Providing sweeping service providers (SSPs) an overview of the regulatory requirements for designing a sweeping service and Open Banking Ltd (OBL) guidelines for SSPs to consider for sweeping.
Other pages in this section
In July 2021 the CMA announced that they had decided that implementing sweeping through VRPs is appropriate and proportionate and Open Banking Ltd (OBL)’s proposed definition of sweeping is appropriate.
The purpose of this document is to provide prospective sweeping service providers (SSPs) with an overview of the key regulatory requirements they should take into account when designing any sweeping service offering and Open Banking Ltd (OBL) guidelines about what specifically SSPs might want to think about when considering those regulations in the context of sweeping.
Sweeping is a generic term for the automatic movement of funds between accounts. For the purpose of the CMA Order, Open Banking Ltd (OBL) has proposed a specific definition, limited to the movement of a customer’s own funds between accounts owned by them. Payments made to other individuals or other companies, e.g. paying for goods or services, would be excluded under this definition.
For a VRP transaction to be able to meet the definition of “Sweeping” it needs to meet the following criteria:
All SSPs using VRPs would typically be conducting a combination of Account Information Services (AIS) and Payment Initiation Services (PIS) activities and so would be regulated by the FCA. For sweeping services, the actors in the payment chain will be largely/wholly regulated by the FCA and/or the Prudential Regulation Authority. Therefore, firms offering sweeping services must conduct their business activities in a fit and proper manner, ensuring that their customers’ interests are adequately protected. This impacts not only the products and services offered by SSPs but also how those products and services are designed, managed and delivered. Consumer protection should demonstrably be at the forefront of an SSP’s product design process for any VRP-enabled sweeping proposition.
FCA regulated activity in the UK is underpinned by the FCA’s 12 Principles for Businesses. These are set out below.
Table 1. FCA’s Principles for Businesses
The Principles for Businesses
1. Integrity A firm must conduct its business with integrity.
2. Skill, care and diligence A firm must conduct its business with due skill, care and diligence.
3. Management and control A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.
4. Financial prudence A firm must maintain adequate financial resources.
5. Market conduct A firm must observe proper standards of market conduct.
6. Customers' interests A firm must pay due regard to the interests of its customers and treat them fairly.
7. Communications with clients A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading.
8. Conflicts of interest A firm must manage conflicts of interest fairly, both between itself and its customers and between a customer and another client.
9. Customers: relationships of trust A firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgment.
10. Clients' assets A firm must arrange adequate protection for clients' assets when it is responsible for them.
11. Relations with regulators A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice.
12. Consumer DutyA firm must act to deliver good outcomes for retail customers
Principle 12 is the new Consumer Duty which requires FCA regulated firms to put consumers at the heart of their business and focus on delivering good outcomes for them. This will replace Principles 6 & 7.
To support the principles, the FCA has provided clarity on the consumer outcomes they expect as a result of businesses adhering to Principle 6 and this will include providers of sweeping services. These are outlined below.See the FCA Handbook for more information
Table 2. Description of customer outcomes that are expected as part of the fair treatment of customers
TCF Consumer Outcomes
Outcome 1 Consumers can be confident they are dealing with firms where the fair treatment of customers is central to the corporate culture.
Outcome 2 Products and services marketed and sold in the retail market are designed to meet the needs of identified consumer groups and are targeted accordingly.
Outcome 3 Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale.
Outcome 4 Where consumers receive advice, the advice is suitable and takes account of their circumstances.
Outcome 5 Consumers are provided with products that perform as firms have led them to expect, and the associated service is of an acceptable standard and as they have been led to expect.
Outcome 6 Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint
Firms also need to ensure they consider the needs of their vulnerable customers, and the FCA have issued specific guidanceSee https://standards.openbanking.org.uk/wp-content/uploads/2022/04/fg21-1.pdf on this to ensure vulnerable customers achieve good outcomes from the products and services provided.
The FCA recommend that firms should do the following:
In summary, the FCA expects regulated firms to put customers at the very heart of how they run their business and how they design, manage and deliver their products and services (including products and services that use VRPs for sweeping purposes).
