Consumer finance, and retail banking and payments, are accessible and established industries in the UK. The regulatory environment is mature and is derived from both domestic and European legislation. Fast-paced innovation has diversified the market in recent years, with many new products and providers, although the availability of credit has in recent years become more restricted in some respects owing to the response of regulators and lenders to the financial crisis and other developments. For the most part, regulators have sought to facilitate innovation as the UK government tries to keep the jurisdiction competitive, while increasing consumer protection in a number of areas.


i Legislation

In the UK, consumer lending, deposit-taking and payments are regulated under a number of vertical (i.e., product-specific) and horizontal (non-product-specific) regulatory regimes, which to a large extent derive from EU laws. There is therefore a large degree of consistency of regulation across the European Economic Area (EEA)2 in these areas, with this being particularly the case for payments.

The consumer credit regimes for secured and unsecured lending are set out in the Consumer Credit Act 1974 (CCA), the Financial Services and Markets Act 2000 (FSMA), secondary legislation and the UK Financial Conduct Authority (FCA) Handbook of rules and guidance (the FCA Handbook).3 The FCA Handbook includes, among other things, the Consumer Credit sourcebook (CONC) and the Mortgage and Home Finance Conduct of Business sourcebook (MCOB). The CCA and FSMA implement and supplement the EU Consumer Credit Directive and Mortgage Credit Directive (MCD).4 The FSMA sets out the licensing regime for different types of lending, as well as a range of intermediary and ancillary activities.

The consumer credit regimes are also highly prescriptive of conduct matters, such as the format and content of advertising and the information to be provided before, during and after entering into credit agreements; consumer rights; and required or prohibited practices, in areas such as underwriting, charging or collecting on loans. Failure to comply can in many cases have an impact on the enforceability of loan agreements and result in customer remediation and enforcement action. In many cases the consumer credit regime protects not only consumers, but also 'quasi-consumer' borrowers such as sole traders and certain small partnerships and unincorporated associations in the case of non-mortgage lending (certain business mortgages are also regulated). We discuss the consumer credit regime in more detail below.

The FSMA also includes the licensing regime for deposit-taking, namely provision of banking products such as current and savings accounts, as well as a range of related conduct requirements protecting 'banking customers' (consumers and quasi-consumers)5 under the Banking Conduct of Business sourcebook (BCOBS) in the FCA Handbook. BCOBS sets out a variety of obligations on banks (and rights for customers) in relation to bank accounts, for example:

  1. rights for banking customers to switch their accounts from one bank to another, where they do not already have such rights under the Payment Accounts Regulations (see below);6
  2. cancellation rights;7
  3. information requirements, which in many respects mirror those under the Payment Services Regulations 2017 (PSRs), distance marketing and e-commerce regimes (see below), but also apply more widely – for example to advertising;8 and
  4. liability of banks for unauthorised and improperly executed transactions, again similar to those under the PSRs.9

As a general rule, where a bank account is already subject to the PSRs, matching requirements under BCOBS are disapplied.10

Certain rules on communicating with customers contained in Chapter 2 of BCOBS of the FCA Handbook on communicating with customers (which were originally designed for credit institutions) now also apply to firms providing payment services and electronic money services. The overarching requirement is that firms communicate information to customers that is fair, clear and not misleading and also now applies to the activities connected with the provision of electronic money and payment service activities.

The payments regime is set out primarily in the PSRs, supplemented by detailed guidance in the FCA's 'Payment Services and Electronic Money: Our Approach' document.11 The PSRs implemented the second EU Payment Services Directive (PSD2)12 with effect from 13 January 2018 – replacing the Payment Services Regulations 2009, which had implemented the first EU Payment Services Directive13 (PSD1). The PSRs include both a licensing regime for 'payment institutions' and a registration regime for account information service providers (AISPs), both of which are forms of non-bank financial institutions, as well as extensive conduct requirements, which apply not only to payment institutions (and, to a limited extent, to AISPs) but also to other types of financial institutions such as banks and electronic money institutions (EMIs) when providing payment services in relation to their products. We describe the PSRs in more detail later in this chapter.

Closely related to the payments regime is the electronic money (or e-money) regime under the Electronic Money Regulations 2011 (EMRs), which implement the EU Second Electronic Money Directive.14 The EMRs include a licensing regime for EMIs, which are non-bank financial institutions permitted to issue and hold e-money balances (effectively quasi-deposit balances that are intended as a means of spending rather than as a means of saving), and which can also provide the same payment services as payment institutions and limited credit facilities such as credit cards or quasi-overdraft facilities. The EMRs have a limited number of conduct requirements specifically for e-money, including prohibitions on payment of interest (or equivalent) and customer rights to refunds of their e-money.15 The conduct requirements generally apply to all customers, although there is a partial opt-out from the refund provisions available for non-consumers16 (similar to the way in which (as discussed below) larger business customers can opt out of certain provisions in the PSRs).

Other areas of payments regulation include:

  1. the EU Interchange Fee Regulation,17 which caps interchange fees, requires separation of card scheme activities (such as Visa and MasterCard) and processing activities, and affords merchants with rights when taking payments through the card schemes. The Payment Card Interchange Fee Regulations 2015 were implemented in the UK to comply with the obligations to designate competent authorities, lay down rules on penalties and take measures for the settlement of disputes under the EU Interchange Fee Regulation;
  2. the EU Payment Accounts Directive,18 as implemented in the UK by the Payment Accounts Regulations 2015, which impose fees transparency, account switching and accessibility obligations typically in relation to current accounts provided by banks but also potentially certain other payment accounts;19 and
  3. a purely UK regime under the Financial Services (Banking Reform) Act 2013, which includes broad provisions geared toward improving competition, innovation and the service user experience in the context of payment systems (e.g., Visa, MasterCard and domestic UK clearing systems such as the faster payments service).

There are, additionally, a variety of horizontal requirements generally applicable across all the consumer lending, retail banking and payment services referred to above, including, for example:

  1. the anti-money laundering, counterterrorist finance and sanctions regimes under legislation such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Proceeds of Crime Act 2002, Terrorism Act 2000, EU Wire Transfer Regulation20 and Consolidated List of HM Treasury and the Office of Financial Sanctions Implementation;21
  2. fairness requirements under the Consumer Rights Act 2015 (CRA). The FCA is the regulator under the CRA and as such, it has the power to consider complaints and challenge firms on unfair contract terms;
  3. the FCA's Principles for Businesses, including specifically, the 'fair treatment of customers regime'.22 It is important to note the recent extension from 1 August 2019 of the application of the FCA's Principles for Businesses (including the requirement under Principle 6 to 'treat customers fairly') to the provision of payment services, the issuance of e-money and other connected activities by payment institutions and e-money issuers;
  4. prohibitions on surcharging contained in the Consumer Rights (Payment Surcharges) Regulations 2012;
  5. consumer cancellation rights and information requirements for financial services contracts entered into remotely with consumers (e.g., online or through a phone, under the Financial Services (Distance Marketing) Regulations 2004);
  6. information requirements and provisions on the placing and confirmation of orders under the Electronic Commerce (EC Directive) Regulations 2002, which also apply in part to non-consumers;
  7. prohibitions on a range of inappropriate practices with respect to consumers, including, for example, misleading omissions from advertising, under the Consumer Protection from Unfair Trading Regulations 2008;23 and
  8. restrictions and requirements regarding use of individuals' personal data, including for marketing purposes, under legislation such as the Data Protection Act 1998 (deriving from the EU Data Protection Directive 1995,24 which was replaced by the EU General Data Protection Regulation25 with effect from May 2018) and the Privacy (Electronic Communications) Regulations 2003 (deriving from the Privacy and Electronic Communications Directive).26

Again, to a large extent those requirements derive from EU legislation.

As regards the impact of Brexit, even though many rules relating to consumer finance are based on EU directives, most are also enshrined in UK law. Despite the uncertainty around how the UK will exit the EU, EU law will continue to apply until the UK actually leaves the EU. On the day the UK leaves the EU, the European Union Withdrawal Act will come into force. This will retain existing EU law.

By way of example, the Interchange Fee (Amendment) (EU Exit) Regulations 2019 will ensure that the EU Interchange Fee Regulation can continue to operate effectively as directly retained EU law after the UK's withdrawal from the EU. Moreover, the Payment Systems Regulator has adopted the EU Exit Instrument for onshoring the regulatory technical standards Regulation supplementing Article 7(1)(a) of the EU Interchange Fee Regulation.

Finally, although it falls outside the discussion in this chapter, it is worth noting that payment service providers (PSPs) and others involved in the issue or acceptance of credit cards, debit cards and similar products under the aegis of a payment scheme such as Visa or MasterCard, are usually subject to detailed rules, operating regulations or similar requirements set by the governing authority of the scheme.

ii Regulation

Following the financial crisis in 2007–2008, the UK government undertook a review of all aspects of financial regulation, which led to a reformation of the UK's financial regulators.

