COVID-19 has accelerated the use of digital transactions. This brings both benefits and risks for consumers and supervisors. For consumers in particular, digital transactions, notwithstanding their greater convenience, are prime targets of financial scams and frauds. This report’s findings draw from 20 responses to FinCoNet SC3’s “Survey on supervisory challenges relating to the increase in digital transactions (especially payments)”, which was distributed to FinCoNet Members in August 2021 and was open for responses until September 2021.
This report aims to:
- Explore the impact of digitalisation and the increase in digital transactions — especially payments — since COVID-19 and, in particular, the impact on market conduct supervision;
- Provide an overview of the challenges for supervisors associated with cybersecurity risks and tackling financial scams; and
- Identify effective approaches that market conduct supervisors are employing to harness the benefits of digital transactions and mitigate the risks for consumers.
The following key findings emerge from this report:
Governance, frameworks and challenges
- In all responding jurisdictions, there is at least one authority responsible for the regulation and supervision of payments. This is most often carried out by a single authority such as a central bank. Cooperation arrangements regarding digital payments among different authorities are fairly common, even in jurisdictions where the responsibility is not shared.
- The most common types of payment providers subject to market conduct supervision are banks and payment institutions. Telco providers and platforms are less commonly subject to market conduct regulations.
- Four key challenges arise in the supervision of digital payments: vulnerability to cyber risks; vulnerability to frauds and scams; need to adapt regulation and supervisory practices; and lack of awareness among consumers.
Market conduct supervision tools & consumer awareness initiatives
- Authorities adopt a range of methodologies toward market conduct supervision of digital payments services. Two models were identified: risk-based classification of providers; and defined standards. For some authorities, market conduct supervision rules differ according to the payment channel used; in other cases the same requirements apply regardless of the distribution channel (digital or non-digital).
- Regarding supervisory tools, on-site inspections, off-site inspections and analysis of complaints data were deemed some of the most effective tools to detect misconduct in the field of digital payments. The COVID-19 pandemic has elevated the urgency of implementing remote supervisory activities, often using SupTech tools.
- Responding authorities ranked sending supervisory letters and issuing guidelines among the most effective corrective actions to take when misconduct has been detected. • Authorities are now commonly employing staff with expertise in digital technologies, as well as providing specific technology-related trainings to the supervisory teams responsible for overseeing digital payments and conduct of business.
- Authorities are deploying communication strategies and campaigns to inform consumers about the characteristics and risks of digital payment services.
Security incidents, scams and frauds
- In most jurisdictions, the number of security incidents, scams and frauds linked to digital payments have increased in the past three years. The most commonly affected instruments/mechanisms are internet banking, mobile banking and payment cards.
- Among different consumer groups, frauds and scams most commonly affect seniors and/or newly retired people, retail investors, and immigrants.
- The most common sources used to monitor security incidents or scams and frauds are reports from PSPs and complaints data. Consulting with other authorities at a national level is also common for monitoring security incidents – less so for the purpose of monitoring scams and frauds.
- To track emerging security risks, authorities establish specific initiatives, such as data collection from supervised entities, public/private sector information sharing platforms, coordination with telco authorities, information sharing mechanisms with foreign regulators and international payment system networks. Emerging risks may also be monitored based on insights from innovation hubs and regulatory sandboxes established to foster technological innovation in the financial services industry.
- Authorities reinforce the importance of ongoing and comprehensive monitoring of security incidents, scams and frauds linked to digital payments, highlighting that reporting requirements by regulated entities are one of the most relevant information source used to monitor them. Moreover, authorities emphasised the relevance and utility of exchanging information about security incidents, scams and frauds with foreign financial supervisory authorities or with international organisations (such as FinCoNet).
The role of digital payments in consumer finance is growing fast. Market conduct supervisors need to be prepared to monitor new payment products, business models and providers, in order to stay abreast of the conduct risks, ensuring adequate conduct supervision and consumer protection.
