- Hard-law tools to supervise payment transaction processors: A new Belgian law (the Law) reinforces the supervision of the activities of systemically important payment transaction processors as well as payment schemes and their operators. Payment transaction processors facilitate the operational execution of payment services without carrying out the payment services as such. They are thus not regulated payment service providers. The Law builds on the existing "soft law" oversight of the NBB. It introduces legally enforceable requirements ("hard-law tools") for the NBB to exercise its supervision.
- Belgium-specific regulation: The Law regulates service providers that are currently not yet directly regulated by the existing European regulations. The introduction of the Law demonstrates that, in addition to the European regulations, monitoring specific national regulations and developments in the sphere of payment services regulation remains relevant.
- Cross-border impact: The Law has an important cross-border impact, as the Law applies regardless of the country of establishment of the payment transaction processor. The processing of transactions whereby both the payor's and payee's payment service providers are active in Belgium ("both legs in" principle)
2. Scope of application
2.1 Payment transaction processors
The Law applies to systemically important payment transaction processors (SIPTP).
- A payment transaction processor is a natural or legal person offering services for the a)"processing of payment transactions", regardless of the country of establishment of the payment transaction processor (in Belgium or outside Belgium) and regardless of whether the payment transaction processor outsources the services or not.
- The processing of payment transactions is defined as the technical processes that are b)necessary and specifically intended to execute payment transactions. While the definition is broad and technically neutral, it is not sufficient for the technical processes to be necessary for the execution of the payment transactions, they must be specifically aimed at the execution of the payment transactions. This means that general support service providers such as telecoms operators and utility providers are excluded from the scope. The travaux préparatoires also expressly confirm that companies that solely execute financial messaging, such as SWIFT, are excluded from the scope of the Law. Note that payment transaction processors facilitate the operational execution of payment services without carrying out the payment services as such. They are thus not regulated payment service providers.
- Payment transactions are actions
- initiated by the payor or payee;
- which involve the transfer of scriptural money;
- irrespective of any underlying obligation between the payor and the payee;
- during the course of which payment transactions are executed between various payment service providers;
- payment service providers: these are payment service providers (such as credit institutions and payment institutions) within the meaning of the Belgian law implementing the existing Payment Services Directive;
- various payment service providers: this means that payment transactions whereby the payor and payee use the same payment service provider are not within the scope of the Law;
- whereby both the payor's and payee’s payment service providers are active in Belgium ("both legs in" principle).
2.2 Territorial scope of application: "both legs in" principle
- "Both legs in" The Law only applies to payment transactions whereby both the payor's and the payee's payment service providers are active in Belgium, i.e. only Belgian payment transactions are within scope: this is the "both legs in" principle.
- Payment service providers established inside or outside Belgium For the Law to apply, the payor’s and payee’s payment service providers must be active in Belgium, but the country of establishment of the payment service provider is not relevant. This means that the Law also applies where non-Belgian payment service providers exercise their freedom to provide services in Belgium based on a European passport. This is justified by the purpose of the law, i.e. safeguarding the continuity and stability of payment services in Belgium.
- Payment transaction processors established in or outside Belgium To determine the scope of application of the Law, it is irrelevant whether the payment transaction processor is established in or outside Belgium. The place of the registered office of the payment transaction processor is not relevant.
2.3 Exclusions from the scope of application
The following transactions are excluded from the scope of the Law:
- (a) processing of certain paper-based documents (e.g. paper checks, vouchers in paper form, paper-based traveller's cheques and postal money orders);
- (b) processing of payment transactions within a payment or securities settlement system; and
- (c) processing of direct debit or credit transfers.
2.4 Systemically important payment transaction processors
The Law applies to systemically important payment transaction processors. A payment transaction processor is deemed to be systemically important if it has provided processing services for a minimum of 125 million payment transactions in the previous calendar year, using a specific payment scheme.
In order to determine whether this threshold has been reached:
- an operator of a payment scheme must report on a yearly basis to the National Bank of Belgium (NBB) regarding each payment transaction processor the operator is using and the number of transactions carried out by such payment transaction provider; and
- a payment transaction processor must also notify the NBB and the payment scheme to which it provides services when the threshold is reached.
The National Bank of Belgium will notify the payment transaction processor when it is considered a systemically important payment transaction processor. The NBB will take into account the reporting by the operator of payment schemes, the reporting by the payment transaction processor as well as other information obtained by the NBB in the exercise of its functions.
2.5 Payment schemes and their operators
Under the Law, payment schemes and their operators are also subject to specific requirements. The definition of a payment scheme is based on Regulation (EU) No 260/2012 and Regulation (EU) No 2015/751 and refers to "a single set of rules, practices, standards and/or guidelines, operating in Belgium only, agreed between the payment service providers for the execution of payment transactions in Belgium, which is separate from any infrastructure or payment system that supports its operation and which comprises a specific decision-making body, organization or entity responsible for the operation of a payment scheme." The operator of a payment scheme is the decision-making body, organization or legal entity that is legally responsible for the operation of the payment scheme.