On 1 April 2013, the UK's Financial Services Authority was abolished and its licensing and regulatory functions – including in relation to banking, e-money and payment services – were transferred to two new regulators: the Prudential Regulatory Authority (PRA) and the FCA. On that date the PRA became the licensing authority for banks (certain strategic and policymaking powers of the PRA have since been transferred to a Bank of England Prudential Regulation Committee, from March 2017)27 and the FCA became the licensing authority for non-bank mortgage lenders and intermediaries, payment institutions and EMIs. The FCA also became the lead conduct regulator for banks as well as most mortgage lenders, intermediaries, payment institutions (and, now, AISPs) and EMIs.

The Office of Fair Trading (OFT) had for a long time been the licensing and conduct regulator for most non-mortgage consumer lending, but it was dissolved and its responsibilities passed to the FCA in April 2014.

A subsidiary of the FCA, the Payment Systems Regulator (which became operational on 1 April 2015), is the lead regulator for the UK payment systems regime under the Financial Services (Banking Reform) Act 2013 and the lead enforcement authority for the EU Interchange Fee Regulation.

Those regulators have at their disposal a wide range of investigative, enforcement and disciplinary tools. For example, they have a broad range of information gathering and investigatory powers; and they can impose (or apply to court for) a range of sanctions, typically including public censure, powers to give directions, financial penalties, disgorgement of ill-gotten profits, customer restitution, imposition of conditions on licences (or their revocation), injunctions and, in some cases, criminal prosecution.28

Finally, it is worth noting the out of court disputes resolution regime presided over by the Financial Ombudsman Service. This is governed by the Dispute Resolution: Complaints Manual in the FCA Handbook, and generally provides consumers and quasi-consumers with a free channel for bringing complaints against banks, lenders, payment institutions, AISPs and EMIs (with those providers typically having to pay case fees to the Financial Ombudsman Service). The Financial Ombudsman Service has a mandate for determining complaints on the basis of what it considers to be 'fair and reasonable in all the circumstances of the case'.29 If the Financial Ombudsman Service upholds a complaint, as it often does, it can make a substantial financial award against the provider.


The payment services regime was introduced under the UK Payment Services Regulations 2009 on 1 November 2009, which implemented PSD1.30 At that time, its main impact was on traditional products such as current accounts, credit cards, money remittance and merchant acquiring. Since then, the range of payment products and PSPs on the market has diversified, particularly in the areas of digital and mobile banking, e-money and mobile payments – and the application of payment services regulation has broadened accordingly.

To reflect the rapid expansion of the payments market, the regulatory regime was updated by PSD2,31 which was required to be implemented in all EU Member States by 13 January 2018. In addition to capturing the newly regulated payment services of account information services (AIS) and payment initiation services (PIS), together often referred to as third-party payment services provided by third-party providers (TPPs), PSD2 has widened the territorial scope of the payments conduct of business regime and introduced detailed security requirements and access rights for TPPs, which are likely to have a substantial impact on account providers. PSD2 was implemented in the UK by the PSRs.

i Overview

In the following paragraphs, we summarise some of the main obligations on PSPs.

Regulated payment services

The PSRs regulate the following activities:

  1. executing funds transfers, for example, transfers to or from a payment account (such as a current account or e-money account), or placing or withdrawing of cash on such accounts, or money remittance services involving transfers that are not from or to an account;
  2. issuing payment instruments (e.g., payment cards or potentially apps in mobile phones);
  3. acting as merchant acquirers or some other forms of payment processor (a definition of 'acquiring of payment transactions' was introduced for the first time in PSD2,32 which means that some payment processors who previously had unregulated relationships with merchants may now have regulated relationships, and have to seek authorisation accordingly); and
  4. acting as a TPP, by – in broad terms – providing access to account information (i.e., AIS) or initiating payments at a customer's request from their account held with a third party (i.e., PIS).33

There are also a number of exclusions from those regulated payment services, perhaps most notably the following.34

The commercial agent exclusion is available for 'payment transactions between the payer and the payee through a commercial agent authorised in an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee'. There has been much discussion over whether and when online marketplaces (and other payments providers) should be able to rely on this exclusion, with the general sense being that it will now be harder to fall within scope of the exclusion.35

The limited network exclusion most notably applies to:

services based on specific payment instruments that can be used only in a limited way and meet one of the following conditions . . . (ii) are issued by a professional issuer and allow the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer; [or] (iii) may be used only to acquire a very limited range of goods or services.

This exclusion lends itself to products such as certain fuel, restaurant or store cards – although some providers have sought to rely on it for broader networks of service providers, or wider ranges of goods and services, so requiring an exercise of judgement (and potentially engagement with local regulators) as to how far it is appropriate to do so.36

Authorisation and passporting

Where a PSP provides a regulated payment service in the UK, and an exclusion does not apply, the PSP needs to be suitably licensed by the FCA or another relevant authority including in another EEA country. Typically, the PSP will be licensed as a bank, EMI or payment institution, or registered as an AISP.

The PSRs set out the licensing regime for payment institutions and registration regime for AISPs.37 Licensed payment institutions are required to maintain a certain level of regulatory capital, and to safeguard customer funds (although safeguarding is not applicable to PIs only providing PIS, as they do not handle customer funds). There are number of options for how to safeguard, with the most common method being to put funds received from or for customers (or matched amounts) in a ring-fenced bank account. Although this is the most common way to safeguard, it does often raise a number of operational challenges, and some PSPs will accordingly look to alternative safeguarding options such as safeguarding insurance (although this can be expensive and hard to obtain).38

AISPs (providing only AIS and not other regulated payment services) are not subject to the full licensing regime; rather they are subject to a lesser registration regime,39 the most notable feature of which is the need to hold professional indemnity insurance against the risks of conducting their activities. Similar insurance also needs to be held by payment institutions and EMIs who provide PIS.40

Other key areas of focus under the licensing regime are: the robustness of a payment institution's systems and controls,41 particularly its IT systems; and the need for any functions outsourced by a payment institution – including intra-group outsourcings – to be appropriately overseen by the payment institution and to meet a number of other requirements42 (some of these requirements also apply to AISPs).

As well as payment institutions being permitted to provide regulated payment services, they can also provide credit in limited circumstances,43 for example, by issuing credit cards, but may need to obtain additional consumer credit permissions under the FSMA in order to do so.44

A payment institution authorised in one EEA state (such as the UK) can use its licence in all other EEA states – the passporting regime. This means that, once authorised in one EEA jurisdiction, a payment institution does not need fresh licences to provide payment services in other EEA states, although it may need to comply with other local law requirements.

Finally, a small payment institution regime also exists but with restrictions on total monthly transaction amounts, and without the ability to passport.45

Conduct of business requirements

As well as the licensing regime for payment institutions, the PSRs set out extensive conduct requirements for all PSPs when providing payment services – including banks and EMIs, as well as payment institutions and (to a lesser extent) AISPs. How those requirements apply depends on whether or not a transaction is executed in an EEA currency46 (such as the euro or sterling) and whether one or both of the payer's PSP and payee's PSP are operating from a location in the EEA.47

PSPs have to provide pre-contract and transactional information to customers. In some cases, the information needs to be 'provided' in a 'durable medium', which raises a number of challenges as to how and when information is provided or stored.

The PSRs govern the timeframes in which payments must be executed, after being initiated by a customer, in order to reduce the scope for PSPs to retain float (i.e., to keep hold of funds for their own purposes rather than putting them at the disposal of their customers).

For transfers in euros (and domestic transfers in the domestic currency, such as sterling transfers within the UK), the payer's PSP usually needs to ensure that cleared funds are received by the payee's PSP by the end of the business day after the transfer was initiated. For other transfers in EEA currencies within the EEA, up to four business days are usually permitted.48

Once the payee's PSP receives cleared funds, it must immediately put them at the disposal of the payee (except for certain currency conversions involving non-EEA currencies).49

Departures from those rules apply most notably for internal transfers (where the same PSP is acting for both payer and payee), which need to be executed immediately; and for card payments, where there is a usually a basis for delaying putting funds at the disposal of the payee (i.e., of the merchant taking payment).

The PSRs also have detailed provisions as to the rights and liabilities of customers and PSPs; in particular, PSPs need to re-credit unauthorised transactions to customers' accounts (with limited scope for making customers liable for them), and are also ordinarily liable for misexecution of transactions, for example if they are sent to the wrong payee or not sent at all.50 These requirements bring important protections to customers, whose rights were – prior to introduction of PSD1 – less well defined in these areas, with delayed refunds of unauthorised transactions having been a particular concern of regulators.

The PSRs also set out detailed and rigorous requirements on payments security and access for TPPs (which we discuss below), and constraints on certain charges and charging practices. Of particular note was the introduction of a new general prohibition on surcharging by payees (typically merchants) when they are paid by consumers, with non-consumer payments being limited to cost.51

The conduct of business requirements in the PSRs apply to payment services provided not only to consumers but also to business customers, although non-consumers (other than micro-enterprises and charities)52 can be asked to opt out of many of the conduct requirements.53

ii Third-party payment services

Two new third-party payment services were introduced by PSD2, namely PIS and AIS, each of which involves a PSP that does not handle funds providing customers with services in relation to payment accounts offered by third-party PSPs, where those payment accounts are accessible online.