VRPs are a new product offering and SSPs who intend to provide this service to their customers should undertake a robust new product development process. SSPs must put their intended consumers at the heart of the decision-making process when developing new products and services and consider issues such as:
Placing the needs of customers at the heart of new product development should enable SSPs to identify and consider the potential risks to customers when using sweeping-related products and services and what can be done to mitigate those risks.
An example of something that SSPs should consider and take into account when developing sweeping propositions is the nature of the destination account. Are transactions easily reversible? Are there risks associated with the destination account and will the intended customer be adequately informed of those risks? E.g. if the SSP is providing sweeping to an account with a potentially volatile interest rate has the user been adequately informed of this risk.
All SSPs should ensure they fully understand the legal and regulatory implications of providing sweeping services using VRPs and take appropriate advice.
SSPs should assess whether they need to seek individual guidance from the FCA when designing their sweeping propositions using VRPs.
This section provides an overview of Open Banking Ltd (OBL)’s understanding of key areas of regulation that are pertinent for use of VRPs for sweeping. However, ultimately the interpretation of the regulations is a matter for the courts.
The Payment Services Regulations (PSRs) do not prohibit the use of VRPs and expressly anticipate scenarios where multiple payments are made to the same payee(s), referencing “series of payment transactions”The PSRs definition of a “credit transfer” refers to a series of payment transactions, as does Regulation 67. ,as well as, “recurring payments”See Regulatory Technical Standards for Strong Customer Authentication UK-RTS.
The PSRs place certain restrictions on payment service providers (PSPs) that are relevant to VRPs and equally to other existing forms of recurring payments, such as standing orders, Direct Debit mandates and recurring transactions on a payment card.
In addition, the PSRs provide consumer protections, including the need to obtain customer consent and the right to be refunded in the case of unauthorised payment transactions (regulations 67 and 76 respectively); redress in the case of defective payments initiated through PIS (regulation 93) and liability on PSPs for fees and charges incurred in connection with defective payments (regulation 94). These protections cover all forms of recurring payments, including VRPs.
Open Banking Ltd (OBL) has outlined its view on the key regulatory considerations in more detail below. SSPs that are considering providing sweeping services should familiarise themselves with these statutory provisions and ensure that these are appropriately reflected in their service offering.
The PSRs require a payment to be appropriately authorised by the payment service user (PSU). For the purposes of VRP payments, a PSU may provide their explicit consent to a PISPPSRs, Regulation 67(2)(c) read with regulation 69(2). to initiate a series of payment transactions. For this consent to be valid, in the FCA’s view, it must be “clear, specific and informedparagraph 8.152, FCA Approach Document ”. In the context of VRPs, the PSU can be treated as having given explicit consent for each VRP Payment under a VRP Consent, provided that the following consent parameters are met:
Once the PISP has obtained the PSU’s explicit consent, in order to set up the VRP it must successfully complete the VRP Consent Setup process. Practically this requires the PISP to redirect the PSU to the domain of the ASPSP for the application of strong customer authentication (SCA). Following this, subsequent VRP payments can usually be made without the PSU being present by relying on the application of available exemptions by the ASPSP under the UK-RTS. For the majority of sweeping payments, Open Banking Ltd (OBL) believes that the UK- RTS Article 13 “trusted beneficiary exemption” is likely to be the most suitable (as the destination account can be established as a trusted beneficiary during VRP Consent Setup). There may be instances when payments are swept into accounts held at the same ASPSP and the account is in the name of the payer, in which instances UK – RTS Article 15 “payment to self” exemption may be more suitable.
The VRP Consent Parameters provide details around the parameters of a series of payments that the PSU is authorising the PISP to initiate on their behalf. It is the responsibility of the PISP to ensure that it obtains explicit consent from the PSU and any subsequent VRP payments are initiated within those consent parameters. Similarly, the ASPSP must ensure that it does not execute VRP payment orders outside of the payment parameters.
