Payment Matters: No. 26 - Europe and beyond

• United Kingdom

• Financial services - Payment services

29-11-2016

• BCBS publishes Consultation Document on revised Guidelines on Correspondent Banking
• Industry bodies respond to EBA Consultation Paper on draft RTS on Strong Customer Authentication
• EBA responds to European Parliament’s letter highlighting PSD2 RTS concerns
• EPC launches complaints webpage
• Israel looks to PSD2 for guidance on new Payment Services Regulation
• Implementation of Payment Accounts Directive in Bulgaria

BCBS publishes Consultation Document on revised Guidelines on Correspondent Banking

On 23 November 2016, the Basel Committee on Banking Supervision (BCBS) published a consultation document on a revised version of its guidelines on correspondent banking.

The BCBS’ guidelines on the Sound management of risks related to money laundering and financing of terrorism were first issued in January 2014 and revised in February 2016. The draft revision aims to ensure that banks conduct correspondent banking business with:

“the best possible understanding of the applicable requirements regarding anti-money laundering and countering the financing of terrorism”.

The clarifications set out in the draft revision are proposed as a result of the international community’s increasing concern about de-risking in correspondent banking, as a decline in the number of correspondent banking relationships may impact upon the ability to send and receive international payments.

The proposed revisions follow the publication by the Financial Action Task Force (FATF) of its guidance on correspondent banking services in October 2016, and the BCBS is, in preparing the revised guidelines, seeking to set out clear regulatory expectations that are consistent with the FATF standards and guidance.

In preparing their publications on correspondent banking, both the FATF and the BCBS have worked closely with the Financial Stability Board (FSB), which is coordinating work to assess the extent and address the causes of the withdrawal of some banks from correspondent banking.

What this means for you

The purpose of the draft revision is to set out guidelines that will:

• ensure that banks apply a risk-based approach to correspondent banking relationships, recognising that not all such relationships bear the same level of risk, and applying a series of risk indicators and risk assessment procedures; and
   
• clarify supervisors' expectations regarding the quality of payment messages, as well as conditions for using know your customer (KYC) utilities.

The Consultation Document is open for comment until 22 February 2017, if you wish to comment on the draft revision.

Industry bodies respond to EBA Consultation Paper on draft RTS on Strong Customer Authentication

The European Association of Co-operative Banks (EACB), the European Payments Council (EPC) and the European Banking Federation (EBF) have recently issued responses to the European Banking Authority’s Consultation Paper on the draft Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and common and secure communication under the revised Payment Services Directive (PSD2). 

The draft RTS were designed to achieve the objective of the PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union, and the publication of the Consultation Paper in August 2016 provided the industry with an opportunity to feedback concerns and known issues relating to customer authentication and secure communication prior to publication of the final RTS.

The EACB response includes a proposal to promote a non-mandatory approach to the exemptions from SCA.  The EPC response stresses that the principles put forward by the EBA should be technology-neutral and future proofed, and also suggests that the exemption to the application of SCA solutions should not only be applicable to contactless payments, but also to contact card-based transactions in high-speed environments, including toll ways and vending machines.  These and all of the other responses received to the Consultation Paper were published on the EBA’s website on 27 October 2016.

What this means for you

PSD2 provides that the draft RTS shall be developed by the EBA in accordance with the following objectives:

• ensuring an appropriate level of security for PSUs and PSPs, through the adoption of effective and risk-based requirements; 
   
• ensuring the safety of PSUs’ funds and personal data;
   
• securing and maintaining fair competition among all PSPs;
   
• ensuring technology and business-model neutrality; and
   
• allowing for the development of user-friendly, accessible and innovative means of payment.
   

In developing the draft RTS, the EBA has made difficult trade-offs between competing requirements, for example in seeking a balance between providing for:

• a high degree of security and facilitating innovation or achieving customer convenience; or
   
• a high degree of interoperability between all ASPSPs and all PISPs/AISPs (which suggest a single standard or protocol) and flexibility for market participants,
   

and there is a clear risk that there could be negative impacts upon e-commerce and a potential stifling of innovative solutions and alternative market driven capabilities.
 

The publication of the Consultation Paper has allowed the industry to raise concerns and known issues relating to customer authentication and secure communication, and the EBA will now assess the responses received and make changes to the draft RTS “where appropriate” and if time and resource permits.

The EBA is required to publish the final RTS by 12 January 2017.  However, PSD2 also provides that the RTS will only be applicable 18 months after their adoption by the EU Commission, which would suggest an application date of October 2018 at the earliest.  The intervening period is intended to provide the industry with time to develop industry standards and/or technological solutions that are compliant with the RTS.

