Credit Where It's Due

Having spent the past seven years banging on about the changes needed to democratise the financial system, it's only fitting that my last post for 2014 should give a little credit to the authorities for making some very significant changes this year.

The FCA published its rules to specifically regulate peer-to-peer lending in February, and its rules on crowd-investment in March. At the same time, the Chancellor announced the expansion of the ISA scheme to include peer-to-peer loans. In the Autumn Statement, he announced that consumers who lend to other consumers and sole traders through P2P platforms will be able to offset any losses against interest received. And there will be a consultation on expanding the ISA scheme to encourage crowd-investing in bonds and other debt securities.

We are still at the start of a long journey. The rules could be simpler and the EU could yet muddy the waters if the UK position is not well represented. But if you'd asked me in 2007 whether so much would be achieved by 2014 - particularly on the ISA front - I'd have been optimistic (naturally) but expecting the worst. Yet in 2015 we'll have both the regulatory 'blessing' and the incentives necessary to enable people with surplus cash to get it directly to creditworthy consumers and small businesses who needed it, instead of leaving the money tied up in low yield bank deposits or having it eaten away by fees in managed investment funds. 

Perhaps this is partly why 2014 also saw the bank bosses' swagger and bravado turn to panic. The trends which are combining to democratise the financial system have not only revealed that the stuffed shirts are powerless to stem the flow of fines for corrupt practices on virtually every front, but those trends have also produced competition from the banks' very own customers. 

Hell, even their auditors are finally coming under scrutiny!

But let's not get carried away. While crowdfunding is growing at over 150% a year, the crowd will probably produce 'only' about £5bn of funding in 2015, based on Nesta figures and assuming a boost from the ISA changes. 

So, while we've come along way since Bobby "Dazzler" Diamond infamously suggested that the time for bankers' remorse was over if the UK was to recover, we will still have a small business funding gap next year - eight years after the financial meltdown. In fact, in many ways the financial system is in worse shape now than in 2007, with less competition and appalling inefficiency in banking, vast public sector debt, a larger 'shadow banking' sector than every before (depending on how you measure it), and many key economies around the world suffering low/no growth. Events such as those in Russia, Greece and the Eurozone are applying further pressure to a system that is still broken. In these circumstances we remain terribly vulnerable to financial shocks. 

Still, the UK government deserves plenty of credit for the changes announced to date. Whether they have come early enough to help us through the next storm remains to be seen, but at least the national funding solution now lies substantially in our own hands. 

If we don't take the opportunity to crowdfund the recovery, we will only have ourselves to blame.

Good News For #FinTech And #Crowdfunding in Autumn Statement

The government has announced bad debt relief for lending through P2P platforms; a consultation on whether to extend ISA eligibility to crowd-investing in debt securities and an intention to review some rules that add unnecessary costs for institutional lending through P2P platforms.

Individuals lending through P2P platforms to offset any losses from loans which go bad against other P2P income. It will be effective from April 2016 and will allow individuals to make a self-assessment claim for relief on losses incurred from April 2015.

The government will also consult on the introduction of a withholding regime for personal income tax to apply across all P2P lending platforms from April 2017. This will help many individuals to resolve their tax liability without them having to file for Self Assessment.

The government will call for evidence on how APIs could be used in banking to enable financial technology companies to develop innovative solutions to allow customers compare banks and financial products.

From January 2015, the majority of card acquirers will offer a new service for small businesses to receive the funds from debit and credit card transactions much more quickly. Two acquirers will not meet this commitment, and the government will ask the Payment Systems Regulator (PSR) to examine whether small businesses are being disadvantaged as a result.

The government will allow gains that are eligible for Entrepreneurs’ Relief (ER) and deferred into investment under the Enterprise Investment Scheme (EIS) or Social Investment Tax Relief (SITR) to benefit from ER when the gain is realised. The government will also increase the annual investment limit for SITR to £5 million per annum, up to a total of £15 million per organisation, from April 2015 and will also consult further on a new relief for indirect investment in social enterprises.

To better target the tax reliefs, the government will exclude all companies substantially benefiting from other government support for the generation of renewable energy from also benefiting from tax-advantaged venture capital schemes, with the exception of community energy generation undertaken by qualifying organisations. The government will also make it easier for qualifying investors and companies to use the tax-advantaged venture capital schemes by launching a new digital process in 2016.

Officials Alarmed By PSD2 And Barriers To Innovation In Payments

In a joint study, Ofcom and the UK's new Payment Systems Regulator have explored the reasons for limited innovation in the UK payment services market, sounding the alarm over the potential impact of PSD2. But the study does not thoroughly explore the most recent proposals, which would make the situation worse than officials seem to appreciate.

The study confirms that most of the innovation is facing retail customers and relies on the existing payments infrastructure.

Various factors act as a barrier to the scale and pace of innovation seen in other technology sectors. There is a low tolerance for system failures, naturally, but the resulting high security and resilience requirements make systems more rigid and less open to the usual market forces of present in other IT sectors. New entrants also find it hard to break through the network effects that support existing payment methods (e.g. cards). Investment is further constrained by significant uncertainty around regulation and technological standards. Finally, the interests of consumers, merchants, telcos and financial institutions are not aligned in the types of services being offered - in essence we're seeing an attempted 'land grab' by competing institutions at customers' expense.

It is critical that the European Council considers this report as it finalises the proposals for PSD2, which would make this situation worse. Equally, however, it is a pity that this study was not able to more thoroughly explore the potential impact of those proposals.

Let's hope for some more joined up thinking in the weeks to come!

The End Of Merchant-hosted Checkouts?