When VRPs are used to support sweeping services they will by definition involve the PSU consenting to a series of payment transactions to the same payee where the exact amount of each payment transaction is unknown in advance, but within defined parameters. The fact that a PSU has consented to the VRP Consent Parameters as part of the VRP Consent Setup should in our view enable PISPs to adhere to the requirement under regulation 69(3)(h) of the PSRs not to change any feature of a transaction notified to it by the payer, provided that the payment order is within that range/subject to that limit. There is no requirement in the PSRs that a customer’s consent relates to an exact amount nor is there any prohibition against the use of a range, maximum payment amount or other similar limits. In the context of VRPs, the ‘amount’ referred to should be treated as the cap or range agreed to by the PSU in the original mandate. Once an individual payment order has been initiated under a VRP, the PISP must provide or make available certain information to the PSU, including confirmation of successful initiation, amount (including any charges) and a reference number.PSRs, Reg.44(1)
A PISP cannot change or exceed the VRP Consent Parameters, the payee and frequency (or maximum number) of transactions. These are fixed by the PSU in the VRP Consent Setup. Unauthorised changes by a SSP would make the resulting payments unauthorised. Please see section Setting the appropriate consent parameters, for further considerations on consent parameters.
The PSU has the right to be refunded for:
These are transactions where the PSU did not agree to, or was not aware of, the transaction or its terms. A transaction that is not consistent with the customer’s VRP Consent Parameters would be unauthorised. As referenced in section Need to obtain customer consent the PISP must seek consent that is clear, specific and informed. The PISP must ensure that the VRP Consent Parameters are sufficiently narrow to support the service being offered to the customer, so that they can be confident they have received the customer’s explicit consent, as without it the transactions would be considered unauthorised. See section Setting the appropriate consent parameters for more details on appropriate consent parameters. Under regulation 76 of the PSRs, if a payment is unauthorised the customer is entitled to a refund “as soon as practicable, and in any event no later than the end of the business day following the day on which it becomes aware of the unauthorised transaction”.
Customers that lose out as a result of unauthorised VRP payments will be entitled to a refund from their ASPSP without having to wait for the resolution of any dispute between the ASPSP and the PISP, in the same way, that they would for any other unauthorised payment type within the scope of the PSRs. Where an unauthorised, non-executed or defectively executed transaction is initiated through a PISP, it is the ASPSP’s responsibility to provide a refund in line with regulation 76 and regulation 93 of the PSRs 2017 and this guidance. If the PISP is liable under regulation 76 or regulation 93 of the PSRs 2017, the ASPSP can then seek compensation from the PISP which must, on request, provide that compensation immediately. The amount of compensation should cover the full amount which the ASPSP was required to refund to the customer.
These are transactions where the customer agreed to the transaction but there was an error in the way the payment was made, for example if the payment was made late or was not made at all. In this scenario, the customer could approach their ASPSP in the first instance for a refund. If the ASPSP does refund the customer, the ASPSP would then have a right of recourse against the PISP. The PISP would need to prove that they were not at fault, failing which they would have to compensate the ASPSP for the amount refunded to the customer. This is set out in more detail under PSRs, Regulation 93. It is possible that there are some instances where neither the PISP nor the ASPSP have all the required information to resolve the issue as to who is responsible ASPSPs and PISPs are encouraged to develop arrangements that support both the exchange of information and issue resolution.
A PSU may also approach a PISP directly in the case of unauthorised or defective payments. In the case of sweeping Open Banking Ltd (OBL) believes that PSUs will probably approach the SSP in the first instance, as they hold the customer relationship for the sweeping service.
There is also a liability on PSPs for fees and charges incurred as a result of the actions of a PSP (Regulation 94), so PSUs are protected not just for the funds transferred but also additional fees or charges incurred.
Payment service providers offering sweeping services using VRPs should notify their customers of the procedure for withdrawing their VRP Consent, which can be achieved by including clear provisions within their contract with the PSU. It is expected that this will include a simple mechanism to revoke consent if the customer no longer wishes to use their service. Under regulation 67(4) of the PSRs, a customer has the right to withdraw their consent to the execution of a series of payment transactions at any time, enabling all future payments to be stopped once consent has been withdrawn. Once the customer has withdrawn their consent, then any payment transactions executed after the time of withdrawal will be unauthorised payment transactions and so subject to the above protections.
