FCA issues guidance on Payment Services Regulations 2024

The FCA has recently published its finalised guidance (FG) to explain how firms are expected to apply changes introduced by the Payment Services (Amendment) Regulations 2024 (the regulation). The regulation introduces new measures for payment service providers (PSPs) to combat fraud, giving firms the ability to slow down the processing of outbound Authorised Push Payments (APP) transactions where they have reasonable grounds to suspect fraud or dishonesty on the part of someone other than the payer.

All the relevant sections of the FG have been added to Chapter 8 of the FCA Payment Services and Electronic Money Approach Document. (If you’re like me, you may have a link to the Approach Document as a bookmark on your website browser, if you do make sure you update it to this one, version 6 if you’re interested!)

Key provisions and FCA guidance:

The core focus of the regulation is to empower PSPs to delay outbound payments under specific circumstances. This measure aims to provide additional time for thorough checks and risk assessments, potentially preventing fraudulent transactions.

In essence, the regulation permits a PSP to delay crediting the amount of a payment transaction to the account of the payee’s PSP until the end of the fourth business day following the time the payment order was received, if both the following conditions apply:

• the PSP has established that there are reasonable grounds to suspect a payment order has been placed, subsequent to fraud or dishonesty perpetrated by a person other than the payer (“reasonable grounds to suspect fraud or dishonesty”); and
• such grounds are established no later than the end of the business day following the time of receipt of the payment order.

The FCA FG provides clarity on the criteria PSPs should consider when determining whether they have "reasonable grounds to suspect" fraudulent activity. This includes factors such as unusual transaction patterns, discrepancies in customer information, or red flags identified through advanced fraud detection systems.

It is however important to keep in mind that the FCA clarifies that the test for delaying payments under this FG must be considered independently of any other obligations that a PSP may have under financial crime legislation. In other words, a PSP’s assessment of whether they can delay payments under the regulation is distinct from their assessment of whether they are required to submit reports under the Proceeds of Crime Act 2002 (POCA) or the Terrorism Act 2000 (TF).

Both obligations are not expected to run concurrently on the same issue if an investigation leads a firm to form a suspicion of Money Laundering or Terrorist financing under POCA or TF. An example the FCA has outlined in the FG is where the PSP suspects that a payment order has been submitted by the payer subsequent to fraud or dishonesty perpetrated by the payer, the PSP would not be able to rely on the regulation, because the condition for delaying the payment under the regulation would not have been met.

Obligations for PSPs

If a PSP decides to delay an outbound payment, the regulation outlines the following specific obligations:

• It must promptly notify the payer of the delay, providing reasons for the decision (unless doing so could compromise fraud investigations such as when it suspects the payer might be complicit in a fraud and where that would be unlawful, such as restrictions on tipping-off);
• It should do everything in its power to process the payment as soon as practicable, ensuring that undue delays are avoided;
• If the PSP refuses to execute a payment order it must notify the customer of the refusal, unless it is unlawful to do so (e.g. due to restrictions on ‘tipping-off’). The notification must, if possible, include the reasons for the refusal; and
• Detailed records must be maintained regarding the reasons for the delay, actions taken, and any communications with relevant parties.

Treatment of inbound payments

The regulation also addresses the treatment of inbound payments. PSPs are expected to exercise due diligence to mitigate the risk of fraud or financial crime. The FG states that PSPs may delay making funds available to a payee under certain circumstances when making the funds available to the payee would breach any of the provisions of POCA or TF, and if the PSP's nominated officer needs additional time to assess the risk of money laundering or terrorism financing, due to factors outside their control.

The FCA expects a payee’s PSP to act as quickly as is practical to make its assessment, and that the PSP should make funds available to a payee as soon as it has concluded that it is not prevented from doing so under POCA or TF.

Consumer Duty

The FCA requires PSPs to monitor and assess customer outcomes to ensure compliance with the Consumer Duty. This involves tracking key metrics related to delayed payments, such as:

For outbound payments:

• Reasons for suspicion
• Duration of delays
• Transaction completion status
• Transaction value
• Customer vulnerability indicators

For inbound payments:

• Proportion of delayed transactions
• Success rate of delayed transactions
• Delay durations
• Total volume and value of delayed payments
• Customer support provided

Impact on the payments industry

The new regulation and the FCA FG will likely have further significant impact on the payments industry, coming hot on the heels of the changes introduced by the Payment Systems Regulator, in relation to APP Fraud and the mandatory reimbursement scheme. PSPs must now additionally adapt their systems and processes to comply with the new requirements. This may involve still further investments in technology, additional staff training and enhancing risk management , albeit building on the existing frameworks expected to already be in place to detect, identify and prevent APP fraud.

If you have any queries, please don't hesitate to contact our financial crime prevention experts at Cosegic for assistance.