Mobile banking—working well for consumers?

What next for mobile banking and consumers?

Jacob Ghanty, partner, and Eimear O’Brien, associate at Berwin Leighton Paisner, examine the findings of the Financial Conduct Authority’s (FCA’s) recent thematic review on mobile banking and payments.

Original news

Consumer protection and security are key for mobile banking, FCA, LNB News 11/09/2014 157

Consumers have the same regulatory protections in place when using mobile banking services as when making payments by other means, the FCA emphasises following a thematic review. A number of issues have been identified, including the role of senior management, security and technological resilience, and the importance of third party oversight. The review follows an FCA interim report, which was published in 2013.

What is the background to the review?

The FCA’s 2012/13 risk outlook recognised that mobile banking had the potential to rapidly increase in popularity and that innovation in banking and mobile technologies had the potential to impact on the FCA’s objectives. The FCA commenced a thematic review in 2012 to tackle potential risks to consumers at an early stage to prevent them from developing. The FCA published its interim report in August 2013 which set out the areas where the FCA believed firms should focus their attention.

The purpose of the more recent thematic review was to determine how firms are achieving good outcomes for consumers when delivering mobile banking products.

What was the scope of the review?

The thematic review focused on the different ways in which consumers may carry out mobile banking and payments on their mobile phones or tablet computers (including contactless payments made using a mobile device).

The FCA engaged with regulated firms such as banks, building societies and payment institutions, and other participants in the industry (eg technology providers, mobile network operators and unregulated firms). The thematic review covered the following areas:

  • strategy, governance processes, policies and data for mobile banking
  • how firms manage current risks around their mobile products and services
  • how firms deliver consumer outcomes
  • future developments in mobile banking and payments, and
  • firms’ emerging thinking about the benefits and risks these developments could pose to consumers

What were the main findings of the review?

The FCA’s initial findings as set out in its interim report identified risks in relation to:

  • fraud (to both firms and their customers)
  • security (risk of malware and viruses)
  • use of third parties
  • consumer awareness and understanding of how to use the products and services provided and in relation to their rights and responsibilities
  • technology/interruption to service, and
  • anti-money laundering systems and controls

The FCA did not find any evidence of crystallised consumer harm.

In its September 2014 report, the FCA identified the following five areas which are relevant to whether firms are delivering good outcomes for customers. Fraud and anti-money laundering were not prioritised in the 2014 report as the FCA was satisfied that firms were already focusing on these areas.

Consumers’ understanding of their rights and responsibilities—it is important that consumers understand they have the same regulatory protections in place as when making payments by other means, particularly protections against losses incurred as a result of fraud.

Senior management—senior management need to retain sufficient knowledge and understanding of their products to ensure they are right for consumers and are delivered in the correct way.

Security and technology resilience—firms must understand the importance of having high standards of security to protect consumers’ personal data and funds.

Third party oversight—to ensure the effective delivery of products and services it is important that everyone involved in the delivery chain understands its responsibilities to each other and to the end consumer.

Will firms have to change their processes as a result of the review?

Firms should inform consumers on the steps they can take to protect themselves and when and how to report an unauthorised transaction (without underplaying their rights in the case of fraud).

Technical challenges may be involved in relation to management information (MI) to capture this new channel and firms must be able to draw out relevant information, data and consumer indicators on mobile banking in MI to assess performance and outcomes.

Firms should have strong governance and control frameworks in place so that appropriate information is escalated to senior management in a timely manner.

Firms should ensure that they encrypt data to safeguard security and ensure there is no data loss and should invest in implementing strong security measures for consumers so as to avoid the potential for fraud attacks.

It is important that firms have robust recovery processes in place to ensure mobile services are restored in a timely manner in the event that services fail.

The regulated firm with ultimate responsibility for providing the mobile banking service to the consumer must have appropriate oversight over the key parties involved in its delivery.

New entrants to the market must ensure they have adequate knowledge and understanding of the regulatory framework and consumer rights and protections surrounding payments, including the rules around immediate refunds for fraudulent transactions.

What advice should lawyers give to their clients?

Clients in the mobile banking and payments industries should have a clear understanding of the key areas identified in the FCA’s report, how they apply to their businesses and how they can ensure their mobile banking products and services are working well for consumers.

Firms should satisfy themselves that they have appropriate controls in place to prevent consumer harm and damage to the market.

Firms in the mobile banking and payments industries should ask themselves the following questions:

  • how easy is it for our customers to understand their legal rights and obligations when using mobile banking products and services?
  • what are we doing to aid consumer education?
  • how are we ensuring that the knowledge and understanding of key decision makers in the business is in line with the pace of innovation?
  • how are we ensuring that consumers’ sensitive personal data and funds are secure, and technology is sufficiently robust?
  • how are we overseeing third parties and outsourced functions involved in the delivery of product offerings to consumers?

Interviewed by Nicola Laver.

The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor.

Relevant Articles
Area of Interest