There are a number of considerations SSPs need to bear in mind when developing sweeping propositions using VRPS:
All regulated firms are expected to consider the full end to end customer journey as part of their product development and management processes (See section Regulatory principles and consumer outcomes). When developing sweeping services using VRPs, SSPs need to ensure that they pay due care and attention to ensuring that their products and services are designed with customer protection at their heart and in accordance with all applicable regulations. Two examples of such considerations are provided below (we have taken these from risks cases highlighted to Open Banking Ltd (OBL) in the course of its consultation):
Example 1If an SSP is enabling a lending company to use VRPs as part of a revolving credit proposition (such as an alternative to an overdraft), then the VRP would be subject to the same restrictions as other Continuous Payment Authorities (CPA’s) under CONCSee CONC 4.6 and CONC 7.6 . The SSP would be expected to conduct a risk assessment of the firms they are contracting within the provision of this provide service to customers, including whether they are confident that the firm will not misuse the VRP capability. For example, are the VRP Consent Parameters appropriate based on the specific credit permission in terms of frequency, duration and absolute amounts? This provides an additional level of protection in addition to the obligations on the regulated credit provider.
Example 2If a sweeping service involves the use of AIS permissions to establish when payments should be made, there is a risk that a lender could misuse this information. Under regulation70(3)(f) of the PSRs, an AISP cannot “use, access or store any information for any purpose except for the provision of the account information service explicitly requested by the payment service user”. An attempt to access account information for other purposes (such as attempting to identify when to seek repayment of a credit facility) would be considered a breach of the PSRs. Note – this risk exists independently of whether an SSP uses VRPs for sweeping or uses an alternative funds transfer mechanism.
SSPs proposing to offer these types of services will need to assess how the services will be used and what controls it needs to put in place. The SSP will need to be clear about what the customer has authorised AIS to be used for, and the VRP Parameters must also be designed to provide appropriate protections.
The design of the VRP functionality in Open Banking Standard (VRP Standard) requires the application of strong customer authentication by the ASPSP in setting up the VRP Consent Parameters. This is in contrast to Direct Debits where no transaction is subject to SCA or continuous payment authority on debit cards where the initial transaction may be subject to SCA but future transactions are not. For sweeping, the Open Banking VRP Standard requires the VRP Consent Parameters to include:
As the initial VRP Consent Setup will be subject to SCA, the ASPSP will have the relevant customer-approved VRP Consent Parameters and will be required to execute payment transactions within those parameters. If the ASPSP executes a payment transaction outside the VRP Consent Parameters, then this will be an unauthorised payment. Similarly, if a PISP initiates a payment transaction outside the VRP Consent Parameters, then it will not have done so in accordance with the customer’s consent. Customers that lose out as a result of unauthorised VRP payments will be entitled to a refund from the ASPSP without having to wait for the resolution of any dispute between the ASPSP and the PISP, in the same way, that they would for any other unauthorised payment type within the scope of the PSRs (See section: Right to be refunded).
Prospective SSPs should bear in mind that where inappropriately broad VRP Consent Parameters have been set (e.g. a relatively high maximum payment value per payment), then it may be more likely that a question could arise as to whether or not the consent is sufficient for the purposes of the PSRs, even if a payment transaction is executed within those VRP Consent Parameters. In this respect, the PSRs refer to the payer having given “explicit consent” or “explicitly requested” (under regulation 67) and so if the consent parameters are not sufficiently narrow it may be reasonable to conclude in the event of a dispute/regulatory action that the consent is not valid because it does not adhere to the guidance in the FCA Approach documentSee Section 8.152
SSP’s may wish to monitor the VRP Consent Parameters and regularly review the “headroom” between actual transactions and the parameters, resetting parameters as they deem appropriate in order to attempt to mitigate these risks. This is likely to be very fact-specific and to depend on the context, including the customer’s experience of the service in practice. The customer is protected if any payment transaction is executed without appropriate consent having been given in accordance with the PSRs because the transaction will be considered unauthorised. This provides a clear incentive for PISPs to ensure that the range that is specified in the VRP Consent Parameters is such that any payment within that range would be reasonably expected by the customer. Clearly, increased specificity and narrowness in terms of the VRP Consent Parameters will give increased certainty that explicit consent has been obtained and this protects both PISPs and customers.
