Out-Law Analysis | 12 Jan 2018 | 10:21 am | 6 min. read
The year ahead will be shaped to a large extent by a number of major changes in legislation, from the revised Payment Services Directive (PSD2) this month and implementation of MiFID II, to the forthcoming General Data Protection Regulation (GDPR) and Network and Information Security (NIS) Directive in May. There is also the prospect of Brexit coming into focus as we head towards 2019.
Three of the legal frameworks contain new breach notification obligations that firms subject to the rules will have to comply with. As a result, we expect a rise in the number of data and security breaches that become public, with potential for this to cause the public to become increasingly desensitised to security incidents, hacking attacks and other examples where their data is compromised.
Changes in the market will also stem from advances in technology and evolving consumer habits.
In this respect, we can also expect to see developments in relation to the modernisation of the infrastructure that sits behind UK payment systems, an increasing role for automation and robotics in outsourced services, and increasing digital solutions for high friction sanctions, know-your-customer (KYC) and anti-money laundering (AML) checks.
Applying for insurance products will also become simpler and quicker for customers owing to more advanced underwriting operating in the background – this will go mainstream. Combining datasets lets insurers build up a profile of risks from a range of factors like geographic area, for example, as it may indicate crime or accident rates and other factors that could impact on premiums much more than what locks you have on your house. We will increasingly see consumers able to buy insurance, even life cover, through very simple pathways, by answering a handful of questions in under a minute.
We can also expect to see a shift towards insurance-as-a-service in some areas of the market. This will reflect growth in the sharing economy and consumer demand for flexibility or on-demand service. For example, we will increasingly see car or top-up property insurance made available on a 'per day' basis, either for fixed periods or rolling, rather than annual renewal, which could benefit AirBnB renters and others that don't have the standard demands. This will be driven by user needs and habits, such as, for instance, the fact that young people are becoming less and less likely to own their own car or home and as a result do not need to have cover for their assets 24/7. We can expect more flexibility and more short- and flexible-term products to be on offer as a result.
ICOs and cryptocurrencies
The main thing to happen in 2017 was that 'initial coin offerings' (ICOs) emerged from niche to mainstream, largely down to investment from larger investor entities and people with a 'me too' mindset. In 2018 we will see a more mature discussion about ICOs progress which will centre around the potential of the process as a vehicle for raising funds not just for potential token-based businesses but for established large corporations too.
The rise of ICOs in 2018 as a potential legitimate vehicle for raising funds will parallel the early years of crowdfunding and peer-to-peer lending markets. Regulators will continue to issue warnings but this has had little impact to date – already in 2018 we have seen the Konika share price jump due to announcements of its coin.
As for bitcoin, people have got rich and others want it for themselves. Will the music stop? Many refer back to the initial paper on bitcoin from Satoshi Nakamoto, the person said to have founded the virtual currency, and highlight that it was stated to be designed for remittance purposes and not as an investment tool. However, implicitly there was always the idea that it could be used as an asset or a store of value akin to gold – that is where the mining concept comes from.
There will no doubt be many more examples of customer detriment this year with people losing money with the ups and downs of bitcoin value, and liquidity issues as people rush for the door and no one wanting to buy. However, what is often overlooked is the size of the market in terms of participants rather than market capitalisation. The sheer number of investors and number of geographical locations from where they are based already make this different to the 'dot com' boom to which it is often compared.
If a lot of people in the UK get into ICOs they will start to realise that they have capital gains tax to pay and HMRC is likely to wise up to this too. There are no tax wrappers around ICO products and a discussion will ensue at some point as to whether this riskier class of holding value should be given similar treatment to other high-risk investments such as EIS schemes.
In terms of regulation, there is a lot of talk about AML applying to the exchanges. However, there is a lot of work to do for regulators to think more carefully about market participants and not only in terms of 'exchanges'. Brokers, peer-to-peer marketplaces and exchanges that do not deal with fiat currencies need to be considered. Catch-all rules that do not give attention to the significantly different role these market participants have may cause more damage and uncertainty for consumers. The product itself may continue to not be regulated – this seems most likely given the challenges of applying territorial boundaries and rules to such a dynamic international product.
All that said, it is unlikely we will see bitcoin become a common method of payment on the high-street. This is because the way those transactions are processed – via the blockchain – is not instant. It is hard to envisage either retailers or consumers being happy to wait minutes for confirmation that payments made using bitcoin are complete. There is far greater potential for bitcoin to enter the mainstream in the context of payments in e-commerce markets where delays imposed by one customer's choice have less impact on others.
PSD2 and open banking
We will see PSD2-supported payment initiation services emerge more and more as we move through 2018.
We can expect incumbent institutions to roll out new products in a defensive move to stay as the main channel to the customers' needs, but we can also expect online retailers to move into the new market for payment initiation.
This move by retailers is likely to put the squeeze on credit cards. This is because the solutions they develop will incentivise customers to make payments via bank transfer and not payment cards. Retailers stand to benefit from this because they will reduce the fees they have to pay to support credit card payments. Customers are likely to be incentivised into using the alternative solutions through discounts that retailers offer to help this new payment channel bed in.
A major drawback is that consumers would not benefit from protections that apply when using their credit cards if making payments via bank transfer through new payment initiation services.
In the UK, there is a challenge to be met in bringing the 'Open Banking' protocols into line with the EBA's PSD2 and the related strong customer authentication standards.
Currently, the technical process that enables third party services to access bank account data, called 'redirection', which switches customers using the third party services from the service provider's platform to the bank's systems during the log-in process before pulling the data back to the service provider's platform, is inconsistent with PSD2 regime.
The finalisation of the strong customer authentication standards will help those behind the development of Open Banking standards to understand what they need to do to ensure solutions are fully PSD2-compliant.
Despite the fact that the strong customer authentication standards under PSD2 will not take effect until 18 months after they are published in the Official Journal of the EU, 2018 will be an important time for testing new APIs. In reality, testing will likely have to take place no later than nine months after the standards are set, so sometime in the autumn of 2018. That presents a time pressure for businesses to ensure that they will comply.