Rules of the game

Regulation has been as much of a catalyst for fintech innovation as it has been an impediment. We talked to two industry figures on the challenges, and the opportunities, created by regulators in Europe and the UK

Nowhere is this more the case than in Europe, where, in recent years, regulatory intervention and infrastructure renewal have been challenging incumbents and re-shaping established relationships and methods. At the same time, there has been growing recognition that the intrinsic risks within many financial systems need to be tackled. The successful implementation of reforms in different countries has been uneven, though, and planned outcomes have not always been achieved, with projects often unexpectedly slow to complete. For some, the planning and implementation of payments infrastructure development is a difficult task due to ingrained legacy systems, or the complexity of, and varying approaches to, reform. For others, payment system reform is simply unfamiliar territory.

Turning the legislators’ theory into practice is, therefore, not always easy. We’ve seen this played out with multiple extensions to go-live dates for various key pieces of legislation, including, most recently, Strong Customer Authentication (SCA) as part of the revised Payments Services Directive (PSD2). Although not a regulator, SWIFT’s delay of the ISO 20022 migration date for crossborder payments, by 12 months, to the end of 2022, as banks struggled with decommissioning and preparing existing infrastructure for transition, is another example.

Here, we look at the conflict between security and fast, frictionless payments, the differing mindsets of incumbent banks and challengers when it comes to payments regulations, and the ‘myth’ of regulatory alignment in Europe, from the perspective of an advisor on EU and UK regulation and a payment services provider’s lived reality.

The EU’s agenda to open up competition in payments has been a theme for the past decade. Partly through regulation, Europe has opened up the market with things like the Payment Services Directive, which was designed to level up the permissions, required for payment entities, broaden the definition of payment institutions, and allow players such as e-money institutions to participate in the financial services space. Since then, we’ve seen headline initiatives, like open banking.

On the other hand, you have the issue of consumer protection. Regulators want consumers to have choice, but also be protected against financial crime. However, regulators don’t necessarily understand how consumers use payments. That holds back innovation, to some extent. So, you’ve got this two steps forward, one step back scenario.

Nevertheless, fintechs see regulation as a massive opportunity – as we did when we realised, as an e-money institution, that we could go places that traditional banks and payment institutions couldn’t. We could generate business by adopting the regulation and understanding it.

Banks have a lot of compliance debt; legacy processes around regulation that have been so embedded into their organisations that they find it difficult to adapt to new rules. But most fintechs we work with, when there’s a change of regulation, such as when the contactless limits changed through COVID-19, are well and truly on it.

Also, if you look at trust, which is a huge part of financial services, fintechs have embraced the need to be transparent with their customers. Last year, for example, when British Airways had a data breach, cards that had been used on BA’s website were compromised. UK challenger Monzo was the first company I saw to spot the breach, go into their data warehouse and very quickly identify all their cards that had been used on the site, then communicate with their customers to say ‘we’re going to block your card and send you a new one’.

The regulator should be applauding that ability to respond. There’s no way big banks could have done that. The other thing that makes fintechs more adaptable is their partnership mentality.

There are still domestic requirements in Europe, so it’s not truly transparent. When we open an account for a customer in France, there is a database where we have to submit information on that customer in a certain format – just for French customers, to a company in France. If we’re opening an account in Belgium, it’s a different database with a different format, and so it goes on.

Some payment services can operate

ubiquitously across the EU, but with other types of financial regulation, you’re dragged into domestic issues. IBAN (international bank account number) discrimination due to geographical location, for instance: on one hand, you’ve got a concept of borderless bank payments, which is exactly what the EU is there for – to reduce friction, lower the cost of doing business and allow EU citizens to work and move their bank accounts wherever they want. That’s the principle. The reality is that domestic banks still consider the country they’re regulated in as the most important, and take a localised view. Some payment services can operate ubiquitously across the EU, but with other types of financial regulation you’re dragged into domestic issues THE REGULATORY ADVISOR

Regulation can be seen as putting the brakes on innovation but, at the same time, where it is proportionate and where it is about ensuring a level playing field, so there is additional access and opportunity, the industry can welcome it. Indeed, if you look at the creation of the Payment Systems Regulator in the UK, it’s been trying to encourage fintechs to challenge incumbents. While detailed, payments regulation has been relatively manageable for these payments firms and they have been very successful in internationalising their model.

Regulators tends to have clear objectives, such as encouraging competition and consumer protection, which is always going to have an impact on different ways of doing business. But to give credit to the European regulators, they have created a framework, particularly around payments, which has been copied across the world.

One of the great things about fintechs is that they are absolutely focussed on the user experience: the product is king. They want to build a great reputation with their customers, they want to keep things simple and transparent. I think regulators felt traditional providers weren’t always focussed sufficiently on the user, on the product, on prominence of pricing, etc. So, non-bank financial institutions, the e-money or payment institutions, were pushing a bit at an open door, because they were already doing a lot of what regulations was attempting to do: trying to make sure that there are no hidden surprises, no unfair terms, no catches, that it’s a product that works well for customers. The reason these regulated providers, in the UK at least, have had relatively light-touch supervision is because there’s been a similar direction taken by them and by regulators.

It’s been difficult for banks to adapt legacy systems to respond to competitive pressures and quickly launch new types of product, but also to respond to regulation. Secure Customer Authentication has shown how difficult it’s been. One thing one could ask more of from some regulators, particularly at European level, is for them to be more aware of the technology challenges of implementation; it’s not always obvious that legislators understand how much effort it takes, operationally, to implement change, to redesign systems to respond to new requirements, such as SCA.

For now, in the two jurisdictions of the EU and the UK, laws are still heavily aligned, so you’ve got a pretty high level of confidence that if you’ve an operating model, a product, a business structure, terms and conditions that work for one jurisdiction are likely to, largely, work for the other. There probably will be increasing divergence over time, and then, I suppose, it’s a question of figuring out what market you want to target and where you need to get your licence.

The UK is going to want to have your global headquarters in the UK. For that to happen, it needs to provide incentives. Part of that is going to be around regulation. The EU will potentially go down the route of much heavier regulation. In the UK, the Financial Conduct Authority (FCA), has a big focus on consumer protection, but it may, in some respects, be more proportionate than some of the EU initiatives. The FCA, hopefully, will be more cogent in how it approaches regulation because there’s just one country to please. In Europe, there’s a lot of compromise.