The Consumer Finance Law Review: United Kingdom


The UK consumer finance and payments landscape is a complex patchwork of different statutes, secondary legislation, and Financial Conduct Authority (FCA) rules and guidance. This means that it can be difficult to navigate, both for new entrants and for established players.

Much of the UK regulatory framework derives from European directives; however, some important parts are UK-specific and have been in place, largely unamended, since the introduction of the Consumer Credit Act 1974 (CCA). This has led to criticism and a general consensus in the industry that the regime needs simplifying and updating to bring it into line with changing technologies and consumer behaviour. Although the FCA has commonly expressed a desire to facilitate innovation and increase the accessibility of financial services, it is reluctant to introduce any drastic changes that could erode the level of consumer protection in the UK.

Now that Brexit is on the horizon and the FCA's review of retained CCA provisions is in train, the industry is hopeful for simplification and modernisation of the regime over the coming years.

Legislative and regulatory framework

i Legislation


Authorisation requirements

Under the Financial Services and Markets Act 2000 (FSMA), an entity must be authorised by the FCA before it can carry out a regulated activity.2 The various regulated activities are contained in the FSMA (Regulated Activities Order) 2001 (RAO).

Article 60B of the RAO sets out the regulated activities for regulated credit agreements. Broadly, a 'regulated credit agreement' is a credit agreement for any amount entered into with an individual, small partnership or unincorporated association. The meaning of 'credit' is itself defined in Article 60L of the RAO as including any cash loan and any other form of financial accommodation.3 This is extremely broad, potentially capturing any form of deferred payment arrangement. The activity is not limited to lending to 'consumers' and will capture lending for business purposes.

Under Article 60B, entering a regulated credit agreement as lender is a regulated activity,4 as is 'exercising the lender's rights and duties' under a regulated credit agreement.5 Any entity that wishes to perform these activities must be authorised by the FCA.

The RAO also contains a number of exclusions and exemptions. One of the most commonly used exemptions is the 'business purpose' exemption in Article 60C of the RAO. This exempts agreements for credit agreements exceeding £25,000 entered into by the borrower wholly or predominantly for business purposes.6 Similarly, credit agreements with 'High Net Worth' borrowers can be excluded if certain formalities are complied with.7 There are also a number of exemptions for credit agreements relating to land, as these are predominantly regulated by the UK mortgages regime.

Finally, Article 61 of the RAO contains regulated activities relating to mortgages. Entering into a regulated mortgage contract8 and administering a regulated mortgage contracts9 are both regulated activities and require FCA authorisation. Broadly, a regulated mortgage contract is a loan to an individual or trustees secured on land in the UK, of which at least 40 per cent is used as a dwelling.10

Documentation requirements

The CCA lays down information requirements that lenders must comply with, both at the agreement stage and at the post-contract stage.

Regulated credit agreements must comply with strict requirements relating to content and form, which are contained in secondary legislation. For example, a standardised pre-contract information sheet must be given before entering into a regulated loan or credit card agreements. This must be in a prescribed format with specific headings as set out in the Consumer Credit (Disclosure of Information) Regulations 2010, which implements parts of the European Consumer Credit Directive. Similarly, the credit agreement itself must contain certain information contained in the Consumer Credit (Agreements) Regulations 2010.11 Failure to comply with form and content requirements renders the agreement improperly executed and unenforceable without a court order.12

As well as the agreement process, there are various regulations governing the form and content of post-contract information. For example, the Consumer Credit (Information Requirements and Duration of Licenses and Charges) Regulations 2007 set out requirements for regular statements and information for customers in arrears. Similarly, the Consumer Credit (Enforcement, Default and Termination Notices) Regulations 1983 lay down requirements for notices where the lender is demanding early repayment. As well as these examples, there are a number of other regulations that dictate how and when information should be sent under the CCA.

The documentation requirements for mortgages are similarly prescribed and are contained in the FCA's Mortgages: Conduct of Business sourcebook (MCOB). For example, a Standardised Information Sheet must be given to applicants before they enter into a regulated mortgage contract, and lenders must send various event-driven communications as well as regular statements.

