Consumer finance, and retail banking and payments, are accessible and established industries in the UK. The regulatory environment is mature and is derived from both domestic and European legislation. Fast-paced innovation has diversified the market in recent years, with many new products and providers, although the availability of credit has in recent years become more restricted in some respects owing to the response of regulators and lenders to the financial crisis and other developments. For the most part, regulators have sought to facilitate innovation as the UK government tries to keep the jurisdiction competitive, while increasing consumer protection in a number of areas.
II LEGISLATIVE AND REGULATORY FRAMEWORK
In the UK, consumer lending, deposit-taking and payments are regulated under a number of vertical (i.e., product-specific) and horizontal (non-product-specific) regulatory regimes, which to a large extent derive from EU laws. There is therefore a large degree of consistency of regulation across the European Economic Area (EEA)2 in these areas, with this being particularly the case for payments.
The consumer credit regimes for secured and unsecured lending are set out in the Consumer Credit Act 1974 (CCA), the Financial Services and Markets Act 2000 (FSMA), secondary legislation and the UK Financial Conduct Authority (FCA) Handbook of rules and guidance (the FCA Handbook).3 The FCA Handbook includes, among other things, the Consumer Credit sourcebook (CONC) and the Mortgage and Home Finance Conduct of Business sourcebook (MCOB). The CCA and FSMA implement and supplement the EU Consumer Credit Directive and Mortgage Credit Directive (MCD).4 The FSMA sets out the licensing regime for different types of lending, as well as a range of intermediary and ancillary activities.
The consumer credit regimes are also highly prescriptive of conduct matters, such as the format and content of advertising and the information to be provided before, during and after entering into credit agreements; consumer rights; and required or prohibited practices, in areas such as underwriting, charging or collecting on loans. Failure to comply can in many cases have an impact on the enforceability of loan agreements and result in customer remediation and enforcement action. In many cases the consumer credit regime protects not only consumers, but also 'quasi-consumer' borrowers such as sole traders and certain small partnerships and unincorporated associations in the case of non-mortgage lending (certain business mortgages are also regulated). We discuss the consumer credit regime in more detail below.
FSMA also includes the licensing regime for deposit-taking, namely provision of banking products such as current and savings accounts, as well as a range of related conduct requirements protecting 'banking customers' (consumers and quasi-consumers)5 under the Banking Conduct of Business sourcebook (BCOBS) in the FCA Handbook. BCOBS sets out a variety of obligations on banks (and rights for customers) in relation to bank accounts, for example:
- rights for banking customers to switch their accounts from one bank to another, where they do not already have such rights under the Payment Accounts Regulations (see below);6
- cancellation rights;7
- information requirements, which in many respects mirror those under the Payment Services Regulations 2017 (PSRs), distance marketing and e-commerce regimes (see below), but also apply more widely – for example to advertising;8 and
- liability of banks for unauthorised and improperly executed transactions, again similar to those under the PSRs.9
As a general rule, where a bank account is already subject to the PSRs, matching requirements under BCOBS are disapplied.10
The payments regime is set out primarily in the PSRs, supplemented by detailed guidance in the FCA's 'Payment Services and Electronic Money: Our Approach' document. The PSRs implemented the second EU Payment Services Directive (PSD2)11 with effect from 13 January 2018 – replacing the Payment Services Regulations 2009, which had implemented the first EU Payment Services Directive12 (PSD1). The PSRs include both a licensing regime for 'payment institutions' and a registration regime for account information service providers (AISPs), which are forms of non-bank financial institution, and extensive conduct requirements, which apply not only to payment institutions (and, to a limited extent, to AISPs) but also to other types of financial institution such as banks and electronic money institutions (EMIs) when providing payment services in relation to their products.
We describe the PSRs in more detail later in this chapter.
Closely related to the payments regime is the electronic money (or e-money) regime under the Electronic Money Regulations 2011 (EMRs), which implement the EU Electronic Money Directive.13 The EMRs include a licensing regime for EMIs, which are non-bank financial institutions permitted to issue and hold e-money balances (effectively quasi-deposit balances that are intended as a means of spending rather than as a means of saving), and which can also provide the same payment services as payment institutions and limited credit facilities such as credit cards or quasi-overdraft facilities. The EMRs have a limited number of conduct requirements specifically for e-money, including prohibitions on payment of interest (or equivalent) and customer rights to refunds of their e-money.14 The conduct requirements generally apply to all customers, although there is a partial opt-out from the refund provisions available for non-consumers15 (similar to the way in which (as discussed below) larger business customers can opt out of certain provisions in the PSRs).
Other areas of payments regulation include:
- the EU Interchange Fee Regulation,16 which caps interchange fees, potentially requires reorganisation of card schemes (such as Visa and MasterCard), and requires changes to card scheme rules and customer agreements to provide, in particular, merchants with new rights when taking payments through the card schemes;
- the EU Payment Accounts Directive,17 as implemented in the UK by the Payment Accounts Regulations 2015, which impose fees transparency, account switching and accessibility obligations typically in relation to current accounts provided by banks but also potentially certain other payment accounts;18 and
- a purely UK regime under the Financial Services (Banking Reform) Act 2013, which includes broad provisions geared toward improving competition, innovation and the service user experience in the context of payment systems (e.g., Visa, MasterCard and domestic UK clearing systems such as the faster payments service).
There are, additionally, a variety of horizontal requirements generally applicable across all the consumer lending, retail banking and payment services referred to above, including, for example:
- the anti-money laundering, terrorist finance and sanctions regimes under legislation such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Proceeds of Crime Act 2002, Terrorism Act 2000, EU Wire Transfer Regulation19 and Consolidated List of HM Treasury and the Office of Financial Sanctions Implementation;20
- fairness requirements under the Consumer Rights Act 2015 (CRA) and (other than for payment institutions, AISPs and EMIs only providing regulated payment and e-money services) the FCA's 'treating customers fairly' regime;21
- consumer cancellation rights and information requirements for financial services contracts entered into remotely with consumers (e.g., online or through a phone, under the Financial Services (Distance Marketing) Regulations 2004);
- information requirements and provisions on the placing and confirmation of orders under the Electronic Commerce (EC Directive) Regulations 2002, which also apply in part to non-consumers;
- prohibitions on a range of inappropriate practices with respect to consumers, including, for example, misleading omissions from advertising, under the Consumer Protection from Unfair Trading Regulations 2008;22 and
- restrictions and requirements regarding use of individuals' personal data, including for marketing purposes, under legislation such as the Data Protection Act 1998 (deriving from the EU Data Protection Directive 1995,23 which was replaced by the EU General Data Protection Regulation24 with effect from May 2018) and the Privacy (Electronic Communications) Regulations 2003 (deriving from the Privacy and Electronic Communications Directive).25
Again, to a large extent those requirements derive from EU legislation.
As regards the impact of the Brexit referendum on 23 June 2016, resulting in a vote for the United Kingdom to leave the EU, the general approach of the UK financial services regulators appears to be that it is business as usual26 and that financial institutions should continue to comply with EU laws or UK laws deriving from EU laws unless and until they are amended following implementation of Brexit.