A PIS is an 'online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another [PSP]'.54 It is anticipated as a 'software bridge between the website of the merchant and the online banking platform of the payer's account servicing [PSP] in order to initiate internet payments on the basis of a credit transfer',55 and in practice is likely to include services that allow customers to pay online merchants directly from their bank accounts rather than using credit or debit cards.56 Such payments might typically be routed through domestic payment systems (such as the faster payment service in the UK) and may offer merchants the benefits of payments clearing to their accounts more quickly, more cheaply and with less risk of being reversed back to the customer, by comparison to card scheme payments such as Visa or MasterCard. However, it remains to be seen whether such payment methods are as advantageous to customers.

An AIS is:

an online service to provide consolidated information on one or more payment accounts held by the payment service user with another payment service provider or with more than one payment service provider, and includes such a service whether information is provided (a) in its original form or after processing; (b) only to the payment service user or to the payment service user and to another person in accordance with the payment service user's instructions.57

They are likely to include account aggregation services, such as Money Dashboard, which offer customers a single place in which to view information for a number of different payment accounts offered by multiple PSPs.58

TPPs are entitled to have (at their customers' request) mandatory access to payment accounts or payment account data, on non-discriminatory terms, to enable delivery of their payment initiation and account information services.59 The European Commission adopted a Delegated Regulation in November 2017 setting regulatory technical standards, based on regulatory technical standards drafted by the EBA with some amendments (discussed further below), covering the basis on which the account providers and TPPs will securely communicate with each other in order to facilitate delivery of those third-party services, and which will come into effect after a transitional period probably likely to end in the second quarter of 2019.60

The new provisions are intended to encourage introduction of new, competing services. The example of how PIS may benefit merchants has been given above; in the case of AIS (potentially offered in conjunction with PIS), there is an opportunity for TPPs to obtain transactional data, provide customers with added value services and potentially cross-sell them other products.

iii Security

The other major impact of PSD2 has been to introduce detailed and rigorous security requirements, by comparison to PSD1. The new regime includes:

  1. a requirement for PSPs to establish a framework of appropriate mitigation measures and control mechanisms to manage the operational and security risks relating to the payment services they provide, and to submit a comprehensive assessment of such operational and security risks to their regulators on an annual basis;61
  2. obligations around notification of any major operational or security incident to regulators and, if the incident could have an impact on the financial interests of customers, obligations to also notify customers without undue delay of the incident and of all measures that they can take to mitigate the adverse effects of the incident;62 and
  3. a requirement for customers to undergo strong customer authentication when, for example, accessing their payment accounts or initiating electronic payment transactions.63 Strong customer authentication requires payers to authenticate themselves to their PSPs using 'two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others'.64 Failure to apply strong customer authentication can affect a PSP's liability for unauthorised transactions.65

The European Commission's Delegated Regulation referred to above also sets regulatory technical standards on the application of strong customer authentication. Banks and other PSPs will have to put in place the necessary infrastructure for strong customer authentication at the end of a stated transitional period. The regulatory technical standards allow for exemptions from strong customer authentication in recognition of the fact there may be alternative authentication mechanisms that are equally safe and secure.66

Implementation of the Strong Customer Authentication – Regulatory Technical Standards (SCA – RTS) occurred on 14 September 2019, and contains heightened rules on the way payment services providers verify the identity of a customer and validate specific payment instructions.67 However, in response to concerns about industry readiness to apply SCA to e-commerce card transactions, the European Banking Authority accepted that the FCA may give firms under its supervision extra time to implement SCA.

The FCA has stated that it will not take enforcement action against firms simply for not meeting the relevant requirements for SCA from 14 September 2019 in areas covered by the plan coordinated by UK Finance,68 where there is evidence that they have taken the necessary steps to comply with the plan. The FCA has stated that, after 14 March 2021, any firm that fails to comply with the requirements for SCA will be subject to full FCA supervisory and enforcement action as appropriate. The FCA has also made it clear that implementation of SCA is not affected by the current plan for the UK to leave the EU.

iv Passporting after Brexit

Following the Brexit vote on 23 June 2016, one of the major questions facing the payments industry is whether, and if so how, passporting rights will operate once Brexit is implemented. This will depend on what outcome is negotiated for Brexit: in particular, if the UK stays in the single market (or possibly negotiates a similar arrangement, such as equivalence or mutual recognition of financial services licences), then a UK payment institution or AISP (or indeed bank or EMI) authorisation may continue to serve in other EEA countries and vice versa. At the time of writing, however, it is difficult to assess whether such an outcome is likely or not, but we must emphasise that the outcome is uncertain as it will depend on political negotiations that are yet to take place.


i Overview

Access to banking services

The Payment Accounts Regulations 2015 (PAR), which came into force on 18 September 2016, has, among other things, obliged certain UK banks69 to provide payment accounts with basic features to any consumers who meet certain criteria, including being legally resident in the EU, with it in some cases being a challenge to ascertain eligibility.70

Deposit guarantee

The deposit guarantee scheme in the UK is the Financial Services Compensation Scheme (FSCS). The FSCS protects certain customers with deposit accounts in the UK against losses in the event that their bank is unable to meet its obligations to them.

The obligations on banks and building societies in relation to deposit guarantees are set out in the 'Depositor Protection' part of the PRA Rulebook.71 Among much else, the PRA's rules set out that the maximum compensation payable for the aggregate eligible deposits of each depositor is £85,000 (except, in certain circumstances, where the maximum compensation is £1 million or unlimited in connection with personal injury or incapacity).72


Overdrafts allow customers to withdraw or spend more than the amount of the funds currently available in their payment account. As a form of unsecured lending, they are subject to many of the provisions of the consumer credit regime described above and below. Charges for using overdrafts have in the past been subject to litigation under the fairness regime currently set out in the CRA,73 and are also under scrutiny by various organisations, such as the UK Competition and Markets Authority (CMA) (see below).

ii Recent developments

Open banking

On 9 February 2016, the Open Banking Working Group74 published a detailed framework for delivering an Open Banking Standard in the United Kingdom.75 It has been designed to 'help improve competition and efficiency, and stimulate innovation in the banking sector'.76

The Open Banking Standard recommends that open application programme interfaces (APIs) be built 'to help provide open access to open data and shared access to private data of the customer'.77 The intention is that customers can procure access to their own private banking data, so that they may better manage their finances and make better decisions about the financial products they choose. The Open Banking Standard also promotes open data exchange between financial institutions.

Accordingly, Open Data API specifications have been published online,78 with the stated aim of allowing 'API providers (e.g. banks, building societies and automated teller machine providers) to develop API endpoints which can be accessed by API users (e.g. third-party developers) to build mobile and web applications for banking customers'. The specifications 'allow API providers to supply up to date, standardised, information about the latest available products and services so that, for example, a comparison website can more easily and accurately gather information, and thereby develop better services for end customers'.79

CMA final report on retail banking market investigation

The CMA launched a market investigation into the supply of retail banking services to personal current account customers and small and medium-sized enterprises in November 2014. The CMA's final report80 was published in August 2016, and introduced a package of binding remedies, including the below.

It included the CMA requiring the largest retail banks81 in the UK to develop and adopt an open API banking standard in order to share information, for the reasons propounded by the Open Banking Working Group (see above). According to the CMA, of all the measures it considered as part of its investigation:

the timely development and implementation of an open API banking standard has the greatest potential to transform competition in retail banking markets . . . by making it much easier for both personal customers and [small and medium sized enterprises] to compare what is offered by different banks and by paving the way to the development of new business models offering innovative services to customers.82

It also included implementing a set of remedies to increase customers' awareness of their overdraft usage and help them manage it. These remedies included:

  1. requiring banks to alert customers that they have exceeded, or are about to exceed, their credit limit; and
  2. where customers are permitted to exceed their credit limit, a requirement that banks provide information about a grace period during which no additional charges will be applied if the account returns to being within its pre-agreed credit limit by the end of the grace period.83

It is worth noting that, for many customers, banks had already offered such alerts and grace periods for some time.

On 2 February 2017, the CMA made the Retail Banking Market Investigation Order 2017 (the Order). Among other things, the Order requires nine banks in Great Britain and Northern Ireland84 to make up-to-date personal current account and business current account transaction data sets available without charge and in accordance with certain standards,85 from 13 January 2018.86

Five of those banks notified the CMA that they would not be able to release all these data sets by the specified date, and on 19 December 2017 the CMA issued each of these five banks with directions stipulating the timeline for the delivery of the outstanding data sets and the arrangements that each must make for reporting progress to the CMA in the meantime.87


In this section, we discuss credit cards (as illustrative of revolving credit) and some related areas of regulation and recent developments.