Conduct of business

Post-contract conduct requirements were previously contained in the CCA and various guidance documents from the Office of Fair Trading (OFT), which regulated the consumer credit sector until April 2014. When the FCA took over regulation from the OFT, a number of these requirements were moved into the FCA's Consumer Credit Sourcebook (CONC), which forms part of the broader FCA Handbook. CONC contains a wide range of rules and guidance for consumer credit lenders and firms performing other credit related activities such as credit brokers and debt collectors, relating to the entire customer journey. For example, there are requirements relating to advertising13 and credit broking, as well as how to conduct affordability assessments14 and deal with consumers in financial difficulties.15

The conduct of business requirements for mortgages is set out in MCOB. These are quite different from those in CONC and differ between types of mortgage products; for example, MCOB contains specific rules on equity release products and home purchase plans.


The regulatory regime governing payments is less complex than consumer credit and is entirely based on European directives and regulation.

Regulatory requirements for payments are primarily contained in the Payment Services Regulations 2017 (PSRs), which implement the Second European Payment Services Directive (PSD2).16 As FSMA does not apply to payments, the PSRs contain licensing requirements as well as conduct of business requirements relating to the entire customer journey. The FCA has also published an Approach Document that gives its view on what is needed to comply with the PSRs.17

The PSRs regulate the payment services listed in Schedule 1. These include operating 'payment accounts' (broadly, accounts that can be used for day-to-day payment transactions) and other services such as money remittance, card issuing and merchant acquiring. They apply to all Payment Service Providers (PSPs), including both payment institutions (authorised under the PSRs) and other entities, such as credit institutions and electronic money institutions that carry out payment services but are authorised under separate regimes.

The PSRs also contain a number of exclusions from payment services. For example, the 'limited network' exemption excludes payment services that can only be used in a limited way or to only acquire a limited range of goods or services.18 This typically excludes products such as gift cards or fuel cards. There is also exclusion for 'technical service providers' that do not come into possession of funds but that process data or provide IT services.19 This often covers providers of payment infrastructure such as card terminals and ATMs. Further detail on the impact of regulation under the PSRs can be found below, under Section III.

The Electronic Money Regulations 2011 (EMRs) implement the Second European Electronic Money Directive (EMD2) and include a licensing regime for electronic money institutions (EMIs), which issue electronic money. These institutions are not deposit takers; the regime is designed to encourage electronic money to be redeemed by customers rather than left with the EMI. For this reason, EMIs are not permitted to pay interest on e-money balances and must allow the customer to redeem at any time.

The Payment Accounts Regulations 2015 (PARs), which implement the European Payment Accounts Directive,20 are also relevant. They introduced new requirements for a standardised fee information document to be provided for all payment accounts, allowing consumers to compare fees more easily. They also require banks to facilitate account switching and require standardised terms to be used in all customer-facing documents in order to increase accessibility and ensure consumers are able to easily compare different services offered.

Finally, the EU Interchange Fee Regulation21 (IFR) was introduced alongside PSD2 in order to harmonise the regime for fees charged by credit card issuers across Europe. The IFR imposes a cap on interchange fees and imposes transparency obligations on banks and merchants as well as certain provisions designed to promote competition at card scheme level.

Deposit taking

Under Article 5 of the RAO, 'accepting deposits' is a regulated activity and entities who wish to perform the activity must be authorised. Generally a deposit-taking entity will need to be authorised as a credit institution although certain other entities such as credit unions can also accept deposits.

The FCA's Banking Conduct of Business sourcebook (BCOBS) applies to firms accepting deposits from all 'banking customers', which includes consumers, micro-enterprises and charities. BCOBS contains wide-ranging requirements for those deposit takers, including in relation to marketing, pre-contact information, statements of account and cancellation.

