The original Payment Services Directive (2007/64/EC) (“PSD1”) was introduced to provide greater price transparency for users of payment services and to create a level, competitive playing field among providers of different types of payment service. Prior to implementation of PSD1, many types of payment service were not regulated, even if certain types of payment service provider, for example banks, were in some way regulated. However, since implementation of PSD1 in November 2009, the current regulatory regime has been unable to keep up with the pace of the fast moving payment services sector.
In July 2013, the European Commission published proposals for a second Payment Services Directive (“PSD2”). Recent developments suggest that we are moving closer to implementation of PSD2, which could occur in 2017. This briefing provides a brief overview of some of the key changes that could be introduced by PSD2 and provides an update in respect of the timeline for this legislation.
Changes to scope, exemptions and conduct of business requirements
PSD2 will update the framework of regulation established by PSD1 including broadening its scope to payment service providers not covered by the existing regime. Firms that have operated within an exemption (or “negative scope” provision, to use the terminology from PSD1) and/or under another interpretation that means they are not subject to regulation pursuant to PSD1 should consider how PSD2 could affect their business models.
Changes to scope
PSD2 will increase the scope of the existing regime in a number of ways.
New Payment Services
PSD2 aims to close various loopholes enabling firms to avoid regulation through creating new types of regulated payment services, known as payment initiation services and account information services that are provided by third party payment service providers (that is, parties providing certain payment services but without also operating a payment account, thus avoiding regulation).
PSD2 defines a payment initiation service as a, “payment service enabling access to a payment account provided by a third party payment service provider, where the payer can be actively involved in the payment initiation or the third party payment service provider's software, or where payment instruments can be used by the payer or the payee to transmit the payer's credentials to the account servicing payment service provider.” This would include provision of services enabling payments to be made electronically where the service provider does not itself process the transfer of funds.
An account information service is defined as a, “payment service where consolidated and user-friendly information is provided to a payment service user on one or several payment accounts held by the payment service user with one or several account servicing payment service providers.” This would include services, for example, enabling people to have a consolidated view of their online bank accounts and/or facilitating access to those accounts.
Geographical Scope of the Payments Regime
The existing payment services regime established by PSD1 applies only where the payer’s payment service provider and the payee’s payment service provider are, or the sole payment service provider in the payment transaction is, located in the EU. Thus, it has been possible for businesses outside the EU to provide payment services to EU citizens without being subject to most of the requirements of PSD1.
Pursuant to PSD2, certain provisions which relate principally to transparency of terms and conditions and disclosure of information will apply to so-called “one-leg transactions,” where only one of the payment service providers is in the EU.
Currencies
PSD2 will extend PSD1 provisions on transparency and disclosure of information to apply to transactions in any currency, in contrast with the current regime, which applies only to currencies of the EU.
Exemptions
PSD2 contains proposals to remove or restrict a number of exemptions under PSD1, including as follows.
Commercial agents exemption: PSD1 does not apply to, “[p]ayment transactions from the payer to the payee through a commercial agent authorised to negotiate or conclude the sale or purchase of goods or services on behalf of the payer or the payee.” This exemption has been relied upon by electronic trading platforms that handle payment transactions on behalf of payers and payees. PSD2 will restrict the availability of the commercial agents exemption to where the agent acts for either the payer or the payee, but not both.
ATM networks: PSD2 will remove the exemption pursuant to which operators of ATMs, who are not party to a framework contract with a payment service user, can provide cash withdrawal services. Some of these independent networks have grown large and deal with substantial volumes of cash transactions for which consumers can be charged high fees.
Limited network exemption: PSD1 does not apply to, “services based on instruments that can be used to acquire goods or services only in the premises used by the issuer or under a commercial agreement with the issuer either within a limited network of service providers or for a limited range of goods or services.” The Commission believes that this exemption has been relied upon by large networks processing significant volumes of payment transactions. PSD2 attempts to restrict this exemption.
Under PSD2, to fall within this exemption services will need to be based upon specific instruments that are designed to address precise needs that can be used only in a limited way. Also, where the monthly volume of transactions exceeds EUR 1 million, the payment service provider will need to seek clearance from the relevant regulator.
Conduct of business requirements
PSD2 makes a number of changes to the conduct of business requirements of PSD1, including the following.
Safeguarding of customer funds: PSD2 will remove Member States’ option to derogate allowing them to disapply safeguarding requirements for customers with funds balances of EUR 600 or less.
Refunds: PSD2 contains a proposal which would bring the right for a refund for direct debit transactions into conformity with the SEPA core direct debit scheme, by granting the payer an unconditional right to a refund within eight weeks of the debit date.
Liability for unauthorised transactions: PSD2 contains a proposal which would reduce the liability of payment service users for unauthorised payment transactions. The maximum amount a payment user could under the proposals be required to pay in respect of an unauthorised payment transaction would be EUR 50 (under the current regime the figure is EUR 150).
Next Steps and Implementation
At a meeting of the European Parliament, the European Council and the Commission held on 2 June 2015, political agreement was reached on the final compromise text of PSD2.
The next step is for PSD2 to be adopted formally by the Parliament and the Council, pursuant to which it will be published in the Official Journal of the EU. PSD2 will come into force 20 days after the text has been published in the Official Journal. It is not clear at present precisely when PSD2 will be adopted and come into force. However, once PSD2 does come into force, Member States will be obliged to transpose it into their national laws within two years. It is currently, therefore, expected that PSD will need to be implemented into national law during 2017.