Finally, although it falls outside the discussion in this chapter, it is worth noting that payment service providers (PSPs) and others involved in the issue or acceptance of credit cards, debit cards and similar products under the aegis of a payment scheme such as Visa or MasterCard, are usually subject to detailed rules, operating regulations or similar requirements set by the governing authority of the scheme.
Following the financial crisis in 2007–2008, the UK government undertook a review of all aspects of financial regulation, which led to a reformation of the UK's financial regulators.
On 1 April 2013, the UK's Financial Services Authority was abolished and its licensing and regulatory functions – including in relation to banking, e-money and payment services – were transferred to two new regulators: the Prudential Regulatory Authority (PRA) and the FCA. On that date the PRA became the licensing authority for banks (certain strategic and policymaking powers of the PRA have since been transferred to a Bank of England Prudential Regulation Committee, from March 2017)27 and the FCA became the licensing authority for non-bank mortgage lenders and intermediaries, payment institutions and EMIs. The FCA also became the lead conduct regulator for banks as well as most mortgage lenders, intermediaries, payment institutions (and, now, AISPs) and EMIs.
The Office of Fair Trading (OFT) had for a long time been the licensing and conduct regulator for most non-mortgage consumer lending, but it was dissolved and its responsibilities passed to the FCA in April 2014.
A subsidiary of the FCA, the Payment Systems Regulator (which became operational on 1 April 2015), is the lead regulator for the UK payment systems regime under the Financial Services (Banking Reform) Act 2013 and the lead enforcement authority for the EU Interchange Fee Regulation.
Those regulators have at their disposal a wide range of investigative, enforcement and disciplinary tools. For example, they have a broad range of information gathering and investigatory powers; and they can impose (or apply to court for) a range of sanctions, typically including public censure, powers to give directions, financial penalties, disgorgement of ill-gotten profits, customer restitution, imposition of conditions on licences (or their revocation), injunctions and, in some cases, criminal prosecution.28
Finally, it is worth noting the out of court disputes resolution regime presided over by the Financial Ombudsman Service. This is governed by the Dispute Resolution: Complaints Manual in the FCA Handbook, and generally provides consumers and quasi-consumers with a free channel for bringing complaints against banks, lenders, payment institutions, AISPs and EMIs (with those providers typically having to pay case fees to the Financial Ombudsman Service). The Financial Ombudsman Service has a mandate for determining complaints on the basis of what it considers to be 'fair and reasonable in all the circumstances of the case'.29 If the Financial Ombudsman Service upholds a complaint, as it often does, it can make a substantial financial award against the provider.
The payment services regime was introduced under the UK Payment Services Regulations 2009 on 1 November 2009, which implemented PSD1. At that time, its main impact was on traditional products such as current accounts, credit cards, money remittance and merchant acquiring. Since then, the range of payment products and PSPs on the market has diversified, particularly in the areas of digital and mobile banking, e-money and mobile payments – and the application of payment services regulation has broadened accordingly.
To reflect the rapid expansion of the payments market, the regulatory regime was updated by PSD2, which was required to be implemented in all EU Member States by 13 January 2018. In addition to capturing the newly regulated payment services of account information services (AIS) and payment initiation services (PIS), together often referred to as third-party payment services provided by third-party providers (TPPs), PSD2 has widened the territorial scope of the payments conduct of business regime and introduced detailed security requirements and access rights for TPPs, which are likely to have a substantial impact on account providers. PSD2 was implemented in the UK by the PSRs. We discuss some of the main areas of change below.
In the following paragraphs, we summarise some of the main obligations on PSPs.
Regulated payment services
The PSRs regulate the following activities:
- executing funds transfers, for example, transfers to or from a payment account (such as a current account or e-money account), or placing or withdrawing of cash on such accounts, or money remittance services involving transfers that are not from or to an account;
- issuing payment instruments (e.g., payment cards or potentially apps in mobile phones);
- acting as merchant acquirers or some other forms of payment processor (a definition of 'acquiring of payment transactions' was introduced for the first time in PSD2,30 which means that some payment processors who previously had unregulated relationships with merchants may now have regulated relationships, and have to seek authorisation accordingly); and
- acting as a TPP, by – in broad terms – providing access to account information (i.e., AIS) or initiating payments at a customer's request from their account held with a third party (i.e., PIS).31
There are also a number of exemptions from those regulated payment services, perhaps most notably the following.
The commercial agent exemption is available for 'payment transactions between the payer and the payee through a commercial agent authorised in an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee'. There has been much discussion over whether and when online marketplaces (and other payments providers) should be able to rely on this exemption, with the general sense being that it will now be harder to fall within scope of the exemption.32
The limited network exemption most notably applies to:
services based on specific payment instruments that can be used only in a limited way and meet one of the following conditions . . . (ii) are issued by a professional issuer and allow the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer; [or] (iii) may be used only to acquire a very limited range of goods or services.
This exemption lends itself to products such as certain fuel, restaurant or store cards – although some providers have sought to rely on it for broader networks of service providers, or wider ranges of goods and services, so requiring an exercise of judgement (and potentially engagement with local regulators) as to how far it is appropriate to do so.33
Authorisation and passporting
Where a PSP provides a regulated payment service in the UK, and an exemption does not apply, the PSP needs to be suitably licensed by the FCA or another relevant authority including in another EEA country. Typically, the PSP will be licensed as a bank, EMI or payment institution, or registered as an AISP.
The PSRs set out the licensing regime for payment institutions and registration regime for AISPs.34 Licensed payment institutions are required to maintain a certain level of regulatory capital, and to safeguard customer funds (although safeguarding is not applicable to PIs only providing PIS, as they do not handle customer funds). There are number of options for how to safeguard, with the most common method being to put funds received from or for customers (or matched amounts) in a ring-fenced bank account. Although this is the most common way to safeguard, it does often raise a number of operational challenges, and some PSPs will accordingly look to alternative safeguarding options such as safeguarding insurance (although this can be expensive and hard to obtain).35
AISPs (providing only AIS and not other regulated payment services) are not subject to the full licensing regime; rather they are subject to a lesser registration regime,36 the most notable feature of which is the need to hold professional indemnity insurance against the risks of conducting their activities. Similar insurance also needs to be held by payment institutions and EMIs who provide PIS.37
Other key areas of focus under the licensing regime are: the robustness of a payment institution's systems and controls,38 particularly its IT systems; and the need for any functions outsourced by a payment institution – including intra-group outsourcings – to be appropriately overseen by the payment institution and to meet a number of other requirements39 (some of these requirements also apply to AISPs).
As well as payment institutions being permitted to provide regulated payment services, they can also provide credit in limited circumstances,40 for example, by issuing credit cards, but may need to obtain additional consumer credit permissions under the FSMA in order to do so.41
A payment institution authorised in one EEA state (such as the UK) can use its licence in all other EEA states – the passporting regime. This means that, once authorised in one EEA jurisdiction, a payment institution does not need fresh licences to provide payment services in other EEA states, although it may need to comply with other local law requirements.
