The Consumer Finance Law Review: United Kingdom
The UK consumer finance and payments landscape is a complex patchwork of different statutes, secondary legislation, and Financial Conduct Authority (FCA) rules and guidance. This means that it can be difficult to navigate, both for new entrants and for established players.
Much of the UK regulatory framework derives from European directives; however, some important parts are UK-specific and have been in place, largely unamended, since the introduction of the Consumer Credit Act 1974 (CCA). This has led to criticism and a general consensus in the industry that the regime needs simplifying and updating to bring it into line with changing technologies and consumer behaviour. Although the FCA has commonly expressed a desire to facilitate innovation and increase the accessibility of financial services, it is reluctant to introduce any drastic changes that could erode the level of consumer protection in the UK. This tension is also clear in the FCA and Treasury's (HMT) work on the regulation of the 'buy now, pay later' (BNPL) industry. While there is a clear desire to regulate some business models, the HMT's recent consultation is clearly trying to strike the difficult balance between consumer protection and maintaining a competitive market.
Now that we have reached the end of the Brexit transitional period, the FCA's review of retained CCA provisions is in train and new rules on BNPL are imminent, the industry is hopeful for simplification and modernisation of the regime over the coming years.
Legislative and regulatory framework
Under the Financial Services and Markets Act 2000 (FSMA), an entity must be authorised by the FCA before it can carry out a regulated activity.2 The various regulated activities are contained in the FSMA (Regulated Activities Order) 2001 (RAO).
Article 60B of the RAO sets out the regulated activities for regulated credit agreements. Broadly, a 'regulated credit agreement' is a credit agreement for any amount entered into with an individual, small partnership or unincorporated association. The meaning of 'credit' is itself defined in Article 60L of the RAO as including any cash loan and any other form of financial accommodation.3 This is extremely broad, potentially capturing any form of deferred payment arrangement. The activity is not limited to lending to 'consumers' and will capture lending for business purposes.
Under Article 60B, entering a regulated credit agreement as lender is a regulated activity,4 as is 'exercising the lender's rights and duties' under a regulated credit agreement.5 Any entity that wishes to perform these activities must be authorised by the FCA.
The RAO also contains a number of exclusions and exemptions. One of the most commonly used exemptions is the 'business purpose' exemption in Article 60C of the RAO. This exempts agreements for credit agreements exceeding £25,000 entered into by the borrower wholly or predominantly for business purposes.6 Similarly, credit agreements with 'high net worth' borrowers can be excluded if certain formalities are complied with.7 Most BNPL lenders rely on the Article 60F RAO exemption, which exempts certain interest-free point-of-sale loans that are repayable over 12 months or less. There are also a number of exemptions for credit agreements relating to land, as these are predominantly regulated by the UK mortgages regime.
Finally, Article 61 of the RAO contains regulated activities relating to mortgages. Entering into a regulated mortgage contract8 and administering a regulated mortgage contract9 are both regulated activities and require FCA authorisation. Broadly, a regulated mortgage contract is a loan to an individual or trustees secured on land in the UK, of which at least 40 per cent is used as a dwelling.10
The CCA lays down information requirements that lenders must comply with, both at the agreement stage and at the post-contract stage.
Regulated credit agreements must comply with strict requirements relating to content and form, which are contained in secondary legislation. For example, a standardised pre-contract information sheet must be given before entering into a regulated loan or credit card agreements. This must be in a prescribed format with specific headings as set out in the Consumer Credit (Disclosure of Information) Regulations 2010, which implements parts of the European Consumer Credit Directive. Similarly, the credit agreement itself must contain certain information contained in the Consumer Credit (Agreements) Regulations 2010.11 Failure to comply with form and content requirements renders the agreement improperly executed and unenforceable without a court order.12
As well as the agreement process, there are various regulations governing the form and content of post-contract information. For example, the Consumer Credit (Information Requirements and Duration of Licenses and Charges) Regulations 2007 set out requirements for regular statements and information for customers in arrears. Similarly, the Consumer Credit (Enforcement, Default and Termination Notices) Regulations 1983 lay down requirements for notices where the lender is demanding early repayment. As well as these examples, there are a number of other regulations that dictate how and when information should be sent under the CCA.