Like overdrafts, credit cards involve provision of both payment services and credit facilities, and as such are subject to both the payment services regime (discussed above) and the consumer credit regime. Where these regimes overlap, the consumer credit regime usually takes priority.

i Overview

As noted above, the consumer credit regime derives largely from the CCA and the FSMA, including CONC and other aspects of the FCA Handbook. They include both a licensing regime and detailed conduct requirements.

As regards conduct requirements, the regime is highly prescriptive of matters such as the format and content of advertising and information needing to be provided before, during and after entering into credit agreements; consumer rights; and required or prohibited practices, in areas such as underwriting, charging or collecting on loans. The conduct requirements vary depending on the type of consumer credit activity being carried on, with the heaviest burden falling on lenders themselves. We provide a more detailed description of some of the requirements below.

Failure to comply with the consumer credit regime can in many cases have an impact on the enforceability of loan agreements or related charges, and result in customer claims, customer remediation and enforcement action.


The FSMA sets out a licensing regime (similar in various respects to the payment institution licensing regime) under which firms can obtain 'permissions' for lending and a range of intermediary and ancillary activities such as credit broking, operating an electronic system in relation to lending, debt adjusting, debt counselling, debt collecting and debt administration.88

Such activities are generally regulated if the lending is to:

  1. individuals, whether consumers or sole traders; or
  2. 'relevant recipients of credit' (or in the case of lending through an electronic system, 'relevant persons'), being partnerships of two or three partners (of which at least one partner is a natural person) or unincorporated associations (of which at least one member is a natural person).89

There are a variety of exemptions and exclusions from the regulated activities, perhaps most notably the business borrowing exemption and the charge card exemption.

The business borrowing exemption is where the borrowing is for business purposes and exceeds £25,000 – so, for example, a business credit card with a credit limit of £26,000.

The charge card exemption applies to credit cards or other forms of revolving credit where all the credit drawn down over a period of three months or less is repayable in one go, and where no interest or other significant charges apply (or where the credit is secured on land).90

Generally, the above UK credit-related licences cannot be passported (i.e., cannot be used in other EEA countries), although banks and (as noted above) payment institutions and EMIs can passport certain lending activities.

Pre-contractual information

Before a customer enters into a credit agreement, the lender must provide certain pre-contractual information, including:

  1. an 'adequate explanation' of various specified features of the credit agreement, in order to put the customer in a position to assess whether the agreement suits their needs and financial situation;91
  2. the Standard European Consumer Credit Information, which contains detailed information relating to the credit agreement;92 and
  3. a summary box, designed to set out key information about the credit card product in a simple, standard format, in order to make it easy for customers to understand and compare credit cards.93


Before entering into a credit card agreement, the lender must undertake a reasonable assessment of the creditworthiness of the customer. The assessment should take into account not only the customer's ability to repay the proposed credit within a reasonable period but also the potential for the commitments under the credit agreement to adversely impact the customer's financial situation. The assessment has to be based on 'sufficient information' obtained from the customer 'where appropriate' and a credit reference agency 'where necessary'.94 The lender must carry out a fresh creditworthiness check before significantly increasing a customer's credit limit.95

In July 2017, the FCA consulted96 on proposed changes to CONC rules and guidance about assessing creditworthiness and affordability, with the aim of clarifying what it expects of firms. The consultation closed in October 2017. New rules were introduced on creditworthiness assessments through the FCA's Policy Statement in July 2018, and came into effect on 1 November 2018.97 The changes clarify the FCA's existing rules and guidance in CONC 5 (Responsible lending) and 6 (Post contractual requirements), and the application of the general requirements on firms in the FCA's Senior Management Arrangements, Systems and Controls sourcebook (SYSC). The creditworthiness assessment, as a safeguard against over-indebtedness post-financial crisis, is a key area of regulatory scrutiny. CONC still contains detailed rules and guidance, which, while fairly prescriptive, do allow some flexibility as to the information to be gathered and assessed. Industry guidance is also available.98

The new FCA rules reinforce the proportionality aspects of the old rules by stating that creditworthiness assessments, and the steps taken to ensure the assessment is reasonable, should be proportionate to the circumstances of the individual. There is no indicative list of factors to consider, and the FCA has taken a principled approach to proportionality. However, there is guidance on the factors to assist when a firm is deciding how much information is sufficient for the purposes of the creditworthiness assessment as well as the accuracy of that information.99 The new CONC rules highlight that the creditworthiness assessment must consider the credit risk to the lender of the consumer not making repayments; and the affordability risk and effects on the customer of not making repayments. Failures in the creditworthiness assessment can lead to regulatory or other action (resulting potentially in customer remediation and other sanctions).

The UK government has also proposed a new creditworthiness bill, which, if passed, would require the FCA to make further changes to its rules to 'ensure that firms carrying on credit-related regulated activities and connected activities and [firms] entering into or varying a regulated mortgage contract or home purchase plan take into account rental payment history and council tax payment history when assessing a borrower's creditworthiness'.100 As at the end of 2019, the bill has had its first reading in the House of Commons.

Form and content of the agreement

The CCA and underlying regulations101 prescribe the form and content for credit agreements, and require the agreement to be signed by both the lender and borrower, using either 'wet ink' signatures or electronic signatures.

Connected lender liability

The consumer credit regime sets out a wide variety of rights for borrowers, the best known of which is perhaps Section 75 CCA.

Section 75 provides that where a customer uses their credit card to make a purchase for something that costs between £100 and £30,000, they have a claim against their lender in the event of a misrepresentation or breach of contract by the supplier. The customer is free to bring a claim directly against the card issuer, without needing to bring a claim against the supplier first. Section 75 also applies in relation to other similar arrangements, not credit cards alone.

From a lender's perspective, Section 75 is potentially very significant in that customers could bring a claim for consequential losses (i.e., claims against the lender are not limited to the amount of credit provided).

Statements and statutory notices

Lenders must provide borrowers with statements and a range of statutory notices (generally with highly prescribed content and timings) in a variety of circumstances, perhaps most notable of which – in the context of a credit card – is the obligation to provide customers missing two consecutive payments with a notice of sums in arrears (NOSIA).102

Failure to comply strictly with the requirements can result in sanctions such as unenforceability of the credit agreement and inability to charge any interest or default sums during the period of default. A number of lenders have had to undergo costly remediation exercises to remedy failures in this area.

ii Recent developments

The FCA's credit card market study

Within days of taking over responsibility for the regulation of consumer credit in the UK in April 2014, the FCA announced its intention to launch a market study into the credit cards sector, in order to explore whether competition was working effectively and 'to ask how the industry worked with those people who were in difficult financial situations already'.103

The FCA published its final report on 16 July 2016.104 The major concern expressed was the extent and nature of 'problem' credit card debt. According to the report, in 2014 around 6.9 per cent of UK cardholders (which equates to about 2 million people) were in arrears or had defaulted. The FCA also found that 8.9 per cent of credit cards active in January 2015 (5.1 million accounts) will take – based on current repayment patterns and assuming no further borrowing – more than 10 years to pay off their balance.105

Also set out in the final report was a package of reforms that the UK Cards Association has, on behalf of the credit card industry, volunteered to implement. They include sending notifications to all consumers before the expiry of a promotional offer and helping borrowers mitigate the risk of inadvertently incurring charges by alerting them before they reach their credit limits, and allowing them to request card repayment dates falling after their pay days.

Following the publication of its final findings report from the credit card market study, the FCA published a consultation paper106 on 3 April 2017 on persistent credit card debt and earlier intervention remedies, and then subsequently published feedback on this consultation and a further consultation paper107 on 14 December 2017. These papers propose a number of changes to FCA rules and guidance, including new requirements on credit card companies to:

  1. intervene and help customers whose credit card debt persists over 18 to 36 months; and
  2. use data they hold to assess whether customers are at risk of potential financial difficulties, and take appropriate action to help customers – even though they may not have missed a payment.

The FCA published its policy statement with final rules in February 2018.108 The final rules and guidance are aimed at helping customers in persistent credit card debt, and require firms to intervene earlier to identify customers at risk of financial difficulties. The FCA estimates that customers 'will save between £310 million and £1.3 billion per year in lower interest charges'.109

Review of retained CCA provisions

When the FCA took over responsibility for the regulation of consumer credit in 2014, much of the CCA was replaced with rules under the FSMA. However, a range of provisions have been retained in the CCA and its subordinate legislation.

In accordance with legislation, the FCA was required to arrange for a review of the CCA and to report to Her Majesty's Treasury by 1 April 2019. The review was required to consider whether repeal of CCA provisions would adversely affect the appropriate degree of protection for consumers and, in particular, which CCA provisions could be replaced by FCA rules or guidance under the FSMA.

