Out-Law Analysis | 12 May 2017 | 12:57 pm | 5 min. read
Not only does this agenda bring increased cyber and fraud risks for banks to deal with, it comes at a time when banks are already hamstrung by stringent anti-money laundering (AML) duties, increasingly strict bank capital and liquidity requirements, and the implementation of the bank ring-fencing requirements. We have also seen from past experience that there is no guarantee that such an agenda will lead to the benefits for consumers and businesses that legislators and regulators envisage.
With technology advancing all the time, and regulation playing catch-up, there is no time for banks, consumers and other participants in the payment chain to take stock. Yet, it is incumbent on policy makers to pause any truly consider whether the direction of travel in the banking and payments market is the right one.
These concerns were discussed and debated at the recent Future of Money conference hosted by Pinsent Masons, the law firm behind Out-law.com.
The landscape banks are operating in
It is important that support for innovation is delivered in a way that doesn't expose institutions and consumers to undue new risks. It is also vital that innovation-friendly initiatives, which are vital to the health of markets, are considered with the bigger picture in mind.
Some of the broad issues banks are grappling with were addressed at the Future of Money conference.
Delegates from banks, payment service providers and corporates were all in agreement that AML compliance remains a major challenge. Although there is a growing trend towards contactless payments, it was AML compliance concerns in relation to money transfers that received substantial attention.
In general terms AML rules require payment processors to know who is making a payment, where funds originate from and where they are going to. They must have procedures in place to stop the proceeds of crime being channelled through them and to stop the funding of serious crime and terrorism.
When dealing with money transfers, it can be difficult to verify the identity of payers and be confident over the source of funds. Banks rely on information about payers and the funds to process the transactions in line with AML rules. Often payments can be delayed due to missing information even if those transactions are legitimate.
Guidance issued by the European Banking Authority (EBA) is designed to help banks understand what information about transactions is the most important and is necessary for payments to be processed in accordance with the AML rules. However, delegates were agreed that the international approach to AML is disjointed and would benefit from a more consistent approach to reduce delays to the processing of legitimate payments across the global payments market.
Capital and liquidity requirements were also flagged as a problem that banks are having to find innovative new ways to address.
In light of the financial crisis where some major banks had to be bailed out by public money, new rules were established to force banks to keep in reserve a certain level of capital in case another crisis emerges and puts pressure on their liquidity and capital. These rules have continued to evolve.
The Basel III capital requirements, however, can be seen as a disincentive to banks to hold deposits from major businesses depending on the length of the tenure and the use that the cash is being put to. To accept deposits, banks now need to counteract this liability on their balance sheet by holding additional capital in reserves against such deposits particularly if they are available after a short term and their use by the Bank’s customer is not operational.
This has impacted on the way banks have structured their cash management products and can have an impact on pricing for corporates. In addition, banks are developing models for corporates to invest their money, such as with infrastructure funds, rather than leave it sitting in their bank accounts, so as to alleviate the capital reserve pressures they are being put under.
Although the market is beginning to adjust, the Basel III requirements puts further pressure on banks' profitability. There are also broader questions about where corporates can store money safely if regulation discourages the major institutions from holding large deposits.
PSD2 and open banking
It is in this context that further reforms to support the advance of financial technology (fintech) and open up the banking and payments market to greater levels of competition and innovation are being delivered.
Reforms to EU payment services laws (PSD2) and the UK's open banking project have the potential to revolutionise the market. It is foreseen that the reforms will help consumers access innovative new services that benefit them, from slick mobile payment options and money saving and management apps, to better targeted promotions from retailers.
However, there are unanswered questions over customer demand for the new services the reforms are supposed to provide for. Previous initiatives designed to recalibrate the banking market, such as the UK's Current Account Switching Service (CASS), received a muted response from bank customers, for example.
There are also further concerns that the liberalisation of data and opening up of the market to new fintech providers will bring new cyber and fraud risks as well as a threat to financial stability.
Open application program interfaces (APIs) are set to play a central role in the future EU payment services market as PSD2 requires payment service providers, like banks, to open up access to account data to payment initiation service providers and account information aggregators when customers ask them to. APIs are also envisaged as being pivotal to the success of the UK's open banking initiative.
While the fintech providers set to flourish under the new initiatives will be subject to data security obligations, it is not hard to see that the interface between account providers and these fintech firms will introduce new cyber risks that all firms in the supply chain will need to be wary of, as well as potential new routes for fraudsters to try to dupe firms into releasing funds or data to them.
The chairman of the UK's Financial Conduct Authority (FCA), John Griffith-Jones, previously admitted that the open banking plans raise "a security dilemma" and a committee of MEPs more recently said that cyber risks in using APIs for financial services data sharing require special attention from EU policy makers at the European Commission. Delegates at our conference agreed that greater education on cyber risk is necessary within the sector.
In addition, banks, as trusted institutions, could be asked to foot the bill for losses customers experience to fraud from the advent of new fintech services, adding a further pressure to the bottom line.
Pause for thought
The outcomes from the PSD2 and open banking reforms will not be known at least, until well into 2018. However, they must not be viewed in isolation.
The main theme coming out from our conference is clear: further thought is required on policies designed to support innovation and digitisation in the financial services market to ensure they truly benefit customers and that new risks to consumer protection and financial stability are addressed.
Tony Anderson is a banking law expert at Pinsent Masons, the law firm behind Out-Law.com.