The principal legislation regarding the regulation of payment services in the EU is the Payment Services Directive (“PSD”), which was transposed into Irish law by the European Communities (Payment Services) Regulations 2009.
The 2009 Regulations apply to institutions which execute payment transactions, provide money remittance services, issue payment instruments (e.g. credit cards), engage in merchant acquiring, or operate payment accounts (e.g. current accounts, savings accounts). These payment service providers include, for example, banks, credit card companies, online payment providers and merchant acquirers. The 2009 Regulations require such institutions to hold an appropriate authorisation from the Central Bank of Ireland (or another competent EEA regulator), and to adhere to minimum capital requirements and conduct of business rules.
A number of new measures have been enacted by the EU in the area of payment services recently. These include:
- the new Payment Services Directive (2015/2366/EU) (“PSD2”);
- the Interchange Fees Regulations (2015/751/EU) (“IFR”); and
- the Payment Accounts Directive (2014/92/EU) (“PAD”).
The principal changes arising from these Directives are:
- Extending the scope of PSD, to include previously unregulated activities;
- Limiting the scope of the exemptions from the requirement for certain activities to be regulated;
- Strengthening consumer protection and payment security;
- Reducing interchange fees (a fee paid between banks for the acceptance of card based transactions) which apply to consumer / non-commercial credit cards and debit cards;
- Creation of Basic Payment Accounts
- Requirements for Comparison websites
PSD2 was enacted by the European Parliament and Council on 25th November 2015 and must be transposed into national law by 13th January 2018, with the provisions to come into effect on that date.
The key changes contained in PSD2 are as follows:
- Third party providers (“TPPs”) of payment initiation services (which usually provide services between the merchant and the paying customer’s bank) and account information platforms, will be required to be authorised as payment institutions. This provision is designed to regulate TPPs which provide services in relation to activities such as mobile banking, and which are currently unregulated.
- The limited network exemption from the requirement to be authorised as a payment institution will be considerably narrower in scope. The revised exemption now covers services based on specific instruments that are designed to address precise needs that can be used only in a limited way, because they allow the specific instrument holder to acquire goods or services only in the premises of the issuer or within a limited network of service providers under a direct commercial agreement with a professional issuer or because they can be used only to acquire a limited range of goods or services. This provision may bring certain multi-purpose gift cards within the scope of PSD.
- Whilst ATM operators continue to be exempt from the requirement to be authorised under PSD2, independent ATM operators (i.e. those who provide services to multiple card issuers) are required to provide customers with the information on any withdrawal charges in accordance with the Directive. This measure was included due to the growth of independent ATM operators, particularly in rural areas, which were imposing charges on customers, in addition to any charges which may have been imposed by the card issuer. Although making ATM subject to PSD2 in full was originally considered, this was abandoned to allow the continuation of the provision of ATM services while ensuring clarity for customers on withdrawal charges.
- The commercial agent exemption will be amended so that it will only exempt agents which act on behalf of either the payer or the payee, and not agents who act for both parties. This may have an impact on a number of cash collection agencies and bill payment facility providers who currently avail of the commercial agent exemption.
- PSPs will be required to comply with the transparency and provision of information rules of PSD, where the payment transaction entails funds being sent out of or sent into the EEA, or where the transaction involves a non-EEA currency. These “one leg out” transactions largely currently fall outside the scope of PSD.
- Customer liability for unauthorised transactions on a payment instrument will be reduced from €150 to €50.
- PSPs will be required to adopt enhanced security requirements for payment instruments. These measures will include “strong customer authentication”, which means a procedure for the validation of identification of a natural or legal person based on the use of two or more elements categorised as knowledge, possession and inherence. The two elements selected must be however be mutually independent, so that a breach or failure of one security measure does not compromise the reliability of the other(s). This proposal may require many PSPs to change their business processes regarding customer authentication of payment transactions. As this was seen as a key provision for the protection of online payments, many of the requirements have been implemented through the EBA’s Guidelines of the Security of Internet Payments (which it issued on 19th December 2014 and which came into effect on 1st August 2015).
- The transaction threshold for a PSP being categorised as a small payment institution (and therefore subject to less onerous regulatory requirements) will be reduced from an average payment transaction turnover per month of < €3 million to < €1 million. Therefore, some existing PSPs may no longer be categorised as small payment institutions and will be fully subject to PSD2.
The IFR was enacted by the European Parliament and Council on 29th April 2015, with the provisions to come into effect on a phased basis on 8th June 2015, 9th December 2015, and 9th June 2016.
The IFR arose primarily from a competition investigation into interchange fee rates. As a result of that investigation it was decided to introduce a limit on interchange fees of 0.3% for credit cards and 0.2% for debit cards (except for schemes with three parties, commercial cards, and cash withdrawals from ATMs or at the counter of a PSP). These limits apply to cross-border payment transactions from 9th December 2015, and will apply to domestic transactions from 9th December 2018.
The IFR will also:
- prohibit surcharges in relation to credit cards and debit cards;
- require payment card schemes and processing entities to be separate and independent;
- require the un-blending of merchant service charges for difference categories and brands of payment cars with different interchange fee levels;
- prohibit the imposition of any rule that obliges payee to “Honour All Cards” from the same payment card scheme;
- prohibit any rule preventing payees from steering consumers to a preferred payment instrument;
- require payee’s PSPs to provide the payee with certain information after the execution of an individual card-based payment unless explicitly consent is provided by the payee to this information aggregated on the basis of brand, application, payment instrument categories, and rates of interchange fees applicable to the transaction (acquirers may contractually agree to provide payees with this information on a periodic basis).
PAD was enacted by the European Parliament and Council on 23rd July 2014 and must be transposed into national law by 18th September 2016, with the provisions to come into effect on that date.
The main purposes of PAD were to provide for increased access to payment accounts, transparency around fees for their operation, and the standardisation of terminology used for services in connection with payment accounts. PAD’s main features in this regard are:
- A fee information document (including a glossary of terms used) and a free annual statement of fees;
- Moves to standardise terminology for services connected to payment account (through EBA Guidelines);
- The creation of basic payment accounts by credit institutions, which must be available to all consumers (subject to certain limited exemptions on public policy and security grounds) free of charge or subject to reasonable fees (not linked to transaction volumes on the account), and which must enable at least the following basis services:-
- all services necessary to open, operate and close the payment account,
- services enabling funds to be placed in or withdrawn from the account,
- execution of direct debits, payment transactions through ha payment card (including online) and credit transfers (including standing orders);
- The provision of a switching service to enable any consumer to easily move their payment account to another PSP (including requirements to provide customers with information on switching, access to information free of charge about existing standing orders and direct debits, and assistance with switching to PSPs in other Member States);
- The requirement to have Comparison Websites (run either by public or private bodies) which must comply with certain requirements including that the websites:
- be operationally independent of PSPs by giving equal treatment in search results,
- clearly disclosing ownership,
- set out clear, objective criteria upon which the comparison will be based,
- use clear and unambiguous language,
- provide accurate and up-to-date language (and state the time of the last update),
- include a broad range of payment account offers (covering a significant portion of the market, or where not doing so having a statement clearly indicating such),
- provide an effective procedure to report incorrect information published fees;
- A requirement for access to effective and efficient alternative dispute resolution procedures for the settlement of disputes concerning rights and obligations under PAD (including, for example, a refusal by a credit institution to provide a consumer with access to a basic payment account).