In February 2016, the FCA launched a 'call for input' on the retained provisions in the CCA.110 Many players in the consumer finance market used this as an opportunity to make submissions about aspects of the consumer credit regime that they believed should be amended (not just simplified), such as moderating the stringent sanctions for certain breaches, for example, of the NOSIA requirements. The call for input has since closed, and in the consultation published by the FCA on persistent debt and earlier intervention remedies in December 2017 (see the FCA's credit card market study above), the FCA stated that it would submit an Interim Report in 2018.111

In March 2019, the FCA published its Final Report on the CCA.112 It sets out the FCA's views and takes into account the views of stakeholders from roundtable discussions and the earlier call for input.

Decisions about the future of CCA provisions will fall on the government, and the Final Report does not include formal recommendations to the Treasury, but provides analysis and evidence around various areas and themes. The Final Report is aligned with the Interim Report and sets out the following:

  1. the FCA believes the rights and protections currently afforded to borrowers are important and should be maintained in some form. According to the FCA, a significant number of these rights and protections are ill-suited to FCA rules and cannot be moved into the FCA Handbook with the same level of protection. Accordingly, the FCA recommend retaining these provisions but also acknowledges that there are a number of issues with these provisions and these issues merit further consideration to ensure they continue to provide an appropriate degree of protection for borrowers without imposing an undue burden on firms;
  2. the FCA believes information requirements may be better suited to FCA rules, which would allow a more principles-based, outcomes focused approach and greater flexibility. However, the FCA believes that the current sanctions from the CCA should be retained for breaches of the proposed rules; this will require primary legislation to amend the existing sanctions to refer to the new rules; and
  3. the FCA recognises that there are some problems with the current sanctions framework, which can lead to draconian sanctions for minor infringements. The FCA suggests that this merits further consideration, whether or not provisions are moved or replicated in FCA rules. One option raised in the Report is an expansion of the FCA's rulemaking powers to allow for unenforceability and disentitlement to interest.


i Overview

Personal loans

Typically, non-mortgage personal loans based on provision of a fixed amount of credit (as opposed to revolving credit) are subject to broadly the same regulatory regime as credit cards. Some key areas of difference are:

  1. the equivalent exemption to the 'charge card exemption' applies where credit is repaid within one year in 12 instalments or fewer, with no significant charges for credit applying;113 and
  2. in addition to NOSIAs, a key area for enforcement action and customer remediation is incorrect annual statements.114


Any security provided in relation to a consumer credit agreement must be in writing, setting out specified information in a prescribed manner and executed by the surety.115 Failure to document and execute a security agreement in accordance with the CCA will mean that the security is only enforceable with a court order. Various other provisions also apply under the consumer credit regime in relation to security.

Hire purchase and conditional sale

Two of the most common forms of secured consumer lending in the UK (popular in the context of car financing, for example) – hire purchase agreements and conditional sale agreements – both involve a delayed transfer of title, which, as one legal commentator notes, 'is technically not a form of security so far as the law is concerned'.116

A hire purchase agreement is an agreement for the hire of goods in return for periodical payments with an option (or other specified trigger) for ownership of the goods to pass to the borrower.117

A conditional sale agreement is an agreement for the sale of goods under which the purchase price (or part of it) is payable by instalments and the seller owns the goods until the purchase price is paid or another specified condition is satisfied.118

These agreements are treated as credit agreements and are, again, subject to largely the same requirements as credit card agreements. A key difference is a right for borrowers to terminate their credit agreement early without having to repay the whole of the credit; instead, they normally need to pay (or have paid) half of the total price of the goods and return the goods to the creditor.119

Student loans

The Student Loans Company (a non-profit-making, government-owned organisation) administers government-provided loans to students attending universities and colleges in the UK. Loans are available for tuition fees and maintenance support, with repayments ordinarily being taken directly from a borrower's salary by their employer on behalf of HM Revenue and Customs, once their salary reaches a certain level.120

There are various legislative provisions in place to enable student loans to fall outside the consumer credit regime in the CCA and FSMA.121


Mortgages largely fall outside the CCA. They are nonetheless subject to a similar licensing regime and conduct requirements under the FSMA, although MCOB generally applies in place of CONC, with some areas of difference including substantially different information requirements and detailed rules on early repayment charges.

Consumer buy-to-let mortgages, however, are governed by a special, lighter touch regime under the Mortgage Credit Directive Order 2015.

ii Recent developments

High-cost short-term credit

High-cost, short-term credit (HCSTC) is defined as unsecured credit made available to individuals (or 'relevant recipients of credit') in relation to which the APR is at least
100 per cent and which is advertised as being provided for at most a year (or similar) or under which the credit is due to be substantially repaid within a year.122 'Payday lending' is the example cited most often, and has been one of the FCA's top priorities since it took over responsibility for regulating consumer credit. Of particular note:

  1. the FCA has granted lending permissions to very few payday lenders, compared with the previous licensing regime under the OFT; and
  2. CONC has introduced rules that apply specifically to HCSTC firms, including specific conduct standards and price caps: interest and charges must not exceed 0.8 per cent of the amount borrowed per day over the contractual period of the loan; default fees must not total more than £15; and the total cost of the credit cannot exceed 100 per cent of the amount borrowed.123

In November 2016, the FCA launched a consultation on whether, among other things, aspects of the HCSTC regime should be extended to other forms of high-cost credit products.124 The FCA published feedback in July 2017 in which it confirmed its decision to maintain the price cap on HCSTC and identified a number of issues about other forms of high-cost credit that could cause consumer harm.125 The FCA is particularly concerned about rent-to-own, home-collected credit and catalogue credit, and has wider concerns about consumers' long-term indebtedness.

The FCA stated in its 2018/19 Business Plan that it intended to conduct a review into the HCSTC market with a focus on complaints, arrears and default rates. In January 2019, the FCA (for the first time) published new findings about the HCSTC market drawing on regulatory return data. This data showed that over 5.4 million loans were made in the year ending 30 June 2018. The FCA also observed that the market is concentrated, with 10 firms accounting for around 85 per cent of new HCSTC loans.

Following an increase in customer compensation claims, and the collapse of Wonga, the FCA sent a 'Dear CEO' letter to providers of HCSTC in October 2018. In the letter, FCA director of supervision, Jonathan Davidson, asked these firms to assess their lending activities to determine whether their creditworthiness assessments are compliant, and whether borrowers should be reimbursed. The letter also asked these lenders to tell the FCA if the cost of compensating customers with grievances will leave the firm unable to meet their financial commitments. The warning came amid an increase in complaints about unaffordable lending, including the risks in relation to repeat borrowing and a pattern of dependency on HCSTC.

Since October 2018, additional HCSTC lenders have exited the UK market. Most recently, in October 2019, CashEuroNet UK LLC, trading as QuickQuid, Pounds to Pocket and Onstride, was placed into administration. Other HCSTC providers that have exited the market include the Money Shop, Cash Genie and Wageday Advance.

Claims management

On 1 April 2019, the FCA became the supervisory authority of claims management companies (CMCs). CMCs were previously regulated by the Claim Management Regulator.

The focus of the FCA regulation in this area is on driving up standards of conduct and boosting consumer protection. The FCA has stated that it expects CMCs to be trusted providers providing high-quality, good value services. This is a significant shift in the kind of regulation CMCs will now face.

CMCs had to register for temporary permission with the FCA by 31 March 2019. Firms were then asked to apply for authorisation in two application periods.

The FCA has already started to focus resources on this industry. For example, in August 2019, the FCA reviewed various CMC adverts and found widespread poor practice. Jonathan Davidson, executive director of Supervision – Retail and Authorisations at the FCA, said:

Many CMCs play a significant role in helping consumers to secure compensation. But CMCs using misleading, unclear and unfair advertising practices to get business is completely unacceptable. We won't hesitate to take action where we consider that customers are being misled or otherwise treated unfairly by poor advertising…Firms should also understand that we will take their compliance with our rules on financial promotions into account when considering applications for full authorisation.

As a result of this review, the FCA fined Professional Personal Claims Limited £70,000 for misleading consumers through its websites and printed materials.126

Peer-to-peer lending

On 1 April 2014, the UK introduced a new regulatory framework for 'peer-to-peer' lending, also known as loan-based crowdfunding, which included the introduction of a new regulated activity: 'Operating an electronic system in relation to lending'.

Firms (i.e. peer-to-peer (P2P) platforms) that operate an electronic system in the UK must be authorised by the FCA if they facilitate lending or investment by individuals and relevant persons127 or borrowing by individuals and relevant persons, provided that the P2P platform:

  1. is capable of determining which credit agreements should be made available to each of the borrowers and lenders;
  2. undertakes to receive and pay out amounts of interest or capital due to lenders; and
  3. either takes steps to collect (or arrange for the collection) of repayments or exercises, or enforces rights under the credit agreement.128

P2P platforms are also entitled to conduct other activities ancillary to the running of the platform, including interaction with credit information agencies.

P2P platforms must comply with various sections of the FCA Handbook. Notably, FCA rules in CONC require P2P platforms to provide certain protections to borrowers who are individuals or 'relevant recipients of credit'. They in many ways mirror obligations on lenders elsewhere under the consumer credit regime. Accordingly, P2P platforms must, among other things, provide adequate explanations of the key features of the credit agreement to borrowers, assess the creditworthiness of borrowers and provide post-contract information where the borrower is in arrears or default.