Deposit accounts can also be 'payment accounts' and regulated under the PSRs. Broadly, a 'payment account' is one that can be used for day-to-day payment transactions and other functionality such as direct debits and standing orders. Most standard current accounts are 'payment accounts', as are some savings accounts. Where an account falls within both the PSRs and BCOBS, large parts of BCOBS are disapplied.

Horizontal requirements

As well as the product-specific framework described above, all financial service providers must comply with a number of 'horizontal' regulations.

Where a firm is dealing with a 'consumer', it must comply with the Consumer Rights Act 2015 (CRA). A 'consumer' is an individual acting for purposes that are wholly or mainly outside of their trade, business, craft or profession. However, it is clear that the FCA and the FOS expect firms to treat small businesses (and particularly sole traders) similarly to consumers. Where a firm is contracting with a consumer, it must ensure that the terms are not 'unfair'. An unfair term is one that 'contrary to the requirement of good faith, causes a significant imbalance in the parties' rights and obligations under the contract to the detriment of the consumer'.22 Where a term is found to be unfair, it is not binding on the consumer.23 The CRA contains a list of contract terms that are indicatively unfair, as well as a number of exemptions to the list.24 The FCA has been very active in this area and has provided further guidance on what it considers to be 'unfair', particularly in relation to variation terms. Providers of financial services therefore typically spend a great deal of time ensuring that their terms are not unfair under the CRA.

Similarly, regulated firms must comply with on-boarding and ongoing monitoring requirements in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) as well as the Proceeds of Crime Act 2003 (the PoCA). Collectively, these require firms to undertake 'know your customer' checks when entering into a business relationship with a new customer, as well as monitoring accounts and transactions for suspicious activity. Where suspicions are identified, the firm must alert the National Crime Agency by submitting a Suspicious Activity Report. It cannot handle the funds until the National Crime Agency has had a chance to investigate the payment.

ii Regulation

A review of the industry following the 2008 financial crisis demonstrated that more rigorous regulation was required of financial services. This resulted in the UK FSA being replaced by a combination of the FCA and the Prudential Regulation Authority (PRA) in 2013. The PRA authorises credit institutions, insurance companies and other systemically important financial institutions, with the FCA becoming licensing authority for most other regulated entities. The FCA also took over regulation of conduct for most financial services institutions, which means that some are 'dual regulated' by both the FCA (for conduct) and PRA (for licensing).

Until 31 March 2014, the OFT had responsibility for consumer credit activities, which were entirely regulated by the CCA and associated secondary legislation. From 1 April 2014, supervisory responsibility for consumer credit activities transferred to the FCA. This was primarily achieved by amending FSMA and its associated secondary legislation to encompass consumer credit activities. The consumer credit activities that were formerly licensed under the CCA appear as 'regulated activities' in the RAO. Although broadly the range of activities is the same, there were some amendments to the scope of the activities covered.

Finally, the Payment Systems Regulator became operational in 2015 and is designed to be a competition-focused regulator for retail payment systems. HM Treasury has published a list of designed payment systems that are regulated within the scope of the Payment Systems Regulator. These include Bacs, Chaps, Faster Payments, Visa and MasterCard.25

Collectively, these regulators have a wide range of powers. For example, the FCA has the power to issue fines or public censures, as well as require undertakings from firms to change terms or stop a particular practice. They can also prohibit specific individuals from working within the regulated sphere and use its product intervention power to require firms to change product features or marketing materials. In extreme cases, the FCA can ban the marketing or selling of a product altogether (though this power is rarely exercised).26

The Financial Ombudsman Service (FOS) acts as the adjudicator for complaints against financial institutions. The FOS can consider complaints by any 'eligible complainant', which includes both consumers and some small businesses. The FOS's complaints handling procedures are governed by the FCA's Dispute Resolution: Complaints (DISP) sourcebook and it broadly makes decisions on what it considers 'fair and reasonable in all the circumstances of the case'.27 This does not always have to follow the law or any case law precedent (though FOS does claim to take the law and other regulatory guidance into account), which means that decisions can vary significantly depending on the facts of the specific case and the view of the individual Ombudsman making the ruling. Where the FOS upholds a complaint, it can require the firm to pay a financial award to the complainant. The maximum award it can make for complaints referred after 1 April 2020 for acts or omissions by firms after 1 April 2019 is £355,000.28