Finally, a small payment institution regime also exists but with restrictions on total monthly transaction amounts, and without the ability to passport.42
Conduct of business requirements
As well as the licensing regime for payment institutions, the PSRs set out extensive conduct requirements for all PSPs when providing payment services – including banks and EMIs, as well as payment institutions and (to a lesser extent) AISPs. How those requirements apply depends on whether or not a transaction is executed in an EEA currency43 (such as the euro or sterling) and whether one or both of the payer's PSP and payee's PSP are operating from a location in the EEA.44
PSPs have to provide pre-contract and transactional information to customers. In some cases, the information needs to be 'provided' in a 'durable medium', which raises a number of challenges as to how and when information is provided or stored.
The PSRs govern the time frames in which payments must be executed, after being initiated by a customer, in order to reduce the scope for PSPs to retain float (i.e., to keep hold of funds for their own purposes rather than putting them at the disposal of their customers).
For transfers in euros (and domestic transfers in the domestic currency, such as sterling transfers within the UK), the payer's PSP usually needs to ensure that cleared funds are received by the payee's PSP by the end of the business day after the transfer was initiated. For other transfers in EEA currencies within the EEA, up to four business days are usually permitted.45
Once the payee's PSP receives cleared funds, it must immediately put them at the disposal of the payee (except for certain currency conversions involving non-EEA currencies).46
Departures from those rules apply most notably for internal transfers (where the same PSP is acting for both payer and payee), which need to be executed immediately; and for card payments, where there is a usually a basis for delaying putting funds at the disposal of the payee (i.e., of the merchant taking payment).
The PSRs also have detailed provisions as to the rights and liabilities of customers and PSPs; in particular, PSPs need to re-credit unauthorised transactions to customers' accounts (with limited scope for making customers liable for them), and are also ordinarily liable for misexecution of transactions, for example if they are sent to the wrong payee or not sent at all.47 These requirements bring important protections to customers, whose rights were – prior to introduction of PSD1 – less well defined in these areas, with delayed refunds of unauthorised transactions having been a particular concern of regulators.
The PSRs also set out detailed and rigorous requirements on payments security and access for TPPs (which we discuss below), and constraints on certain charges and charging practices. Of particular note was the introduction of a new general prohibition on surcharging by payees (typically merchants) when they are paid by consumers, with non-consumer payments being limited to cost.48
The conduct of business requirements in the PSRs apply to payment services provided not only to consumers but also to business customers, although non-consumers (other than micro-enterprises and charities)49 can be asked to opt out of many of the conduct requirements.50
ii Third-party payment services
Two new third-party payment services were introduced by PSD2, namely PIS and AIS, each of which involves a PSP that does not handle funds providing customers with services in relation to payment accounts offered by third-party PSPs, where those payment accounts are accessible online.
A PIS is an 'online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another [PSP]'.51 It is anticipated as a 'software bridge between the website of the merchant and the online banking platform of the payer's account servicing [PSP] in order to initiate internet payments on the basis of a credit transfer',52 and in practice is likely to include services that allow customers to pay online merchants directly from their bank accounts rather than using credit or debit cards.53 Such payments might typically be routed through domestic payment systems (such as the faster payment service in the UK) and may offer merchants the benefits of payments clearing to their accounts more quickly, more cheaply and with less risk of being reversed back to the customer, by comparison to card scheme payments such as Visa or MasterCard. However, it remains to be seen whether such payment methods are as advantageous to customers.
An AIS is:
an online service to provide consolidated information on one or more payment accounts held by the payment service user with another payment service provider or with more than one payment service provider, and includes such a service whether information is provided (a) in its original form or after processing; (b) only to the payment service user or to the payment service user and to another person in accordance with the payment service user's instructions.54
They are likely to include account aggregation services, such as Money Dashboard, which offer customers a single place in which to view information for a number of different payment accounts offered by multiple PSPs.55
TPPs are entitled to have (at their customers' request) mandatory access to payment accounts or payment account data, on non-discriminatory terms, to enable delivery of their payment initiation and account information services.56 The European Commission adopted a Delegated Regulation in November 2017 setting regulatory technical standards, based on regulatory technical standards drafted by the EBA with some amendments (discussed further below), covering the basis on which the account providers and TPPs will securely communicate with each other in order to facilitate delivery of those third-party services, and which will come into effect after a transitional period probably likely to end in the second quarter of 2019.57
The new provisions are intended to encourage introduction of new, competing services. The example of how PIS may benefit merchants has been given above; in the case of AIS (potentially offered in conjunction with PIS), there is an opportunity for TPPs to obtain transactional data, provide customers with added value services and potentially cross-sell them other products.
The other major impact of PSD2 has been to introduce detailed and rigorous security requirements, by comparison to PSD1. The new regime includes:
- a requirement for PSPs to establish a framework of appropriate mitigation measures and control mechanisms to manage the operational and security risks relating to the payment services they provide, and to submit a comprehensive assessment of such operational and security risks to their regulators on an annual basis;58
- obligations around notification of any major operational or security incident to regulators and, if the incident could have an impact on the financial interests of customers, obligations to also notify customers without undue delay of the incident and of all measures that they can take to mitigate the adverse effects of the incident;59 and
- a requirement for customers to undergo strong customer authentication when, for example, accessing their payment accounts or initiating electronic payment transactions.60 Strong customer authentication requires payers to authenticate themselves to their PSPs using 'two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others'.61 Failure to apply strong customer authentication can affect a PSP's liability for unauthorised transactions.62
The European Commission's Delegated Regulation referred to above also sets regulatory technical standards on the application of strong customer authentication. Banks and other PSPs will have to put in place the necessary infrastructure for strong customer authentication at the end of a transitional period, probably likely to end in the second quarter of 2019. The regulatory technical standards allow for exemptions from strong customer authentication in recognition of the fact there may be alternative authentication mechanisms that are equally safe and secure.63
iv Passporting after Brexit
Following the Brexit vote on 23 June 2016, one of the major questions facing the payments industry is whether, and if so how, passporting rights will operate once Brexit is implemented. This will depend on what outcome is negotiated for Brexit: in particular, if the UK stays in the single market (or possibly negotiates a similar arrangement, such as equivalence or mutual recognition of financial services licences), then a UK payment institution or AISP (or indeed bank or EMI) authorisation may continue to serve in other EEA countries and vice versa. At the time of writing, however, it is difficult to assess whether such an outcome is likely or not, with some of the latest announcements indicating that the United Kingdom may seek to stay in the single market for a transitional period after Brexit takes effect and have some form of equivalence thereafter, but we must emphasise that the outcome is uncertain as it will depend on political negotiations that are yet to take place.