The appropriate level of parameters will be unique to the different use cases and firms also need to consider the customers’ individual circumstances when setting up consent parameters. Some examples of considerations that firms might want to consider are included in the table below.
Table 3. VRP Consent Parameter Guidance
As mentioned in section Right to withdraw consent, the PSRs require the PISP to provide a clear and transparent way for the customer to be able to withdraw their consent. Even though the PSU can revoke VRP access at the ASPSP, this does not negate the obligations on the SSP to provide their customers with the means to revoke the VRP consent provided. Furthermore, under the obligations of Treating Customers Fairly, (TCF Outcome 3), the SSP has obligations to provide its customers with appropriate levels of visibility and control over the services offered.
The SSP will determine exactly how it provides visibility and control to its customers. See Figure 2 for an example from the Customer Experience Guidelines on how a user might revoke consent for a VRP they had set up.
Figure 2. Example from the Customer Experience Guidelines
In addition, TPPs are subject to various governance and prudential conditions, including the need to hold professional indemnity insurance to cover business activities in relation to PIS and AIS. Again, this requirement applies to all payments and would include VRPs.
An SSP must have an appropriate complaints process for all their services, including the provision of VRPs. This section highlights some of the elements firms will want to consider to ensure they have suitable processes and procedures for handling customer complaints.
The rules for handling complaints from eligible complainants are set out in DISP (the Dispute Resolution: Complaints sourcebook in the FCA handbook) and differ depending on whether the complaint is a PSD/EMD complaint or not.
The rules for handling PSD/EMD complaints from non-eligible complainants are set out in PSRs, Regulation 101.
The decision tree set out below (See Figure 3) indicates which complaint handling rules apply in different circumstances.
An eligible complainant is anyone who is eligible to bring a complaint to the Financial Ombudsman Service (FOS).
Access to the FOS is available to consumers, micro-enterprises, small charities and small trusts. You can find the definitions of these at 11.36 of The FCA’s Approach Documenthttps://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf. In addition, the Financial Ombudsman Service host an eligibility checker for SMEs on their websiteSee https://sme.financial-ombudsman.org.uk/complain/can-help/our-eligibility-checker .
The rules on handling complaints from eligible complainants are set out in DISPSee https://www.handbook.fca.org.uk/handbook/DISP/ . These cover a range of issues, including:
When dealing with a complaint, PSP must provide a full written response within 15 business days or 35 business days in exceptional circumstances. (For non-PSD2 complaints this is 8 weeks). Payment service providers must inform a customer within 15 business days if their complaint is considered to involve exceptional circumstances and indicate the reasons for the delayed response.
The three business day ruleSee DISP 1.5 allows organisations to handle complaints less formally, without sending a final response letter, so long as the complaint is resolved to the complainant’s satisfaction within three business days after the organisation receives the complaint. In these circumstances, the organisation will not have to send a final response letter, tailored to the specific complaint and individual concerned. Instead, organisations have to send a written, ‘summary resolution communication, which is a simpler, template message.
Organisations must maintain a record of all complaints for at least three years. Organisations must submit a report to the FCA annually, including the number of complaints received, the root cause, how many were closed or upheld, and the total amount of redress paid. If the organisation has received over 500 complaints in a reporting period, it must publish a summary of the complaints data it has submitted in the report to the FCA, usually on its website. Payment service providers must complete the new Payment Services Complaint Return on an annual basis.