i Overview

Payments were first subject to UK regulation in 2009 when the original Payment Services Regulations were introduced, which implemented the first European Payment Services Directive (PSD1).29 After 2009, the use of digital and mobile banking, as well as other innovative payment services, significantly increased. This rendered PSD1 somewhat out of date and inadequate for the constantly evolving payments industry. As discussed above, this led to the regime being subsequently replaced in 2018 by PSD2 and the PSRs, which were designed to accommodate changes in technology and consumer behaviour.

Conduct of business requirements

Both PSD1 and PSD2 contain detailed conduct of business requirements for PSPs. For example:

  1. PSPs must give specific pre-contract information before either entering into a framework contract for multiple payments (such as a current account agreement) or executing a single payment);30
  2. PSPs must also give or make available transaction information – for example, in the form of monthly statements;
  3. payments must arrive with the payee within a specific time. This is usually by the end of the business day after the payer instructs the payment, but can be longer if the payment is outside the EEA or in a non-sterling currency.31 There are also value-dating requirements that apply to the payee's PSP once they receive the funds from the payer's PSP;32
  4. there are detailed provisions surrounding liability for unauthorised transactions and those that are incorrectly executed by the PSP;33 and
  5. changes to, or termination of, a framework contract for payment services is subject to minimum time frames.34

Although the PSRs apply to all payers and payees, corporate customers can 'opt-out' of certain provisions.35 In addition, the scope of the regime has been amended in the light of Brexit, with payments outside of the UK being treated differently to those that are wholly within the UK, although some payments in euro within the UK and EEA will still be subject to many of the requirements.

PSD2 changes

PSD2 introduced two new payment services: payment initiation services (i.e., initiating payments from a customer's online account)36 and account information services (providing aggregated information across a range of online accounts).37 These are collectively referred to as 'Third Party Payment Services' offered by 'Third Party Providers' (TPPs).

Under PSD2, TPPs are entitled to access online payment accounts to provide payment services. This is commonly done through an Application Programming Interface (an API) through which the payment account provider gives automatic access to the TPP provided it has the customer's consent, though other methods of access are also permitted. This new requirement led to most payment account providers undertaking complex and expensive IT projects in the months before PSD2 came into force to build APIs and give TPPs the required access.

PSD2 also introduced new security requirements for payments. Enhanced requirements apply when:

  1. the customer accesses their payment account online;
  2. initiates an electronic payment transaction; or
  3. carries out an action through a remote channel, which could lead to a risk of payment fraud or 'other abuses'.38

In these scenarios, PSPs must apply 'Strong Customer Authentication' (SCA). This requires a two-factor process, where the customer must authenticate themselves using two or more of the following factors:

  1. knowledge (something the customer knows);
  2. possession (something the customer possesses); or
  3. inherence (something the customer is).

These must be independent factors so that a breach of one does not compromise the other. A failure to implement SCA means that the relevant PSP could be liable for unauthorised transactions occurring as a result. The Regulatory Technical Standards (RTS), which lay down detailed requirements for SCA, contain a number of exemptions.39 For example, the 'Transactional Risk Exemption' allows PSPs to forgo SCA where the payment can be shown to pose a low level of risk.40 Similarly, the 'Trusted Beneficiary' exemption allows PSPs to not apply SCA where the payee is included in a list of trusted payees who have been previously paid with SCA applied.41

Again, the requirement to implement SCA was complex and costly for both PSPs and merchants, with new technical infrastructure being required and customer journeys being re-written. It also means that many previously 'speedy' payment journeys are now more arduous and time-consuming for customers. This has led to many PSPs and merchants placing increased reliance on the RTS exemptions in order to make the customer journey as smooth as possible.

ii Recent developments

Brexit impact

As the transition period comes to an end, there will be important changes to the payment regulatory framework in the UK.42

Pre-Brexit, UK-authorised PSPs could passport from the UK into all other EEA states and vice versa. This meant that only one regulatory authorisation was required across the EEA. At the end of the transition period, UK PSPs will no longer be able to passport and will need to become authorised elsewhere in the EEA if they wish to operate outside the UK, on the condition that the home state regulator has not established a temporary permission regime. Similarly, those EEA PSPs that passport into the UK may need to become FCA authorised in order to continue their UK operations, although they are allowed to take advantage of a temporary permission regime. Many UK-based financial institutions have already established EEA entities or separately authorised branches in preparation for a 'no-deal' scenario.

