Last July, the European Commission proposed a new Payment Services Directive (PSD2), which was voted on in committee on 20 February. Apparently it was passed with certain changes, which have not yet been published. However, it's worth noting that earlier in February the ECB published its proposed changes to the draft directive, which are discussed below in a post that I've been trying to finish for the past 3 weeks (sorry). The Parliament is due to vote in plenary on 2 April. PSD2 will take effect 2 years after it is adopted.
The ECB's stated concern is to help the development of the payment services market. Yet readers in common law countries will be struck by the irony in its proposal to regulate on matters that the industry could otherwise agree contractually. So, rather than allowing for flexible contractual solutions, the ECB wants a rigid code that won't take effect for 2 years and will take many more to change. In addition, the ECB wants "further business rules, including technical and operational arrangements" to be "defined through the creation of a payment scheme."
But we can ill afford the pace of innovation and competition in payment services to be dictated by the glacial speed of the EU legislative process or the snail's pace at which established players form new trade organisations and agree standards. I mean, it took a decade to force UK banks just to implement Faster Payments.
The ECB's approach is of course typical of the civil law attitude to innovation and entrepreneurship, which is at odds with the vital role that contracts play in shaping markets, particularly in a global context. In common law countries we are free to act unless the law restricts us. The law follows commerce. Contracts therefore provide the rails on which entrepreneurial activity runs. Meanwhile, the citizens of civil law countries wait for their lawmakers to define how they may act - in continental Europe, commerce follows the law. Contracts should be used sparingly, if at all, to supplement civil law codes. As a result, entrepreneurship and innovation from outside the scope of existing law is viewed by continental Europeans as being rather dodgy, as are global contractual terms of service that transcend national laws and treaties. Europeans consider that governments should agree international rules through treaties, not the likes of you and me at the click of a mouse. So it's no surprise that so much global innovation thrives in common law markets, as illustrated by the growth of e-commerce. The European Commission's comment on amendments to the commercial agents' exemption in PSD2 is a case in point:
"The ‘commercial agent’ exemption has been amended to only apply to commercial agents which act on behalf of either the payer or the payee, and not to those which act for both payer and the payee. The exemption under the current PSD has increasingly been used with regard to payment transactions handled by e-commerce platforms on behalf of both the seller (payee) and the buyer (payer). This use goes beyond the purpose of the exemption and should thus be further circumscribed."
What UK officials make of all this is unclear. The Cabinet Office and the Treasury have held at least one workshop with some representatives of challenger businesses in the UK financial technology sector. But we have not seen whether and, if so, how those discussions have translated into UK policy. Meanwhile, the House of Commons European Scrutiny Committee has complained of receiving very little detail on the Treasury's position on PSD2, and only seems to have entertained submissions from MasterCard, the UK Cards Association and a few charities (see section 8 of its recent report).
Against this background, you might wonder if there's much point in caring about PSD2, and I suspect that is the point of government bureaucracy: to bore and frustrate everyone into submission - including many of those who are paid good money to participate directly. So let's call it sick fascination. At any rate, here's a quick summary of the ECB's proposals (none of which resolves the gobbledygook in Articles 67-68 and 72-75, by the way):
1. Payment access/initiation services: when you use a separate service to check the balance in one of your payment accounts or initiate a payment, you will not be able to allow the third party service provider ("TPP") to use your log-in details for the payment account you want to check or make a payment from. The TPP and your payment account servicer provider ("ASP") will need to figure out another way to interoperate using a European standard interface specified (eventually) by the European Banking Authority.
2. Direct debit refunds: for privacy reasons (apparently), direct debit refunds should not be conditional on whether goods or services have already been consumed. Instead there should be an unconditional refund right for 8 weeks for all direct debits, except in relation to goods and services listed by the European Commission as items that 'debtors and creditors' can agree upon as not being subject to a refund. There is no suggestion that this will be consistent with consumer cancellation rights for distance sales. Note also the use of 'debtors and creditors' by the ECB in its explanation, when PSD2 refers to 'payer' and 'payee'. This highlights a problem with definitions in the PSD generally, where it is assumed that the payee and creditor (e.g. a merchant or the issuer of a bill) are the same when often they are not, a point the ECB has missed in trying to define the "acquiring of payment transactions" (see 5 below).
3. Territorial scope: the scope provisions of the PSD and PSD2 are overly simplistic, given the range of situations involving payment transactions outside the EEA and the potential for a single transaction to be governed by the law in multiple jurisdictions. The ECB amendments not only fail to clarify these issues, but also increase the pressure on the interpretation by applying the customer disclosure and contractual requirements, as well as provisions relating to the supply and use of payment services.
4. Network and Information Security Directive: The ECB says this directive should not apply directly, but supervisory bodies may take that directive and any related guidance into account when assessing payment service providers' management of information security. Which means that they will have to comply with the NISD, in effect, but won't realise that's what they are doing because they didn't follow the tortuous passage of PSD2 through the EU quagmire.
5. Definitions: The ECB has recommended some additional definitions to clarify the application of PSD2. In particular, “acquiring of payment transactions” is defined to mean:
"a payment service provided by a payment service provider contracting with a payee to accept and process the payee’s payment transactions initiated by a payer’s payment instrument, which result in a transfer of funds to the payee; the service could include providing authentication, authorisation, and other services related to the management of financial flows to the payee regardless of whether the payment service provider holds the funds on behalf of the payee;"
Yet the issue of whether merchant acquiring is covered by the PSD lies entwined in the definitions of "payment transaction", "payer" and "payee"; mistakenly equating buyers with payers and merchants with payees; mistaken assumptions about exactly how payments are intitiated and by whom; and the fact that acquiring is actually achieved through a series of back-to-back contracts between principals that does not involve a direct contractual relationship between the buyer and seller at any point. There's even a Court of Appeal decision to this effect. But, again, that's clearly lost on officials.
The result? Slow, creeping, incremental change in payment services. Not exactly fertile ground for what you would genuinely call "innovation".