The OBIE has launched consultations on Variable Recurring Payments and Sweeping, representing the next stage in the development of Open Banking in the UK. Moneyhub Enterprise has reviewed the papers and outlined their responses to each question, which was submitted ahead of the 4th December deadline.
Moneyhub fully supports VRP as it paves the way for the development of payment innovation and the creation of new financial services propositions that put customers first, replacing less favourable payment methods such as Direct Debit and card payments.
Moneyhub is making its response public in advance of the deadline to encourage the wider community to utilise the response and add their own voice to the consultation.
Variable Recurring Payments allow customers to safely connect authorised Payments Initiation Service Providers (PISPs) to their bank account so that they can make payments on the customer’s behalf, within agreed parameters - offering more control and transparency than than Direct Debits or card payments. Sweeping is the automated movement of funds for a customer between two accounts in their name, usually to help the customer avoid charges, or benefit from better interest rates and deals - making their money work harder for them.
Dan Scholey, COO at Moneyhub comments: “From the very beginning when we first started lobbying for Open Banking legislation, we saw Variable Recurring Payments and Sweeping as core requirements to help both businesses and people improve financial wellness.
“Through our work in the FCA sandbox over the last year, we have proven the demand for VRP and in particular Sweeping. More secure, faster and user friendly than Cards or Direct Debits, the only obstacle remaining is fair and open access by all the organisations, such as banks covered by PSD2. We call upon anyone who has payments in their business model to lend your support to driving through this much needed change.”
A key takeaway from Moneyhub’s response is the use cases for VRPs exceed the limited cases provided by the legacy payments systems it replaces. Dan Scholey explains: “There are many more business and consumer-centric use cases that VRP will open up. It is therefore critical not to limit the thinking to existing use cases, where the Card and Direct Debit technology has limited innovation and use.”
“Furthermore, VRP should be mandated - but not be profit-generating - for the CMA9 and beyond, similar to the way BT Wholesale is regulated. When it comes to security, speed and price, VRPs are a cheaper, more secure replacement for Direct Debits and card payments. VRPs are an enabler for Sweeping, so where Direct Debit is designed for payments into an organisation’s bank account, Sweeping is moving money between a customer’s own accounts. If this is not mandated, adoption of VRP will be limited and will not introduce an innovative payment experience. The lack of a mandate will hinder the creation of new types of financial services for users.”
“Sweeping should not be confined to Current Accounts and Credit Cards. Loans, Savings and Mortgages, Investments and Pensions are all examples of accounts that should be able to benefit from Sweeping. We are moving to a world of Open Finance - and therefore all new innovative payments solutions should support this.”
Working together to drive positive change
Moneyhub fully supports VRP as it paves the way for the development of payment innovation and the creation of new financial services propositions that put customers first, replacing less favourable payment methods such as Direct Debit and card payments.
Moneyhub is making its response public in advance of the deadline to encourage the wider community to utilise the response and add their own voice to the consultation.
Please find our responses in full below. Submit your own responses here by 4th December, 12pm GMT.
Our VRP Consultation response in full
To what extent do you agree with the definition of VRP? Please give reasons for your answer.
We agree in principle with the definition and believe the parameters allow for the flexibility required, but would make the following observation:
We would highlight that the use cases for VRP exceed the limited cases provided by the legacy payments systems it replaces. It is therefore critical not to limit the thinking to existing use cases, where the Card and Direct Debit technology has limited innovation and use.
The Payment parameters should have a reference number/reason, so that a consumer can easily understand the background of why the VRP has been set up. This is especially important when a consumer may have more than one VRP set up.
VRP will utilise the Faster Payment infrastructure, therefore we need to ensure that these payments do not trigger bespoke fraud rules if the reason code is generic. For example, most providers have a limit of circa £10,000 for SIPs/Faster Payments, however, if a reason comes through as "other", then providers like Halifax will not allow payments above £5,000. This could cause inconsistency in the consumer experience of VRPs that limit adoption.
2. To what extent do you agree with the interpretation of the regulatory treatment of VRP? Please give reasons for your answer.
We agree in principle with the interpretation of the regulatory treatment, but would make the following observations:
Moneyhub firmly believes that we should only utilise the Strong Customer Authentication (SCA) exemption option and not via delegated SCA. The rationale for this position is that delegated SCA requires a contract between the Third Party Provider (TPP) and the Account Servicing Payment Service Provider (ASPSP), which is against the spirit of Open Banking, as it immediately introduces barriers to entry. We would be in favour of the "Regulated non-contractual access" model.
A strong legal opinion will be needed around this sentence: "In the context of VRP, the 'amount' referred to should be treated as the cap or range agreed to by the payer in the original VRP Consent."
VRP should be mandated to CMA9 and beyond. VRP is critical to Sweeping and therefore since Sweeping is mandated then VRP must also be. If this is not done, adoption of VRP will be limited and not introduce an innovative payment experience, hindering the creation of new types of financial services for users.
The use cases presented are quite narrow, focussed on replacing capabilities currently available via existing Payment Methods, but in a more consumer friendly approach. There are many more consumer centric use cases that VRP will open up. We believe it is critical to not limit VRP, which delegated SCA, premium APIs and optionality has the potential to do.