The documentation requirements for mortgages are similarly prescribed and are contained in the FCA's Mortgages: Conduct of Business sourcebook (MCOB). For example, a standardised information sheet must be given to applicants before they enter into a regulated mortgage contract, and lenders must send various event-driven communications as well as regular statements.
Conduct of business
Post-contract conduct requirements were previously contained in the CCA and various guidance documents from the Office of Fair Trading (OFT), which regulated the consumer credit sector until April 2014. When the FCA took over regulation from the OFT, a number of these requirements were moved into the FCA's Consumer Credit Sourcebook (CONC), which forms part of the broader FCA Handbook. CONC contains a wide range of rules and guidance for consumer credit lenders and firms performing other credit related activities such as credit brokers and debt collectors, relating to the entire customer journey. For example, there are requirements relating to advertising13 and credit broking, as well as how to conduct affordability assessments14 and deal with consumers in financial difficulties.15
The conduct of business requirements for mortgages is set out in MCOB. These are quite different from those in CONC and differ between types of mortgage products; for example, MCOB contains specific rules on equity release products and home purchase plans.
The regulatory regime governing payments is less complex than consumer credit and is entirely based on European directives and regulation.
Regulatory requirements for payments are primarily contained in the Payment Services Regulations 2017 (PSRs), which implement the Second European Payment Services Directive (PSD2).16 As FSMA does not apply to payments, the PSRs contain licensing requirements as well as conduct of business requirements relating to the entire customer journey. The FCA has also published an Approach Document that gives its view on what is needed to comply with the PSRs.17
The PSRs regulate the payment services listed in Schedule 1. These include operating 'payment accounts' (broadly, accounts that can be used for day-to-day payment transactions) and other services such as money remittance, card issuing and merchant acquiring. They apply to all payment service providers (PSPs), including both payment institutions (authorised under the PSRs) and other entities, such as credit institutions and electronic money institutions that carry out payment services but are authorised under separate regimes.
The PSRs also contain a number of exclusions from payment services. For example, the 'limited network' exemption excludes payment services that can only be used in a limited way or to only acquire a limited range of goods or services.18 This typically excludes products such as gift cards or fuel cards. There is also exclusion for 'technical service providers' that do not come into possession of funds but that process data or provide IT services.19 This often covers providers of payment infrastructure such as card terminals and ATMs. Further detail on the impact of regulation under the PSRs can be found below, under Section III.
The Electronic Money Regulations 2011 (EMRs) implement the Second European Electronic Money Directive (EMD2) and include a licensing regime for electronic money institutions (EMIs), which issue electronic money. These institutions are not deposit takers; the regime is designed to encourage electronic money to be redeemed by customers rather than left with the EMI. For this reason, EMIs are not permitted to pay interest on e-money balances and must allow the customer to redeem at any time.
The Payment Accounts Regulations 2015 (PARs), which implement the European Payment Accounts Directive,20 are also relevant. They introduced new requirements for a standardised fee information document to be provided for all payment accounts, allowing consumers to compare fees more easily. They also require banks to facilitate account switching and require standardised terms to be used in all customer-facing documents in order to increase accessibility and ensure consumers are able to easily compare different services offered.
Finally, the EU Interchange Fee Regulation21 (IFR) was introduced alongside PSD2 to harmonise the regime for fees charged by credit card issuers across Europe. The IFR imposes a cap on interchange fees and imposes transparency obligations on banks and merchants as well as certain provisions designed to promote competition at card scheme level.
Under Article 5 of the RAO, 'accepting deposits' is a regulated activity and entities who wish to perform the activity must be authorised. Generally a deposit-taking entity will need to be authorised as a credit institution, although certain other entities such as credit unions can also accept deposits.
The FCA's Banking Conduct of Business sourcebook (BCOBS) applies to firms accepting deposits from all 'banking customers', which includes consumers, microenterprises and charities. BCOBS contains wide-ranging requirements for those deposit takers, including in relation to marketing, pre-contact information, statements of account and cancellation.
