Recap: the European Union legislative process
The European Commission (the Commission), has the right of initiative to propose laws for adoption by the European Parliament and the Council of the European Union (EU) representing EU Member States (national ministers)1. The vast majority of European laws are adopted jointly by the European Parliament and the Council of the EU under the so-called ordinary legislative procedure. This legislative procedure gives the same weight to the European Parliament and the Council of the EU in a wide range of areas (see the link to the European Parliament Website, entitled ‘Legislative Powers’, below).
Revision of the Payment Services Directive
Directives lay down certain end results that must be achieved in every Member State (see the link to the European Commission Website ‘Application of Law/Directives’ below). The Payment Services Directive (PSD) was implemented in most Member States by 1 November 2009. Article 87 of the PSD requires the Commission to present a report on the implementation and impact of the PSD together with proposals for its revision by 1 November 2012. On 24 July 2013 the Commission published a ‘payments legislative package’ (see ‘related links’ below), which includes the proposals for a revised PSD () and a new Regulation on interchange fees for card-based payment transactions. The proposal for the and the Regulation on interchange fees for card-based payment transactions, respectively, will have to be adopted by the legislator, i.e. the European Parliament and the Council of the . The Commission counts on the European Parliament and the Council of the to reach an agreement on the Commission’s ‘payments legislative package’ published in July 2013 “by Spring 2014.”2
This timeline seems ambitious but it is assumed that this tight planning reflects the Commission’s desire to have the ‘payments legislative package’ adopted by the legislator prior to the European Parliament elections in 2014.
This article focuses on the proposed .
enters the decision-making process
Since the publication of the Commission proposal for in late July 2013, the European decision-making process has kicked off in earnest. The European Parliament’s Economic and Monetary Affairs Committee (ECON) has focused on a tight timetable with the objective of adopting a position in February 2014. The ECON’s rapporteur of the , Member of the European Parliament (MEP) Diogo Feio, issued a draft report on in November 2013 and set a deadline for amendments by ECON members of early January 2014. In parallel, the EU Council, representing EU Member States, is currently focussing its attention on other key pieces of legislation (such as recovery and resolution, and banking union), which are on the table. The EU Presidency under the leadership of Greece is planning to begin its work on only in the second quarter of 2014.
However, we should also not forget that is not a standalone legislation. Instead, it is part of the Commission’s ‘payments legislative package’, which also includes the Commission proposal for a Regulation on interchange fees for card-based payment transactions (commonly referenced as the multilateral interchange fee (MIF) Regulation). The objective is therefore that and the MIF Regulation are decided together. After all, a number of provisions cross-reference between these two texts, which also means that one cannot be decided in the absence of the other. Other cross-references in include the Data Protection legislation, which is currently under review, and the proposed Network and Information Security (NIS) Directive3.
There are other challenges impacting the timing for the adoption. The European Parliament is going to be reconstituted after the elections taking place at the end of May 2014. This means that any decision-making that has not been agreed by May 2014 is likely to move to the new European Parliament and hence to the second half of the year. In parallel, the Commission will also change and new European Commissioners will be voted by the European Parliament in October and enter into office on 1 November 2014. All of this means of course that there is currently no certainty on whether there will be a speedy adoption of the ‘payments legislative package’ or whether more time will be allocated to properly amend and decide on these important payments legislative changes. With the amount of technical issues in , expert guidance will be very important in any case, in order to ensure that will not bring more problems for the European payments market but will rather solve some of the existing issues.
Key points in and the perspectives of the ECON draft report
The European Banking Federation’s Payments Regulatory Expert Group (PREG) welcomes important improvements to the text introduced with the ECON draft report. However, it also identified a number of areas of concern and need for further clarification in relation to some of the key provisions of and the amendments proposed in the ECON draft report.
Third party payment service providers
One of the central themes of is the introduction and regulation of third party payment service providers (). These types of providers, which have already offered services to consumers for some time without being regulated, (apart from some specific exemptions), are defined and regulated by . This is a positive step as this will help to ensure greater security and confidence for consumers.