As well as passporting, Brexit impacts certain conduct of business requirements under the PSRs. For example, a number of provisions apply differently to 'one-leg-out' transactions. Before Brexit, this referred to transactions where one PSP is in the EEA and the other is not. After Brexit, a 'one-leg-out' transaction describes a scenario where one PSP is in the UK and the other is not, although certain euro payments carried out in the UK and EEA are still subject to most of the protections in the PSRs. This effectively means that a number of consumer protection provisions are disapplied from a greater number of international payments – especially those in non-euro EEA currencies.

Payment Systems Regulator: card-acquiring market review

In 2019, the Payment Systems Regulator launched a market review into card-acquiring services in the UK. The review was focused on fundamental issues for acquirers, including the nature and characteristics of the card-acquiring services and market, as well as merchant fees and quality of service. As the two largest card payment systems, the review focused on Visa and Mastercard.

The Payment Systems Regulator published its interim report in September 2020.43 It found that while many merchants could make savings by negotiation with their acquirer (or switching to a different one), small and medium merchants do not typically tend to do so and are generally not getting a good deal. The report set out several potential remedies to make it easier for those merchants to switch to a better deal or a new provider, including requiring contracts to have a fixed end date and making it easier for merchants to research and compare prices. The Payment Systems Regulator's final findings are expected in 2021.

Deposit accounts and overdrafts

i Overview

Deposit accounts

As described above, many consumer deposit accounts fall within the Payment Services regime or BCOBS. Those that fall within the PSRs are likely to be subject to the additional transparency requirements under the PARs.


As overdrafts are a form of credit, they often fall within the CCA (provided they meet the other requirements of 'consumer credit' set out above). The regulatory regime for overdrafts is slightly lighter touch than for loans and credit cards. For example, pre-contract information for overdrafts is less prescribed and can be given in the facility letter itself. Overdraft agreements also do not require a signature and, as overdrafts do not typically require regular repayments, arrears information is not needed.

Often current accounts fall within both the PSRs (when in credit) and the CCA (when overdrawn). Where this is the case, certain parts of the PSRs are specifically disapplied and the CCA usually takes precedence.44 This can lead to complexities when drafting terms and conditions. Many credit institutions take a 'highest common denominator' approach and apply the most consumer-friendly regulations to the entire account.

Deposit protection

Certain customers can benefit from the UK deposit protection scheme, the 'Financial Services Compensation Scheme' (FSCS). This protects deposits up to a certain amount in the event that the deposit taking institution fails. Since 1 January 2017, the FSCS has protected up to £85,000 per eligible claimant per credit institution and £170,000 for joint claimants.45 Certain temporary high balances are protected for up to £1 million. As the protection amounts apply 'per institution', depositors are encouraged to spread their wealth between different institutions to ensure that they remain below the limit for each one.

ii Recent developments

As part of its increased focus on 'High-Cost-Short-Term Credit', the FCA introduced new rules in December 2019 to reduce the levels of repeat overdraft use and increase pricing transparency. The rules in CONC46 and BCOBS47 include:

  1. requiring a single interest rate for arranged and unarranged overdrafts on current accounts;
  2. requiring a representative APRs being overdrafts in financial promotions, along with an explanation as to why the APR is included;
  3. requiring firms to publish a range of overdraft prices and fees; and
  4. requiring firms to implement a strategy to identify and reduce 'repeat use' of overdrafts.

