Banking and Finance - Regulatory update

Banking and Finance -  Regulatory update

5 May, 2017

Significant regulatory change is looming on the horizon for many financial services firms. The  UK must implement the revised Payment Services Directive ("PSD2") and must also implement the new General Data Protection Regulation, (the "GDPR"). Implementation of both PSD2 and the GDPR are unaffected by Brexit and are discussed in more detail below.

The Payment Services Directive (PSD2)

The UK must implement PSD2 by 13th January 2018. PSD2 introduces many changes to the payment services regulatory regime including:

  • an expansion of the types of payment service provider and payment services which fall within the scope of the payment services regulatory regime; 
  • provisions to enhance market efficiency and integration, including changes to the scope of the exclusions from PSD2;
  • new limits on the liability of the payer in respect of unauthorised payment transactions; 
  • new rules on the extent to which the payment service provider must provide assistance with recovering funds sent pursuant to incorrect routing information; 
  • a ban on surcharges for the use of certain payment instruments; and
  • new dispute resolution procedures for payment services disputes.

Compliance with PSD2 will necessitate review and amendment of payment service providers’ policies and procedures and also amendments to customer documentation. The adjustments required for compliance with PSD2 will demand planning, testing and execution time, none of which is facilitated by the fact that having published its consultation paper CP17/11 in April, the FCA does not plan to publish the finalised rules and guidance until Q3 2017.

The General Data Protection Regulation

The General Data Protection Regulation (the “GDPR”) comes into force on 25th May 2018. The GDPR has direct effect and therefore, no domestic legislation is required to implement the GDPR in the UK.

The GDPR introduces wide ranging changes to the data protection regulatory regime including:

  • expanded territorial reach so as to capture certain activity by data controllers and data processors situated outside the EU; 
  • the requirement, imposed on certain data controllers and data processors, to designate a Data Protection Officer;
  • new conditions relating to obtaining consent from a data subject regarding the collection, processing and retention of personal data together with a requirement that the data subject’s consent must be capable of being easily withdrawn;
  • new rules relating to intra-group international data transfers; 
  • new, more detailed requirements regarding the content of fair data processing notices and information given to data subjects; and
  • a new requirement on data controllers to notify most data breaches to the Office of the Information Commissioner (ICO) without undue delay and to the data subject in certain cases.

May 2018 may seem like a long way off, but it is clear that in order to make the required adjustments to policies, procedures and documentation, data controllers and data processors should examine first what it is that they do in practice so as to ensure compliance in real terms. The evaluation and analysis of actual practice in terms of the collection, processing, sharing and retention of personal data could be a lengthy process and data controllers and data processors should commence work and seek advice sooner rather than later.

Mortgage Credit Directive Article 3(1)(b) Credit Agreements

Finally, it is just over a year since the Mortgage Credit Directive ("MCD") took effect into English law. Whilst it is widely appreciated that the MCD regime covers lending secured over residential property, the concept of the ‘article 3(1)(b) credit agreement’ is less widely understood.

An ‘article 3(1)(b) credit agreement’ is a credit agreement which falls outside the definition of ‘regulated mortgage contract’, for example because it is secured on assets other than residential property, and which is entered into with a consumer where the purpose of the credit agreement is to ‘acquire or retain property rights in land or in an existing or projected building’.

Article 3(1)(b) credit agreements have a hybrid position in regulatory terms. Part 4A Permission for consumer credit lending is required before a lender lawfully may advance monies under an article 3(1)(b) credit agreement, but article 3(1)(b) credit agreements are subject to the rules set down in the Mortgages and Home Finance Conduct of Business Sourcebook within the FCA Handbook of Rules and Guidance at MCOB 14 and to the rules set down in the Consumer Credit Sourcebook (CONC) at CONC 1.2.8. Certain rules also apply to brokers and intermediaries of article 3(1)(b) credit agreements.

If the proposals outlined above were not enough to deal with, further upheaval is likely as follows:

  • the Government is committed to undertaking a review of the retained provisions of the Consumer Credit Act 1974 and the Financial Conduct Authority, (the "FCA") currently is reviewing the responses to the Call for Input circulated last year. Further information as to the scope of the review is expected shortly;
  • the FCA has announced its intention to extend the Senior Managers' Regime (the certification regime implemented last year to increase accountability in the banking sector) to all regulated firms and a consultation paper is expected shortly; and
  • the FCA is currently considering proposals for new rules to regulate crowdfunding and peer to peer lending platforms.


Related profiles:
Lucy Walker