EU Payments Legislative Package: Strong Concerns of European Banks

EU Payments Legislative Package: Strong Concerns of European Banks

The focus on innovation and competition issues should not be to the detriment of consumer protection

09 April 15

Share This

Background: the European Union legislative process leading to adoption of the revised Payment Services Directive and the new Regulation on Interchange Fees, respectively

The European Commission has the right of initiative to propose laws for adoption by the European Union (EU) co-legislators. These are the European Parliament and the Council of the EU representing EU governments1. In July 2013 the European Commission issued a proposal for a payments legislative package which contains a draft revised Payment Services Directive ()2 as well as a proposal for an Interchange Fees Regulation ()3. Both and remain subject to adoption, respectively, by the European Parliament and by the Council of the EU.

: state of play

Directives, such as the forthcoming , lay down certain end results that must be achieved in every Member State. National authorities have to adapt their laws to meet these goals; i.e. have to implement an Directive by a date determined by the co-legislators, but are free to decide how to do so. National implementation measures are texts officially adopted by the authorities in a Member State to incorporate the provisions of an Directive into national law.

The European Parliament voted its suggested amendments to the proposal in April 2014. EU legislation proposed by the Commission related to payments is considered by the European Parliament’s Economic and Monetary Affairs Committee (ECON) prior to the European Parliament taking a vote on a proposal. The members of the European Parliament approved the final ECON report on at its plenary session on 3 April 2014. However, the European Parliament postponed the vote (in first reading) on the related draft legislative resolution until after the May 2014 European Parliament elections. The European Parliament has to date not voted the proposal in first reading. It is expected that it will only take a vote once the final text of the proposed has been agreed in further dialogue with the Council of the EU and the European Commission.

The Council of the – or, more specifically, the ministers of finance of Member States represented in the Economic and Financial Affairs Council (ECOFIN)– agreed its final compromise text on on 5 December 2014. 

In a next step, the so-called ‘trialogue’ process will be initiated, whereby the Commission, the European Parliament and the Council of the EU will have to agree the final version of the forthcoming . Provided that there are no delays, it could be adopted in the first half of 2015, and be implemented in national legislation some two years after its adoption.

: state of play

Regulations, such as the proposed , are the most direct form of law. As soon as they are passed, they have binding legal force throughout every Member State, on a par with national laws. National governments do not have to take action themselves to implement Regulations.

The European Parliament also voted its suggested amendments to the proposal in 2014. The Council of the EU reached a compromise on 17 December 2014. It is expected that the EU co-legislators will also adopt the in the first half of 2015 and that the Regulation will enter into force in 2016.

The focus on innovation and competition issues should not be to the detriment of consumer protection

Right from the beginning of the legislative process, the European Banking Federation (EBF) has supported the objectives of the proposal for to handle issues that the technological growth or the expansion of new players in the European payments market have raised.

The banking industry is, however, concerned that the current focus of the debate on innovation and competition issues is to the detriment of other key themes such as payment security, consumer and data protection and with them the general confidence of European citizens in electronic means of payments.

In this context, the EBF acknowledged the recent positive work of the Council of the whose recent proposal is a tighter and more balanced proposal than the ones of the European Commission or the European Parliament on most aspects of the legislation. We especially welcome the fact that in a number of areas the new drafting is signalling a positive shift towards making the 's requirements statements of principle, rather than setting prescriptive technical details in a legal text. In this way, the drafting makes clear that such detailed requirements should be left to the “Level 2” process with the European Banking Authority ().

European banks hope that remaining concerns, in particular, their strong opposition to the concept of sharing of customers’ secret credentials with third parties will be positively dealt with, in the forthcoming trialogue negotiations, in the interests of all parties, especially consumers.

On this key issue, the final outcome of the discussions of the Council of the still does not allow a clear understanding of the security principles and procedures to be put in place when a payment initiation services’ provider is part of the payment process. Consequently, it risks a negative impact on the user and on his awareness of security risks. For example, with the use of vague and non-defined wording, in particular, with regard to authentication and sensitive data.

We have emphasised the lack of focus on consumer protection in the context of the . Key concepts of consumer protection have been bypassed for reasons of competitiveness. What is more, whilst European banks support the intention of the Regulation to lead to more transparency of interchange fees, it can be questioned whether this will indeed lead to lower fees for consumers. The provisions of the clearly favour retailers and could mean that consumers face higher costs and fewer benefits from using payment cards.

Lack of coherence in the objectives of current regulatory initiatives

Another key concern for European banks is the lack of coherence between the proposed and other current regulatory initiatives under negotiation.

Data Protection Regulation

At the time of discussion within institutions in the context of the legislative process of the payments package, representatives of the ministries of justice of the Member States are also struggling to find a compromise on the European Commission’s proposal for a general Data Protection Regulation5. It is astonishing and worrying to see how obvious contradictions exist between the proposals for and the general Data Protection Regulation.

The draft Data Protection Regulation provides in its explanatory memorandum that:

“Rapid technological developments have brought new challenges for the protection of personal data. The scale of data sharing and collecting has increased dramatically (…). Building trust in the online environment is key to economic development. Lack of trust makes consumers hesitate to buy online and adopt new services. This risks slowing down the development of innovative uses of new technologies”.

Key principles of the European data protection framework include the consent of the data subject as well as a legitimate interest from data processor and data controller to process data. It is questionable whether these concepts have been taken into account in the current draft of the that strangely enough allows for the sharing of personal banking credentials to allow the initiation of payments by third party providers (). 