If a PSU is not satisfied with how their complaint was dealt with they may be able to refer their complaint to the Financial Ombudsman Service (FOS). The FOS operates the alternative dispute resolution (ADR) procedure for payment service users required by PSD2. FOS is a statutory, informal dispute-resolution service, established under FSMA. It provides an accessible alternative to the civil courts. Its role is to resolve disputes between eligible customers and financial services organisations quickly, impartially with minimum formality, on the basis of what is fair and reasonable in the circumstances of each case. In adjudication, FOS will consider the relevant laws and regulations, the regulator’s rules, guidance and standards, as well as codes of practice, and what is considered to be good industry practise at the relevant time.
The FOS can consider complaints that relate to acts or omissions of regulated firms in carrying on one of the specified lists of activities. See DISP 2.3 Those activities include ‘payment services’ which includes both account information services and payment initiation services so the activities of SSPs clearly fall under FOS jurisdiction
During the Sweeping and VRP consultation process, a number of respondents raised questions about the protections afforded to customers when VRPs were used to support sweeping. Key questions are considered in the table below:
Table 4. Examples of Customer Protections
Questions Raised Response
Are VRPs offered the same protections as CPAs in CONC regulation? When used to collect funds as part of a credit agreement VRPs would meet the definition of CPAs in CONC regulation and so VRPs cannot be used by lenders to avoid the rules on CPAs in CONC.
Customer disputes the amount of a sweeping transaction. If transaction is outside of the VRP Consent Parameters, then it is an unauthorised transaction and customer entitled to a full refund. (See section Right to be refunded)
If the transaction is within the VRP Consent Parameters then it is unlikely that the transaction would be considered unauthorised under the PSRs unless the consent parameters were not set sufficiently narrow by the PISP. (See section Setting the appropriate consent parameters).
If the transaction is within appropriately defined VRP Consent Parameters but the SSP should not have initiated the transaction then the PSU could complain to the SSP. (See section Complaints Process). If the PSU was not satisfied with how the complaint was dealt with, they could seek refer the complaint to the FOS for independent consideration. (See section Redress framework)
Customer disputes the number of sweeping transactions (SPP has been moving 2 transactions per month but in 1 month makes 4 transactions). The customer could complain to the SSP that the service was not as expected. (See section Complaints process). If the PSU was not satisfied with how the complaint was dealt with, they could seek to refer the complaint to the FOS for independent consideration. (See section Redress framework)
Customer complains that the Saving sweeping service caused them to move into overdraft causing them to incur fees as funds were moved before they made a one off purchase. The customer could complain to the SSP that the service received was not as expected. (See section Complaints process).
Customers could complain to their ASPSP who could refer the customer to the SSP (see above). If the ASPSP chose to refund the customer, the ASPSP could seek redress from the PISP (see section Rights to be refunded). whether the ASPSP was entitled to the refund will be determined by the specifics of the individual case.
If the PSU was not satisfied with how the complaint was dealt with, they could seek to refer the complaint to the FOS for independent consideration. (See section Redress framework)
Funds not received at the beneficiary account due to an error at the ASPSP or the PISP The customer could complain to either the ASPSP or the PISP who would need to investigate the complaint and take appropriate action based on who was at fault for the defective transaction. (See section: Rights to be refunded and section Complaints process).
If the PSU was not satisfied with how the complaint was dealt with, they could seek to refer the complaint to the FOS for independent consideration. (See section Redress framework)
Customer cancels the VRP at the SSP but a transaction takes place after cancelation. Customers can complain to the SSP. As this is an unauthorised transaction the SSP has to refund the PSU (See section Right to be refunded).
Customers can complain to the ASPSP. If the customer provides evidence of cancelation the ASPSP can determine that this is an unauthorised transaction and provide a refund to the PSU and seek redress from the SSP. (See section Right to be refunded). If the ASPSP is unable to determine that the transaction is unauthorised then they may choose to refer the PSU to the SSP, or to follow their usual complaints procedure.