These rules are similar to those introduced for persistent debt credit card customers in 2018.

Revolving credit

i Overview

The most common form of revolving credit (other than overdrafts) for consumers is a credit card. These allow customers to draw down up to an overall limit and repay a minimum amount each month. As card issuing is a payment service, credit cards often fall within both the PSRs and the CCA.

As described above, the CCA regime is highly prescriptive regarding documentation and conduct. For credit cards, as well as the CCA requirements and those set out in secondary legislation, UK Finance has prescribed additional requirements to provide a 'Summary box' to allow customers to compare different card offerings.

In addition, CONC lays down additional obligations on credit institutions to identify customers in 'persistent debt'; that is, where they have paid more in interest and fees than they have paid towards the capital balance over the past 18 months.48 For those customers, the lender must explain that increasing repayments will reduce the cost of borrowing and encourage customers to contact them about increasing the amount of their regular payments. Where a customer remains in persistent debt for a further 18 month period, the lender must take reasonable steps (such as proposing a repayment plan) to help them repay the balance.

ii Recent developments

Temporary covid-19 guidance

During 2020, covid-19 meant that many consumers experienced a reduction in income. In April 2020, the FCA published temporary guidance for UK lenders setting out its expectation that consumers were offered temporary payment freezes where they were experiencing repayment difficulties as a result of the pandemic. The guidance applied to loans, credit cards and overdrafts, with separate guidance being published in relation to mortgage holidays. These measures have been extended and revised as the economic impact of the pandemic has evolved.49

Pricing transparency

Transparency of pricing for all credit products seems to be constantly high on the FCA's agenda. In December 2020, the FCA sent a letter to boards of Mainstream Consumer Credit Lenders setting out its views on the various risks it considers those lenders pose to consumers.50 One of these issues is transparency of pricing, with a specific focus on credit cards. This is because many lenders offer introductory rates in zero per cent balance transfers, which the FCA consider are poorly understood.

Instalment credit

i Overview

Unsecured fixed-term loans are broadly subject to the same CCA regime as credit cards and overdrafts, with highly prescriptive requirements applying at both the on-boarding and servicing stage.

Motor finance is also largely regulated, though the specific regime that applies will depend on how the vehicle is financed. Although some providers offer simple car loans, others offer Hire Purchase or Personal Contract Purchase (PCP) arrangements whereby ownership of the vehicle does not pass to the consumer until near the end of the agreement. These are regulated under the CCA but under a slightly different Hire Purchase regime. Consumers can also opt to lease vehicles, a strategy that is often caught by the Consumer Credit Hire regime.

ii Recent developments

Motor finance

Following the rapid increase in popularity of PCP, the FCA launched a review of the motor finance sector in 2018, with its final policy statement (PS20/8) being published in July 2020.51 The Policy Statement confirmed a number of important changes to the motor finance market (excluding consumer hire). Most notably, this included a ban on lenders and brokers entering into agreements with 'discretionary commission models'; that is, those where commission is set or adjusted by the broker and is linked to the customer's interest rate or fees.

The FCA will carry out supervisory work across a sample of firms, starting in September 2021, to determine how well firms are complying with the changes. It plans to review its intervention in the motor finance market in 2023/2024.

Exempt 'buy now pay later' products

The year 2020 saw a marked increase in the popularity of 'buy now pay later' products, which allow a customer to defer payment of goods for a short time. Where the arrangement is interest-free and repayable in 12 or fewer instalments, the loan will be CCA-exempt and not subject to the requirement to undertake an affordability assessment or any of the consumer protection measures in the CCA and CONC.

The unregulated nature of these agreements has concerned the FCA, which has highlighted the risk of unaffordable borrowing and resulting consumer harm. This may well increase in light of the economic impact of covid-19.