3. To what extent do you agree with the analysis of risks and mitigations, including the consumer protection framework? Please give reasons for your answer.
For section 6.3.1 of the consultation paper, we disagree with the assertion that there is an increased risk of customer dispute. It is possible the methods for which a dispute would have to be resolved, but that does not mean there is an increased risk.
Ultimately any payment initiated via a PISP has a defined dispute mechanism, but with VRP there is a "burden of proof" shift to the TPP. If a customer disputes a VRP payment, the bank will have to engage the TPP to get the necessary evidence the Payment Services User (PSU) consented to the payment.
4. To what extent do you agree with the requirements for the VRP standard? Please give reasons for your answer.
Moneyhub strongly agrees with the VRP standard. This is especially important to ensure a consistent interface otherwise we risk having various solutions that make it hard for TPPs to integrate, with increased development and support costs to maintain.
Our Sweeping Consultation response in full
To what extent do you agree with the proposed definition of Sweeping? Please give reasons for your answer.
We agree in most areas of the definition of Sweeping, however we have the following issues:
There is no logical rationale why Sweeping has to be between accounts that do not reside within the same provider.
Joint account Sweeping needs more thought - especially when the Sweeping is going from a Joint to a sole account. Just having the authorisation of the consumer that has their name against each account type does not seem adequate. There is a risk - especially when personal issues with the owners of the joint account break down beyond repair - that could allow money to be taken via Sweeping against the other’s permission. Therefore this is a significant conduct risk. However - Sweeping from a Joint Account is a ‘must’ use case.
Sweeping should not be confined to bank accounts of (Current, Loans, Savings and Mortgages). Credit Card, ISAs and Pensions are all examples of accounts that should be able to benefit from Sweeping.
There should be a definition that outlines the minimum amount of £0.01 and a maximum value of £10,000 to align with most Faster Payment provider limits.
2. Are there additional benefits or risks associated with Sweeping that you would like to highlight?
The benefits include avoiding insufficient fund challenges associated with Direct Debits. Rules can be applied by the SSP to reduce the risk of leaving the consumer exposed to risk that is typically associated with Direct Debit and Card on File. The consumer risk of having money swept that leaves them unable to meet commitments is significantly reduced due to the application of 'smart rules' around payment Sweeping events that are not available with Direct Debits or Card on File.
The following risk we would highlight is:
It would need to be made clear in T&Cs that an account under CASS (Current Account Switch Service) that has Sweeping arrangements set up would not be transferred across to their new provider's current account. We agree that consents or a new current account have to be set up, however this seems the wrong decision as Direct Debits are transferred over and therefore may limit Sweeping adoption.
3. To what extent do you agree with the proposed criteria for assessing the suitability of different payment methods? Please give reasons for your answer.
We agree with the criteria.
4. To what extent do you agree that neither Direct Debits nor Continuous Payment Authority on cards, nor open banking SIPs are suitable funding mechanisms for Sweeping as defined by Order? Please give reasons for your answer.
We completely agree that neither Direct Debits or Continuous Payment Authority are the right solution due to usability - neither offer real-time payments capability and charging models. SIPs is the closest competitor to VRP as it uses the faster payments infrastructure. However the limiting factor is the requirement for authorisation of every payment. This leaves VRP as the only option for Sweeping. Therefore, VRP needs to be mandated to support Sweeping.
5. To what extent do you agree that VRPs could provide a viable payment mechanism to support Sweeping as defined by the CMA order? Please give reasons for your answers.
We agree that VRP is the correct solution for Sweeping as the cost should be nil, due to it using the Faster Payment network. However, as iterated in previous questions, we need VRP to consider pensions and investments in the standard to really exploit this innovative payments capability.
6. Do you see alternative ways to provide a funding mechanism to deliver Sweeping as defined by the Order? If so, please describe.
VRP is the only viable approach to Sweeping and therefore needs to be mandated to support the CMA order.
7. To what extent do you agree that the existing control framework provides appropriate consumer protection for Sweeping? Please give reasons for your answers.
We agree in most areas that the existing control framework provides the necessary controls. We need to ensure conduct risks such as Sweeping from a joint to a sole account are considered.
8. To what extent do you agree that requiring the Sweeping Service Provider (SSP) to attest that a transaction is Sweeping provides an appropriate level of assurance of the use of Sweeping Access? Please give reasons for your answer.
We need to ensure conduct risks are considered for the scenario where a Sweeping occurs from a joint account to a sole account. Just having the authorisation of the consumer that has their name against each account type does not seem adequate. There is a risk, especially when personal issues with the owners of the joint account break down beyond repair, that could allow money to be taken via Sweeping against the others permission. Therefore this is a significant conduct risk.
9. Are there other risks associated with Sweeping and Sweeping Access that need to be considered?
A risk that is not highlighted is the fact that Sweeping and VRP would use the Faster Payments scheme. Therefore we need to ensure consistency as providers have different limits that could failure that may prevent adoption.