Deposit accounts can also be 'payment accounts' and regulated under the PSRs. Broadly, a 'payment account' is one that can be used for day-to-day payment transactions and other functionality such as direct debits and standing orders. Most standard current accounts are 'payment accounts', as are some savings accounts. Where an account falls within both the PSRs and BCOBS, large parts of BCOBS are disapplied.
As well as the product-specific framework described above, all financial service providers must comply with a number of 'horizontal' regulations.
Where a firm is dealing with a 'consumer', it must comply with the Consumer Rights Act 2015 (CRA). A 'consumer' is an individual acting for purposes that are wholly or mainly outside of their trade, business, craft or profession. However, it is clear that the FCA and the Financial Ombudsman Service (FOS) expect firms to treat small businesses (and particularly sole traders) similarly to consumers. Where a firm is contracting with a consumer, it must ensure that the terms are not 'unfair'. An unfair term is one that 'contrary to the requirement of good faith, causes a significant imbalance in the parties' rights and obligations under the contract to the detriment of the consumer'.22 Where a term is found to be unfair, it is not binding on the consumer.23 The CRA contains a list of contract terms that are indicatively unfair, as well as a number of exemptions to the list.24 The FCA has been very active in this area and has provided further guidance on what it considers to be 'unfair', particularly in relation to variation terms. Providers of financial services therefore typically spend a great deal of time ensuring that their terms are not unfair under the CRA.
Similarly, regulated firms must comply with on-boarding and ongoing monitoring requirements in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) as well as the Proceeds of Crime Act 2003 (POCA). Collectively, these require firms to undertake 'know-your-customer' checks when entering into a business relationship with a new customer, as well as monitoring accounts and transactions for suspicious activity. Where suspicions are identified, the firm must alert the National Crime Agency by submitting a suspicious activity report. It cannot handle the funds until the National Crime Agency has had a chance to investigate the payment.
A review of the industry following the 2008 financial crisis demonstrated that more rigorous regulation was required of financial services. This resulted in the UK FSA being replaced by a combination of the FCA and the Prudential Regulation Authority (PRA) in 2013. The PRA authorises credit institutions, insurance companies and other systemically important financial institutions, with the FCA becoming licensing authority for most other regulated entities. The FCA also took over regulation of conduct for most financial services institutions, which means that some are 'dual regulated' by both the FCA (for conduct) and PRA (for licensing).
Until 31 March 2014, the OFT had responsibility for consumer credit activities, which were entirely regulated by the CCA and associated secondary legislation. From 1 April 2014, supervisory responsibility for consumer credit activities transferred to the FCA. This was primarily achieved by amending FSMA and its associated secondary legislation to encompass consumer credit activities. The consumer credit activities that were formerly licensed under the CCA appear as 'regulated activities' in the RAO. Although broadly the range of activities is the same, there were some amendments to the scope of the activities covered.
Finally, the Payment Systems Regulator became operational in 2015 and is designed to be a competition-focused regulator for retail payment systems. The HMT published a list of designed payment systems that are regulated within the scope of the Payment Systems Regulator. These include Bacs, Chaps, Faster Payments, Visa and MasterCard.25
Collectively, these regulators have a wide range of powers. For example, the FCA has the power to issue fines or public censures, as well as require undertakings from firms to change terms or stop a particular practice. They can also prohibit specific individuals from working within the regulated sphere and use its product intervention power to require firms to change product features or marketing materials. In extreme cases, the FCA can ban the marketing or selling of a product altogether (though this power is rarely exercised).26
The FOS acts as the adjudicator for complaints against financial institutions. The FOS can consider complaints by any 'eligible complainant', which includes both consumers and some small businesses. The FOS's complaints handling procedures are governed by the FCA's Dispute Resolution: Complaints (DISP) sourcebook and it broadly makes decisions on what it considers 'fair and reasonable in all the circumstances of the case'.27 This does not always have to follow the law or any case law precedent (though the FOS claims to take the law and other regulatory guidance into account), which means that decisions can vary significantly depending on the facts of the specific case and the view of the individual Ombudsman making the ruling. Where the FOS upholds a complaint, it can require the firm to pay a financial award to the complainant. The maximum award it can make for complaints referred after 1 April 2020 for acts or omissions by firms after 1 April 2019 is £355,000.28
Payments were first subject to UK regulation in 2009 when the original Payment Services Regulations were introduced, which implemented the first European Payment Services Directive (PSD1).29 After 2009, the use of digital and mobile banking, as well as other innovative payment services, significantly increased. This rendered PSD1 somewhat out of date and inadequate for the constantly evolving payments industry. As discussed above, this led to the regime being subsequently replaced in 2018 by PSD2 and the PSRs, which were designed to accommodate changes in technology and consumer behaviour.