When analysing , are to be authorised as payment institutions (Article 10) unless eligible for a waiver under Article 27. With regard to and their relationship to account servicing payment service providers (AS ), specific provisions are defined. However for the remainder of the text – in particular in Title III and IV, which define the conduct of business requirements – refers to the generic term of . In those cases it is not clear whether all requirements apply to in the same way as to other , such as payment institutions and banks. For example, Articles 60(1), 61(1)(b), 62(1)(c), 62(2), and Article 69(1), which currently refer to a ‘payment service provider’ should refer to ‘account servicing payment service providers’. It is recommended that a consistency check is applied and for to be reviewed in that regard to ensure that the appropriate Articles apply to the relevant type of . This has however not yet been considered by the draft ECON report and hence remains a suggestion to be included.
Another area that still lacks clarity relates to the different types of and their activities. First we have the that offers payment initiation services (a ) and second we have the that offers account information services (an ).
The , as described in , should only be able to: (i) check for the availability of sufficient funds, (ii) request/initiate a payment and (iii) receive confirmation that the payment has been made. (For the purpose of clarity one should realise that only the AS can execute the payment.)
The , on the other hand, would require access to more account information than for payment initiation services, in order to perform account information aggregation, but this information would be accessible on a ‘view only’ basis.
The following analogy illustrates the difference between payment initiation services and account information services: whilst the owner of a house (this is the customer with the bank account) has all the keys required to enter every room in his house and he can obviously do inside these rooms whatever he pleases, a will only be given the key to access the kitchen where he is allowed to cook (nothing else). On the other hand, the will receive all keys of the house but is not allowed to do anything in any of the rooms apart from inspect them. This means an can see everything in the house and present information on what he has seen, but is not authorised to perform any actions in the house. (The must not act on the customer’s account, e.g. the cannot initiate a payment.)
It will be important to clarify in that a is not able to offer both payment initiation services and account information services, in order to prevent the situation that the can see everything on a customer’s account and also act, i.e. create payment orders. Both the definitions in, and the Annex to, the would need to reflect a clear separation of services in that regard.
Amendment 30 included with the draft ECON Report provides improved clarity around the precise scope of payment initiation services, whilst amendment 31 aims to provide more clarity with regard to account information services. However, there is still some room for improvement with regard to account information services, which obviously do not offer any payment service, but only information services. Hence the word ‘payment’ should be removed from the definition of account information services. In addition, any Article that relates to payment transactions, (e.g. Articles 63, 64 and 69), should not apply to all types of but only to .
With regard to other definitions, it is surprising that the Commission’s proposal does not define the ‘third party payment instrument issuer’, but uses this terminology extensively in Article 59. The ECON draft report attempts to remedy this gap. However, the current amendment only refers back to the list of services in the Annex. This unfortunately does not provide sufficient detail on the role and activities of a third party payment instrument issuer. This will need to be looked at in more detail before adopting the ECON position.
A key question in centres on the authentication of the bank customer. When a is used, it has to be clear that for authentication purposes the payment service user’s (’s) personalised security credentials are not re-used by the . This would not fit with the Commission’s intentions to limit what information or action can be carried out through payment initiation services or account information services. It would also not be conducive to ensuring the security and integrity of payment services. will therefore require their own, distinct security credentials in order to authenticate themselves unambiguously to the AS . The ECON draft report suggests exactly that, by amending Article 4(21) to establish the principle to distinguish between authenticating the and the . However, the term ‘personalised security features’ also needs to be defined, so that the potential re-use of customer credentials is clearly prohibited.
To ensure maximum security, Article 58(2), to which the ECON draft report makes a number of amendments, as well as Article 61(2), should also remove any references to the use of ’s ‘personalised security features’ by the . A further point of clarification along the same lines should be considered for Article 87(1). The ECON draft report still does not change the Commission’s wording, suggesting that can re-use the customer’s personalised security credentials. Again, the text should clearly reflect that this is prohibited. Also, logically the authentication of the should happen before any services are provided to the . Hence Article 87(2) should be amended to that effect. These modifications would need to be introduced into the European Parliament’s position on (which will be reflected with the final ECON report).
The Single European Interface
A new suggestion in the ECON draft report (amendment 115, Article 94 (b new)) is the creation of a Single European Interface, which would be a key tool in achieving maximum security for all , also with regard to accessing the accounts of . In addition, ECON Rapporteur Feio suggests creating a multi-stakeholder panel, under the leadership of the European Banking Authority (), to develop the details of how the interaction between the and the AS should work in practice. This is a positive proposal as it will be essential to develop a common approach to avoid unnecessary costs and an inefficient outcome. However, it is currently far from clear as to what shape such an interface would take in practice. Endorsing such an idea without any clarity around the content or execution path is certainly risky and may not be technologically neutral enough in order to be future proof. Legislation should be more principle-based than specific and any such ideas should therefore be left to possible technical rules that the could develop in the future.