IV DEPOSIT ACCOUNTS AND OVERDRAFTS
Access to banking services
The Payment Accounts Regulations 2015, which came into force on 18 September 2016, has, among other things, obliged certain UK banks64 to provide payment accounts with basic features to any consumers who meet certain criteria, including being legally resident in the EU, with it in some cases being a challenge to ascertain eligibility.65
The deposit guarantee scheme in the UK is the Financial Services Compensation Scheme (FSCS). The FSCS protects certain customers with deposit accounts in the UK against losses in the event that their bank is unable to meet its obligations to them.
The obligations on banks and building societies in relation to deposit guarantees are set out in the 'Depositor Protection' part of the PRA Rulebook.66 Among much else, the PRA's rules set out that the maximum compensation payable for the aggregate eligible deposits of each depositor is £85,000 (except, in certain circumstances, where the maximum compensation is £1 million or unlimited in connection with personal injury or incapacity).67
Overdrafts allow customers to withdraw or spend more than the amount of the funds currently available in their payment account. As a form of unsecured lending, they are subject to many of the provisions of the consumer credit regime described above and below. Charges for using overdrafts have in the past been subject to litigation under the fairness regime currently set out in the CRA,68 and are also under scrutiny by various organisations, such as the UK Competition and Markets Authority (CMA) (see below).
ii Recent developments
On 9 February 2016, the Open Banking Working Group69 published a detailed framework for delivering an Open Banking Standard in the United Kingdom.70 It has been designed to 'help improve competition and efficiency, and stimulate innovation in the banking sector'.71
The Open Banking Standard recommends that open application programme interfaces (APIs) be built 'to help provide open access to open data and shared access to private data of the customer'.72 The intention is that customers can procure access to their own private banking data, so that they may better manage their finances and make better decisions about the financial products they chose. The Open Banking Standard also promotes open data exchange between financial institutions.
Accordingly, Open Data API specifications have been published online,73 with the stated aim of allowing 'API providers (e.g. banks, building societies and automated teller machine providers) to develop API endpoints which can be accessed by API users (e.g. third party developers) to build mobile and web applications for banking customers'. The specifications 'allow API providers to supply up to date, standardised, information about the latest available products and services so that, for example, a comparison website can more easily and accurately gather information, and thereby develop better services for end customers'.74
CMA final report on retail banking market investigation
The CMA launched a market investigation into the supply of retail banking services to personal current account customers and small and medium-sized enterprises in November 2014. The CMA's final report75 was published in August 2016, and introduced a package of binding remedies, including the following.
It included the CMA requiring the largest retail banks76 in the UK to develop and adopt an open API banking standard in order to share information, for the reasons propounded by the Open Banking Working Group (see above). According to the CMA, of all the measures it considered as part of its investigation:
the timely development and implementation of an open API banking standard has the greatest potential to transform competition in retail banking markets . . . by making it much easier for both personal customers and [small and medium sized enterprises] to compare what is offered by different banks and by paving the way to the development of new business models offering innovative services to customers.77
It also included implementing a set of remedies to increase customers' awareness of their overdraft usage and help them manage it. These remedies included:
- requiring banks to alert customers that they have exceeded, or are about to exceed, their credit limit; and
- where customers are permitted to exceed their credit limit, a requirement that banks provide information about a grace period during which no additional charges will be applied if the account returns to being within its pre-agreed credit limit by the end of the grace period.78
It is worth noting that, for many customers, banks had already offered such alerts and grace periods for some time.
On 2 February 2017, the CMA made the Retail Banking Market Investigation Order 2017 (the Order). Among other things, the Order requires nine banks in Great Britain and Northern Ireland79 to make up-to-date personal current account and business current account transaction data sets available without charge and in accordance with certain standards,80 from 13 January 2018.81
Five of those banks notified the CMA that they would not be able to release all these data sets by the specified date, and on 19 December 2017 the CMA issued each of these five banks with directions stipulating the timeline for the delivery of the outstanding data sets and the arrangements that each must make for reporting progress to the CMA in the meantime.82
V REVOLVING CREDIT
In this section, we discuss credit cards (as illustrative of revolving credit) and some related areas of regulation and recent developments.
Like overdrafts, credit cards involve provision of both payment services and credit facilities, and as such are subject to both the payment services regime (discussed above) and the consumer credit regime. Where these regimes overlap, the consumer credit regime usually takes priority.
As noted above, the consumer credit regime derives largely from the CCA and FSMA, including CONC and other aspects of the FCA Handbook. They include both a licensing regime and detailed conduct requirements.
As regards conduct requirements, the regime is highly prescriptive of matters such as the format and content of advertising and information needing to be provided before, during and after entering into credit agreements; consumer rights; and required or prohibited practices, in areas such as underwriting, charging or collecting on loans. The conduct requirements vary depending on the type of consumer credit activity being carried on, with the heaviest burden falling on lenders themselves. We provide a more detailed description of some of the requirements below.
Failure to comply with the consumer credit regime can in many cases have an impact on the enforceability of loan agreements or related charges, and result in customer claims, customer remediation and enforcement action.
The FSMA sets out a licensing regime (similar in various respects to the payment institution licensing regime) under which firms can obtain 'permissions' for lending and a range of intermediary and ancillary activities such as credit broking, operating an electronic system in relation to lending, debt adjusting, debt counselling, debt collecting and debt administration.83
Such activities are generally regulated if the lending is to:
- individuals, whether consumers or sole traders; or
- 'relevant recipients of credit' (or in the case of lending through an electronic system, 'relevant persons'), being partnerships of two or three partners (of which at least one partner is a natural person) or unincorporated associations (of which at least one member is a natural person).84
There are a variety of exemptions from the regulated activities, perhaps most notably the business borrowing exemption and the charge card exemption.
The business borrowing exemption is where the borrowing is for business purposes and exceeds £25,000 – so, for example, a business credit card with a credit limit of £26,000.
The charge card exemption applies to credit cards or other forms of revolving credit where all the credit drawn down over a period of three months or less is repayable in one go, and where no interest or other significant charges apply (or where the credit is secured on land).85
Generally, the above UK credit-related licences cannot be passported (i.e., cannot be used in other EEA countries), although banks and (as noted above) payment institutions and EMIs can passport certain lending activities.
Before a customer enters into a credit agreement, the lender must provide certain pre-contractual information, including:
- an 'adequate explanation' of various specified features of the credit agreement, in order to put the customer in a position to assess whether the agreement suits their needs and financial situation;86
- the Standard European Consumer Credit Information, which contains detailed information relating to the credit agreement;87 and
- a summary box, designed to set out key information about the credit card product in a simple, standard format, in order to make it easy for customers to understand and compare credit cards.88
Before entering into a credit card agreement, the lender must undertake an assessment of the creditworthiness of the customer. The assessment should take into the account not only the customer's ability to repay the proposed credit within a reasonable period but also the potential for the commitments under the credit agreement to adversely impact the customer's financial situation. The assessment has to be based on 'sufficient information' obtained from the customer 'where appropriate' and a credit reference agency 'where necessary'.89
The lender must carry out a fresh creditworthiness check before significantly increasing a customer's credit limit,90 and must not increase it if the customer is opposed to the increase or is at risk of financial difficulties.91
The creditworthiness assessment, as a safeguard against over-indebtedness post-financial crisis, is a key area of regulatory scrutiny. CONC contains detailed rules and guidance, which, while fairly prescriptive, do allow some flexibility as to the information to be gathered and assessed. Industry guidance is also available.92
Failures in the creditworthiness assessment can lead to regulatory or other action (resulting potentially in customer remediation and other sanctions).