If the PSU was not satisfied with how the complaint was dealt with, they could seek to refer the complaint to the FOS for independent consideration. (See section Redress framework)
Customer advises that the money has been moved to an account that they do not ownCustomers can complain to the ASPSP. If the destination account is not in the customer’s name but consent to make payments to this account was given by the customer to the PISP it is unlikely the transaction will be considered unauthorised under the PSRs. However, the customer is likely to have a claim against the SSP as the transaction is not sweeping and so the ASPSP may advise the customer to contact the SSP. If the destination account defined in the VRP consent is correct but the ASPSP has sent the funds to a different account, this would be considered an unauthorised transaction under the PSRs and the ASPSP would be expected to refund the customer no later than the business day following the day on which it becomes aware of the unauthorised transaction.
If the PSU was not satisfied with how the complaint was dealt with, they could refer the complaint to the FOS for independent consideration. (See section Redress framework)
This guidance does not override any obligations to refund customers who are victims of APP Fraud.
AIS Account Information Service, the provision of account information service carries out by an Account Information Service Provider (AISP), which is authorised and regulated by the FCA.
ASPSP Account Servicing Payment Service Provider (ASPSP) is any financial institution that offers a payment account with online access. This includes banks and building societies.
Payer Payer means—:
(a) a person who holds a payment account and initiates, or consents to the initiation of, a payment order from that payment account; or
(b) where there is no payment account, a person who gives a payment order;
Payment Order “Payment order” means any instruction by a payer or a payee to their respective payment service provider requesting the execution of a payment transaction
PIS Payment Initiation Service, the initiation of a payment from a customer’s account carried out by a Payment Initiation Service Provider (PISP), which is authorised and regulated by the FCA
Sweeping Sweeping is a generic term for the movement of funds between a customer’s own accounts, a “me to me” transaction. For the purpose of the Order and following the consultation process OBL recommends the following definition of Sweeping:
The source account needs to be a PCA or BCA
The destination account is an account into which a domestic payment can be made by the debtor bank’s direct channel
Both accounts are UK sterling accounts
The payment can be an unattended payment, not requiring any interaction by or presence of the PSU at the time of making the payment
The transaction is between two accounts belonging to the same PSU
Sweeping Access Provision of access to the VRP APIs, for the purpose of delivering Sweeping. OBL is currently assessing whether to recommend to the Trustee whether mandating Sweeping Access on the CMA9 would be an effective and proportionate remedy.
Sweeping Services Provider (SSP) This is a firm which provides Sweeping services to its customers. The firm is likely to hold an AIS permission, to enable the interrogation of the PSUs account to determine if it is appropriate to initiate a sweep of funds, and also a PIS permission so it can use of VRPs to enable Sweeping. For clarity, an SSP is not a separate permission but is a term that OBL uses to refer to this business model, rather than a term used by the FCA or in the PSRs
UK-RTS UK-RTS are the technical standards included in the FCA Handbook to meet the requirements for Secure Customer Authentication
VRP Consent VRP Consent is the consent provided by the PSU for a PISP to initiate a series of payments that fall within the agreed VRP Consent Parameters. The VRP Consent includes the specific values of the VRP Consent Parameters and must be authorised by the Payment Service User (“PSU”) via Strong Customer Authentication (“SCA”) at their ASPSP
VRP Payments VRP Payments are one or several payments made using a long -held consent (“VRP Consent”) the VRP Consent Parameters are included within the VRP Consent and are therefore subject to SCA of the PSU by the ASPSP as part of the VRP Consent Setup.
VRP Consent Parameters The VRP Consent Parameters are the parameters that are recorded in the VRP Consent, in a sweeping transaction they consist of:
Payee Account Name
Payee Account Identification details (e.g. account number and sort code or additionally roll number or full IBAN)
Maximum amount per payment and Currency
Maximum amount per frequency (Day/Week/Fortnight/Month/HalfYear/Year) and Currency
Expiry Date (Ongoing or a Specific Date)
See VRP standard for more details
VRP Consent Set Up VRP Consent Set Up is the activity of providing the VRP Consent and authorising it via Strong Customer Authentication (“SCA”) at their ASPSP
Data management Previous
Good Practice – Introduction Next