Conduct of business requirements
Both PSD1 and PSD2 contain detailed conduct of business requirements for PSPs. For example:
- PSPs must give specific pre-contract information before either entering into a framework contract for multiple payments (such as a current account agreement) or executing a single payment);30
- PSPs must also give or make available transaction information – for example, in the form of monthly statements;
- payments must arrive with the payee within a specific time. This is usually by the end of the business day after the payer instructs the payment, but can be longer if the payment is outside the EEA or in a non-sterling currency.31 There are also value-dating requirements that apply to the payee's PSP once they receive the funds from the payer's PSP;32
- there are detailed provisions surrounding liability for unauthorised transactions and those that are incorrectly executed by the PSP;33 and
- changes to, or termination of, a framework contract for payment services is subject to minimum time frames.34
Although the PSRs apply to all payers and payees, corporate customers can 'opt-out' of certain provisions.35 In addition, the scope of the regime has been amended in the light of Brexit, with payments outside of the UK being treated differently to those that are wholly within the UK, although some payments in euros within the UK and EEA will still be subject to many of the requirements.
PSD2 introduced two new payment services: payment initiation services (i.e., initiating payments from a customer's online account)36 and account information services (providing aggregated information across a range of online accounts).37 These are collectively referred to as 'third-party payment services' offered by 'third-party providers' (TPPs).
Under PSD2, TPPs are entitled to access online payment accounts to provide payment services. This is commonly done through an application programming interface (API) through which the payment account provider gives automatic access to the TPP provided it has the customer's consent, though other methods of access are also permitted. This new requirement led to most payment account providers undertaking complex and expensive IT projects in the months before PSD2 came into force to build APIs and give TPPs the required access.
PSD2 also introduced new security requirements for payments. Enhanced requirements apply when:
- the customer accesses their payment account online;
- initiates an electronic payment transaction; or
- carries out an action through a remote channel, which could lead to a risk of payment fraud or 'other abuses'.38
In these scenarios, PSPs must apply 'strong customer authentication' (SCA). This requires a two-factor process, where the customer must authenticate themselves using two or more of the following factors:
- knowledge (something the customer knows);
- possession (something the customer possesses); or
- inherence (something the customer is).
These must be independent factors so that a breach of one does not compromise the other. A failure to implement SCA means that the relevant PSP could be liable for unauthorised transactions occurring as a result. The Regulatory Technical Standards (RTS), which lay down detailed requirements for SCA, contain a number of exemptions.39 For example, the 'transactional risk exemption' allows PSPs to forgo SCA where the payment can be shown to pose a low level of risk.40 Similarly, the 'trusted beneficiary' exemption allows PSPs to not apply SCA where the payee is included in a list of trusted payees who have been previously paid with SCA applied.41
Again, the requirement to implement SCA was complex and costly for both PSPs and merchants, with new technical infrastructure being required and customer journeys being rewritten. It also means that many previously 'speedy' payment journeys are now more arduous and time-consuming for customers. This has led to many PSPs and merchants placing increased reliance on the RTS exemptions to make the customer journey as smooth as possible.