Network and Information Security Directive

Similarly, “the objective to ensure a secure and trustworthy digital environment, while promoting and protecting fundamental rights and other core values” is one of the key elements of the proposal for a Network and Information Security (NIS) Directive6. The Directive is currently being negotiated by representatives of the ministries of telecommunications. But it does not seem consistent with the draft which, as proposed by the Commission, would allow payment users to share their personal banking credentials with for which cyber security concerns should also have been taken into account.

guidelines on the security of internet payments

European banks also regret that the implementation dates of similar initiatives are not coordinated. This lack of coherence is obvious, for instance, with the recently published guidelines of the on the security of internet payments which will enter into force on 1st August 2015.

There is a strong likelihood that in order to accommodate the needs of some , the will require payment service providers to review and make further (possibly significant) technical changes to their online banking platforms and customer and payment systems interfaces. Any technical changes will require time to develop, test and implement. Authorities should have coordinated the implementation date of the guidelines with the implementation of the and the forthcoming technical regulatory standards which will be established following a precise mandate of the . The implementation date of the guidelines on the security of internet payments should have taken into account an appropriate time frame starting from the effective date of adoption of these texts. This would have ensured legal certainty for all stakeholders.

Next steps

The trialogue discussions (i.e. between the European Parliament, the Council of the EU and the European Commission) are expected to start on 4 February 2015 to reach a possible agreement for Spring / Summer 2015. The below graph illustrates which steps could be expected as far as the implementation of the is concerned.

Figure 1: – possible timeline based on the text agreed by the Council of the representing governments. (Source: EBF.)

 

European banks are entirely supportive of payment innovation and competition. They trust the forthcoming trialogue negotiations will ensure that these objectives will not somehow compromise existing consumer data protection, privacy, and online account security but also user convenience in the European payment market.

Séverine Anciberro is Senior Policy Adviser and Sébastien de Brouwer is Executive Director at the European Banking Federation.

 

Related links:

EPC Blog (12 January 2015): European Union Regulatory Initiatives Impacting the Security of Euro Payments: the 2015 Outlook 

EPC Website: SEPA at a Glance – the Infographic (this infographic provides an overview of the actors involved in the process at the European level and their interaction.) 

European Commission Website: Monitoring the application of Union law 

European Parliament Website: Legislative powers (see infographic included which sets out the legislative process for the so-called ‘ordinary legislative procedure’) 

European Commission (24 July 2013): Payments Legislative Package 

European Parliament Economic and Monetary Affairs Committee (ECON) (11 March 2014): Report on the proposal for a Directive of the European Parliament and of the Council [of the EU] on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC 

Council of the European Union Press Release (5 December 2014): ‘Updating rules for payment services: Council agrees its stance’  

Council of the European Union (1 December 2014): Proposal for a Directive of the European Parliament and of the Council [of the EU] on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC – Presidency Compromise 

 

Related articles in this issue:

The Future of Payments: European Commission Invited Exchange of Views at its Conference on Emerging Challenges in Retail Finance and Consumer Policy. Participants discussed latest developments, and ones to come, in terms of consumers’ safety, accessibility and convenience

Guidelines on the Security of Internet Payments Released by the European Banking Authority: a Two-Step Approach. EPC response to the consultation on guidelines on the security of internet payments launched by the European Banking Authority

 

Related articles in previous issues:

Tensions in Cyberspace: Competing Priorities and Legislative Initiatives in the Online Payments World. Will the EU legal framework aimed at ensuring secure online payments amount to a series of harmonious provisions, or result in an uneasy compromise? ( Newsletter, Issue 24, October 2014) 

The European Court of Justice Has Ruled that Interchange Fees Are Permitted if They Provide Benefits to Merchants. What are the Implications of the MasterCard Judgment for Interchange Fees in Europe? The Court leaves an unresolved question: what are the permitted multilateral interchange fee levels? ( Newsletter, Issue 24, October 2014) 

PSD2: EPC Key Considerations Address Aspects Related to Third Party Payment Service Providers and Article 67 (Refund Rights for Direct Debits). EPC identifies considerable scope for amendments to European Commission PSD2 proposal ( Newsletter, Issue 21, January 2014) 

Card Interchange Fees Regulation: What is the Right Question? A commentary on the European Commission proposal for a new Regulation on interchange fees for card-based payment transactions ( Newsletter, Issue 21, January 2014)

Newsletter: Articles published in the section ‘Legal and Regulatory Issues’ 

 

1 The Council of the is the institution where the Member States’ government representatives sit, i.e. the ministers of each Member State with responsibility for a given policy area.

2 The formal title of this forthcoming legislative act is “Proposal for a Directive of the European Parliament and of the Council [of the EU] on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC’.

3 The formal title of this forthcoming legislative act is ‘Proposal for a Regulation of the European Parliament and the Council [of the EU] on interchange fees for card-based payment transactions’.

4 The ECOFIN is composed of the finance ministers of the Member States. The ECOFIN considers legislation proposed by the European Commission related to .

5 Proposal for a Regulation of the European Parliament and of the Council [of the EU] on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) - /* COM/2012/011 final - 2012/0011 (COD) */.

6 Proposal for a Directive of the European Parliament and of the Council [of the EU] concerning measures to ensure a high common level of network and information security across the Union COM(2013) 48 final.



Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.