The Future Regulation of UK Phone-paid Services 

The recent Ofcom consultation, accompanied by the draft PRS Order, was published on November 21, 2023, setting the stage for significant changes in the regulation of phone-paid services in the UK (currently under PSA – Phone-paid Services Authority). Stakeholders and interested parties have until January 23, 2024, to submit their responses, with Ofcom planning to present the finalised statement and lay Order to Parliament in the spring of 2024. The expected effective date for the Order is October 1, 2024. 

Clients, please note, when the Order becomes law any potential for change is highly unlikely, so Industry needs to work with representative bodies like AIMM, to lobby Ofcom and get the Order fit for purpose before the deadline.

The draft PRS Order retains core principles from PSA’s Code 15 while aligning Ofcom’s enforcement strategy with its practices in other regulated sectors. Cases unresolved before the transition will be transferred to Ofcom, with enforcement actions mirroring those outlined in the code. 

Key Consultation points include:  

  • Ofcom will retain the current PRS levy-based funding model.  
  • Ofcom will not be retaining prior permission or issuing non-binding guidance and advice. 
  • Merchants will be responsible for making/retaining records of consent to charge.
  • Registration requirements to Service Checker are streamlined and the registration fee is withdrawn. 
  • ICSS Services will require a free pre-call announcement. 
  • Ofcom cannot impose a penalty at the final decision stage which is higher than the proposed provisional decision and the maximum penalty will be £250K per breach.  
  • Aligned to Ofcom enforcement in other sectors, there will be no Appeal or Oral Hearing facility, as is currently the case with PSA. 

Additionally, from our reading of the draft Order, there is an increased focus on pre-contract risk assessment as part of due diligence and risk control (DDRC). The following five points are important to note: 

  1. Pre-contract Risk Assessment: To include solvency considerations in the event of sanctions. 
  1. Risk Drivers: Compliance history, company size, structure, and breach history are considered risk drivers. 
  1. Mitigation: Risks must be identified and recorded, with a requirement for written records of assessments and outcomes. If risks cannot be mitigated, trading is prohibited. 
  1. Risk Reviews: Scheduled risk reviews, at least annually, to assess ongoing risks, identify new risks and review (and amend where necessary) mitigation plans. 
  1. Accountability: Requirement for a nominated “general authorised person” in each company, personally accountable and possibly subject to new criminal liability. Their details will need to be officially registered with Ofcom. 

If you have any questions or concerns regarding the consultation and what it may mean to your business, please do reach out to your MCP Account Manager. 



Draft PRS Order: 

related posts

Graphic showing Google Responsive Displays Ads within a mobile app or webpage

MCP Insight and aimm form Google Ad Creation and Placement Working Group to explore ad clarity, consumer harm and wasted ad spend.

AI in the mVAS & DCB Space

Explore how AI is helping the mVAS and DCB space keep pace with change, access market-leading insights and combat fraud.

MCP Insight Strengthens Leadership Team

MCP Insight is pleased to announce the appointment of Kev Dawson to the team. Joining as Director to support Declan Pettit and Toby Padgham, he will play a pivotal role in driving forward the company's strategy.