Published on 8 August 2019
Pay.UK was set up to deliver a New Payments Architecture (“NPA”) for the UK, implementing the blueprint that was passed to them by the Payment Strategy Forum.
NPA would be based on the usage of the ISO20022 XML data format to enable rich data to flow up and down the payment chain between the two endpoints. This is the core value point of ISO20022. Almost any data format, notably JSON, could be used to enable many of the claimed benefits of ISO20022 adoption but it is the extensibility of the ISO20022 messages and the concomitant ability to transport rich data that is its key distinguishing feature.
This comes over in every slidedeck about ISO20022, whether it be an NPA slidedeck or an RTGS Renewal one. For example, the full name and address of payees can be transported. Currently the name field in BACS and FPS is limited to 18 characters and the address cannot be carried at all. These features (aka basic functions, to the man-in-the-street) enable confirmation of the payee on every payment and present a robust defence against Authorised Push Payment fraud (as opposed to the weaker “Confirmation of Payee” service and the even weaker Contingent Reimbursement Model).
The Pay.UK Board Minutes of their meeting of 8th May[1], though, ditch extended data as an early deliverable of NPA:
“MJ (Melanie Johnson – the Pay.UK chair) queried whether there was a need for rich ISO20022 functionality from the outset and JW (James Whittle, Head of Standards) explained that some participants would prefer to have such functionality as it allowed better communication and they had – or were developing – propositions that would benefit. It was for the Standards Authority to set the parameters and consideration was being given as to how these could be set as optionality to progress at different speeds was a key part of the overall offering. However, as optionality drove the cost, current thinking was to initially use a tightly controlled core message that could be used by all”.
Strap yourselves to your seats – we have the chair of the organisation charged with delivering NPA seemingly having an attack of amnesia around whether NPA should make use of this feature: if she has to ask this question, she should not be in that position.
The Pay.UK Standards Authority clearly has too much autonomy if it is allowed to “set the parameters” to the extent that the overall mandate for NPA is infringed, and if its “current thinking” is the one which carries the day: the Board is supposed to have “thinking” and decide on these matters, having regard also to the views of the Industry Standards Coordination Commitee to provide user input, a process that has obviously malfunctioned. The Committee’s Terms of Reference[2] have the same person (JW) quoted as both the document owner of the ToR and the Business Owner of the Committee, even though the Committee’s role should be to act as a control over the Standards Authority which JW heads. The ToR was approved in its first version, on 1st February 2019: not much of a challenge process there, then.
The Committee reports up into the “Legal, Governance and Standards Committee”, a “Pay.UK Board Sub-Group”, but with the “Business Owner” also being the Head of the Standards Authority there is no independence, and plenty of opportunity for the Committee’s opinions (if indeed it ever formulated any) to be diluted or dissipated, or reformulated by the Standards Authority, en route to the Board, if they conflicted with the opinions of the Standards Authority itself. The Industry Standards Coordination Committee is a palpable dead duck.
The Pay.UK Board should be policing this by having their own opinion, not making a cop-out and allowing the Standards Authority to do as they please, but they have created such a Byzantine structure that they have lost control and do not know how to run it properly.
It is bizarre that cost should be considered as a restriction on functionality at this stage, an example of the tail wagging the dog. There always is a cost to having functionality. Both should be quantified and discussed by the Board, not devolved to the Standards Authority to play around with different variations (or “optionalities”, a new word for the dictionary) and make up their own mind.
The Board’s role is to insist on a plan that meets Pay.UK’s mandate, and then to cost out the plan. After that Pay.UK must request the resources to deliver the plan, or resign if they are not made available.
The consequence of this botch-up is palpable, although couched in the euphemism of “a tightly controlled core message”: that means a cut-down, low-cost, low-spec version, an MT103+ to an MT103, a Credeuro to a SEPA Credit Transfer, or, more crudely, a bare-bones message with the majority of fields marked in Red: don’t use them. It will probably turn out to be the BACS Standard18 content but in the ISO20022 XML layout, with the same restrictions on field length.
This means that the initial NPA deliverable will be a like-for-like in terms of message content, bereft of value-adding features, and even of features missing now that would be regarded as core and basic by many end users (though not, apparently, by the people claiming to speak for end users in this process).
There is no case for the upheaval involved in NPA if this is all that is to be achieved.
The project should be disbanded along with all attendant committees, such as the End User Advisory Council (“EUAC”): apparently several members of this council sit on the Industry Standards Coordination Committee as well, a a governance malfunction in itself [3]. They are clearly incapable of properly representing end users on either body if Pay.UK’s Board can make a decision as they have.
If Pay.UK’s governance were effective, the EUAC would have spoken against the Standards Authority on this point, through the Non-Executive Board Member – Anna Bradley – who chairs the EUAC. But there is nothing in the minutes about Anna Bradley having had a view on the matter – her own or that of the EUAC – proving that the existence of the EUAC and the governance arrangements for getting its views known in the Board are ineffective, even were there no overlaps of personnel. It also puts a big question mark against the value of non-expert Non-Executive Board Members if they are sitting in key roles that require professional experience. Are these really non-executive roles? Who benefits from having such Non-Executives involved but adding no value?
The euphemism “a tightly controlled core message” is an outrage. Pay.UK’s Board should have unanimously rejected the report from the Standards Authority and stated for the minutes that it was incompatible with the mandate for NPA that they had taken on from the Payment Strategy Forum.
Instead of which there is apparent agreement – or at least a lack of disagreement – that the Standards Authority is empowered to decide upon meaningful scope decreases.
Pay.UK’s Board is clearly not up to its task and should be
replaced, both the executive and non-executive members, and its Byzantine governance
empire disbanded.
[1] Pay.UK-Board-minutes-08.05.2019-Redacted
[2] ISCC-ToR-v1-Approved-01-02-2019
[3] CEO Report in Pay.UK-Board-minutes-10.04.2019-REDACTED