ii Recent developments
Despite the fact that the Brexit transition period has come to an end and a Brexit deal has been reached, there have been a number of recent important changes to the payment regulatory framework in the UK.42
Pre-Brexit, UK-authorised PSPs could passport from the UK into all other EEA states and vice versa. This meant that only one regulatory authorisation was required across the EEA. Now, UK PSPs can no longer passport and need to become authorised elsewhere in the EEA if they wish to operate outside the UK, on the condition that the home state regulator has not established a temporary permission regime. Similarly, those EEA PSPs that passport into the UK may need to become FCA authorised to continue their UK operations, and this will require them to establish a UK subsidiary in most cases, although they are allowed to take advantage of a temporary permission regime. Many UK-based financial institutions had already established EEA entities or separately authorised branches before the end of the transition period in preparation for a 'no-deal' scenario.
As well as passporting, Brexit impacts certain conduct of business requirements under the PSRs. For example, a number of provisions apply differently to 'one-leg-out' transactions. Before Brexit, this referred to transactions where one PSP is in the EEA and the other is not. Now, a one-leg-out transaction describes a scenario where one PSP is in the UK and the other is not, although certain euro payments carried out in the UK and EEA are still subject to most of the protections in the PSRs. This effectively means that a number of consumer protection provisions are disapplied from a greater number of international payments – especially those in non-euro EEA currencies.
Payment Systems Regulator: final card-acquiring market review
Following its interim report in September 2020,43 the Payment Systems Regulator published its final report44 on the card-acquiring market review in November 2021. This work was originally launched in 2019 because of concerns that card-acquiring services may not offer value for money for merchants and focused on Visa and Mastercard as the two largest card payment systems. Although the market review was launched before the economic impact of covid-19 was felt, the Payment Systems Regulator comments that covid-19 seemed to simply accelerate certain trends already in train, such as the growth in card payments, the shift to online shopping and increasing levels of card acceptance among small businesses. Collectively. these factors mean that it is even more important for the supply of card acquiring services to work well for merchants going forward.
The final report found that, while the supply of card-acquiring services works well for large merchants (i.e., those with an annual card turnover of over £50 million), it does not work well for smaller merchants with lower card turnovers, which represent over 90 per cent of the merchant population. In particular, small and medium merchants do not materially benefit from savings as a result of the IFR caps and often face a 'loyalty penalty' whereby new customers pay less than existing customers. However, where these small and medium merchants try to negotiate with their providers, they are often successful and benefit from a better deal. Despite that, they are unlikely to switch providers due to a lack of transparency and other practical barriers such as the inability to use existing POS terminals as well being required to enter into contracts for an indefinite period.
As a result of these concerns, the Payment Systems Regulator plans to publish a separate remedies consultation in early 2022. These remedies could include pricing transparency, changes to pricing structures and switching 'prompts'.
The final report found that, whilst the interchange caps in IFR resulted in savings for acquirers, the IFR did not drive down overall prices because the broader merchant service charge is not capped. As a result, further action is needed to ensure acquirers pass on savings they make from the IFR caps to merchants.
Deposit accounts and overdrafts
As described above, many consumer deposit accounts fall within the payment services regime or BCOBS. Those that fall within the PSRs are likely to be subject to the additional transparency requirements under the PARs.
As overdrafts are a form of credit, they often fall within the CCA (provided they meet the other requirements of 'consumer credit' set out above). The regulatory regime for overdrafts is slightly lighter touch than for loans and credit cards. For example, pre-contract information for overdrafts is less prescribed and can be given in the facility letter itself. Overdraft agreements also do not require a signature and, as overdrafts do not typically require regular repayments, arrears information is not needed.
Often current accounts fall within both the PSRs (when in credit) and the CCA (when overdrawn). Where this is the case, certain parts of the PSRs are specifically disapplied and the CCA usually takes precedence.45 This can lead to complexities when drafting terms and conditions. Many credit institutions take a 'highest common denominator' approach and apply the most consumer-friendly regulations to the entire account.
