This guide is based on an EU Directive and how it applies in the UK. It was last reviewed in September 2009.
What is the Payment Services Directive?
The aim of the Payment Services Directive (PSD) is to enhance efficiency, competition and innovation in the European payments market by integrating national payment markets. It is part of the EU's drive to create a single internal market in retail payment services. It was passed in 2007 and has to be implemented in each Member State by 1st November 2009.
The PSD has three principal components:
- a prudential authorisation regime for payment service providers that are not banks or e-money issuers;
- harmonised conduct of business rules which apply to all providers of payment services; and
- provisions aimed at opening up access to payment systems throughout the EU.
The PSD is being implemented in the UK by the Payment Services Regulations 2009.
Examples of businesses affected
The Regulations will impact on banks, e-money issuers, money transfer operators, payment collection networks, non-bank credit card issuers, certain bill payment service providers, mobile operators, merchant acquirers and their agents.
How is the PSD being implemented in the UK?
The Regulations come into force fully on 1st November 2009, although certain provisions (concerned with the FSA's functions as the competent authority under the PSD) came into force on 2nd March 2009. Other provisions, principally to enable applications for authorisation to be made under the Regulations, came into force on 1st May 2009. The Regulations apply to the whole of the UK.
The FSA is the UK's competent authority under the PSD and, under the Regulations, will decide on applications for authorisation and registration and will enforce the conduct of business rules. The FSA published its approach to authorisation and supervision, with input from the Office of Fair Trading (OFT), in late March. The following link take you to that document.
HM Revenue and Customs will continue to have responsibility for anti-money laundering compliance by money service businesses (some of which will be payment service providers under the PSD). The OFT will be responsible for enforcement of the provisions concerning access to payment systems and the Financial Ombudsman Service will provide the out-of-court redress mechanism envisaged by the PSD.
What do the Regulations cover?
Payment service providers
The Regulations provide for the following categories of payment service provider:
- authorised payment institutions;
- small payment institutions;
- EEA authorised payment institutions;
- credit institutions;
- electronic money institutions;
- the Post Office Limited;
- the Bank of England and other central banks; and
- government departments and local authorities, other than when carrying out functions of a public nature.
In addition, credit unions, municipal banks and the National Savings Bank are exempt from the Regulations.
The most significant categories of payment service provider are credit institutions (i.e. banks), electronic money institutions and "payment institutions" (a newly defined entity under the PSD). In order to be able to provide payment services in the UK an entity will need to fall within one of the classes of payment service provider or otherwise be exempt.
Those businesses which are not either banks or e-money issuers, or exempt, and which wish to provide payment services, will require to be either authorised or registered as a payment institution under the Regulations.
The PSD focuses on electronic means of payment, and the Regulations cover the provision of "payment services" as a regular occupation or business activity. These are defined by reference to an exhaustive list, which includes (amongst others):
- services enabling cash to be placed on, or to be withdrawn from, a payment account and all of the operations required for operating a payment account;
- the execution of direct debits and credit transfers (including standing orders) and payment transactions executed through a payment card or similar device;
- issuing payment instruments or acquiring payment transactions; and
- money remittance.
This is subject to a separate list of 15 activities which are not classified as "payment services". These exemptions will take many of the wholesale operations of financial institutions out of the scope of the Regulations.
There are also exemptions for wholly cash-based transactions with no intermediary involvement, most paper-based transactions (e.g. cheques and bankers drafts), "cash-back" transactions and intra-group transactions. Fewer requirements apply to low-value payment instruments and e-money.
The PSD applies to all currencies of the European Economic Area.
Applying to be authorised or registered
The Regulations introduce a prudential authorisation regime for payment institutions. There are two types of payment institution:
- an "authorised" payment institution which is a UK body corporate having its head office and any registered office in the UK and which satisfies the criteria for authorisation; and
- a "small" payment institution which is an entity with a head office, registered office or place of residence in the UK which executes on average not more than 3 million euros of payment transactions per month and otherwise satisfies the criteria for authorisation (including a "fit and proper" test).
