The European Commission is in the process of updating the Payment Services Directive in response to the significant and continually developing technological changes in the payment services industry.
The Payment Services Directive (PSD), law since 1 November 2009, was implemented in the UK through the Payment Services Regulations 2009 (PSRs). The principal aim of this legislation is to regulate the payments industry and to provide consumer protection. As a financial service that is executed predominantly by technology, this sector has experienced rapid change resulting in the publication by the European Commission (EC) of a proposed second iteration of this legislation, Payment Services Directive 2 (PSD2). Following the EC's proposals, the Council of the European Union published its own draft and, most recently, on 12 September 2014, the Presidency published a suggested compromise position (the September Proposal).
It has been clear through the consultation process that the EC has identified that certain exemptions are overused or interpreted too broadly, particularly where large transaction volumes could be occurring. The EC has also expressed concerns that national regulators are taking divergent approaches in terms of their own understanding of the scope of the PSD. Accordingly the PSD2 proposals contain significant changes to the scope of the PSD and we explore the key changes here.
Commercial agency exemption
The recitals to PSD2 (Recitals) state that differing national interpretations of the commercial agency exemption are distorting competition in the payments market. PSD2 seeks to harmonise this area and it is proposed that the agency exemption will only apply where there is a formal agreement in place and the agent acts:
- for either the payer or payee; or
- on behalf of both parties, but without entering at any moment into the possession of payment service users' funds.
What is not expressly clear in terms of (ii), is whether the exclusion of circumstances where the PSP comes into possession 'at any moment' of a user's funds is limited to where the PSP holds the funds on behalf of the user, as opposed to merely receiving funds from a user in discharge of a debt. The wording requires a degree of interpretation and could be made clearer given its importance. It at least seems clear that intermediaries collecting and holding, however temporarily, funds for a payee (e.g. a merchant) will not fall within the exemption if they also provide relevant commercial agency services on behalf of the payee (e.g. a consumer).
Limited network exemption
The limited network exemption has undergone further revision in the September Proposal. A striking feature of these proposals is the degree of divergence between the legislation that is proposed and the Recitals that accompany it. Given these changes are intended to consolidate regulatory interpretation, we are concerned that splintering the legislation and the Recitals in this way risks uncertainty. For example, it is proposed that the legislation will exclude payment instruments that can only be used to acquire a limited range of goods and services, but the Recital additionally suggests that this only applies "when the scope of use is effectively limited to a predetermined list of functionally connected goods or services". Where the legislation excludes instruments that can only be used within a limited network of providers under a direct agreement with a professional issuer, the Recital additionally limits this to a "store or chain of stores" and "requires the use of a single brand that makes the existence of a legally significant relationship between the 'parent' and the points where the payment instruments issued are accepted completely evident to the public".
The changes themselves will throw up interpretative challenges. For example, there may be a case for thinking that a diverse but nonetheless limited range of goods and services available through, say, a hotel or holiday park card can be said to be functionally connected (in that they all serve the guest's needs while at the hotel or park) but it is difficult to see that the same could be said of a shopping centre. Membership-driven cards will also need to be assessed carefully in terms of whether there is a 'functional connection' between the membership and goods and services that can be acquired.
Digital device exemption
The digital device exemption looks set to narrow significantly. The critical requirement is no longer that the payment transaction is executed by means of a digital or telecommunication device, but that it is carried out by a provider of an electronic communication network or service, "as an ancillary service" for a subscriber. The transaction must be for digital content and provided these tests are met it does not matter what payment device is used. This latitude may be intended to allow digital content to be purchased, stored remotely and subsequently accessed through a variety of devices. The concept of 'digital content' also gets a makeover and focuses on content that can be experienced only in digital (i.e. non-physical) form through a technical device which, as the Recitals clarify, can include apps, wallpaper, ringtones, videos, games etc.
The exemption will not apply where the value of any single transaction exceeds EUR 50 and the cumulative value of the user's transactions exceeds EUR 200 per month.