Certain customers can benefit from the UK deposit protection scheme, the Financial Services Compensation Scheme (FSCS). This protects deposits up to a certain amount in the event that the deposit-taking institution fails. Since 1 January 2017, the FSCS has protected up to £85,000 per eligible claimant per credit institution and £170,000 for joint claimants.46 Certain temporary high balances are protected for up to £1 million. As the protection amounts apply 'per institution', depositors are encouraged to spread their wealth between different institutions to ensure that they remain below the limit for each one.
The most common form of revolving credit (other than overdrafts) for consumers is a credit card. These allow customers to draw down up to an overall limit and repay a minimum amount each month. As card issuing is a payment service, credit cards often fall within both the PSRs and the CCA.
As described above, the CCA regime is highly prescriptive regarding documentation and conduct. For credit cards, as well as the CCA requirements and those set out in secondary legislation, UK Finance has prescribed additional requirements to provide a 'summary box' to allow customers to compare different card offerings.
In addition, CONC lays down additional obligations on credit institutions to identify customers in 'persistent debt'; that is, where they have paid more in interest and fees than they have paid towards the capital balance over the past 18 months.47 For those customers, the lender must explain that increasing repayments will reduce the cost of borrowing and encourage customers to contact them about increasing the amount of their regular payments. Where a customer remains in persistent debt for a further 18 month period, the lender must take reasonable steps (such as proposing a repayment plan) to help them repay the balance.
Unsecured fixed-term loans are broadly subject to the same CCA regime as credit cards and overdrafts, with highly prescriptive requirements applying at both the onboarding and servicing stage.
Motor finance is also largely regulated, though the specific regime that applies will depend on how the vehicle is financed. Although some providers offer simple car loans, others offer hire purchase or personal contract purchase (PCP) arrangements whereby ownership of the vehicle does not pass to the consumer until near the end of the agreement. These are regulated under the CCA but under a slightly different hire purchase regime. Consumers can also opt to lease vehicles, a strategy that is often caught by the consumer credit hire regime.
ii Recent developments
Exempt BNPL products
February 2021 saw the publication of the Woolard Review;48 a report from Christopher Woolard (former interim CEO of the FCA) and his team in relation to the future of unsecured credit. While it made a number of observations and recommendations regarding the unsecured credit market, the key recommendation was the regulation of BNPL products that are currently exempt under Article 60F of the RAO. This recommendation was made largely because of concerns that these products could result in unaffordable lending and, ultimately, consumer harm.
Following the publication of the Woolard Review, the HMT launched its own consultation49 in October 2021 seeking views on how to create a proportionate regime for BNPL products. In the consultation, the HMT recognise that it would be disproportionate to apply the CCA regime in its entirety to all entities that rely on Article 60F of the RAO, but it does not draw any firm conclusions regarding which entities should be within the regulatory perimeter or what that regime would look like. The HMT draws a distinction between (1) low-value, short-term BNPL agreements offered by third-party lenders and (2) short-term, interest-free credit providers that are typically for higher value goods and are repayable over around 12 months. While it seems that the HMT is keen to regulate BNPL providers, it considers that short-term, interest-free credit products do not present the same risk of consumer harm and can continue to operate under the Article 60F exemption. It will be interesting to see where exactly the regulatory perimeter is drawn and how this distinction is made.
As well as the regulatory perimeter, the HMT considers what the regime should look like. Rather than seeking to apply all CCA and CONC provisions, the HMT proposes a bespoke 'proportionate' regime for BNPL providers. While the consultation proposes applying certain CCA provisions and FCA rules such as those relating to creditworthiness, arrears processes and statutory notices, other provisions (regarding prescribed pre-contract and agreement documentation) may be disapplied. Some of the provisions that the HMT proposes to apply could create considerable difficulties for some BNPL providers and will require careful tailoring to ensure that the market remains competitive and providers are not driven out by the burden of regulation.
i Future regulatory framework
In November 2021, the HMT published its long-awaited Future Regulatory Framework (FRF) Review consultation,50 with proposals for reforms to the UK's financial services regulatory framework to keep it fit for the future and to reflect the post-Brexit landscape.
