The original Payment Services Directive (“PSD”) was introduced in 2007 and was implemented in the UK in 2009 through the Payment Services Regulations (“PSRs”). Its aims were to:
- create a single market for payments in the European Union;
- open up the market to new entrants;
- create a platform for the Single Euro Payments Area; and
- protect consumers’ rights when making payments.
PSD2 was published in the European Union’s Official Journal on 23 December 2015. PSD2 aims to go further than PSD to protect consumers from unauthorised transactions and further improve security measures when they make payments. In particular, PSD2 will:
- contribute to a more integrated and efficient European payments market;
- improve the level playing field for payment service providers;
- promote the development and use of innovative online and mobile payments by bringing in account information and payment initiations services under regulation;
- make payments safer and more secure;
- increase consumer protections;
- introduce new reporting requirements;
- introduce new authorisation requirements;
- extend the scope of PSD by applying in general to ‘one leg out’ transactions, i.e. where only one of the payer or payee’s payment service providers (“PSP”) is in the EEA; and
- encourage lower prices for payments.
PSD2 has two levels of European legislation:
- the ‘Level 1’ Directive text, PSD2; and
- the Level 2 legislation in the form of ‘technical standards’ (“RTS”) and ‘guidelines’ which the European Banking Authority (“EBA”) will develop to supplement PSD2.
In February 2017, the FCA published a timeline relating to PSD2:
- HM Treasury has published a consultation paper on the implementation of PSD2. The consultation paper closes to responses on 16 March 2017;
- the FCA will consult on the necessary changes to its guidance and Handbook rules. The FCA expects to consult early in the second quarter of 2017; and
- some of the RTS and guidelines under PSD2 that are being developed by the EBA will come into force after January 2018, including the RTS on strong customer authentication, which is expected to come into force in the autumn of 2018.
Member states must transpose PSD2 into national law and regulations by 13 January 2018.
IMPACT OF PSD2
PSD2 introduces a significant number of that all existing and prospective PSP’s will need to be aware of. PSD2 will continue to govern the authorisation and prudential requirements for payment institutions and set the conduct of business rules for providing payment services. PSD2 is relevant for firms which are already authorised by the FCA and firms that will have to seek authorisation or to notify the FCA of certain information as a result of the changes. This includes:
- all existing PSPs, including banks, building societies, credit card providers, money remitters and e-money issuers;
- providers of ‘payment accounts’ which are accessible online. These are accounts held in a payment service user’s name which are used to make payments, including current accounts, e-money accounts and credit card accounts. Firms providing these accounts will be required to give access to their customers’ accounts to providers of account initiation and/or payment initiation services, with the customer’s consent; and
- a range of firms that are not currently required to be FCA-authorised or regulated, including firms that:
- provide services that are currently exempt from regulation because of the limited network, ‘digital download’ or commercial agent exemptions; and
- provide, or plan to provide, account information and/or payment initiation services.
Firms will need to start planning for PSD2 before the Treasury implements the relevant changes to UK financial services legislation by replacing the Payment Services Regulations, and before the FCA’s subsequent changes to guidance and Handbook rules.
To see the update from the FCA and access further resources please click here.
For any advice in relation to PSD2 and its implications for your firm, Cleveland & Co, your External In-house Counsel are here to help.