Instead of giving this role to , the Euro Retail Payments Board (), a newly established multi-stakeholder body chaired by the European Central Bank4, would be better placed to work on this interface together with all stakeholders represented on the .
Another key area of change under is the extension of provisions to one-leg-out transactions, i.e. transactions where one of the is located outside the / European Economic Area (). The Commission’s text proposes to apply, in addition to the value dating Article 78, all of Title III to one-leg-out transactions, (see PSD II proposal Article 2(1)). Title III covers information requirements to . A number of Member States had already required their to apply Articles of Title III to one-leg-out transactions, which makes this scope extension consistent with the market reality.
The ECON draft report however expands this concept by proposing to apply all of Title IV, (except for Articles 72 and 74(1)), to one-leg-out transactions, (amendment 23, Article 2(1)). Upon close examination there are unfortunately a number of provisions that would pose a practical challenge if applied to one-leg-out transactions. Here are some examples:
- The Share-Charging-Principle (Article 55(2)), which requires the payee and the payer to pay the charges levied by their respective , is clearly difficult to apply in case of one-leg-out transactions given that the full amount must travel end-to-end and charges may not be known for transactions that are received from outside of the Single Market.
- Another example would be the ‘Notification of unauthorised or incorrectly executed payment transactions’ (Article 63), where a period of 13 months is given in which a can obtain rectification from his if the notifies his of any unauthorised or incorrectly executed payment transactions. This period of 13 months does not necessarily apply in all markets outside the /. In some countries the record keeping timeframes can be as short as six months, which would mean that if a claim was made after this time, the merchant may no longer be in possession of the necessary records.
Similarly, the receipt of payment orders under Article 69 cannot be guaranteed by a located in the /, when it is on the receiving side.
Other problematic articles in relation to one-leg-out transactions include the following Articles: 73, 74, 75, 76, 77, 80, 81, 82 and 91. It would be strongly recommended to review the feasibility of applying that many Articles of Title IV to one-leg-out transactions, given the practical and legal limitations highlighted above.
PSD1 had introduced the principle that every pays the charges levied by their respective , whilst the full amount of the payment transaction had to arrive at the beneficiary . However, the PSD1 included some confusing wording which suggested that this principle would only apply in the absence of a currency conversion. Given the fact that currency conversions are, in any case, separate to the payment transaction and hence should have no bearing on the charging principle, it should therefore be clarified in that the Share-Charging-Principle applies at all times to transactions that have both legs of the transaction within the /.
Hence the reference to currency conversion should be removed from Article 55(2). This opportunity has not been taken in the draft ECON report, but should be considered as part of the final ECON position.
Direct debit refund right
proposes a reformulation of the refund right with the aim of clarifying that an unconditional refund right should apply to direct debits, in line with the Direct Debit Core Rulebook developed by the European Payments Council (). However, the wording proposed by the Commission could have the unintended consequence of mixing the responsibility for the technical payment execution, which lies with the , with the commercial agreement that exists between payer and payee. Unfortunately, the ECON draft report does not suggest any proposals to modify the Commission’s original text.
In order to ensure that an unconditional refund right can be applied, whilst at the same time offering the opportunity for a payer and payee to agree on a no-refund option as part of the direct debit mandate, (for example in case of amounts that are pre-defined), the proposes that this Article could read as follows: “For direct debits the payer has an unconditional right for refund within the time limits set in Article 68. The payer and the payer’s payment service provider may agree on an exclusion of the refund right provided that the absence of the refund right is clearly mentioned in a specific mandate under a payment scheme which does not provide for the right to a refund.” To the benefit of rendering this provision both practicable and consumer protective, this wording should be adopted for .
(For details on the position on , refer to the article entitled ‘: Key Considerations Address Aspects Related to Third Party Payment Service Providers and Article 67 (Refund Rights for Direct Debits)’ included with the ‘related articles in this issue’ below.)
