a potential UK CBDC.

The report suggests a hybrid model to be implemented such as the CityUnited Projects proposal, whereby the CBDC is a claim on the central bank, with PSPs acting to facilitate retail payments. This will help achieve interoperability between the CBDC and other forms of money and widespread adoption by consumers.

As a result of the rollout of CBDCs, the contributors to the report anticipate a significant reduction in cost, cash holdings and fraud levels while enabling “opportunities for real time regulation and supervision”.

Proposal 7: Replace the GDPR with new UK framework for data protection

The report proposes to reform the Data Protection Act 2018 that transposed the EU’s GDPR into domestic law. According to the report, such a reform would give stronger rights to consumers and citizens, while placing appropriate responsibility on companies and freeing up stringent protection of data to enable innovation.

The GDPR is centred around the principle of data being owned by citizens, requiring organisations generally to obtain a person’s consent to process their data. According to the report, this hinders competition due to being “prescriptive, inflexible and onerous” for businesses and consumers alike. Reforming the UK’s data protection regime by lifting these compliance requirements, especially for small to medium-sized enterprises (SMEs), could accelerate growth in the digital economy.

Although the proposal acknowledges that any reform of the UK’s GDPR must continue to ensure that privacy is protected, the report outlines the view that the regulation is outdated given the developments in artificial intelligence (AI) and data requirements necessary to enable it. Therefore, the UK should use an approach to data based more in common law, so it can be adapted to new and evolving technologies such as AI and blockchain.

Furthermore, the report makes recommendations to remove Article 22 of the GDPR. New legislation to replace Article 22 would need to consider that “automated decision-making should not be based solely on explicit consent, which would enable the use of data where there is a legitimate or public interest”. If Article 22 cannot be removed altogether, “GDPR should at a minimum be reformed to permit automated decision-making and remove human review of algorithmic decisions”.

Following the proposal, a consultation was launched on September 10, 2021.

FSA 2021 and Other Key Developments in Payments Regulation

Although the report proposes a reduced AML regime for open banking and fintech services such as AISPs and PISPs, the opposite is the case for payment institutions and e-money institutions. In particular, among the amendments introduced by the FSA 2021 specifically targeting payment institutions and e-money institutions is the express inclusion of these entities within the scope of a number of money laundering offences set out in Part 7 of the Proceeds of Crime Act 2002, as well as their inclusion within the scope of the rules addressing forfeiture of money held in accounts maintained with regulated firms.

Following FSA 2021 receiving royal assent, the FCA launched a consultation on a proposal to introduce a consumer duty on May 14, 2021 for retail clients in the financial services sector. The FCA distinguishes the initiative from the introduction of a specific duty of care, stating that the proposals are “a package of measures” meant to address issues identified in the financial services market, centred around the idea of principles, rules and consumer outcomes. A second consultation is anticipated to follow by December 31, 2021.

In addition, HM Treasury laid before parliament the Payment Services and Electronic Money (Amendment) Regulations 2020. The new regulations establish the extent that provisions concerning insolvency rules of the Banking Act 2009 apply to authorised payment institutions and e-money institutions, while setting out the legal grounds under which the authority is empowered to regulate insolvency matters applicable to such institutions.

In connection with the above, in December 2020, HM Treasury launched a public consultation on a draft instrument titled "The Payment and Electronic Money Institution Special Administration Regulations 2021". The Payment and Electronic Money Institution Insolvency Regulations 2021 were introduced, as a result, and came into force on July 8, 2021. It establishes a new insolvency procedure for special administration to operate as an alternative to the liquidation or administration of payment institutions and e-money institutions under the Insolvency Act 1986.

Other initiatives with an anticipated impact on the future of payments and regulation include: the Payments Landscape review; an updated framework for organisations willing to provide or embed digital identity products and services into their business models; and the delivery of the New Payments Architecture, a single clearing and settlement infrastructure that incorporates the international ISO 20022 standard.

Conclusion

The Taskforce on Innovation, Growth and Regulatory Reform’s independent report outlines the view that UK regulatory reform must be centred around competition and innovation by moving the UK from codified law towards principles-based common law, to increase competition both domestically and internationally, and by establishing a framework that supports and nurtures digital innovation.

To this end, the report includes a number of proposals on the expansion of open banking, improved conditions for challenger banks, reduced AML requirements for AISPs and PISPs, accelerating development of a UK CBDC and replacing the GDPR with a new UK data protection framework.

In addition to the Financial Services Regulatory Review, the Payments Landscape Review and New Payments Architecture strategy, among others, are aimed at ensuring the UK remains an open, innovative and attractive international financial centre.

Given the number of developments currently taking place in payment regulations, it is far from conclusive what effect the independent report alone will have on PSPs. Having said that, PSPs should take note of the extensive consultation schedule currently taking place in the UK in order to shape the future of payments to their advantage.

List of consultations discussed

• A consultation on Amendments to Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022. Closing date: October 14, 2021.
• A consultation on a ​​Review of the UK’s AML/CTF regulatory and supervisory regime. Closing date: October 14, 2021.
• A consultation on UK's data protection regime. Closing date: November 19, 2021.
• The second consultation on a proposal to introduce a consumer duty. Expected by: December 31, 2021.
• HM Treasury’s Financial Services Framework Review (announced in 2019) is currently in the second phase of development.
• Payments Landscape review consultation outcome is currently being analysed.