In July 2016, the FCA published a call for input to the post-implementation review of the FCA's crowdfunding rules, including those mentioned in the previous paragraph.129 An interim feedback statement published in December 2016 announced that the FCA has identified areas of specific concern, including the improvement of wind-down plans to allow existing P2P loans to be administered in the event of the P2P platform's failure, cross-investment (i.e., investment in loans originated on other P2P platforms), the application of mortgage-lending standards where the funds raised through the P2P platform is to finance the acquisition of property, and rules on the content and timing of disclosures (including financial promotions) to persons lending or investing through the platform.130

Following this, the FCA published a Consultation Paper in July 2018131 on P2P and investment-based crowdfunding platforms. In this Paper, the FCA observed some poor business practices in this sector, which led the FCA to the conclusion that the regulatory framework needed updating with further rules and guidance.

As a result, in June 2019, the FCA published a Policy Statement132 implementing new rules. The new rules and guidance came into force on 9 December 2019, with the exception of applying MCOBs to P2P platforms that offer home finance products, which came into force on 4 June 2019.

Under the package of new rules and guidance, the FCA has, among other things, introduced:

  1. more explicit requirements to clarify what governance arrangements, systems and controls platforms need to have in place to support the outcomes these firms advertise;
  2. rules on plans for the wind-down of P2P platforms;
  3. marketing restrictions to P2P platforms, designed to protect new or less-experienced investors; and
  4. a requirement that an appropriateness assessment (to assess an investor's knowledge and experience of P2P investments) be undertaken, where no advice has been given to the investor.


The MCD as implemented in the UK broadly applies to credit agreements entered into with individuals (or trustees) secured by a mortgage on residential land in the EEA.133

The MCD was implemented in the UK on 21 March 2016, although certain provisions are subject to later implementation including transitional arrangements. The implementing measures were – with a view to minimising disruption – in effect added on top of the existing UK regulated mortgages regime under the FSMA, particularly through changes to MCOB (with the exception of consumer buy to let mortgages which, as noted above, are regulated under a separate Mortgage Credit Directive Order 2015).

Among the key changes under the MCD were:

  1. bringing second charge mortgages (in many cases previously regulated under the CCA) within the FSMA mortgage regime;
  2. changes to exemptions from mortgage-related regulated activities;134
  3. amended advertising rules;135
  4. restrictions on bundling mortgages with the sale of other financial products;136
  5. additions to the affordability assessment requirements;137
  6. introduction of standard pre-contractual information in the form of a European Standardised Information Sheet, although, for a transitional period up to 21 March 2019, mortgage lenders can for certain mortgages continue to use the existing key facts illustration with extra information;138
  7. introduction of a new step involving making a binding mortgage offer and a related cooling-off period;139
  8. an amended APR calculation and introduction of a requirement to have an additional APR in the European Standardised Information Sheet for certain mortgages (particularly variable rate mortgages);140 and
  9. new early repayment rights.141

In March 2019,142 the FCA published its Final Report, which sets out the FCA's vision for the mortgages market as one in which borrowers who can afford a mortgage can choose suitable and good value products and services. Firms should have a culture of treating all customers fairly, and competition and proportionate regulation should empower consumers to make effective choices before taking out, and throughout the life of, a mortgage.

To achieve this, the FCA has amended its responsible lending rules and guidance with the aim of removing potential barriers to consumers switching to a more affordable mortgage, and to reduce the time and costs of switching for all relevant consumers.

The changes will mean that, among other things, mortgage lenders can choose to carry out a modified affordability assessment where a consumer:

  1. has a current mortgage;
  2. is up to date with their mortgage payments (and has been for the past 12 months);
  3. does not want to borrow more, other than to finance any relevant product, arrangement or intermediary fee for that mortgage; and
  4. is looking to switch to a new mortgage deal on their current property.

The FCA is also proposing to change its rules143 to make it clear that tools that allow customers to search and filter available mortgages are not necessarily giving advice. It will also be clearer that some forms of interaction, such as firms helping consumers with their applications, do not require advice.


The CRA sets out a detailed fairness regime that applies to both terms in consumer contracts and notices given to consumers. It generally applies in relation to all finance, payments and retail banking relationships with consumers.

The CCA also has a regime giving courts wide powers of redress where a credit agreement, or related relationships or practices, give rise to an unfair relationship between the lender and borrower.144 It also applies to business borrowers falling within scope of the CCA (as described above) irrespective of the amount borrowed.

In addition, the FCA's 'treating customers fairly' regime145 broadly applies to unfair practices across the financial services described in this chapter. The regime applies to both consumer and business customers.

Key areas of scrutiny and challenge in this area include misselling, the breadth of contract variation provisions, and the levels (and disclosure) of charges.


i Enforcement actions

On 28 September 2016, the FCA issued final notices146 to an HCSTC provider, Wage Payment and Payday Loans Ltd, and its director, in which the FCA:

  1. cancelled Wage Payment and Payday Loans Ltd's interim permissions to provide regulated activities including consumer credit lending;
  2. refused Wage Payment and Payday Loans Ltd's application for full permission; and
  3. banned the director from carrying out any regulated activity carried on by an authorised firm.

In related matters, on 24 January 2017 and 1 February 2017, the FCA issued decisions not to approve applications by Nationwide Debt Consultants Limited147 and Steven Maoudis,148 respectively, for permission to carry on the regulated activities of debt adjusting and debt counselling, which revoked the interim permissions that they both had that allowed them to undertake these activities.

These cases illustrate the FCA's tough regulatory stance on HCSTC described above, and specifically reflect its concerns about excessive sums being charged to customers (or even removed from some customers' accounts), failures in assessing whether customers could afford loans before lending to them, and a lack of knowledge and skills among debt management practitioners, particularly in relation to the debt solutions available to customers.

There have been various fines issued by the FCA in 2019 in the retail banking sector. These include fines against Bank of Scotland Plc (relating to failing to be open and cooperative with its regulators), R. Raphael & Sons Plc (relating to culture/governance) and Standard Chartered Bank (relating to breaches of the Money Laundering Regulations 2007 and financial crime).

In 2018, Vanquis Bank Limited (Vanquis) received a fine from the FCA in the amount of £1,976,000 for breaches of PRIN 6 and PRIN 7 related to unfair treatment of customers in the consumer credit sector. According to the FCA, Vanquis failed to make sure customers were informed about the full cost of its repayment option plan (ROP) when it was offered to customers. Most Vanquis customers chose the ROP to help manage their credit without realising instead that the product might lead to their indebtedness increasing. Customers are entitled to be told all relevant information when being offered financial products. The firm was also required to repay an estimated £168,781,000 in compensation, which constitutes the amount of the charges not disclosed to customers when they bought the ROP.

Recently, there have also been various packages of consumer redress announced involving consumer lenders. By way of example, in March 2018, PerfectHome agreed with the FCA a package of customer redress totalling over £2.1 million. PerfectHome (a trading name of Temple Finance Limited) is a rent-to-own firm that provides household goods to customers on hire purchase agreements. The FCA previously identified that the firm's affordability assessments did not adequately take into account customer circumstances that led to customers being issued with loans they could not afford. In addition, the FCA considered that the collections processes did not always deliver good outcomes for customers, with some customers being charged late fees for arrears on their insurance contracts, contrary to the firm's own policy, customers paying for insurance before receiving goods and customers not always receiving a refund of their first payment where the agreement was cancelled before goods were delivered. In response to these concerns, PerfectHome conducted a programme of improvements and identified customers that may have been treated unfairly in the past that will be paid redress.

There has also been enforcement action in respect of data breaches. For example, credit rating agency Equifax was fined £500,000 by the Information Commissioner's Office (ICO) in 2018 after it failed to protect personal data. A 2017 cyberattack exposed information belonging to 146 million people around the world, mostly in the United States. The ICO concluded that Equifax's UK branch had 'failed to take appropriate steps' to protect UK citizens' data. It added that 'multiple failures' meant personal information had been kept longer than necessary and left vulnerable. It is worth noting that the ICO worked with the FCA on the investigation.

ii Litigation

Durable medium

PSD2 (and previously PSD1) requires that various information be provided in a durable medium. Historically, this was generally done by sending a paper mailing to customers, but nowadays for obvious reasons many PSPs aim to provide information electronically. While sending personal emails is often an adequate way of meeting the requirements, for a variety of reasons some PSPs aim to use alternative means of electronic communications, and there has been some uncertainty as to whether and how those alternatives can meet the requirements.