Source: LoudMouth Media

You may have noticed that I'm madly trying to keep up with the blast of confetti from Brussels known as "PSD2". It's very fortunate that the SCL's editor is blessed with a good sense of humour, not to mention the readership. In advance of my latest update, here's a warning of a fairly brutal provision for e-commerce merchants in the latest version of PSD2.

Not satisfied with forcing 'gateway' service providers to supply their services directly to regulated institutions rather than merchants, if they wish to remain exempt, it seems the EU Council also considers that e-commerce checkout pages on merchant sites are "payment instruments" in their own right (not just the payment methods displayed on them).

A new information requirement seems to mean that where customers are shown a range of different card-scheme brands as payment options prior to checkout (itself referred to as “the issuance of a payment instrument”), they should be informed that they have the right to select a particular brand and to change their selection at point of sale.

On the surface, this requirement adds nothing. It's how checkout processes already work. If you want to pay by card, you click on the card scheme logos, and up comes a page that asks you to enter a card number from any of the brands displayed. But describing a checkout process as a “payment instrument” (rather than merely the payment methods available on it), suggests that the entity which serves up the web page that enables checkout is itself the issuer of a payment instrument and should be authorised accordingly.

It's likely that many e-commerce merchants will host their own checkout page or process, and the transaction only moves to the acquirer’s servers either once the customer has selected which type of payment instrument she wishes to use, or (if the merchant is PCI compliant) once the transaction is captured and sent to the acquirer.

So this provision would actually require such a merchant to either cease hosting any aspect of the checkout process or become authorised as a payment instrument issuer (or the agent of an authorised firm). It also raises the question whether such a merchant is also 'initiating payment transactions', with the same consequences.

This is revolutionary stuff. If passed in this form, PSD2 could drive the need for significant website re-development work. Of course, it could also mean good business for e-commerce marketplaces, or regulatory specialists who help firms apply for authorisation (pick me!). But it's really just overkill.

In their quest for 'the highest standards of consumer protection', the European authorities seem oblivious to the adverse impact on competition and innovation in the payments sector that will come from delivering control over key aspects of e-commerce infrastructure to the comparatively few firms who will bother becoming authorised. Ironically, it was this sort of concentration that drove the need for the current PSD - to open up the banking/card scheme monopoly. Perhaps the banks and their schemes are winning the battle to retain their dominance after all...

The Cost Of Leaving Payment Security To The Beurocrats: #PSD2

The more I study the latest proposal for a new Payment Services Directive (PSD2), the more I'm concerned that it will reduce innovation and competition. Not only does it hand control of wider transaction technology to regulated payment service providers (PSPs), but security standards will also be centrally controlled by the European Banking Authority, as explained below. It seems the authorities are busy creating a new version of the banking monopoly that the PSD was designed to break down. But maybe the idea is to create work for the new Payment Systems Regulator...

Putting aside the ability for PSPs to control the wider transaction infrastructure, PSD2 empowers the EBA to set technical standards governing 'strong customer authentication', as well as how PSPs communicate among themselves and with customers.

These standards are very far-reaching.

Subject to any exemptions the EBA may grant (based on risk, amount/recurrence of a transaction and the channel), all PSPs will have to apply strong authentication when a customer who wishes to make a payment (the 'payer'):

• accesses a payment account online;
• initiates an electronic payment transaction; and/or
• "carries out any action through a remote channel which may imply a risk of fraud or other abuses".

In the case of an electronic payment transaction that is initiated via the Internet or 'other at-a-distance channel' (a "remote payment transaction"), the authentication must “include elements dynamically linking the transaction to a specific amount and a specific payee”).

In addition, PSD2 proposes numerous different security requirements for different types of PSP depending on whether they initiate payments, issue a payment instrument or provide account information services. PSPs will also have a 'framework' to manage operational risk and provide the regulator with their assessment of the risks and the adequacy of their controls. They must classify “major incidents” and report them to their regulator without undue delay. The regulator must then report the incident to the EBA and the European Central Bank. If the incident affects the financial interests of users, the PSP must also inform them without undue delay, along with possible measures they can take to mitigate the problem.

While we should acknowledge the challenge at the heart of all European law, that an Englishman's red tape is a Frenchman's business manual, everyone should question the wisdom of tying the development of payments security to the speed of European bureaucracy. PSD2 provides that the first draft of the EBA’s technical standards will only be available 12 months after PSD2 is approved, and there is no explicit deadline for the standards to be finalised (although the EBA is consulting on 'guidelines' here). Beyond the initial drafting, the EBA is merely tasked with reviewing and, if appropriate, updating the standards “on a regular basis” - but neither the frequency nor regularity of those reviews is specified. Surely, the EBA's role should be limited to reviewing standards (if any) as the market develops them - hopefully a step ahead of the fraudsters? How many business plans will otherwise stall in anticipation of the EBA's pronouncement and the resulting talkfest?

Conspiracy theorists will be pleased to see restrictions on the extent to which payment account service provider (ASPs) can use the security measures to discriminate against any third party PSP (TPP) who wishes to access their payment accounts. But there do not seem to be any such restrictions on discrimination the other way around. So PSD2 would hard-wire the current (mistaken) assumption that the ASP is 'king' in the context of its customers' day-to-day activities, while the dominant customer relationship increasingly lies elsewhere. Indeed, in the digital world, large TPPs could end up dictating the number and type of ASPs we all use, as well as the payment services those ASPs provide. Perhaps the new Payment Systems Regulator could address this by designating such a powerful TPP as a 'payment system' (which is very loosely defined), but it would be preferable to avoid creating the potential for such power in the first place.