presentation the payment services directive review ... · the payment services directive review...

osborneclarke.com Private & Confidential

0

The Payment Services Directive ReviewShaping the Future Regulatory Structure of the Payments SectorPaul Anning, Partner 3 December 2013


1

Agenda

• Introduction

• PSD

• PSD Review – an overview

• MIF Regulation – an overview

• European payment services regulatory regime

• Concluding remarks


2

The World


3

PSD

• Objective:

"to establish at Community level a modern and coherent legal framework for payment services, whether or not the services are compatible with the system resulting from the financial sector initiative for a single euro payments area, which is neutral so as to ensure a level playing field for all payment systems, in order to maintain consumer choice, which should mean a considerable step forward in terms of consumer cost, safety and efficiency, as compared with the present national systems"

• In force from 25 December 2007; transitional deadline of 1 November 2009

• Review date set for 2012

• Full harmonisation measure albeit with 25 optional provisions


4

PSD Review - Conclusions

• Globally fit for purpose

• Any changes must be 'evolutionary' not 'revolutionary'

• Market is very dynamic and has experienced significant innovation

• Recent developments show:

– still fragmentation along national borders

– some regulatory gaps

– market failures for card, internet and mobile payments


5

PSD ReviewOverview

Mobile payments

Overlay (or third party) services

Operational security and

authentication

Access to payment systems

One-leg transactions

/all currencies

'Negative scope'matters

Digital economy

Acquiring

Liability framework

Surcharging

Enhanced PI

conditions

PSD 2

Passporting issues


6

PSD ReviewScope, subject matter and definitions

• Extension to one-leg transactions: Title III and value dating

• Extension to all currencies: Title III only

• Adjustments to negative scope:

– changes to commercial agent exemption

– restriction of 'limited network' exemption and associated prior clearance mechanism

– restriction of telecom device exemption to digital content purchases not exceeding €50 each and cumulatively €200 monthly

– removal of ATM operator exemption

• Extension of scope to include account information and payment initiation services ('overlay services')


7

PSD ReviewExtension of scope to include 'overlay services'

• New type of payment services defined as:“Services based on access to payment accounts provided by a [PSP] who is not the account servicing [PSP], in the form of:(a) payment initiation services(b) account information services”

• Technical services provider exemption adjusted accordingly• EC’s objective is to enhance competition, encourage the digital economy and achieve harmonisation• In summary:

– PSD provisions apply equally to these new types of PIs, TP PSPs– requirements upon Member States to ensure a payer has the right to make use of a third party

PSP (separate from the account servicing PSP, AS PSP)– provisions setting out protocols for communications between the TP and AS PSPs and for

allocation of liability as between them and the PSU concerned (including as to burden of proof)– provisions ensuring that AS PSPs do not discriminate payment orders received from TP PSPs


8

PSD ReviewMarket access, structure and prudential rules

• Increased authorisation requirements for PIs (and EMIs) relating to:

– security control and mitigation measures

– sensitive payment data

– business continuity arrangements

• Extension of safeguarding requirements to all PIs (including small PIs)

• Provisions aimed at reducing friction in functioning of passporting regime:

– a web portal as an electronic access point for connecting public registers

– development of guidelines for exercising passporting rights and regulatory technical standards establishing a framework for the co-operation and exchange of information

• Extension of rights of access to payment systems to indirect access also


9

PSD ReviewRights and obligations of PSUs and PSPs

• Harmonisation and refinement of surcharging rules:

– steering permitted but any charges must not exceed the costs for the specific payment instrument

• Replacement card charges are to be limited to directly attributable replacement costs

• Refinement of liability framework:

– unauthorised transactions – payer's liability limited to €50 (now €150) and where 'strong customer authentication' has not been used, to where payer acted fraudulently

– refund right for payee-initiated transactions – doesn't apply in cases of immediate consumption; back-value dating of refunds

– non-execution/defective execution – provisions extended to 'late' execution

• Introduction of customer complaint resolution procedures


10

PSD ReviewOperational and security and authentication

• Confirmation of application of Network and Information Security Directive to PSPs

• Requirement to notify PSUs without undue delay following a security incident with the potential to impact their financial interests

• Yearly updated assessments of operational and security risks and related mitigation measures and control mechanisms

• Development of guidelines for the establishment, implementation and monitoring of security measures

• Requirement on PSPs to use 'strong customer authentication' when payer initiates an electronic payment transaction, unless EBA guidelines exempt (on a risk basis)


11

PSD ReviewNot in isolation

• PSD2 proposals published on 24 July 2013

• Alongside a proposed Interchange Fees Regulation

• No proposals on Governance


12

The Universe


13

MIF RegulationOverview

• Regulation, not a Directive

• Immediate entry into force (once published)

• Two key elements:

– Sets caps on interchange fees

– Details a series of business rules applicable to payment card schemes and related contractual (typically licensing) arrangements

• Scope and definitions are key


14

MIF RegulationInterchange fees - Overview

• Sets (almost) immediate caps on interchange fees:– cross-border debit card transactions: 0.2% per transaction– cross-border credit card transactions: 0.3% per transaction

• Extends cap after 2 years to ALL debit/credit card transactions• Caps apply only to payment card transactions carried out within the EU

where both payer's and payee's PSP are established in the EU• Interchange fee caps do not apply to:

– limited networks– commercial cards– ATM cash withdrawals– 3 party payment card schemes


15

MIF RegulationInterchange fees – Points to note

• Provisions apply to PSPs, not card schemes directly• Definition of interchange fee is broad:

– "interchange fee or other agreed remuneration with an equivalent object or effect"

– any net compensation received by an issuing bank is treated as part of the interchange fee

• Similarly, definition of card based payment transaction is broad• Debit card transactions include prepaid card transactions• Charge cards?• 3 party schemes caught where third party PSP is licensed


16

MIF RegulationBusiness rules - Overview

Co-badging

Steering rules

Unblending

Honour All Cards rules

Separation of scheme

and processing

Licensing

MIF Regulation


17

European payment services regulatory regime: Objectives

Co-ordinated field relating to

payment services and

funds transfers

Enhanced competition

Greater efficiency

Consumer protection Digital economy


18

European payment services regulatory regime:Overview

Payment services and funds transfers:• Payment Services Directive (PSD) – PSD2 proposed• Second Electronic Money Directive (2EMD)• Cross Border Payments Regulation• Funds Transfers Regulation – proposed revisions for 4MLD• SEPA End Date Regulation• ECB's Recommendations on the Security of Internet Payments (SecuRePay)• Proposed Payment Accounts Directive• Proposed new MIF Regulation• ECB's proposed Recommendations on the Security of Mobile Payments (SecuRePay)Generic:• Fourth Anti-Money Laundering Directive (MLD)• Data Protection Directive• Cyber Security Directive• Proposed new Network and Information Security (NIS) Directive


19

The Expanding Universe


20

European payment services regulatory regime:Security

ECB (SecuRePay)

Recommendations

Data Protection Directive

Cyber Security Directive

NIS Directive (Network and Information Security)

EBA technical standards

Payment Services Directive

Security and technical standards

osborneclarke.com

Angela Merkel

21


22

Concluding remarks – PSD Review (1)

• Tangible benefits mean evolution will continue

• Greater harmonisation is inevitable

• Regulatory tools are being sharpened

• Focus on execution is shifting to security

• New market entrants are being strongly encouraged


23

Concluding remarks – PSD Review (2)

• Implications of regulatory evolution could be far-reaching for all stakeholders:

– harder to discern perimeter of regulation

– harder to differentiate or justify differentiation by product or provider

– multiple regulators with overlapping interests

– standardisation may override customer segregation

– significant technology developments


24

Further reading

• Payment Services Directivehttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32007L0064:EN:NOT

• Electronic Money Directivehttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0046:EN:NOT

• European Commission’s Green Paper: Towards an integrated European market for card, internet and mobile paymentshttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52011DC0941:EN:NOT

• European Commission's draft proposal for a Network and Information Security Directivehttp://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1666

• ECB's Recommendations for the Security of Internet Paymentshttp://www.ecb.int/pub/pdf/other/recommendationsforthesecurityofinternetpaymentsen.pdf

• Single Market Act IIhttp://ec.europa.eu/internal_market/smact/docs/single-market-act2_en.pdf

• European Commission's proposal for a Payment Account Directivehttp://ec.europa.eu/internal_market/finservices-retail/inclusion/index_en.htm

• European Commission's July 2013 package of draft legislative proposals for a revised PSD and a new Interchange Fees Regulationhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2013:0550:FIN:EN:PDF

• ECB's draft Recommendation for the Security of Mobile Paymentshttp://www.ecb.europa.eu/paym/cons/pdf/131120/recommendationsforthesecurityofmobilepaymentsdraftpc201311en.pdf

Private & Confidentialosborneclarke.com

25

Contact details – Paul Anning

Paul Anning is head of European law-firm, Osborne Clarke's Financial Institutions Group and a specialist financial services lawyer. Paul has market leading experience and expertise in the payments industry where he has guided clients through new product development, regulatory change and transformational projects, such as the creation of the UK's Payments Council (which sets the strategy for UK payments), the merger creating VocaLink (the UK’s largest payments processor), the UK's first NFC enabled stored value mobile payment solution (QuickTap) and the acquisition of one of Europe's leading prepaid card issuers.Paul is well versed in the complexities of the payments industry's network arrangements. He also has a deep knowledge of legal and regulatory developments affecting the payments industry, including key European developments such as the Single Euro Payments Area (SEPA), the Payment

Services Directive (PSD) and the Second Electronic Money Directive (2EMD). On PSD specifically, he has been involved since its inception in 2003 and has been advising the UK's Payments Council, banks and other payment service providers.Paul and the Osborne Clarke Payments team act for a range of clients from infrastructure providers and traditional credit institutions and GTS businesses through to electronic money issuers and corporates and retailers (including on corporate card and co-branded arrangements). Their Payments practice is recognized externally as top-tier ranking, with commentary such as - "Osborne Clarke is one of the leading practices working in the payments services sphere" and in July 2012 an award for "TMT Team of the Year 2012" at The Lawyer Awards for their work on Everything Everywhere and Barclaycard's QuickTap product.

Paul AnningPartnerT +44 (0) 20 7105 [email protected] TMT Team of the

Year 2012

The Lawyer Awards

IT Firm of the Year 2012

JUVE Awards

presentation the payment services directive review ... · the payment services directive review...

Documents