The European Parliament has approved at first reading the text of the proposed payment services directive (Directive) without amendments.
The purpose of the Directive is to create a single payment system for cross-border non-cash payments in the European Economic Area (EEA) by 2009, increasing competition among payment service providers, enhancing consumer choice and reducing costs.
As the text is based on a compromise agreed between the Parliament’s rapporteur and the ECOFIN Council, it is likely that the Directive will now be adopted by the Council without significant amendment.
Member states are required to implement the Directive into their national laws at the latest by 1 November 2009.
This briefing examines the main features of the Directive and how implementation will affect you.
The objective of the Directive is to establish a common legal framework for the payments market by harmonising the rules applicable to the execution of payments in the EU. Currently, there are 25 different sets of national applicable laws and regulations, creating complexities and legal uncertainties that have so far hindered the provision of cross-border payment services.
The Commission believes the creation of a single payments market will increase competition among service providers and bring costs down, as consumers, banks and retailers will be able to shop around for the best deals. Studies show that the cost of the current nationally based payment systems is around 2 to 3 per cent of GDP. A large slice of these costs is borne by consumers, but the Commission estimates that European banks and retailers are also being hit hard, with banks spending a third of their operating costs, and some retailers around 5 per cent of their card sales, to access payment services.
The Directive aims to achieve its objective in two ways: by supporting industry efforts towards a Single Euro Payments Area (SEPA) by 2010 through the establishment of minimum standards in certain areas (including in relation to timing of payments, charges and responsibilities of service providers), and by creating a new category of non-bank payment institutions with ‘passporting’ rights to provide services in host states.
The Directive applies to so-called payment service providers, which are divided into six categories:
- credit institutions;
- electronic money institutions;
- post office giro institutions;
- payment institutions;
- the European Central Bank and national central banks; and
- member states or their regional or local authorities.
Payment institutions will be non-credit institutions, who will be licensed under a new licensing regime to process payments but will not be permitted to accept deposits. The Directive will apply to payment services within the EU. However, the provisions on transparency and information requirements, and rights and obligations of users and providers, will apply only if both the payer payment service provider and the payee payment service provider are in the EU. Similarly, those provisions will apply only to payments made in euros or another official currency of a member state.
The Directive focuses on electronic payment systems. As such, it does not apply to cash for cash transactions (eg currency exchange), certain cash and cheque payments or payments under a voucher or points system. It does not apply to those who merely provide the infrastructure for the payment system (eg website or mobile phone operators).
The Directive has three main building blocks. Right to provide payment services to the public (Title II )
These are the rules that create a new licensable and passportable activity for payment institutions. This regime is intended to work in a similar way to the existing authorisation and passporting regimes for banks and investment firms, that is, once the payment institution is licensed by the competent authority of its home member state, it is able to provide cross-border payment services to consumers throughout the EU or to establish a branch in another member state (a host state) without the need to apply for a fresh licence or comply with different national rules.
The licensing process is also similar to existing ones.
The institution seeking authorisation must apply to the competent authority of its home member state and show that it meets certain criteria set out in the Directive (for example, adequate systems and controls and good repute). The Directive also sets out minimum capital requirements, although member states will be allowed to waive some of these conditions for smaller-scale service providers (with transactions worth less than n3m per month). Capital requirements may be either expenditure – or income – based or calculated as a percentage of the volume of payment transactions carried out. The capital requirements are considerably less onerous than for credit institutions but payment institutions will be required to segregate funds received from users of payment services.
All member states will have to establish a public register of payment institutions, which must be made available online.
Authorised payment institutions will be able to engage in and passport the following activities, all of which fall within the definition of ‘payment services’:
- services enabling cash to be placed on a payment account, as well as all the operations required for operating a payment account;
- services enabling cash withdrawals from a payment account, as well as all the operations required for operating a payment account;
- execution of payment transactions, including transfer of funds on a payment account with the user’s payment service provider or with another payment service provider, including direct debits, card payments and standing orders;
- execution of payment transactions where the funds are covered by a credit line for a payment service user; issuing and/or acquiring payment instruments; money remittance; and
- execution of payment transactions where the consent of the payer to a payment transaction is transmitted by means of any telecoms, digital or IT device and the payment is made to the telecoms, IT system or network operator, acting solely as an intermediary on behalf of the payment service user.
Moreover, payment institutions will be able to engage in the following additional activities:
- the provision of operational and closely related ancillary services such as guaranteeing execution of payment transactions, foreign exchange services, safekeeping activities and storage and processing of data; and
- the accessing and operation of payment systems for the purposes of transferring, clearing and settling funds, including any instruments and procedures relating to the systems.
Payment institutions will also be able to grant shortterm credit in connection with the execution of payment transactions.
Transparency and information requirements (Title III ) The Directive introduces a number of information requirements for payment services. Some of these are general pre-contract information requirements, requiring the payment service provider to communicate to the payment service user, before he becomes bound by any contract, certain specific terms and conditions under which the service will be provided. For single payments, these include the information required to process the payment order, time of execution and charges applicable to the payment transaction.
