By Andrew Moyle, Stuart Davis, Fiona Maclean, Christian McDermott and Charlotte Collins

The Bank of England (BoE) announced on 19 July 2017 that it is extending direct access to its real-time gross settlement (RTGS) service to non-bank payment service providers (i.e., e-money institutions and payment service providers that do not have regulatory permissions to carry out the “core” banking activity of taking deposits), subject to appropriate safeguards.

For the first time, non-banks will be able to apply for a settlement account with the BoE, providing direct access to the UK’s sterling payment systems that settle in sterling central bank money, including Faster Payments, Bacs, CHAPS, LINK, Visa, and, once live, the new digital cheque imaging system.

By Stuart Davis, Andrew Moyle, Fiona Maclean, Christian McDermott and Charlotte Collins

The Financial Conduct Authority (FCA) has provided an update on its regulatory sandbox initiative. The sandbox is part of Project Innovate, and allows businesses (whether already authorised or not) to test new offerings in the market under close supervision and without many of the usual regulatory consequences.

The first cohort of firms has now finished testing and the FCA states that it expects most firms to take forward their propositions to market, indicating that round one has been a success.

Meanwhile, the FCA has taken on its second cohort of 24 firms, whittled down from 77 applicants. These firms will begin testing shortly. The FCA has published a full list of these firms and short descriptions of what they will be testing on its website.

binary code

By Christian McDermott, Calum Docherty, Stuart Davis and Anne Mainwaring

The European Banking Authority (EBA) has published its consultation document on security measures for operational and security risks under the revised Payment Services Directive (PSD2).

The WannaCry ransomware attack that swept across the globe last week revealed the destructive and indiscriminate nature of cyber threats. It attacked hospitals, telecoms networks and universities, seizing hold of important data and leaving users and systems administrators temporarily powerless. These are precisely the risks that the payments industry wants to avoid as it braces for the revised PSD2, which will come into force across the EU from 13 January 2018. As such, the EBA has published a consultation paper on security measures for operational and security risks under PSD2, setting out proposed requirements for payment services providers (PSPs) to mitigate the concomitant payment processing risks.

The consultation paper is one of the EBA’s three security mandates in PSD2, complementing the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (submitted to the European Commission for adoption 23 February 2017), and the Guidelines on Major Incidents Reporting (which recently finished its consultation).