The FCA has suggested it will look more closely at the sector in 2021 and consider whether further regulation is required in this area.52

Other areas

i Covid financial support

The UK government introduced a number of temporary measures to support businesses in difficulty as a result of covid-19. These are provided through the British Business Bank (BBB) and include:

  1. The Coronavirus Business Interruption Loan Scheme (CBILS): CBILS allows certain 'accredited lenders' to provide financial support to businesses that have suffered (or expect to suffer) financial difficulty as a result of covid-19. Eligible businesses are those with an annual turnover of less than £45 million, are 'viable businesses' and were not suffering difficulty before 2020. Where a business qualifies for support, the accredited lender can lend a maximum of £5 million, which is partly guaranteed by the UK government.53
  2. The Bounce Back Loan Scheme (BBLS): In order to simplify the process for small businesses, the government introduced BBLS. Under this scheme, lenders can provide loans of up to £50,000, which benefit from a 100 per cent government-backed guarantee. A specific exemption was introduced into FSMA to ensure that these loans fall outside the CCA regime even where the loan is under £25,000; although in circumstances where the CCA would have otherwise applied, the lender must follow the CONC provisions relating to arrears.54

ii Call for input

In November, the FCA published a call for input55 into change and innovation in the unsecured credit market – known as the 'Woolard Review' because the review is led by the former interim CEO of the FCA. The themes that underpin the review are the following:

  1. drivers and use of credit: how different groups of consumers engage with the unsecured market, trends in use of credit, and identifying where future pressures and challenges may lie;
  2. change and innovation in the supply of credit: ways unsecured lending is undergoing change, how far innovation is acting in consumers' interests, and exploring where innovation and change may be needed;
  3. the role of regulation in unsecured credit markets: whether regulation is in the right place overall and core issues in the market are being dealt with effectively, how changes in the credit market could better align incentives for firms, and whether better data flows or more open banking models could lead to better regulatory outcomes; and
  4. the impact of covid-19 and the FCA's response: understanding how covid-19 has impacted both supply and demand for credit and how the current situation is likely to affect the market in the future (but not to review the FCA's temporary guidance on covid-19 and consumer credit, which will be done separately and within six months of its latest additional guidance coming into effect, as previously advised).

Unfair practices

Affordability and creditworthiness

Under CONC,56 lenders must undertake an affordability assessment before entering into a regulated credit agreement. This must consider whether the customer is likely to be able to repay the credit and whether they will suffer any financial detriment in doing so.

There have been a number of recent FOS decisions regarding affordability issues, and the FCA also seems to have renewed its interest in this topic (as set out in its 2020/2021 business plan) having previously focused its work in this area on the payday lending sector. This appears to be as a result of increased customer complaints and activity from Claims Management Companies alleging that the agreement was unaffordable and should not have been entered into. This area may be particularly open to challenge as the rules and guidance in CONC are largely 'principles-based' and do not set out specifically how an affordability assessment should be undertaken. As a result, lenders take different approaches and often use complex algorithms and third party software to undertake automated assessments. The FCA has expressed concern that this may lead to much weight being placed on credit risk rather than affordability (see below).

Recent cases

i Enforcement actions

The impact of covid-19 and the emergency rules and guidance required from the FCA have resulted in a quieter year for enforcement action and regulator disputes in the consumer finance space. The total amount it imposed in fines in 2020 was £192,570,018, compared with £392,303,087 in 2019.

There have been a number of industry communications, however, where the FCA appears to lay down its expectations and potentially pave the way for enforcement action in 2021 where firms do not act in a way in which the FCA considers adequate.

For example the FCA sent a 'Dear CEO' in December 2020 to boards of Mainstream Consumer Credit Lenders setting out their views of various risks that mainstream lenders may pose and their expectations for firms to address those risks. The key issues are:

  1. affordability: key challenges are:
    • a concern about automation and avoiding reliance on customers to provide information;
    • a concern about creditworthiness rather than affordability assessments; and
    • a reliance on credit reference agencies and modelling;
  2. arrears processes: this is likely to become an even bigger issue in 2021 as the effects of the pandemic continue to be felt and forbearance strategies come to an end;
  3. impact of regulatory change: The FCA focuses on persistent debt changes and other regulatory changes to ensure that they are achieving good outcomes; and
  4. transparency of pricing: this is likely to require a review of all aspects of pricing to ensure that they are operating as anticipated.

ii Disputes before the regulator


As mentioned above, the FOS is the primary complaints mechanism in the consumer finance space and has the power to award up to £350,000 in compensation. As a result, litigation in this space is unusual and there have been few notable consumer-focused cases in 2020.


