FCA outlines payments innovation outlook

The UK’s Financial Conduct Authority (FCA)’s head of payments has made clear the regulator’s approach to driving innovation within the payments sector.

“I’m sure we’re all excited about the prospect of our fridge reordering milk or our favourite sauvignon blanc, but I’m equally as excited that some of the innovations we’re seeing will do some social good,” said Maha El Dimachki, head of the payments department at the FCA, at the Global Digital Banking Conference in September.

“How are we going to reach this future nirvana in a safe way? How do we mitigate the challenges along the way and turn them into opportunities? That’s what we do at the FCA” said El Dimachki, before going on to list four ways the regulator will focus on payments.


El Dimachki promised that stamping out scams and money-laundering is a key priority for the FCA, “to make the UK a hostile place for criminals, and a safe place for consumers.”

She admitted the need for better fraud prevention as the industry moves toward faster payments. El Dimachki directed the audience to the EBA guidelines on fraud reporting and the upcoming FCA consultation paper (due December 26) on how to implement those guidelines. Push payment scams was singled out as a growing problem, with young people more at risk.

The EBA’s regulatory technical standards (RTS) around Strong Customer Authentication and common and secure communication (SCA and CSC) are due on September 14, 2019.

“These measures crucially complement the new ideas of the payment industry in the anti-fraud fight. I’m sure you’re all working to comply with RTS SCA CSC,” said El Dimachki, before warning: “I will also stress that RTS does not have a ‘do nothing’ option. There needs to be work with APIs and existing consumer interfaces to ensure that they meet new stringent standards.”


Another aspect the FCA has pledged to do more on was cross-community collaboration to shore up the payments industry against cyber attacks.

“As payments are getting quicker, the idea of turning technology to resilience should be at the forefront of all our minds – that’s a key FCA cross-sector priority.”

If the FCA is encouraging technology, it’s also putting legislation to the task. PSD2 goes some way to ensuring company resilience with its reporting requirements and new provisions for risk assessing third parties.

“PSD2 requires firms to report operational and security incidents to the FCA once a year. That coupled with major incident reporting within four hours, allowing us to really shape our supervisory approach to the sector,” said El Dimachki.

El Dimachki did however acknowledge the size of the challenge for incumbent firms: “While newer firms may be more agile in adopting and complying with new regulations, we appreciate many institutions have legacy systems. We want to ensure that growth plans can mitigate legacy system risks to make firms sustainable in the long run. Ultimately, there’s a fantastic opportunity for firms to be the most resilient, gain consumer trust and become the most reliable.”

Data consent

With questions surrounding GDPR compliance still being asked three months in, data consent also dominates much of the FCA’s commitment to data protection and custodianship. The opportunity that greater consumer data sharing presents to fintech leads to more tailored products, particularly as financial services begin to interact with each other.

“As you’d expect, we’re considering this very closely. We can see huge opportunities, but also pitfalls,” said Dimachki “If we let this roll, we could lose consumer trust we’ll also lose those opportunities.

“Treating customers fairly is at the heart of GDPR and data protection law, and we’re collaborating closely with the Information Commission to keep it this way in the financial services. We should all see ourselves as custodians of data and treat it responsibly.”

Financial exclusion

On the subject of fairness and responsibility, El Dimachki also reiterated paytech’s role as a force for social good and financial access.

According to her, a higher proportion of consumers in the country who are 55 years and over, or younger with a long term health problem, have difficulty getting access to banks compared to their urban counterparts. 70% of UK adults who never use the internet (the total figure is 3.7 million) live in rural areas with mobile banking use half that of urban areas.

“It’s important for all of us that these consumers come on the same banking journey and don’t get left behind. Advancements in technology provides us with an enormous opportunity to close that gap.”

One example given was the use of biometrics in the US to provide veterans with a number of options – facial recognition, fingerprint – to access financial services.

“Crucially,” concludes El Dimachki “the customer is offered a choice that works for them.”

Related reading