Automatic teller machines (ATMs)
An exemption for ATM providers that do not provide other payment services is to be removed as an uneven playing field was developing between these independent ATM providers (some of whom have large networks across multiple regions) and payment service providers that provide ATMs as part of their main service. The Recitals nonetheless suggest that if an ATM provider does not enter into a direct contractual relationship with the payment service users, then it is unlikely to require regulation.
Electronic communication network providers
A new exemption in article 3(l)(a) of the September Proposal covers payment transactions by providers of electronic communications networks involving a charge to the customer's bill for the purchase of tickets or charitable donations, provided that each transaction is no more than EUR 5 and the cumulative value of payment transactions does not exceed EUR 100 on a monthly basis. The EUR 5 upper limit on each occasion is fairly limiting (£3.80-odd in the UK) and will restrict the schemes or causes to which this exemption can be applied.
The status of intermediary platforms collecting for charities has been unclear, in particular as it is not obvious that they can benefit from the commercial agency exemption that is linked to transactions for the sale or purchase of goods and services. A new exemption has been added excluding non-professional cash collection and delivery within the framework of a charity. While this thankfully makes the position clearer for volunteer groups collecting cash, the corollary is that it suggests that intermediaries collecting electronic payments or cash payments professionally, should consider their position carefully.
The amended Recitals reflect concern that the 'merchant acquiring' definition was being construed too narrowly. As a result a new definition is proposed that is intended to be instrument neutral and, as such, does not just apply to card scheme transactions. The proposed definition will capture any service where the provider contracts with the payee to accept and process payment transactions and which results in the transfer of funds to the payee. It is clear from the Recitals that the funds do not necessarily need to be settled through the acquirer as other business models could be agreed. Technical support services, such as mere data storage and processing, will not be caught.
New regulated services: payment initiation services and payment account services
PSD2 introduces the regulation of payment initiation services (PI Services) which occur where a provider that is present as a payment option on a merchant's platform provides a medium between a customer and their online payment account. The PI Service provider captures account identification and security data relating to the customer and accesses their account for them, initiating a payment transaction to the merchant.
The proposed introduction of a permissive pan-EU framework for these services represents a very significant change to the way in which payments can be processed, with the direction of travel potentially switching from merchants 'calling' for payments via a card scheme, to PI Service providers helping customers 'push' payments through to merchants using credit transfers. PI Service providers will need to assess how their businesses can best adapt to PSD2 requirements. The September Proposal makes further extensive amendments to this area and needs to be considered in detail.
The new rules make the account provider liable to restore the funds to the payer in the event of an unauthorised payment, even if a PI Service provider was involved. The rules acknowledge that a PI Service provider may, as a consequence, owe the account provider compensation.
PSD2 attempts to establish a hierarchy of liability and previous confusion as to where the burden of proof lies has been addressed in the September Proposal (see proposals for Articles 63 and 65).
Account information aggregators
PSD2 sets out a permissive regime that will enable the provision of services allowing consumers to access information about their various accounts through a single site or location. Such a service gives rise to security issues (consumers tend to have to surrender their access security information to the provider) and tends to be resisted by the banks / payment account providers. The new permissive regime comes with a number of conditions and requirements as to the levels of security and limited data use to be applied to the service.
What happens next?
We expect to see the final version of PSD2 soon with implementation in 2017. Certainly, well before this point, firms that could be impacted by the changes to scope should review their business models against the new requirements to assess the extent of any change programme they need to initiate.
We believe it is important to spend time planning your approach to PSD2. Implementing legislative and regulatory change can be a challenge for any business, but it tends to be easier if you engage earlier on in the process. As a sector, it is vital to work with trade associations and stakeholders (such as HM Treasury or the Financial Conduct Authority) to give constructive, co-ordinated feedback, and to sustain this after adoption, as the technical standards develop. A lot of unhelpful regulation can emerge at that stage. So, while measures currently appear benign, firms ought to take the chance to influence the way ahead.