Anyone who works in the payments industry knows how highly-regulated it is – and this means meeting the standards set by the FCA, particularly around financial and operational resilience and data security. Here, Caroline Brady, Head of Compliance & MLRO at Access PaySuite, looks at the impact of new technology on the changing regulatory landscape.
The payments industry has seen a huge transformation over recent years with new technologies, regulations, changing consumers preference, and new entrants to the industry combining to disrupt what was, until recently, a sector dominated by the major banks.
Many countries have established ‘regulatory sandboxes’, test environments in which fintech companies can carry out experiments under regulatory supervision. In the UK, the FCA allow fintechs to conduct those experiments with real customers.
The FCA’s Business Plan 2021/ 22 highlights the scale of change, predicting that the UK fintech market’s revenue rose to £11bn in 2019 – almost doubling in only four years and accounting for almost 10 per cent of the global total.
But what does this mean for the regulator?
As the market for financial services continues to diversify and evolve, and the number of smaller players increases, regulators face new challenges when it comes to financial crime monitoring and standard‑setting.
Digital payments also present a host of regulatory challenges for governments because the definition of a traditional market has become blurred, making it difficult to enforce rules when operators are outside of the normal administrative boundaries.
It’s likely that existing approaches to financial crime risk management will become less effective at identifying and mitigating risk, promoting an industry-wide rethink and an increase in the use of new technology and digital solutions.
There’s also no doubt that banks and fintech firms will need to collaborate more in future, also relying on support and engagement from relevant regulatory bodies.
Regulatory pressure has been growing, with bodies such as the intergovernmental Financial Action Task Force (FATF) becoming more proactive in shaping the regulatory environment. The FCA has also been stepping up its efforts to ensure bank executives are personally accountable for managing financial crime risks, having rolled out the Senior Managers and Certification Regime (SMCR) back in 2016.
A key challenge here is designing regulations that are fit-for-purpose given that digitisation blurs the usual delineation of markets and sectors.
One area where we’re seeing major change is identification and verification – presenting the regulator with both opportunities and challenges. Over the next few years, an increasing number of organisations are expected to reconsider their verification and evaluation processes, with manual file review and on‑the‑spot interventions no longer deemed adequate.
In line with changing consumer demand, we’re seeing organisations apply for more varied onboarding controls. While some request information directly from customers, others use third-party data including Google and Facebook to streamline the process.
Other methods of electronic identification and verification – including selfie images, videos and other third-party data – are also becoming more commonplace.
Despite being designed to streamline the customer journey, in some cases requests for customer data are now duplicated across multiple organisations and there is now a real opportunity for regulators to address market inefficiencies by rewarding collaboration and innovative solutions.
Consolidation, mergers and acquisitions are also becoming more common and when this happens, organisations must ensure that they lawfully process and transfer client data, in line with regulations.
In a recent discussion with Bloomberg Daybreak Europe, Harry Eddis, global co-head of fintech at Linklaters LLP, a multinational law firm based in London, highlighted how the UK’s regulators have been supportive of innovative projects.
Eddis also predicted that 2021 will be a pivotal year as the big tech firms look to increase the types of services they offer to their clients, while regulators will want to keep a level playing field.
Principles in the FCA handbook require firms to organise and control their affairs responsibly and effectively, with adequate risk management systems. Before transferring clients’ personal data, consideration should be given to whether or not this is fair to and in the interests of their clients.
Those that intend to transfer or receive personal client data must be able to demonstrate how they have considered the fair treatment of consumers and how their actions comply with data protection and privacy laws.
As the financial services industry changes at lightning speed, regulators will need to remain agile over the next few years to ensure consumers are protected during a period of rapid transformation. With the right regulations in place, consumers look set to benefit significantly from new and innovative technologies being developed across the financial services sector.