In July 2017, the FCA consulted93 on proposed changes to CONC rules and guidance about assessing creditworthiness and affordability, with the aim of clarifying what it expects of firms (but without fundamentally changing its approach to creditworthiness). The consultation closed in October 2017, and the FCA aims to finalise and publish the changes to CONC in the first half of 2018.
The UK government has also proposed a new creditworthiness bill, which, if passed, would require the FCA to make further changes to its rules to 'ensure that firms carrying on credit-related regulated activities and connected activities and [firms] entering into or varying a regulated mortgage contract or home purchase plan take into account rental payment history and council tax payment history when assessing a borrower's creditworthiness'.94 As at the end of 2017, the bill is due for a third reading in the House of Lords before going to the House of Commons for consideration.
Form and content of the agreement
The CCA and underlying regulations95 prescribe the form and content for credit agreements, and require the agreement to be signed by both the lender and borrower, using either 'wet ink' signatures or electronic signatures.
Connected lender liability
The consumer credit regime sets out a wide variety of rights for borrowers, the best known of which is perhaps Section 75 CCA.
Section 75 provides that where a customer uses their credit card to make a purchase for something that costs between £100 and £30,000, they have a claim against their lender in the event of a misrepresentation or breach of contract by the supplier. The customer is free to bring a claim directly against the card issuer, without needing to bring a claim against the supplier first. Section 75 also applies in relation to other similar arrangements, not credit cards alone.
From a lender's perspective, Section 75 is potentially very significant in that customers could bring a claim for consequential losses (i.e., claims against the lender are not limited to the amount of credit provided).
Statements and statutory notices
Lenders must provide borrowers with statements and a range of statutory notices (generally with highly prescribed content and timings) in a variety of circumstances, perhaps most notable of which – in the context of a credit card – is the obligation to provide customers missing two consecutive payments with a notice of sums in arrears (NOSIA).96
Failure to comply strictly with the requirements can result in sanctions such as unenforceability of the credit agreement and inability to charge any interest or default sums during the period of default. A number of lenders have had to undergo costly remediation exercises to remedy failures in this area.
ii Recent developments
The FCA's credit card market study
Within days of taking over responsibility for the regulation of consumer credit in the UK in April 2014, the FCA announced its intention to launch a market study into the credit cards sector, in order to explore whether competition was working effectively and 'to ask how the industry worked with those people who were in difficult financial situations already'.97
The FCA published its final report on 16 July 2016.98 The major concern expressed was the extent and nature of 'problem' credit card debt. According to the report, in 2014 around 6.9 per cent of UK cardholders (which equates to about 2 million people) were in arrears or had defaulted. The FCA also found that 8.9 per cent of credit cards active in January 2015 (5.1 million accounts) will take – based on current repayment patterns and assuming no further borrowing – more than 10 years to pay off their balance.99
Also set out in the final report was a package of reforms that the UK Cards Association has, on behalf of the credit card industry, volunteered to implement. They include sending notifications to all consumers before the expiry of a promotional offer and helping borrowers mitigate the risk of inadvertently incurring charges by alerting them before they reach their credit limits, and allowing them to request card repayment dates falling after their pay days.
Following the publication of its final findings report from the credit card market study, the FCA published a consultation paper100 on 3 April 2017 on persistent credit card debt and earlier intervention remedies, and then subsequently published feedback on this consultation and a further consultation paper101 on 14 December 2017. These papers propose a number of changes to FCA rules and guidance, including new requirements on credit card companies to:
a intervene and help customers whose credit card debt persists over 18 to 36 months; and
- use data they hold to assess whether customers are at risk of potential financial difficulties, and take appropriate action to help customers – even though they may not have missed a payment.
Review of retained CCA provisions
When the FCA took over responsibility for the regulation of consumer credit in 2014, much of the CCA was replaced with rules under the FSMA. However, a range of provisions have been retained in the CCA and its subordinate legislation.
By 1 April 2019, the FCA must review the retained CCA provisions and submit a report to HM Treasury, setting out any recommendations for legislative change. The aim of the review is to consider the appropriateness of repealing the remaining provisions of the CCA, taking into account the proportionality of the consumer credit regime and the extent to which retained provisions of the CCA could be replaced by FCA rules or guidance.102
Accordingly, in February 2016, the FCA launched a 'call for input' on the retained provisions in the CCA.103 Many players in the consumer finance market used this as an opportunity to make submissions about aspects of the consumer credit regime that they believe need to be amended (not just simplified), such as moderating the stringent sanctions for certain breaches, for example, of the NOSIA requirements.
The call for input has since closed, and in the consultation published by the FCA on persistent debt and earlier intervention remedies in December 2017 (see the FCA's credit card market study above), the FCA stated that it is 'currently progressing the review and will publish an interim report in 2018'.104
VI INSTALMENT CREDIT
Typically, non-mortgage personal loans based on provision of a fixed amount of credit (as opposed to revolving credit) are subject to broadly the same regulatory regime as credit cards. Some key areas of difference are:
- the equivalent exemption to the 'charge card exemption' applies where credit is repaid within one year in 12 instalments or fewer, with no significant charges for credit applying;105 and
- in addition to NOSIAs, a key area for enforcement action and customer remediation is incorrect annual statements.106
Any security provided in relation to a consumer credit agreement must be in writing, setting out specified information in a prescribed manner and executed by the surety.107 Failure to document and execute a security agreement in accordance with the CCA will mean that the security is only enforceable with a court order. Various other provisions also apply under the consumer credit regime in relation to security.
Hire purchase and conditional sale
Two of the most common forms of secured consumer lending in the UK (popular in the context of car financing, for example) – hire purchase agreements and conditional sale agreements – both involve a delayed transfer of title, which, as one legal commentator notes, 'is technically not a form of security so far as the law is concerned'.108
A hire purchase agreement is an agreement for the hire of goods in return for periodical payments with an option (or other specified trigger) for ownership of the goods to pass to the borrower.109
A conditional sale agreement is an agreement for the sale of goods under which the purchase price (or part of it) is payable by instalments and the seller owns the goods until the purchase price is paid or another specified condition is satisfied.110
These agreements are treated as credit agreements and are, again, subject to largely the same requirements as credit card agreements. A key difference is a right for borrowers to terminate their credit agreement early without having to repay the whole of the credit; instead, they normally need to pay (or have paid) half of the total price of the goods and return the goods to the creditor.111
The Student Loans Company (a non-profit-making, government-owned organisation) administers government-provided loans to students attending universities and colleges in the UK. Loans are available for tuition fees and maintenance support, with repayments ordinarily being taken directly from a borrower's salary by their employer on behalf of HM Revenue and Customs, once their salary reaches a certain level.112
There are various legislative provisions in place to enable student loans to fall outside the consumer credit regime in the CCA and FSMA.113
Mortgages largely fall outside the CCA. They are nonetheless subject to a similar licensing regime and conduct requirements under the FSMA, although MCOB generally applies in place of CONC, with some areas of difference including substantially different information requirements and detailed rules on early repayment charges.
