The FCA’s View on Payments
The UK financial regulator recently released its ‘Sector Views’ report, which provides The Financial Conduct Authority’s opinion on how the sector is performing. This is their annual analysis of the way the financial environment is changing and the impact of these changes on consumers and market effectiveness. The analysis contributes to The FCA’s Business Plan for 2020/21 and the decisions they make affecting consumers, market integrity and competition.”
The report is a ‘must read’ for anyone operating the in UK or with operations and business interests here. The report covers Drivers of Change, Retail Banking and Payments, Lending, General Insurance, Pensions, Investments and Wholesale Financial Markets.
There are two important points to note in their section on ‘What We Found On Harm’ which relate specifically to innovation.
Compliance and Protection
The FCA specifically highlights that inadequate protection, or poor compliance by payments companies can harm consumers. In 2018/19 there were just under 1,500 new complaints to the Financial Ombudsman Service about electronic money issues. The FCA states:
“Payment firms failing to adequately safeguard customer funds can result in financial loss to consumers if there is a disorderly firm failure. This can be particularly problematic if safeguarding failures are combined with prudential weakness, or if firms act outside the scope of regulation. These concerns have resulted in our taking a pre-emptive approach in our supervision of these firms.”
This is a clear indication that more regulation could be on the horizon to make sure there are greater controls in place.
There has been an ever louder conversation about operational resilience over the last few years after a number of high profile failures in retail banks. Firms reported 459 technology and cyber incidents in the sector in 2019 with the most common root causes in the same period being change management issues, third party failures, and failures in hardware or software. The FCA has this to say on the matter:
“There has been a significant increase in the number of reported incidents of interrupted services. This is due to several factors. Several retail banks are engaged in large-scale business transformations away from their legacy IT systems. Incidents at third parties and application issues also caused an increase in interrupted services. Such incidents, along with data breaches, risk undermining public confidence. The growing number of financial firms using third party technology providers, such as for cloud services, where a small number of firms dominate the market, has increased the risk of technological disruption at one of these firms, with widespread effects.”
The problem the industry faces is that businesses want to innovate at a faster pace than their infrastructure will allow. The FCA has recognised this and is going to scrutinise operational resilience more thoroughly, along with the controls and testing methodology used for new technology.
A New Approach to Innovation
In the modern world, innovation and the launch and test process have to be different to avoid the problems associated with a failure. If this does happen, there is the obvious impact on customers, share price and the earnings of the institution, and reputational damage. Increasingly, there will be punitive fines and appearances of executives before politicians looking for explanations.
I have been talking for many years about the need for testing to support consistent and iterative regression, shared results, collaborative working, and exposure of easily accessible output to developers. It needs to remove the need to code tests, and facilitate their configuration, making the entire environment more responsive, more effective and cheaper, and focused on design and analysis rather than set up and execution.
In reality, we need a paradigm shift in the perception of testing. Testing needs to be delivered on the foundation of a proper test platform rather than a set of discrete components that don’t reflect the increasingly connected world they are attempting to assure. It is important to think of test cases as part of a company’s Intellectual Property, from prototyping and through all steps to onboarding and business as usual releases test cases are as important as any other system component.
I believe this approach to testing should become central to the thinking of everyone in payment technology as rapid development continues. If we resist change, we will be creating an environment for failure. The biggest impact will be on customers and their confidence in what we do but it’s clear that the regulator is moving quickly to address this.
CEO, Iliad Solutions