The impact of covid-19 may only truly be felt in 2021. As well as dealing with new challenges arising as a direct result of the pandemic, the FCA's scheduled work will also likely be impacted. For example, its review of the unsecured credit and the motor finance markets are both likely to be informed by the changing economic landscape and resulting consumer behaviours. In addition, the rise of mobile banking and cashless payments may gain further regulatory attention and could result in greater flexibility for providers to offer their services digitally.

In addition, businesses continuing to struggle may be unable to repay loans advanced under CBILS or the BBLSs. There has already been extensive press coverage suggesting that there are high levels of fraud on these accounts, and it will be interesting to see whether and how this impacts the UK government's willingness to pay out on the guarantee.

Finally, we expect the FCA will continue to focus on vulnerable customers and its proposed new duty of care, particularly in light of covid-19. More news on these initiatives is expected in 2021 and it will be interesting to see whether the FCA uses the pandemic to impose more stringent requirements on lenders to act fairly and help those consumers in need.


1 Julie Patient is a counsel and Liz Greaves is a senior associate at Hogan Lovells International LLP.

2 Section 21 FSMA.

3 Article 60L(1) RAO.

4 Article 60B(1) RAO.

5 Article 60B(2) RAO.

6 Article 60C(3) RAO.

7 Article 60H(1) RAO.

8 Article 61(1) RAO.

9 Article 61(2) RAO.

10 Article 61(3) RAO.

11 Note that certain credit agreements must comply with the Consumer Credit (Disclosure of Information) Regulations 2004 and the Consumer Credit (Agreement) Regulations 1983 instead of the 2010 regulations.

12 Section 65 CCA.

13 See CONC 3.

14 See CONC 5.2A.

15 See CONC 7.

16 Directive (EU) 2015/2366.

17 Payment Services and Electronic Money – Our Approach. The FCA's role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, June 2019 (version 4), available at:

18 Schedule 1 Part 2(k) PSRs.

19 Schedule a Part 2(j) PSRs.

20 Directive 2014/92/EU.

21 Regulation (EU) 2015/751.

22 Section 62(4) CRA.

23 Section 62(2) CRA.

24 Schedule 2 CRA.

25 For a current list of designated payment systems, see

26 See the FCA's Enforcement Guide and Decision Procedure and Penalties Manual in the FCA Handbook.

27 DISP 3.6.1.

28 DISP 3.7.4.

29 Directive 2007/64/EC.

30 Information requirements are contained in Part 6 PSRs.

31 Regulation 86 PSRs.

32 Regulation 89 PSRs.

33 Liability provisions appear in Part 7 PSRs.

34 Regulations 50, 51 PSRs.

35 See for example Regulation 40(7) PSRs and Regulation 63(5) PSRs.

36 Schedule 1, article 1(g) PSRs.

37 Schedule 1, article 1(f) PSRs.

38 Regulation 100 PSRs.

39 Full details are in the final Draft Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366.

40 Article 16 RTS.

41 Article 13 RTS.

42 Changes are set out in the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018.

43 PSR MR18/1.7:

44 See for example Regulation 64 PSRs.

45 Rule 4 (Limits on compensation payable), Depositor Protection rules, PRA Rulebook.

46 See CONC 5D.

47 See BCOBS 7.6A.

48 CONC 7.6.27R(1).

49 All iterations of the guidance are available at:

50 A copy of the letter is available here:

51 PS 20/8: Motor Finance discretionary commission models and Consumer credit commission disclosure:

52 See the FCA's call for input: review into change and innovation in the unsecured credit market



55 Call for input: review into change and innovation in the unsecured credit market

56 See CONC 5.2A.

Get unlimited access to all The Law Reviews content