In the BAWAG case,149 the Court of Justice of the European Union (CJEU) was asked to consider whether and how e-banking mailboxes can be used to provide information in a durable medium under PSD1. The CJEU found that for information on an e-banking portal or other website to be considered as being in a durable medium:

  1. the website must allow the user to store information addressed to him or her personally, in such a way that he or she may access it and reproduce it unchanged for an adequate period of time, without any unilateral alteration of its content by that service provider or by another professional being; and
  2. where the user is obliged to consult that website in order to become aware of that information, the transmission of that information must be accompanied by active behaviour on the part of the PSP, aimed at drawing the user's attention to the existence and availability of the information on the website.150

Unfair relationships

In the 2014 Plevin case151 on unfair relationships under the CCA, the UK Supreme Court held that a credit broker's non-disclosure of the amount of commission it received from a lender for arranging payment protection insurance (which was 71.8 per cent) could, and in this case did, amount to an unfair relationship between the customer and the lender in respect of the related credit agreement.

Unfair terms

There has been renewed focus on the drafting of unilateral rights of variation in consumer contracts, to ensure that they are fair and enforceable under the CRA, following recent CJEU decisions,152 which set out the following principles.

The contract must – in plain, intelligible language – set out the reasons for and method of any such variation, so that before entering into the agreement the consumer can foresee alterations that may be made.

Not providing this information cannot be compensated for by the mere fact that consumers will, during the performance of the contract, be informed in good time of the variation and of their right to terminate their contract if they do not wish to accept the variation.

It will also be relevant whether the consumer's right of termination can actually be exercised in the specific circumstances.

The FCA has published the Unfair Contract Terms and Consumer Notices Regulatory Guide (UNFCOG) as part of its Handbook, which explains the powers the FCA has, and provides guidance on the approach the FCA may take when handling unfair terms and notices under the CRA and the Unfair Terms in Consumer Contracts Regulations 1999.153

The FCA also published guidance154 in December 2018 on the fairness of variation terms in financial services consumer contracts under the CRA. This guidance outlines a number of non-exhaustive areas that the FCA believes firms should have regard to when drafting and reviewing variation terms. These include and are not limited to the validity of the reasons for using the variation term, the transparency of the variation term and the provision for notice in the variation term.

At a European level, in July 2019, the European Commission adopted a Guidance Notice on the interpretation of Council Directive 93/13/EEC on Unfair Terms in Consumer Contracts (UCTD), which, for consumer contracts entered into on or after 1 October 2015, is implemented in the UK by Part 2 of the CRA. The Guidance Notice provides a snapshot of the substantial body of case law from the CJEU on the meaning of the UCTD.

Default Notices – CCA

In 2019, the Court of Appeal confirmed that service of a compliant default notice under Section 87(1) of the CCA is not merely a procedural precondition to issuing proceedings but is required to start time running for the purposes of the six-year limitation period under Section 5 of the Limitation Act 1980.

In Doyle v. PRA Group (UK) Ltd [2019] EWCA Civ 12,155 Doyle entered into a credit card agreement subject to the CCA with the card issuer. The agreement provided for payment of the whole outstanding balance in certain circumstances. Doyle defaulted and in December 2009 the card issuer served a default notice as required under Section 87(1) of the CCA requiring part payment of the debt by a specified time. No payment was made. The debt was ultimately sold and this debt purchaser commenced proceedings to recover the entire amount outstanding on 31 October 2015, being within six years of the date specified in the default notice but more than six years since Doyle's last payment.

The Court of Appeal upheld the High Court decision that the claim had been issued within the limitation period. It held that the effect of Section 87(1) of the CCA is that the cause of action arises from the date the default notice expires. Section 87(1) of the CCA is not merely a procedural requirement providing that a default notice is required before proceedings can be commenced. Further, the court found that Sections 88 and 89 of the CCA provide that the creditor can take no action until the end of the period mentioned in the default notice, and that the debtor can remedy the breach specified in the default notice by the date stated in it. If it does so, the breach will then be treated as not having occurred, reversing the substantive legal rights and obligations of both parties. These sections had to be read together and interpreted consistently.

Interchange fees

In the card sector, the Supreme Court will rule on a landmark case involving Mastercard that will test the standards applied to a Collective Proceedings Order in a major competition claim.

The action against Mastercard concerns allegedly inflated multilateral interchange fees charged between Mastercard and banks, and passed on to merchants, for providing card acceptance services in stores. Former financial services ombudsman Walter Merricks CBE brought the claim on behalf of 46 million consumers who used Mastercard. The power to bring collective proceedings was introduced into the Competition Act 1998; claims are eligible for inclusion in collective proceedings only if the tribunal considers that they raise the same, similar or related issues of fact or law and are suitable to be brought in collective proceedings. 

This follows a series of cases involving multilateral interchange fees involving Visa and Mastercard under competition laws.


1 Arun Srivastava is a partner and Nina Moffatt is an associate at Paul Hastings (Europe) LLP.

2 Made up of the countries of the European Union (EU) plus Norway, Iceland and Liechtenstein. EU financial services laws tend to be 'single market' measures that also apply to these additional EEA countries.

3 The FCA Handbook is available at: www.handbook.fca.org.uk/handbook/.

4 Respectively, Directives 2008/48/EC and 2014/17/EU.

5 Namely, micro-enterprises, charities with an annual income below £1 million and certain trustees – see BCOBS 1.1.1 and the definition of 'banking customer' in the glossary to the FCA Handbook.

6 BCOBS 5.1.5 to 5.1.8.

7 BCOBS Chapter 6.

8 BCOBS Chapters 2 to 4 and 7 in particular. Certain information requirements apply with respect to consumers only.

9 BCOBS 5.1.12 and 5.1.14 to 5.1.19.

10 BCOBS 1.1.3 and 1.1.4.

11 Payment Services and Electronic Money – Our Approach. The FCA's role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, June 2019 (version 4), available at: https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf.

12 Directive 2015/2366/EC.

13 Directive 2007/64/EC.

14 Directive 2009/110/EC.

15 EMRs 39 to 45.

16 EMR Section 44.

17 Regulation (EU) 2015/751.

18 2014/92/EU.

19 For regulatory guidance on which payment accounts are subject to the UK regulations, see: www.fca.org.uk/publication/policy/ps16-20.pdf.

20 Regulation (EC) 1781/2006.

22 This regime is comprised of consumer outcomes set out by the FCA, available at https://www.fca.org.uk/firms/fair-treatment-customers, and Principles 6 and 7 in Section 2.1 of the FCA's Principles for Businesses (PRIN) in the FCA Handbook.

23 There is similar protection for non-consumers under the Business Protection from Misleading Marketing Regulations 2008.

24 Directive 95/46/EC.

25 Regulation (EU) 2016/679.

26 Directive 2002/58/EC.

27 Under the Bank of England and Financial Services Act 2016.

28 See, for example, the FCA's Enforcement Guide and Decision Procedure and Penalties Manual in the FCA Handbook; and the PSR's Powers and Procedures Guidance (March 2015) in relation to the Financial Services (Banking Reform) Act 2013 and Guidance on the PSR's approach as a competent authority for the EU Interchange Fee Regulation (October 2016).

29 The Dispute Resolution: Complaints Manual 3.6.1.

30 Directive 2007/64/EC.

31 Directive 2015/2366/EU.

32 Under Article 4(44) PSD2 – Regulation 2(1)PSRs.

33 The full list of regulated payment services (and related exclusions) is set out in Part 1 of Schedule 1 to the PSRs.

34 The FCA has provided more guidance on the commercial agent exclusion and other activities excluded from regulated payment services here: https://www.fca.org.uk/commercial-agent-exclusion-cae.

35 See for example the FCA's guidance in Q33A of Chapter 15 of their perimeter guidance (PERG).

36 The full list of exclusions is in Part 2 of Schedule 1 to the PSRs; the commercial agent and limited network exclusions are in Paragraphs (2)(b) and (k) of Part 2, respectively. See also the FCA guidance in Q40 of PERG 15. Further clarity on the limited network exclusion is provided by the FCA in https://www.fca.org.uk/firms/limited-network-exclusion.

37 See Regulation 5-21 PSRs. The EMRs set out a similar licensing regime for EMIs.

38 See Regulation 23 PSRs for further details of the safeguarding requirements.

39 Regulations 17 and 18 PSRs.

40 Regulation 6(7)(e) and (f) and Paragraph 19, Schedule 2 of the PSRs.

41 Regulation 6(6) PSRs.

42 Regulation 25 PSRs.

43 Regulation 32 PSRs.

44 See for example Q20A in PERG 15.

45 Regulations 13 to 16 and 27 PSRs.

46 Article 2 PSD and Article 2 PSD2 / Regulations 40 and 63 PSRs.

47 Article 2 PSD2 / Regulations 40 and 63 PSRs.

48 Regulation 86 PSRs.

49 Regulations 88 and 89 PSRs.

50 Regulations 75 to 77 and 91 and 92 PSRs.

51 For the exact details, see regulations 6A and 6B of the Consumer Rights (Payment Surcharges) Regulations 2012, which were introduced by Part 3 to Schedule 8 of the PSRs with effect from 13 January 2018, in accordance with Articles 62(3)–(5) PSD2.

