PSD2

PSD stands for “Payment Services Directive”, an EU directive to regulate payment services and payment service providers in the European Union and European Economic Area.

This is a regulation  meant to increase pan-European competition and participation in the payments industry also from non-banks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations for payment providers and users.

The latest version of the regulations referred to as PSD2 was adopted by the European Parliament on October 8, 2015 and was passed by the Council of European Union on November 16, 2015. It was put into enforcement on 12th January 2016 with a two year time line for implementation. Hence by 12th January 2018, PSD2 is expected to be in full operation. Certain part of PSD2 such as the Regulatory Technical Standards (RTS) is expected to be in force from September 2018.

This would be a regulation that would directly affect the FINTECH Companies working in the EU market in terms of compliance, privacy protection etc. Simultaneously it will also affect the Banks since it may increase the competition in the financial market.

The regulation would affect technology that is being used by the Payment Service Providers, the Processes they are using, the compliance requirements. Together it would also affect the profitability of the operators and therefore the entire economics of the industry.

The detailed regulations are available  here : 

The primary regulated payment services activities are:

  • Cash deposits and withdrawals;
  • The execution of payment transactions:
    • Credit transfers, including standing orders;
    • All direct debits;
    • Payment card transactions.
  • Issuing payment instruments (e.g. debit cards) or acquiring payment transactions;
  • Money remittance;
  • Payments sent through the intermediary of a telecom, IT system or network operator.

This Directive does not apply to the following:

(a) payment transactions made exclusively in cash directly from the payer to the payee, without any intermediary intervention;
(b) payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of only the payer or only the payee;
(c) professional physical transport of banknotes and coins, including their collection, processing and delivery;
(d) payment transactions consisting of the non-professional cash collection and delivery within the framework of a non-profit or charitable activity;
(e) services where cash is provided by the payee to the payer as part of a payment transaction following an explicit request by the payment service user just before the execution of the payment transaction through a payment for the purchase of goods or services;
(f) cash-to-cash currency exchange operations where the funds are not held on a payment account;
(g) payment transactions based on any of the following documents drawn on the payment service provider with a view to placing funds at the disposal of the payee:

(i) paper cheques governed by the Geneva Convention of 19 March 1931 providing a uniform law for cheques;
(ii) paper cheques similar to those referred to in point (i) and governed by the laws of Member States which are not party to the Geneva Convention of 19 March 1931 providing a uniform law for cheques;
(iii) paper-based drafts in accordance with the Geneva Convention of 7 June 1930 providing a uniform law for bills of exchange and promissory notes;
(iv) paper-based drafts similar to those referred to in point (iii) and governed by the laws of Member States which are not party to the Geneva Convention of 7 June 1930 providing a uniform law for bills of exchange and promissory notes;
(v) paper-based vouchers;
(vi) paper-based traveller’s cheques;
(vii) paper-based postal money orders as defined by the Universal Postal Union;

(h) payment transactions carried out within a payment or securities settlement system between settlement agents, central counterparties, clearing houses and/or central banks and other participants of the system, and payment service providers, without prejudice to Article 35;
(i) payment transactions related to securities asset servicing, including dividends, income or other distributions, or redemption or sale, carried out by persons referred to in point (h) or by investment firms, credit institutions, collective investment undertakings or asset management companies providing investment services and any other entities allowed to have the custody of financial instruments;
(j) services provided by technical service providers, which support the provision of payment services, without them entering at any time into possession of the funds to be transferred, including processing and storage of data, trust and privacy protection services, data and entity authentication, information technology (IT) and communication network provision, provision and maintenance of terminals and devices used for payment services, with the exclusion of payment initiation services and account information services;
(k) services based on specific payment instruments that can be used only in a limited way, that meet one of the following conditions:

(i) instruments allowing the holder to acquire goods or services only in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a professional issuer;
(ii) instruments which can be used only to acquire a very limited range of goods or services;
(iii) instruments valid only in a single Member State provided at the request of an undertaking or a public sector entity and regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers having a commercial agreement with the issuer;

(l) payment transactions by a provider of electronic communications networks or services provided in addition to electronic communications services for a subscriber to the network or service:

(i) for purchase of digital content and voice-based services, regardless of the device used for the purchase or consumption of the digital content and charged to the related bill; or
(ii) performed from or via an electronic device and charged to the related bill within the framework of a charitable activity or for the purchase of tickets;
provided that the value of any single payment transaction referred to in points (i) and (ii) does not exceed EUR 50 and:
—the cumulative value of payment transactions for an individual subscriber does not exceed EUR 300 per month, or
— where a subscriber pre-funds its account with the provider of the electronic communications network or service, the cumulative value of payment transactions does not exceed EUR 300 per month;

(m) payment transactions carried out between payment service providers, their agents or branches for their own account;
(n) payment transactions and related services between a parent undertaking and its subsidiary or between subsidiaries of the same parent undertaking, without any intermediary intervention by a payment service provider other than an undertaking belonging to the same group;
(o) cash withdrawal services offered by means of ATM by providers, acting on behalf of one or more card issuers, which are not a party to the framework contract with the customer withdrawing money from a payment account, on condition that those providers do not conduct other payment services as referred to in Annex I. Nevertheless the customer shall be provided with the information on any withdrawal charges referred to in Articles 45, 48, 49 and 59 before carrying out the withdrawal as well as on receipt of the cash at the end of the transaction after withdrawal.

The regulations may not affect the Indian Companies directly but if they are involved in managing any of the operations of the Payment Instrument Systems as an Outsource partner, they will be affected by the requirements along with the GDPR which will also become effective by 25th May 2018.

It would be necessary for the Member States to ensure that, where payment institutions rely on third parties for the performance of operational functions, those payment institutions take reasonable steps to ensure that the requirements of this Directive are complied with. Also  Member States are required to ensure that payment institutions remain fully liable for any acts of their employees, or any agent, branch or entity to which activities are outsourced. Hence appropriate contractual binding becomes necessary and the outsource partners will be responsible and liable under the PSD2 if they are outsource partners of a EU client and have signed a business contract with relevant security and indemnity clauses.

Individual EU members need to notify their regulations under this directive indicating the detailed penalties and procedures.