3. Legal framework applicable to payment transaction processors
3.1 Legally enforceable oversight requirements based on PFMI
The legal requirements are based on the Principles for Financial Market Infrastructures (PFMI) developed by the Committee on Payment and Settlement Systems and IOSCO. Based on the Law, these requirements become legally enforceable. There is no requirement to obtain a license (and to comply with license requirements such as capital requirements).
3.2 Mergers and acquisitions, corporate reorganizations
Mergers between SIPTPs or between SIPTPs and other companies are subject to prior authorization by the NBB, as well as transfer of all or part of the activities of the SIPTP. The NBB can impose conditions, or refuse to approve the transaction, taking into account the sound and prudent management of the SPITPs, as well as the continuity and stability of the payment system in Belgium.
Outsourcing of significant operational tasks relating to the processing of payment transactions is subject to the following conditions:
- prior authorization from the NBB;
- no delegation by senior management of its responsibilities;
- no modification of the relationship and obligations of the processor with or towards payment service providers and payment schemes;
- no impact on compliance by the SIPTPs with the Law;
- quality of the internal control should not be undermined, nor the capacity of the NBB to exercise supervision.
The NBB can impose additional conditions.
3.4 Risk-management framework
The SIPTPs must put in place a sound risk-management framework. They must identify sources of operational risks (external and internal). They must minimize the impact of such risks using appropriate policies and systems, procedures and controls.
3.5 Confidentiality and integrity of data, continuity and resilience of service
The SIPTPs must put in place adequate policies and procedures to ensure the confidentiality and integrity of data. They must ensure the continuous provision of services and must inform the NBB of any temporary unavailability of their services. Policies and procedures to to ensure the resilience of the services must be put in place. The Law imposes specific service level requirements. SIPTPs must also ensure transparent communication towards payment service providers, payment schemes and users of payment services regarding their processing services, including regarding the causes and consequences of an unavailability of their service, as well as regarding the estimated length of the unavailability and the time needed to remedy the unavailability of their services.
4. Legal requirements applicable to payment schemes
The Law imposes the following obligations on payment schemes and their operators:
- transmit information regarding the payment transaction processor that it uses;
- ensure that SIPTPs it uses are able to comply with the requirements imposed by the Law; and
- at the request of the NBB, provide information regarding its organization, operation and c)financial standing.
5. Supervisory powers of the NBB
The Law grants supervisory powers to the NBB in respect of SIPTPs, payment schemes and their operators. The NBB has the right to request information, carry out on-site inspections, and impose remedial measures as well as administrative fines. The NBB may also prevent payment schemes from using the services of a processor. In addition, the NBB may prevent a processor from outsourcing its activities if the relevant conditions are not complied with.
6. European context and cross-border impact
Payment transaction processors provide technical support to the payment services chain, so they do not fall directly within the scope of European regulations. They are not regulated "payment service providers" as they do not provide payment services as such. Payment transaction processors are currently only indirectly included in the ECB oversight framework: schemes are expected to ensure, through contractual arrangements, that the payment transaction processors used by the schemes respect any relevant requirements, including operational requirements. The ECB oversight scheme framework assigns a leading role to the central bank that is best placed to fulfill the required oversight duties, and where there is no national anchor, the ECB's governing council may assign primary oversight duties to the ECB with the participation of Eurosystem National Central Banks (NCBs). The NBB is currently the lead overseer of the Bancontact card payment scheme and the lead oversight authority of the Mastercard payment scheme.
The Law stems from the concerns of the Belgian legislator that payment transaction operators may operate in a jurisdiction other than the jurisdiction where the payment scheme is located without being necessarily subject to direct supervision or oversight in any jurisdiction.
The Law has an important cross-border impact, as the Law applies regardless of the country of establishment of the payment transaction processor. The processing of transactions whereby both the payor's and payee's payment service providers are active in Belgium ("both legs in" principle) is within scope of the law.
In its opinion on the draft of the Law, the ECB stated that "a cooperative cross-border regulatory approach in this area may be challenging insofar as the laws applicable in the jurisdiction in which a payment transaction processor is incorporated may not subject a processor to its regulatory and/or oversight frameworks, and may not contain similar tools and requirements as those contained in the draft law." The ECB also stated "a truly European approach would be desirable in this field, in order to avoid fragmentation and also the possible counterproductive effect of solutions designed solely at the national level."
Note that other European Member States have also taken initiatives in this field, such as the Netherlands.
7. Entry into force and implementing regulation
The Law entered into force on 24 April 2017. The NBB can issue further implementing regulations, but has not yet done so. However, such implementing regulations are not required for the entry into force of the Law, but can set out further, more detailed requirements.