Consumer buy-to-let mortgages, however, are governed by a special, lighter touch regime under the Mortgage Credit Directive Order 2015.
ii Recent developments
High-cost short-term credit
High-cost, short-term credit (HCSTC) is defined as unsecured credit made available to individuals (or 'relevant recipients of credit') in relation to which the APR is at least 100 per cent and which is advertised as being provided for at most a year (or similar) or under which the credit is due to be substantially repaid within a year.114 'Payday lending' is the example cited most often, and has been one of the FCA's top priorities since it took over responsibility for regulating consumer credit. Of particular note:
- the FCA has granted lending permissions to very few payday lenders, compared with the previous licensing regime under the OFT; and
- CONC has introduced rules that apply specifically to HCSTC firms, including specific conduct standards and price caps: interest and charges must not exceed 0.8 per cent of the amount borrowed per day over the contractual period of the loan; default fees must not total more than £15; and the total cost of the credit cannot exceed 100 per cent of the amount borrowed.115
In November 2016, the FCA launched a consultation on whether, among other things, aspects of the HCSTC regime should be extended to other forms of high-cost credit products.116 The FCA published feedback in July 2017 in which it confirmed its decision to maintain the price cap on HCSTC and identified a number of issues about other forms of high-cost credit that could cause consumer harm.117 The FCA is particularly concerned about rent-to-own, home-collected credit and catalogue credit, and has wider concerns about consumers' long-term indebtedness. It plans to investigate these issues further, with the aim of consulting on proposed solutions in Spring 2018.
On 1 April 2014, the UK introduced a new regulatory framework for 'peer-to-peer' lending, also known a loan-based crowd funding, which included the introduction of a new regulated activity: 'Operating an electronic system in relation to lending'.
Firms (P2P platforms) that operate an electronic system in the UK must be authorised by the FCA if they facilitate lending or investment by individuals and relevant persons118 or borrowing by individuals and relevant persons, provided that the P2P platform:
- is capable of determining which credit agreements should be made available to each of the borrowers and lenders;
- undertakes to receive and pay out amounts of interest or capital due to lenders; and
- either takes steps to collect (or arrange for the collection) of repayments or exercises, or enforces rights under the credit agreement.119
P2P platforms are also entitled to conduct other activities ancillary to the running of the platform, including interaction with credit information agencies.
P2P platforms must comply with various sections of the FCA Handbook. Notably, FCA rules in CONC require P2P platforms to provide certain protections to borrowers who are individuals or 'relevant recipients of credit'. They in many ways mirror obligations on lenders elsewhere under the consumer credit regime. Accordingly, P2P platforms must, among other things, provide adequate explanations of the key features of the credit agreement to borrowers, assess the creditworthiness of borrowers and provide post-contract information where the borrower is in arrears or default.
In July 2016, the FCA published a call for input to the post-implementation review of the FCA's crowdfunding rules, including those mentioned in the previous paragraph.120 An interim feedback statement published in December 2016 announced that the FCA has identified areas of specific concern, including the improvement of wind-down plans to allow existing P2P loans to be administered in the event of the P2P platform's failure, cross-investment (i.e., investment in loans originated on other P2P platforms), the application of mortgage-lending standards where the funds raised through the P2P platform is to finance the acquisition of property, and rules on the content and timing of disclosures (including financial promotions) to persons lending or investing through the platform.121
The MCD as implemented in the UK broadly applies to credit agreements entered into with individuals (or trustees) secured by a mortgage on residential land in the EEA.122
The MCD was implemented in the UK on 21 March 2016, although certain provisions are subject to later implementation including transitional arrangements. The implementing measures were – with a view to minimising disruption – in effect added on top of the existing UK regulated mortgages regime under FSMA, particularly through changes to MCOB (with the exception of consumer buy to let mortgages which, as noted above, are regulated under a separate Mortgage Credit Directive Order 2015).
Among the key changes under the MCD were:
- bringing second charge mortgages (in many cases previously regulated under the CCA) within the FSMA mortgage regime;
- changes to exemptions from mortgage-related regulated activities;123
- amended advertising rules;124
- restrictions on bundling mortgages with the sale of other financial products;125
- additions to the affordability assessment requirements;126
- introduction of standard pre-contractual information in the form of a European Standardised Information Sheet, although, for a transitional period up to 21 March 2019, mortgage lenders can for certain mortgages continue to use the existing key facts illustration with extra information;127
- introduction of a new step involving making a binding mortgage offer and a related cooling-off period;128
- an amended APR calculation and introduction of a requirement to have an additional APR in the European Standardised Information Sheet for certain mortgages (particularly variable rate mortgages);129 and
- new early repayment rights.130
VII UNFAIR PRACTICES
The CRA sets out a detailed fairness regime that applies to both terms in consumer contracts and notices given to consumers. It generally applies in relation to all finance, payments and retail banking relationships with consumers.
The CCA also has a regime giving courts wide powers of redress where a credit agreement, or related relationships or practices, give rise to an unfair relationship between the lender and borrower.131 It also applies to business borrowers falling within scope of the CCA (as described above) irrespective of the amount borrowed.
In addition, the FCA's 'treating customers fairly' regime132 broadly applies to unfair practices across the financial services described in this chapter (although, notably, not generally to payment institutions and EMIs). The regime also applies with respect to business customers.
Key areas of scrutiny and challenge in this area include mis-selling, the breadth of contract variation provisions, and the levels (and disclosure) of charges.
VIII RECENT CASES
i Enforcement actions
On 28 September 2016, the FCA issued final notices133 to an HCSTC provider, Wage Payment and Payday Loans Ltd, and its director, in which the FCA:
- cancelled Wage Payment and Payday Loans Ltd's interim permissions to provide regulated activities including consumer credit lending;
- refused Wage Payment and Payday Loans Ltd's application for full permission; and
- banned the director from carrying out any regulated activity carried on by an authorised firm.
In related matters, on 24 January 2017 and 1 February 2017, the FCA issued decisions not to approve applications by Nationwide Debt Consultants Limited134 and Steven Maoudis,135 respectively, for permission to carry on the regulated activities of debt adjusting and debt counselling, which revoked the interim permissions that they both had that allowed them to undertake these activities.
These cases illustrate the FCA's tough regulatory stance on HCSTC described above, and specifically reflect its concerns about excessive sums being charged to customers (or even removed from some customers' accounts), failures in assessing whether customers could afford loans before lending to them, and a lack of knowledge and skills among debt management practitioners, particularly in relation to the debt solutions available to customers.