Other requirements refer to post-contract information, required to be given to the payer and the payee, respectively, when the order for payment is accepted by the payment service provider and once the funds have been made available to the payee. These include references to allow the parties to identify each other and the payment made or received, the amount and currency of the payment, and charges and, where relevant, exchange rates applicable to the payment.
All relevant information must be provided in an easily accessible manner, or at the request of the payment service user on paper or another durable medium. It must be given in easily understandable words and in a clear and comprehensible form, in an official language of the member state where the payment service is offered or in any other language agreed by the parties.
The Directive prescribes additional and more detailed information requirements in respect of framework contracts, that is, payment service agreements under which the payment service provider agrees to execute a number of payment orders for a particular payment service user in the future. These include details of the payment service provider (such as address and name of supervisory authority), a description of the services to be provided, the form of and procedure for the user’s transmitting consent to execute a payment, the liabilities of the parties (including the provider’s right to block payments if the spending pattern gives rise to a suspicion of fraudulent use), changes in contractual conditions and the parties’ right to terminate the agreement.
For framework contracts, the relevant information must be provided on paper or another durable medium in good time before the payment service user is bound by the contract.
In the case of an individual payment transaction under a framework contract initiated by the payer, a payment service provider must, before the payment is made, provide the payer at the payer’s request with explicit information on the maximum execution time and the charges payable by him for the particular transaction. Similarly, the same post-contract information must be available to both payer and payee as in the case of single payment transactions made outside the terms of a framework contract.
The parties may elect to contract out of Title III, so long as the payment service user is not a consumer. Rights and obligations of users and providers of payment services (Title IV)
The Directive sets out the core rights and obligations of users and providers of payment services to promote clarity and certainty in the use of electronic payments. The parties may elect to contract out of a number of these provisions where the payment service user is not a consumer.
The Directive provides for the rights and liabilities of each party in the case of unauthorised transactions (resulting from lack of consent from the payer, fraud, theft or loss of user verification information). Broadly speaking, where the payment is initiated by the payer’s payment service provider without the payer’s consent, the payment service provider will be obliged to refund to the payer immediately the amount of the unauthorised payment transaction plus any compensation as determined by the law of the agreement concluded between them. Where the payment is initiated by the payee, the payer will be entitled to a refund from his payment service provider if the following conditions are satisfied:
- the authorisation does not specify the exact amount of the payment transaction when the authorisation was made; and
- the amount of the payment transaction exceeds the amount the payer could reasonably have expected taking into account his previous spending pattern the conditions in his framework contract and relevant circumstances of the case.
In the case of theft or loss of user verification information, the Directive requires the user to notify the payment service provider without delay of it occurring and to bear any loss (up to a maximum of n150) resulting from any unauthorised transaction occurring in the pre-notification period. The payment service provider will bear any subsequent loss, unless the unauthorised transactions have occurred due to the payer’s fraud or gross negligence.
However, where a payment is found to have been made on the basis of incorrect user verification information supplied by the payment service user, the payment service provider will not be liable to refund the payment. In this case, the Directive requires the payer’s payment service provider to make reasonable efforts to recover the funds involved in the payment transaction.
There are also provisions preventing payment service providers and intermediaries from deducting any charges from the amount of payment transactions (unless otherwise agreed) and setting out minimum timing for execution of payment orders. Under the Directive, payment service providers will be obliged to execute all payment orders within one business day, although the Directive allows payers and their payment service providers to agree on a three-day and a four-day window for execution for electronic payments and paper-based payments, respectively, until 1 January 2012.
The Directive provides for the respective liability of the payer’s and the payee’s payment service providers for incorrectly executed payment orders. Where a payment order is initiated by the payer, the payer’s payment service provider will be liable unless he can prove that the payee’s payment service provider received the amount of the payment transaction. Compensation for losses caused by abnormal or unforeseeable circumstances is limited.
What this means for industry
In the UK, implementation of the Directive will mean more clarity in an area currently primarily governed by principles of common law and framework rules of self-regulatory payment service organisations, such as BACS and CHAPS. There is currently very little legislation or case law in the UK that clearly sets out the rights and liabilities of players in the market. The most relevant piece of UK legislation in this area at present is the Cross-Border Credit Transfer Regulations 1999, which implement EC Directive 97/5 on cross-border credit transfers. However, these regulations apply only to transfers of no more than €50,000.
For the unregulated sector, it will mean the full force of Financial Services Authority authorisation and supervision, and added requirements to establish and maintain systems and controls, hold adequate levels of capital and comply with general principles and conduct of business rules.
For the already regulated sector, the Directive will bring yet more systems and controls issues and client-facing documentation. Firms will need to ensure that their systems are geared to execute payments efficiently, quickly and safely over electronic payment systems to accounts within and outside of national borders. They will also need to produce compliant information sheets and train their staff on when and how to provide them, together with other Directive-driven information.
Money laundering procedures may also need to be reviewed and adapted to allow firms to comply with their customer verification and reporting obligations under anti-money laundering legislation without undermining the basic idea of a simple, quick and cheap way to make payments in different currencies throughout Europe.
The Directive will encourage competition by permitting institutions other than banks, subject to a lighter capital adequacy regime, to provide payment services. Both banks and non-banks will wish to review their strategies in the approach to SEPA in 2010 to consider how best to position themselves in the changed environment.