While the HMT concludes that the FSMA model is the most appropriate way to regulate financial services in the UK, it proposes a number of changes to the current framework. For example, it suggests that a new PRA/FCA objective of secondary growth and international competitiveness is needed to reflect the importance of the financial services sector as an engine for growth across the wider economy and the UK's position as a global financial centre. The HMT also intends to return responsibility for designing and implementing regulatory requirements to UK regulators, in a break from the European model. This will include providing the regulators with the necessary additional powers, where relevant, to make rules relating to those matters currently in retained EU law. Finally, the HMT is proposing enhanced mechanisms for accountability, scrutiny and oversight of the regulators by Parliament, the HMT and stakeholders, commensurate with the assumption by the regulators of the proposed significant new regulatory policymaking responsibilities.
The consultation closes on 9 February 2022. The HMT acknowledges that delivering the changes – particularly those relating to returning responsibility for designing and implementing regulatory requirements to the UK regulators – will be a significant undertaking. Many of the necessary changes will be delivered through an extensive programme of secondary legislation, which is likely to take several years.
ii Consumer duty
In May 2021, the FCA consulted on a new consumer duty for firms. This resulted from concerns that not enough firms were adequately considering the needs of their customers or prioritising good consumer outcomes as an objective of their business activities. The FCA published a further consultation in December 2021 setting out its proposals for consumer duty.51 The FCA proposes a new consumer duty applicable to products and services sold to retail customers.
In the consultation paper, the FCA has proposed a new principle to be included within the Principles for Businesses section of the FCA Handbook: 'A firm must act to deliver good outcomes for retail customers'. This will be a higher standard than the current Principle 6 (a firm must pay due regard to the interests of its customers and treat them fairly) and 7 (a firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading), and so these principles will be disapplied where the new consumer duty principle applies.
The FCA also proposed key behaviours that firms must follow to demonstrate that they comply, as well as four outcomes that represent the key elements of the firm–customer relationship. The key behaviours are set out in three cross-cutting rules requiring firms to:
- act in good faith;
- avoid foreseeable harm to retail customers; and
- enable and support retail customers to pursue their financial objectives.
The four outcomes provide more detailed rules and guidance in four areas – governance of products and services; price and value; consumer understanding; and consumer support.
Although the FCA first published a discussion paper on the duty of care in July 2018, there is now a clear timeline for the introduction of the changes as a result of the introduction of Section 29 of the Financial Services Act 2021, which requires the FCA to make rules by 1 August 2022. The FCA therefore proposes to make new rules by July 2022.
Affordability and creditworthiness
Under CONC,52 lenders must undertake an affordability assessment before entering into a regulated credit agreement. This must consider whether the customer is likely to be able to repay the credit and whether they will suffer any financial detriment in doing so.
There have been a number of recent FOS decisions regarding affordability issues, and the FCA also seems to have renewed its interest in this topic in the last couple of years (as set out in its 2020/2021 business plan) having previously focused its work in this area on the payday lending sector. This appears to be as a result of increased customer complaints and activity from claims management companies alleging that the agreement was unaffordable and should not have been entered into. This area may be particularly open to challenge as the rules and guidance in CONC are largely principles-based and do not set out specifically how an affordability assessment should be undertaken. As a result, lenders take different approaches and often use complex algorithms and third-party software to undertake automated assessments. The FCA has expressed concern that this may lead to much weight being placed on credit risk rather than affordability (see below).
i Enforcement actions
The impact of covid-19 and the emergency rules and guidance required from the FCA have resulted in a quieter year for enforcement action and regulator disputes in the consumer finance space. At the time of writing, the total amount it imposed in fines in 2021 was £239,045,800. Although this is considerably more than the 2020 total (£192,570,018), it is lower than the £392,303,087 levied in 2019. It also seems to be as a result of a small number of large fines, indicating that the FCA has not undertaken a marked increase in enforcement action in 2021.
There have been a number of industry communications, however, where the FCA appears to lay down its expectations and potentially pave the way for enforcement action in 2022 where firms do not act in a way in which the FCA considers adequate.