In November 2015, in another enforcement case, the PRA issued a fine of more than £1.2 million136 to a bank, R Raphael & Sons Plc, which outsourced certain functions to another group company without putting in place an appropriate outsourcing agreement or adequately overseeing the outsourcing. The PRA fine illustrated the importance of having robust arrangements in place even for an intra-group outsourcing.
Finally, after Northern Rock (in December 2012) and Barclays Bank (in September 2013) announced that errors in their NOSIAs had been identified, the OFT asked all retail banks to perform a detailed review of their consumer statements and notices, and as a result 17 banks and building societies have agreed to refund interest incorrectly charged following the delivery of incorrect NOSIAs.137 This industry-wide remediation process is likely to be ongoing, and will probably involve many millions of pounds.
PSD2 (and previously PSD1) requires that various information be provided in a durable medium. Historically, this was generally done by sending a paper mailing to customers, but nowadays for obvious reasons many PSPs aim to provide information electronically. While sending personal emails is often an adequate way of meeting the requirements, for a variety of reasons some PSPs aim to use alternative means of electronic communications, and there has been some uncertainty as to whether and how those alternatives can meet the requirements.
In the BAWAG case, the Court of Justice of the European Union (CJEU) was asked to consider whether and how e-banking mailboxes can be used to provide information in a durable medium under PSD1. The CJEU found that for information on an e-banking portal or other website to be considered as being in a durable medium:
- the website must allow the user to store information addressed to him or her personally, in such a way that he or she may access it and reproduce it unchanged for an adequate period of time, without any unilateral alteration of its content by that service provider or by another professional being; and
- where the user is obliged to consult that website in order to become aware of that information, the transmission of that information must be accompanied by active behaviour on the part of the PSP, aimed at drawing the user's attention to the existence and availability of the information on the website.138
In the 2014 Plevin case139 on unfair relationships under the CCA, the UK Supreme Court held that a credit broker's non-disclosure of the amount of commission it received from a lender for arranging payment protection insurance (which was 71.8 per cent) could, and in this case did, amount to an unfair relationship between the customer and the lender in respect of the related credit agreement.
There has been renewed focus on the drafting of unilateral rights of variation in consumer contracts, to ensure that they are fair and enforceable under the CRA, following recent CJEU decisions,140 which set out the following principles.
The contract must – in plain, intelligible language – set out the reasons for and method of any such variation, so that before entering into the agreement the consumer can foresee alterations that may be made.
Not providing this information cannot be compensated for by the mere fact that consumers will, during the performance of the contract, be informed in good time of the variation and of their right to terminate their contract if they do not wish to accept the variation.
It will also be relevant whether the consumer's right of termination can actually be exercised in the specific circumstances.
1 Arun Srivastava is a partner and Nina Moffatt is an associate at Paul Hastings (Europe) LLP. The authors would like to give special thanks to Harriet Russell, Ben Regnard-Weinrabe, Nikki Johnstone and Sophie Wood, authors of the chapter in the previous edition. The information contained in this chapter was accurate as of January 2018.
2 Made up of the countries of the EU plus Norway, Iceland and Liechtenstein. EU financial services laws tend to be 'single market' measures that also apply to the additional EEA countries.
4 Respectively, Directives 2008/48/EC and 2014/17/EU.
5 Namely, micro-enterprises, charities with an annual income below £1 million and certain trustees – see BCOBS 1.1.1 and the definition of 'banking customer' in the glossary to the FCA Handbook.
6 BCOBS 5.1.5 to 5.1.8.
7 BCOBS Chapter 6.
8 BCOBS Chapters 2 to 4, in particular. Certain information requirements apply with respect to consumers only.
9 BCOBS 5.1.12 and 5.1.14 to 5.1.19.
10 BCOBS 1.1.3 and 1.1.4.
11 Directive 2015/2366/EC.
12 Directive 2007/64/EC.
13 Directive 2009/110/EC.
14 EMRs 39 to 45.
15 EMR Section 44.
16 Regulation (EU) 2015/751.
19 Regulation (EC) 1781/2006.
21 Principles 6 and 7 in Section 2.1 of the FCA's Principles for Businesses (PRIN) in the FCA Handbook.
22 There is similar protection for non-consumers under the Business Protection from Misleading Marketing Regulations 2008.
23 Directive 95/46/EC.
24 Regulation (EU) 2016/679.
25 Directive 2002/58/EC.
26 For example, the FCA has stated that consumers' 'rights and protections, including any derived from EU legislation, are unaffected by the result of the referendum and will remain unchanged unless and until the Government changes the applicable legislation'.
27 Under the Bank of England and Financial Services Act 2016.
28 See, for example, the FCA's Enforcement Guide and Decision Procedure and Penalties Manual in the FCA Handbook; and the PSR's Powers and Procedures Guidance (March 2015) in relation to the Financial Services (Banking Reform) Act 2013 and Guidance on the PSR's approach as a competent authority for the EU Interchange Fee Regulation (October 2016).
29 The Dispute Resolution: Complaints Manual 3.6.1.
30 Under Article 4(44) PSD2 – Regulation 2(1)PSRs.
31 The full list of regulated payment services (and related exemptions) is set out in Part 1 of Schedule 1 to the PSRs.
32 See for example the FCA's guidance in Q33A of Chapter 15 of their perimeter guidance (PERG).
33 The full list of exemptions is in Part 2 of Schedule 1 to the PSRs; the commercial agent and limited network exemptions are in Paragraphs (2)(b) and (k) of Part 2, respectively. See also the FCA guidance in Q40 of PERG 15.
34 See Regulation 5-21 PSRs. The EMRs set out a similar licensing regime for EMIs.
35 See Regulation 23 PSRs for further details of the safeguarding requirements.
36 Regulations 17 and 18 PSRs.
37 Regulation 6(7)(e) and (f) and Paragraph 19, Schedule 2 of the PSRs.
38 Regulation 6(6) PSRs.
39 Regulation 25 PSRs.
40 Regulation 32 PSRs.
41 See for example Q20A in PERG 15.
42 Regulations 13 to 16 and 27 PSRs.
43 Article 2 PSD and Article 2 PSD2 / Regulations 40 and 63 PSRs.
44 Article 2 PSD2 / Regulations 40 and 63 PSRs.
45 Regulation 86 PSRs.
46 Regulations 88 and 89 PSRs.
47 Regulations 75 to 77 and 91 and 92 PSRs.
48 For the exact details, see regulations 6A and 6B of the Consumer Rights (Payment Surcharges) Regulations 2012, which were introduced by Part 3 to Schedule 8 of the PSRs with effect from 13 January 2018, in accordance with Articles 62(3)-(5) PSD2.