52 As defined in Regulation 2(1) PSRs.

53 Regulations 40 and 63 PSRs.

54 Article 4(14) PSD2/Regulation 2(1) PSRs.

55 Recital (27) PSD2.

56 See also Q25B in PERG 15.

57 Article 4(16) PSD2/Regulation 2(1) PSRs.

58 See also Q25A in PERG 15.

59 Articles 36 and 66 to 68 PSD2 / Regulations 105 and 69 to 71 PSRs.

60 Article 98, PSD2 and Commission Delegated regulation on Regulatory Technical Standards specifying requirements on strong customer authentication and common and secure communication under PSD2, available at: https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-7782-F1-EN-MAIN-PART-1.PDF.

61 Article 95 PSD2/Regulation 98 PSRs.

62 Article 96 PSD2/Regulation 99 PSRs. See also Section 15.14.20 of the FCA's supervision manual (SUP).

63 Unhelpfully, the term 'electronic payment transactions' is not defined, creating some uncertainty of scope.

64 Articles 4(30) and 97 PSD2/Regulations 2 and 100 PSRs.

65 See in particular Articles 74(2) and 92 PSD2/Regulations 77 and 95 PSRS.

66 Articles 10-21 of the Commission Delegated Regulation.

67 EBA published an Opinion on the elements of strong customer authentication under PSD2: https://eba.europa.eu/eba-publishes-an-opinion-on-the-elements-of-strong-customer-authentication-under-psd2.

69 Under Regulation 21 PAR.

70 For example, asylum seekers and 'consumers who have not been granted a residence permit but whose expulsion is impossible for legal or practical reasons' may be among those eligible, and it may not be straightforward to establish their status. See Regulation 23 PAR.

71 The PRA Rulebook is available at: www.prarulebook.co.uk.

72 Rule 4 (Limits on compensation payable), Depositor Protection rules, PRA Rulebook.

73 Most notably, Office of Fair Trading v. Abbey National plc [2009] UKSC6, [2010] 1 AC 696.

74 The Open Banking Working Group is a joint industry and government group made up of representatives from banks, fintech companies, consumer bodies and the government.

76 'Introducing the Open Banking Standard', Open Data Institute 2016, page 5.

77 ibid.

81 RBS, Lloyds, Barclays, HSBC, Santander, Nationwide, Danske Bank, Band of Ireland and AIB.

82 Paragraph 166.

83 As summarised in Figure 15.1 of the CMA's 'Retail banking market investigation: Final report'.

84 Namely: Royal Bank of Scotland Group plc, Lloyds Banking Group plc, Barclays Bank plc, HSBC Group, Nationwide Building Society, Santander UK plc, Northern Bank Limited, Bank of Ireland (UK) plc and AIB Group (UK) plc.

85 Article 14, the Order.

86 Article 2.10, the Order.

88 Respectively, Articles 36A, 36H, 39D, 39E, 39F and 39G of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the RAO). See the RAO for the full list of regulated activities.

89 Articles 60L and 36H of the RAO, respectively.

90 The business borrowing and charge card exemptions are in Articles 60C(3) and 60F(3) of the RAO respectively.

91 Under CONC 4.2.5.

92 Most notable under the Consumer Credit (Disclosure of Information) Regulations 2010.

93 Further information, including an example of the standard summary box, is provided by the UK Cards Association: http://www.theukcardsassociation.org.uk/wm_documents/Credit%20Card%20Summary%20Box%20Final%20Vesion%20%28July%202012%29.pdf.

94 CONC 5.2A (Creditworthiness assessment).

95 CONC 5.2A.5(4) and CONC 5.2A.6.

96 FCA Consultation Paper: Assessing creditworthiness in consumer credit – Proposed changes to our rules and guidance - https://www.fca.org.uk/publication/consultation/cp17-27.pdf.

97 Assessing creditworthiness in consumer credit – Feedback on CP17/27 and final rules and guidance, https://www.fca.org.uk/publication/policy/ps18-19.pdf.

98 Such as the Common Financial Statement produced by the Money Advice Trust, the Finance and Leasing Association and the British Bankers' Association; and Information for Practitioners produced by the Lending Standards Board.

99 CONC 5.2A.20R to 5.2A.25G.

100 Creditworthiness Assessment Bill [HL] 2017-19, see: https://services.parliament.uk/bills/2017-19/creditworthinessassessment.html.

101 Most notably the Consumer Credit (Agreements) Regulations 2010.

102 Section 86C CCA.

103 'FCA announces competition review into credit cards – particular focus on how industry works with those in difficult financial situations', 3 April 2014, www.fca.org.uk/news/press-releases/fca-announces-competition-review-credit-cards-particular-focus-how-industry.

104 FCA Market Study MS14/6.3, 'Credit card market study: Final findings report', www.fca.org.uk/publication/market-studies/ms14-6-3-credit-card-market-study-final-findings-report.pdf.

105 Paragraph 1.30, FCA Market Study MS14/6.3.

106 FCA Consultation Paper: Credit card market study – consultation on persistent debt and earlier intervention remedies (CP17/10).

107 FCA Consultation Paper: Credit card market study – Persistent debt and earlier intervention remedies - feedback on CP17/10 and further consultation.

108 FCA Policy Statement PS18/19: Assessing creditworthiness in consumer credit: www.fca.org.uk/publication/policy/ps18-04.pdf.

111 FCA Consultation Paper: Credit card market study – Persistent debt and earlier intervention remedies – feedback on CP17/10 and further consultation.

112 Review of retained provisions of the Consumer Credit Act: Final report Presented to Parliament pursuant to paragraph 20(8) of Part 5 of the Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2014, SI 2014/366: www.fca.org.uk/publication/corporate/review-of-retained-provisions-of-the-consumer-credit-act-final-report.pdf.

113 Article 60F(2) RAO.

114 Lenders must provide annual statements to borrowers in relation to fixed-sum loan agreements under Section 77A CCA. A non-compliant annual statement results in the same consequences as an incorrect NOSIA, which is that the statement will be deemed to have not been sent at all. See JP Morgan Chase Bank, National Association v. Northern Rock (Asset Management) Plc [2014] EWHC 291 (Ch) (19 February 2014).

115 Section 105 CCA.

116 Paragraph 3.4 Hire-Purchase and Instalment Sale, Goode: Consumer Credit Law and Practice.

117 Section 189 CCA.

118 Section 189 CCA.

119 Sections 99 and 100 CCA.

120 See the student loans regime under the Teaching and Higher Education Act 1998.

121 See for example Section 8 of the Sale of Student Loans Act 2008.

122 See the glossary to the FCA Handbook.

123 CONC Rule 5A.2.

124 FCA Call for Input: High-cost credit – Including review of the high-cost, short-term credit price cap.

125 FCA Feedback Statement: High-cost credit – Including review of the high-cost short-term credit price cap.

126 FCA Final Notice for Professional Personal Claims Limited: www.fca.org.uk/publication/final-notices/professional-personal-claims-limited-2019.pdf.

127 'Individual consumers' would include natural persons such as consumers and sole traders. 'Relevant persons' include partnerships of two or three persons, not all of whom are bodies corporate, or unincorporated bodies of persons that do not consist entirely of bodies corporate and are not a partnership.

128 Article 36H RAO.

132 FCA's Policy Statement PS19/14 – Loan-based ('peer-to-peer') and investment-based crowdfunding platforms: Feedback to CP18/20 and final rules: https://www.fca.org.uk/publication/policy/ps19-14.pdf.

133 Article 3 MCD.

134 Article 4(4B) RAO.

135 Chapter 3A of MCOB.

136 MCOB 2A.2.

137 Chapter 11A of MCOB.

138 Chapter 5A of MCOB, and MCOB TP 1 MCD Transitional Provisions.

139 MCOB 6A.3.

140 Chapter 10A of MCOB.

141 MCOB 2A.4.

142 The FCA's Mortgages Market Study: MS16/2: www.fca.org.uk/publications/market-studies/mortgages-market-study.

144 Sections 140A to 140C CCA.

145 Principles 6 and 7 in Section 2.1 of PRIN.

149 Judgment of the Court (Third Chamber) of 25 January 2017, BAWAG PSK Bank für Arbeit und Wirtschaft und Österreichische Postsparkasse AG v. Verein für Konsumenteninformation (Case C-375/15).

150 For FCA guidance on durable medium, see for example paragraph 8.75 of the PSD2 Approach Document and the Durable Medium website.

151 Plevin v. Paragon Personal Finance Ltd [2014] UKSC 61 (12 November 2014).

152 Nemzeti Fogyasztóvédelmi Hatóság v. Invitel Távközlési (Case C-472/10, judgment given 26 April 2012) and RWE Vertrieb AG v. Verbraucherzentrale Nordrhein-Westfalen e.V. (Case C-92/11, judgment given 21 March 2013).

153 Statements of Good Practice on Fairness of Terms in Consumer Contracts is available https://small-firms.fca.org.uk/firms/unfair-contract-terms/unfair-contract-terms-library.