EBA responds to European Parliament’s letter highlighting PSD2 RTS concerns

The European Parliament’s Economic and Monetary Affairs Committee wrote to the European Banking Authority (EBA) in October 2016 regarding the EBA’s Consultation Paper on the draft Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and common and secure communication under the revised Payment Services Directive (PSD2).

The letter, sent on behalf of the European Parliament’s negotiating team, expressed concern over proposals for a mandatory “dedicated interface” which could result in payment service providers excluding or restricting direct access to a payer’s account via existing online banking facilities, noting that this:

“would be at odds with the principles set out in PSD2 which mandate the development of RTS to secure and maintain fair competition among all payment service providers and ensure technology and business-model neutrality.”  

Further, the negotiating team were concerned that the exemptions under the RTS on SCA were unclear and required further clarification.  Queries were also raised regarding the lack of a broad spectrum of risk-based analysis.

The EBA’s response letter to the European Parliament, dated 14 November 2016, was published on 23 November 2016, with the EBA repeating it previous comments that the development of the mandate had led to “difficult trade-offs…between various competing objectives of the PSD2”. 

What this means for you

The letter highlights tensions and concerns regarding the trade-offs made by the EBA in respect to the competing objectives of PSD2, including the possibility that the RTS fails to reflect mandatory requirements of PSD2.

The issues raised by the European Parliament are under careful consideration and a detailed response will be delivered at the upcoming ECON committee scrutiny session which is scheduled for 29 November 2016.

EPC launches complaints webpage

On 11 October 2016, the European Payments Council (EPC) launched a new webpage highlighting the complaints procedures users of all Single Euro Payments Area (SEPA) direct debit or SEPA credit transfer schemes should use.

What this means for you

Non-Payment Service Provider (Non-PSP) users of the SEPA schemes should do the following if there is a requirement to make a complaint about the schemes: 

0. First address a complaint to the Payment Service Provider (PSP), if it relates to the service offered by the PSP;
    
0. If necessary, contact the relevant competent authority in the country tasked with handling such complaints; and
    
0. If the complaint is of scheme-wide importance, it may however be submitted to the EPC, which will review the complaint and assess what action may need to be taken.
    

Complaints are understood to be of scheme-wide importance if such matter could be seen as creating reputational damage to the scheme or if it could negatively affect the integrity or the proper functioning of the scheme.

Israel looks to PSD2 for guidance on new Payment Services Regulation

Israeli regulators are looking to the revised Payment Services Directive (Directive) as a template for reforming Israeli financial oversight regulation.

The Bank of Israel issued a draft Principles Document (“Principles for Regulation of Payment Services”) in mid-October 2016 for the regulation of payment services using standards set out in the Directive, which will serve as the basis for future legislation.  The Bank announced that the planned regulation will “enable nonbank entities to manage accounts for their customers and to provide them with payment services, including issuing means of payment, acquiring payment transactions and transferring funds”.

The new rules will also seek to “enhance the competition in the payment services market”, “establish uniform consumer protections”, “bolster the public’s trust in nonbank payment service providers” and “encourage technological and business innovation”.

The expectation is that the new rules will support the entry of new entities, including retail chains, Fintech companies, application developers and communication companies, into the payment services sector in Israel.

What this means for you

The Principles Document covers regulations relating to the licensing of a payment institution in Israel and also consumer protection requirements.  Entities interested in providing payment services, such as managing a payment account or issuing a means of payment, will be required to:

• acquire a license that regulates such operations and permits participation in the payment systems; and 
   
• protect the interests of their customers and ensure a uniform level of service, to the extent possible, including uniform terms of use and consumer protections.

Implementation of Payment Accounts Directive in Bulgaria

The Bulgarian parliament has recently amended the Law on Payment Services and Payment Systems in relation to comparability of fees, account switching and access to payment accounts with basic features.  The law implements the requirements of the Payment Accounts Directive.

What this means for you

The Law on Payment Services and Payment Systems requires all payment service providers licensed by the Bulgarian National Bank or active in the region to provide customers with: 

• standard fee information for payment account services; 
   
• statements highlighting fees paid on the account during the previous year; and
   
• glossary of payment account terms.

Additionally, the law sets out the operation of at least one independent fee comparison website to assist consumers in selecting the most appropriate payment account.  The law also covers the establishment of a straightforward transfer procedure from one payment service provider to another and a range of other requirements.