Small payment institutions will be registered with the FSA (not authorised) and will be subject to a less onerous registration regime (including having no minimum capital requirement). However, a small payment institution cannot passport its payment services in other EU Member States.
Authorised payment institutions will have additional obligations that will not apply to small payment institutions such as an ongoing minimum capital requirement, an obligation to protect certain funds held for the execution of a payment transaction, and an obligation to notify the FSA of any intention to outsource operational functions or to passport its payment services.
Other payment service providers such as banks and e-money issuers will not be subject to authorisation under the PSD and will (where relevant) continue to be authorised under the FSMA regime.
The conduct of business rules
The Regulations require that payment service providers give certain information to payment service users at particular stages of a transaction. These rules apply where the payment services are provided from a UK establishment (even if they are supplied overseas); where the payment service providers involved are located in the EEA; and where the transaction is carried out in an EEA currency.
The information required to be given depends upon whether the contract is a single payment service contract or a framework contract. Fewer obligations apply to single payment transactions. The Regulations also deal with the right to amend or terminate framework contracts.
Certain information requirements are disapplied in the case of low-value payment instruments and e-money. The parties can also agree to disapply any or all of the information provisions unless the payment service user is a consumer, a charity or a "micro-enterprise".
Rights and obligations
The Regulations detail the rights and obligations of both the payment service providers and users in intra-EU payment transactions in euros or another EEA currency, including the charges that can be levied for the service, the obligations of the parties in relation to payment instruments, the liabilities of the parties for defective or non-performance of a payment transaction or for an unauthorised transaction, and execution deadlines and value dating.
Parties will have the right to disapply certain of these provisions other than where the payment service user is a consumer, a micro-enterprise or a charity. Certain of the provisions will be disapplied in the case of low-value payment instruments and e-money.
The conduct of business provisions will have limited application (e.g. the value dating and availability of funds provisions) to transactions where one payment service provider is outside the EEA, or where payment is made in a non-EEA currency, known as one-leg-out transactions.
Access to payment systems
The Regulations prohibit unnecessarily restrictive rules on access to or participation in certain types of payment systems by most payment institutions and provide the OFT with powers to enforce the Regulations.
Upon certain criteria being satisfied, persons who have been providing payment services prior to 25th December 2007 may continue to provide payment services in the UK until 30th April 2011 without being authorised as a payment institution; and until 25th December 2010 without being registered as a small payment institution.
The relevant application for authorisation or registration should still, however, be submitted to the FSA for determination at least three months before these deadlines. In addition, the conduct of business provisions and provisions on access to payment systems will apply to such persons during the transitional period. Transitional provisions also apply in respect of "financial institutions" under the BCD.
What action should affected businesses take?
Businesses that currently provide, or wish to provide, payment or similar services should ascertain whether such activities constitute "payment services" under the Regulations. If so, and they are not a bank or an e-money issuer, or otherwise exempt, they will need to apply to the FSA for authorisation or registration as a payment institution within the relevant transitional period.
All businesses that will be subject to the Regulations will need to consider the impact on their business, including:
- risk, IT and other systems and controls: will these satisfy the FSA?;
- the possibility and implications of 'passporting' services within the EEA;
- the impact on the pricing and charging structure of the business's services;
- whether new software or other systems are required to comply with the Regulations (e.g. to disaggregate payments below the safeguarding threshold);
- the terms of any contracts held with third party suppliers;
- the need to update contract terms and conditions and other customer-facing literature and notify customers of the changes;
- the need to provide more detailed information to payment service users;
- the impact on record keeping systems;
- the need to train all affected staff;
- the need to amend complaints handling procedures;
- whether arrangements the business has regarding access to payment systems may be discriminatory; and
- the need to communicate with the FSA as a regulator.
Banking conduct of business review
The PSD will bring into force conduct of business rules for payment transactions that apply to the majority of retail bank accounts, and will replace much of the current voluntary Banking Codes. The FSA is proposing to extend its remit to the regulation of the conduct of retail banking business. The FSA proposes to bring a new Banking Conduct of Business Sourcebook into force in November 2009 to coincide with the implementation of the PSD.