For example the FCA has sent various 'Dear CEO' letters to different types of institution, highlighting various risks and setting out its expectations. A Dear CEO letter was published to e-money firms in May 2021 setting out the FCA's ongoing concerns regarding communications and financial promotions and asking firms to write to customers to remind them how their funds are protected.
Similarly, a separate Dear CEO letter on AML frameworks was sent to all retail banks and published in June 2021. This highlighted specific common weaknesses in key areas of firms' financial crime systems and control frameworks and asked banks to complete a gap analysis against each of the common areas of weaknesses.
ii Disputes before the regulator
As mentioned above, the FOS is the primary complaints mechanism in the consumer finance space and has the power to award up to £350,000 in compensation. As a result, litigation in this space is unusual and there have been few notable consumer-focused cases in 2021.
UK regulators have been able to turn their focus to 'business as usual' objectives during 2021 rather than working almost exclusively on covid-19 initiatives. However, the impact of covid-19 is still being felt, resulting in a number of key FCA initiatives being delayed or amended. For example, its review of CCA retained provisions has gone quiet, instead being replaced by an emphasis on the regulation of BNPL products. Similarly, the Coronavirus Business Interruption Loan Scheme and Bounce Back Loan Scheme continue to present issues for lenders where borrowers are unable to repay or where they acted fraudulently on application.
A number of significant initiatives and regulatory changes are due to come into place during 2022, including (potentially) regulation of BNPL and the new consumer duty. It will be interesting to see how these progress and whether the ongoing impact of covid-19 and economic repercussions continue to influence the UK's regulatory agenda going forward.
1 Julie Patient is a counsel and Liz Greaves is a senior associate at Hogan Lovells International LLP.
2 Section 21 FSMA.
3 Article 60L(1) RAO.
4 Article 60B(1) RAO.
5 Article 60B(2) RAO.
6 Article 60C(3) RAO.
7 Article 60H(1) RAO.
8 Article 61(1) RAO.
9 Article 61(2) RAO.
10 Article 61(3) RAO.
11 Note that certain credit agreements must comply with the Consumer Credit (Disclosure of Information) Regulations 2004 and the Consumer Credit (Agreement) Regulations 1983 instead of the 2010 regulations.
12 Section 65 CCA.
13 See CONC 3.
14 See CONC 5.2A.
15 See CONC 7.
16 Directive (EU) 2015/2366.
17 Payment Services and Electronic Money – Our Approach. The FCA's role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, November 2021 (version 5), available at: https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf.
18 Schedule 1 Part 2(k) PSRs.
19 Schedule a Part 2(j) PSRs.
20 Directive 2014/92/EU.
21 Regulation (EU) 2015/751.
22 Section 62(4) CRA.
23 Section 62(2) CRA.
24 Schedule 2 CRA.
25 For a current list of designated payment systems, see https://www.psr.org.uk/payment-systems/who-we-regulate.
26 See the FCA's Enforcement Guide and Decision Procedure and Penalties Manual in the FCA Handbook.
27 DISP 3.6.1.
28 DISP 3.7.4.
29 Directive 2007/64/EC.
30 Information requirements are contained in Part 6 PSRs.
31 Regulation 86 PSRs.
32 Regulation 89 PSRs.
33 Liability provisions appear in Part 7 PSRs.
34 Regulations 50, 51 PSRs.
35 See for example Regulation 40(7) PSRs and Regulation 63(5) PSRs.
36 Schedule 1, Article 1(g) PSRs.
37 Schedule 1, Article 1(f) PSRs.
38 Regulation 100 PSRs.
39 Full details are in the final Draft Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366.
40 Article 16 RTS.
41 Article 13 RTS.
42 Changes are set out in the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018.
45 See for example Regulation 64 PSRs.
46 Rule 4 (Limits on compensation payable), Depositor Protection rules, PRA Rulebook.
47 CONC 7.6.27R(1).
51 A new Consumer Duty: Feedback to CP21/13 and further consultation, available at: https://www.fca.org.uk/publication/consultation/cp21-36.pdf.
52 See CONC 5.2A.