International Bank Account Numbers on debit cards
The ECON draft report also introduces a new provision (Recital 19 (a new) and Article 53a (new)), the so-called International Bank Account Number (IBAN) readability. This new provision suggested with the ECON draft report states that issuers of debit cards or mobile/online applications that are based on debit card functionality should ensure that the IBAN of the underlying customer account is visible and can be electronically read by merchants. It is not clear what this amendment is trying to achieve. The cost benefit of re-issuing new debit cards with the IBAN printed on the card, outside the normal card replacement cycle, would certainly be disproportionate and economically absurd and should therefore be avoided.
Non-execution, defective or late execution
Article 80 of , which defines liabilities of in case of non-execution, defective or late execution is a very important provision. However, the Commission’s proposal does not provide an easily understandable set of requirements. In fact, there are passages where the liabilities are clearly allocated to the wrong party. For example at the end of paragraph 2 of Article 80(1) the Commission suggests making the payer’s liable to the payee, whilst in fact the payer’s should always be liable to the payer, as this is his customer. Other areas of this Article would need similar clarifications and modifications. As a general observation, Article 80 is highly complex and difficult to follow. It will need further analysis once the implications of AS interacting with are more clearly understood and defined.
Sufficient time for review of this important legislative proposal should be allocated to ensure the best possible outcome
With a significant number of aspects still requiring further review and improvement, it is unclear at this stage in the process whether this can be accomplished within the timelines envisaged by the Commission, i.e. a final co-decision between the European Parliament, the EU Council representing EU Member States and the Commission on can be reached before Summer 2014. It also has to be taken into consideration that, in parallel, formal adoption of the by the EU legislator depends on the adoption of the MIF Regulation and other ancillary legislative texts such as the NIS Directive and updated EU data protection rules5.
This author suggests allocating more time to decide this important regulatory piece to ensure the best possible outcome.
Ruth Wandhöfer chairs the European Banking Federation’s Payments Regulatory Expert Group (PREG). She also chairs the Information Security Support Group.
European Parliament Economic and Monetary Affairs Committee (ECON): Draft Report on the Proposal for a Directive of the European Parliament and of the Council on Payment Services in the Internal Market
Related articles in this issue:
PSD2: EPC Key Considerations Address Aspects Related to Third Party Payment Service Providers and Article 67 (Refund Rights for Direct Debits). EPC identifies considerable scope for amendments to European Commission PSD2 proposal
SEPA 2014: EPC Calls on European Parliament and EU Governments Represented in the Council of the European Union to Provide Clarity on SEPA Compliance Requirements As Soon As Possible. On 9 January 2014, the European Commission introduced a proposal to effectively postpone the deadline for compliance with Regulation (EU) No 260/2012 from 1 February 2014 to 1 August 2014
Related articles in previous issues:
Analysis of Selected Aspects of PSD2 Reveals: There is Considerable Scope for Clarification. A closer look at PSD2 with regard to the payer´s refund right and the introduction of third party payment service providers ( Newsletter, Issue 20, October 2013)
The Long Awaited Arrival of PSD2: a Summary of Some of the Key Provisions and Issues. The proposed changes could have a significant impact on the European payments market ( Newsletter, Issue 20, October 2013)
On the Difference between Innovation and the Wild West: How to Ensure the Security of Bank Customers’ Funds and Data with Payment Account Access Services. Convenience is a priority. Security is indispensable. Promoting payment innovation to the benefit of both payers and payees requires combining the two ( Newsletter, Issue 19, July 2013)
European Commission Published 'Payments Legislative Package' on 24 July 2013. The package includes proposals for a revised Payment Services Directive and a new Regulation on interchange fees for card-based payment transactions ( Newsletter, Issue 19, July 2013)
Committee on Payment and Settlement Systems’ Working Group Publishes Report ‘Innovations in Retail Payments’. Central bank research identifies market trends and elements geared to assessing what an innovation-friendly environment should look like ( Newsletter, Issue 15, July 2012)
1 European Commission Website: http://ec.europa.eu/atwork/index_en.htm.
2 European Commission: Payment Services Directive and Interchange fees Regulation: frequently asked questions. http://europa.eu/rapid/press-release_MEMO-13-719_en.htm?locale=en.
3 European Commission Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union: http://ec.europa.eu/digital-agenda/en/news/commission-proposal-directive-concerning-measures-ensure-high-common-level-network-and.
4 European Retail Payments Board (): http://www.ecb.europa.eu/paym/sepa/stakeholders/governance/html/index.en.html#erpb.
5 European Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses: http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en.
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.