'Robust recovery processes' necessary to ensure mobile banking services return to normal after outages, says FCA

Out-Law News | 11 Sep 2014 | 1:53 pm | 4 min. read

Banks need to have "robust recovery processes" in place to ensure that they can respond quickly to outages affecting the mobile banking services they offer, the Financial Conduct Authority (FCA) has said.

In a new report into mobile banking and payments (17-page / 605KB PDF), the regulator highlighted the rise of mobile banking in the UK and identified a number of issues that banks must address when providing mobile banking services. 

It said it was aware of outages affecting mobile banking services in recent times and said banks that "monitor consumer behaviour" are likely to be able to prevent outages occurring. In case disruption to services does occur, banks must have "robust recovery processes" in place, it said. 

"Mobile banking and payments services provide consumers with the ability to access their funds and make payments at flexible times and locations," the FCA said. "This flexibility has meant that mobile consumers currently interact with their bank up to three times more than consumers that bank online. This, in addition to the increasing popularity of mobile banking products and services, will put extra pressure on firms’ systems and may require additional system capacity." 

"We are aware that, in some cases, recent outages of the mobile services of large banks have been the result of an inability to cater for large transaction volumes," it said. "We found that where firms monitor consumer behaviour, for example the time of the day and frequency of logging in, they were more likely to ensure sufficient system capacity is in place to cater for peak transaction times and volumes. It is important that robust recovery processes are in place to ensure mobile services are restored in a timely manner in the event that services do fail."

In its study, the FCA assessed mobile banking and payment solutions at a number of banks, building societies and payment institutions. It assessed governance processes and policies and interviewed staff so as to obtain "a view of how firms manage any current risks around their mobile products and services, and how they deliver consumer outcomes". 

The FCA's review also involved trying to understand what future innovations will happen in mobile banking and payments and how the companies are assessing the benefits and risks that could arise for consumers. The regulator said it also liaised with companies involved in payment card schemes, technology providers and mobile network operators to gain "a wider view of the market". 

The FCA said it expected the payments market to evolve further in future and stressed it wanted to work with companies to help them understand how their innovations can be harnessed in compliance with existing regulations through its Project Innovate scheme

"As part of Project Innovate, we have published proposals to build an Incubator and an Innovation Hub," the FCA said. "The Incubator will help innovator applicants through our authorisations process. The Innovation Hub will provide a dedicated contact for firms which have been authorised with the help of the Incubator. It will also work with a range of businesses with innovative ideas, using our expertise to understand whether their innovation is compatible with our existing regulation." 

Banking law expert Tony Anderson of Pinsent Masons, the law firm behind Out-Law.com, said: "As expected regulatory education and compliance will be key issues for new and innovative players coming to market. Whilst the Incubator and Innovation Hub proposed under Project Innovate will be useful resources for such entities, it will be crucial that they also develop their own legal and compliance infrastructures moving forward to deal with what will be evolving regulatory and market landscapes. These are areas where the established players in this space such as the banks will still possess an advantage.”

According to the FCA's report on its review, banks have taken steps to address the risk that customers could make errors when using mobile banking services because of screen and keypad-size limitations on mobile devices. It said it had not seen evidence of "significant problems" in this respect and that it is "satisfied that the majority of firms have built safeguards into their products to mitigate the risk of such errors". 

Banks must ensure that they provide their mobile banking consumers with information about how to report unauthorised transactions and actively encourage them to do so to help tackle fraud, the FCA said. 

"We found that the most effective messages to consumers – whether in legal documents, such as terms and conditions, or informal advice – were clear, consistent and reflected consumers’ legal responsibilities," the FCA said in its report. 

Mobile banking providers were also urged to ensure that senior management must be suitably informed about the way products and services are delivered to mobile banking customers to be able to challenge designers of mobile banking products and services on whether consumers' interests are being looked after properly. 

"In our sample of firms, we found that senior management were most informed where firms were able to draw out relevant information, data and consumer indicators on mobile banking in MI (management information) to assess performance and outcomes," the FCA said. "We also saw the importance of having a strong governance and control framework in place so that appropriate information about the mobile banking channel is escalated up to senior management in a timely manner." 

The FCA's report also identified data security measures taken by banks to protect mobile banking customers' information. It said the banks it assessed all "encrypt data to safeguard its security". 

The regulator also highlighted good practices in the way banks oversee outsourcing arrangements relevant to mobile banking. In particular, it praised banks that had conducted due diligence on potential partners for delivering mobile banking services and continually monitored suppliers' behaviour "to ensure delivery standards were being met".