49 As defined in Regulation 2(1) PSRs.
50 Regulations 40 and 63 PSRs.
51 Article 4(14) PSD2/Regulation 2(1) PSRs.
52 Recital (27) PSD2.
53 See also Q25B in PERG 15.
54 Article 4(16) PSD2/Regulation 2(1) PSRs.
55 See also Q25A in PERG 15.
56 Articles 36 and 66 to 68 PSD2 / Regulations 105 and 69 to 71 PSRs.
57 Article 98, PSD2 and Commission Delegated regulation on Regulatory Technical Standards specifying requirements on strong customer authentication and common and secure communication under PSD2, available at: http://ec.europa.eu/finance/docs/level-2-measures/psd2-rts-2017-7782_en.pdf.
58 Article 95 PSD2/Regulation 98 PSRs.
59 Article 96 PSD2/Regulation 99 PSRs. See also Section 15.14.20 of the FCA's supervision manual (SUP).
60 Unhelpfully, the term 'electronic payment transactions' is not defined, creating some uncertainty of scope.
61 Articles 4(30) and 97 PSD2/Regulations 2 and 100 PSRs.
62 See in particular Articles 74(2) and 92 PSD2/Regulations 77 and 95 PSRS.
63 Articles 10-21 of the Commission Delegated Regulation.
64 Under Regulation 21.
65 For example, asylum seekers and 'consumers who have not been granted a residence permit but whose expulsion is impossible for legal or practical reasons' may be among those eligible, and it may not be straight forward to establish their status. See Regulation 23.
67 Rule 4 (Limits on compensation payable), Depositor Protection rules, PRA Rulebook.
68 Most notably, Office of Fair Trading v. Abbey National plc  UKSC6,  1 AC 696.
69 The Open Banking Working Group is a joint industry and government group made up of representatives from banks, fintech companies, consumer bodies and the government.
71 'Introducing the Open Banking Standard', Open Data Institute 2016, page 5.
75 'Retail banking market investigation: Final report', CMA, 9 August 2016, https://assets.publishing.service.gov.uk/media/57ac9667e5274a0f6c00007a/retail-banking-market-investigation-full-final-report.pdf.
76 RBS, Lloyds, Barclays, HSBC, Santander, Nationwide, Danske Bank, Band of Ireland and AIB.
77 Paragraph 166.
78 As summarised in Figure 15.1 of the final report.
79 Namely: Royal Bank of Scotland Group plc, Lloyds Banking Group plc, Barclays Bank plc, HSBC Group, Nationwide Building Society, Santander UK plc, Northern Bank Limited, Bank of Ireland (UK) plc and AIB Group (UK) plc.
80 Article 14, the Order.
81 Article 2.10, the Order.
83 Respectively, Articles 36A, 36H, 39D, 39E, 39F and 39G of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the RAO). See the RAO for the full list of regulated activities.
84 Articles 60L and 36H of the RAO, respectively.
85 The business borrowing and charge card exemptions are in Articles 60C(3) and 60F(3) of the RAO respectively.
86 Under CONC 4.2.5.
87 Most notable under the Consumer Credit (Disclosure of Information) Regulations 2010.
88 Further information, including an example of the standard summary box, is provided by the UK Cards Association: www.theukcardsassociation.org.uk/individual/credit-card-summary-box.asp.
89 CONC 5.2 (Creditworthiness assessment: before agreement).
90 CONC 6.2.1.
91 CONC 6.7.7.
92 Such as the Common Financial Statement produced by the Money Advice Trust, the Finance and Leasing Association and the British Bankers' Association; and Information for Practitioners produced by the Lending Standards Board.
93 FCA Consultation Paper: Assessing creditworthiness in consumer credit – Proposed changes to our rules and guidance.
94 Creditworthiness Assessment Bill [HL] 2017-19, see https://services.parliament.uk/bills/2017-19/creditworthinessassessment.html.
95 Most notably the Consumer Credit (Agreements) Regulations 2010.
96 Section 86C CCA.
97 'FCA announces competition review into credit cards – particular focus on how industry works with those in difficult financial situations', 3 April 2014, www.fca.org.uk/news/press-releases/fca-announces-
98 FCA Market Study MS14/6.3, 'Credit card market study: Final findings report', www.fca.org.uk/publication/market-studies/ms14-6-3-credit-card-market-study-final-findings-report.pdf.
99 Paragraph 1.30, FCA Market Study MS14/6.3.
100 FCA Consultation Paper: Credit card market study – consultation on persistent debt and earlier intervention remedies (CP17/10)
101 FCA Consultation Paper: Credit card market study – Persistent debt and earlier intervention remedies - feedback on CP17/10 and further consultation
102 Part 5 of the Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2014.
104 FCA Consultation Paper: Credit card market study – Persistent debt and earlier intervention remedies – feedback on CP17/10 and further consultation.
105 Article 60F(2) RAO.
106 Lenders must provide annual statements to borrowers in relation to fixed-sum loan agreements under Section 77A CCA. A non-compliant annual statement results in the same consequences as an incorrect NOSIA, which is that the statement will be deemed to have not been sent at all. See JP Morgan Chase Bank, National Association v. Northern Rock (Asset Management) Plc  EWHC 291 (Ch) (19 February 2014).
107 Section 105 CCA.
108 Paragraph 3.4 Hire-Purchase and Instalment Sale, Goode: Consumer Credit Law and Practice.
109 Section 189 CCA.
110 Section 189 CCA.
111 Sections 99 and 100 CCA.
112 See the student loans regime under the Teaching and Higher Education Act 1998.
113 See for example Section 8 of the Sale of Student Loans Act 2008.
114 See the glossary to the FCA Handbook.
115 CONC Rule 5A.2.
116 FCA Call for Input: High-cost credit – Including review of the high-cost, short-term credit price cap.
117 FCA Feedback Statement: High-cost credit – Including review of the high-cost short-term credit price cap.
118 'Individual consumers' would include natural persons such as consumers and sole traders. 'Relevant persons' include partnerships of two or three persons, not all of whom are bodies corporate, or unincorporated bodies of persons that do not consist entirely of bodies corporate and are not a partnership.
119 Article 36H RAO.
122 Article 3 MCD.
123 Article 4(4B) RAO.
124 Chapter 3A of MCOB.
125 MCOB 2A.2.
126 Chapter 11A of MCOB.
127 Chapter 5A of MCOB, and MCOB TP 1 MCD Transitional Provisions.
128 MCOB 6A.3.
129 Chapter 10A of MCOB.
130 MCOB 2A.4.
131 Sections 140A to 140C CCA.
132 Principles 6 and 7 in Section 2.1 of PRIN.
138 For FCA guidance on durable medium, see for example paragraph 8.75 of the PSD2 Approach Document and the Durable Medium website.
139 Plevin v. Paragon Personal Finance Ltd  UKSC 61 (12 November 2014).
140 Nemzeti Fogyasztóvédelmi Hatóság v. Invitel Távközlési (Case C-472/10, judgment given 26 April 2012) and RWE Vertrieb AG v. Verbraucherzentrale Nordrhein-Westfalen e.V. (Case C-92/11, judgment given 21 March 2013).