Global menu

Our global pages


Payment Matters No 4

    • Financial services - Briefings and articles


    Please find below a recent article by our Payments team which appeared the August edition of E-finance & Payments Law and Policy in relation to the key themes arising from the European Commission’s Payments Package of PSD2 and the MIF Regulations.

    The long awaited Payment Services Directive review:

    The proposal for a Regulation on Multilateral Interchange Fees (MIF Regs) for card-based payment transactions and the long awaited and overdue report and proposals for a new Payments Services Directive (PSD2) were published by the European Commission on 24 July 2013. Fiona Ghosh and Alastair Harris examine both proposals and the next steps.

    It is worth noting that the draft of PSD2 remains in provisional form and the Commission intends to publish the final text in due course. The proposed 'payments package' is the culmination of several years of consultation and consideration by the Commission on the European payments services sector. Last year, the Commission's Green Paper (a consultation on developing an integrated European market for card, internet and mobile payments) highlighted that the payments market in the EU was fragmented and costly to access and, at times, use.

    The ongoing investigations by the Commission of MasterCard and VISA, with regard to default interchange fees, is further illustration that changes to the Multilateral Interchange Fees regime were deemed, by the regulators at least, to be urgently required.

    What has also become clear is that the Commission has several key themes driving its policy and thinking. This is most clearly seen by the proposed reforms to the current Payment Services Directive (PSD22007/64/EC) and the introduction of the MIF Regs. The key themes are considered below in this article as a flavour, of both the current thinking of regulators and as a trend setter of things to come.

    PSD2 proposes that provision will now have to be made for the non-discriminatory treatment of authorised payment institutions (APIs) and credit institutions so that any payment service provider (PSP), competing in the EU, is able to use the services and technical infrastructures of payment systems, under the same conditions as its larger competitors. PSD2 and the MIF Regs also aim to 'open up' the payments market in the following ways: 

    • New 'third party payment providers' (TPPs) have emerged in the area of internet payments. PSD2 sets out the criteria under which these TPPs are allowed to access and use the information on the availability of funds in a consumer's account held with another PSP, thus further supporting these new players' entrance into the payments market.
    • The proposed MIF Regs prohibit any territorial restrictions in licensing agreements for issuing payment cards or acquiring payment card transactions and further prohibit any requirement to obtain a country specific licence or authorisation in order for PSPs and merchants to operate on a cross-border basis for issuing or acquiring.
    • Schemes rules and licensing agreements, which prevent an issuer from co-badging different schemes on a card, will be prohibited under the MIF Regs. Any difference in treatment of issuers concerning co-badging on a card will need to be objectively justified as well as non-discriminatory.
    • The MIF Regs also stipulate that card schemes and processing entities will have to be independent in terms of legal form, organisation and decision making process so that new processors may compete as well as the schemes themselves.

    Schemes cannot discriminate by providing each other with preferential treatment or privileged information which is not available to their competitors or by imposing excessive information requirements on their competitors, or by cross-subsidising or having shared governance arrangements.

    Opening up the EU payments market in these, as well as other ways, also chimes with the HM Treasury's consultation paper on 'Opening up UK payments', which proposes a new system of regulation for the UK payments industry including establishing a new competition-focused, utility-style regulator for retail payment systems.

    Addressing security risks

    The Commission has acknowledged that, as a result of the greater technical complexity of electronic payments and rapidly emerging new payment services, security risks relating to retail payments have increased (payment security and data protection were highlighted as key issues in its Green paper).

    The Commission's view is that security measures to be taken by PSPs need to be proportionate to the security risks concerned. PSD2 and the MIF Regs aim to bulk up data and information security, including in the following ways: 

    • PSD2 proposes that the availability of accurate, updated information should be enhanced by requiring payment institutions to inform their competent authority (in the UK, currently the FCA) of any changes affecting the accuracy of the information and evidence provided with regard to their authorisation, including agents, branches or entities to which activities are outsourced.
    • The competent authorities would have to also verify that the information received is correct.
    • Authorisation of a payment institution may be withdrawn by a competent authority where that institution, firstly, fails to update the competent authority on major developments relating to its fulfilment of the conditions of its authorisation; or secondly, where it would constitute a threat to the 'trust' in the payment system by continuing its payment services business.
    • PSD2 envisages that PSPs will be subject to a proposed Directive on Network and Information Security (NIS Directive). The authority designated under the NIS Directive would need to inform the regulator in a home Member State and the European Banking Authority (EBA) of the notifications of any 'Network and Information Security' incidents received from PSPs. Upon receipt of that notification, the EBA will have to notify the regulators in other Member States. Where the security incident has the potential of impacting the financial interests of the payment service users of the PSP, PSPs must inform its payment service users of the incident and inform them of possible mitigation measures that they can take on their side to mitigate the adverse effects of the incident.
    • The EBA intends, in close cooperation with the ECB, to develop guidelines on the establishment, implementation and monitoring of the security measures as well as guidelines to support PSPs in qualifying major incidents and the circumstances under which a PSP is required to notify a security incident.  

    Consumer rights

    In line with the Commission's wider work in consumer regulation, the payments package further drives to strengthen an individual consumer's rights in the payments sector, including in the following ways: 

    • Under the current rules, different refund regimes apply to direct debits throughout Member States. PSD2 clarifies the refund right for direct debit transactions bringing it in line with the SEPA Core Direct Debit Rulebook, provided that the good or service paid for has not yet been consumed. Where an unauthorised payment transaction has been made, the payer should be refunded immediately the amount of the respective transaction.
    • The current PSD protects rights of consumers in the event of unauthorised debits from an account within certain conditions. In order to promote legal certainty, an unconditional refund right for consumers will become the general rule under PSD2. This means that consumers would be allowed to ask for an unconditional refund even in the case of a disputed payment transaction. The only exceptions to this unconditional refund right will relate to cases where the merchant has already fulfilled the contract and the corresponding good or service has already been consumed (e.g. a downloaded film has already been watched).
    • Except in cases of fraud and gross negligence, the maximum amount a payment user could be obliged to pay for an unauthorised payment transaction will be decreased from the current amount of 150 EUR to 50 EUR.
    • Consumers will also gain a stronger position in case of disputes with their bank and other PSPs: the new rules will oblige banks to answer in written form to any complaint within 15 business days. This is a significant reduction in the UK where the Financial Ombudsman Services guidance is that PSPs have up to eight weeks to resolve complaints or issue a ‘decision letter.’  

    What next?

    The next steps are for the draft legislation to be adopted by the European Parliament and the Council of Ministers.

    However, we know that a variety of commentators are already concerned about the vagaries of some drafting in the current version of PSD2 and, in particular, how TPPs will be regulated alongside APIs. There is also no doubt that the lobbying at a European level will continue long and hard.

    We will continue to watch with interest whether the current Lithuanian presidency gives enough commitment and focus to push this payments package legislation through. If not, it could be some time before these key aims of the Commission are fulfilled.