Red Alert: Retailers With Loyalty Progammes

Three years after being announced in the UK and I suspect many retailers are yet to realise that their loyalty/store card programmes will be regulated by the Financial Conduct Authority from 13 January 2018 - likewise across the European Economic Area. 

As the FCA now also warns, retailers who offer such programmes anywhere in the EEA will need to track the annual transaction volumes very carefully, starting with the completely arbitrary and inconvenient date of 13 January 2018. 

If the volume meets or exceeds €1 million (or the GBP or local currency equivalent) in any 12 month period (the first ending on 12 January 2019), the retailer must notify the FCA (or local regulator) within 28 days (by 10 February 2019).  Firms may also choose to register at any time from 13 October 2017.

But be sure of the outcome before you decide whether or not to register!

The regulator must then decide whether the programme is exempt from regulation as an e-money/payment service.  

If the firm fails to notify, it commits an offence under the Payment Services Regulations 2017 (or local equivalent implementing the second Payment Services Directive (PSD2)). 

If the FCA decides the programme is exempt, then it must include the retailer on the FCA's register of 'limited networks', and the name will be added to a central register of all such firms across the EEA.

If the FCA decides the programme is not exempt from regulation the retailer can appeal, but basically this means the firm will have been found to be violating the Electronic Money Regulations 2011 and/or Payment Services Regulations 2017 by issuing e-money and/or offering a payment service without being duly authorised/registered to do so. Major problem!

So retailers really have to decide now whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

Of course, the mere fact that retailers with loyalty schemes have to be mindful of these requirements and go through the process means they are in effect regulated by the FCA. Ignorance, as they say, is no defence.

Of Card Payments, Consumer Protection, SMEs and Merchant Aggregators

Consumer advocates have raised the issue of some uncertainty about which credit card transactions benefit from the statutory right to pursue the card issuer if a merchant makes a misrepresentation or breaches the contract for sale of an item (see the April article from MoneySavingExpert). Many do not realise that the uncertainty arises from arrangements that enable small businesses to accept card payments, overlooking important benefits to SMEs and consumers alike. If SMEs (which represent 99% of UK businesses) cannot accept card payments, consumers may find it less convenient to deal with them, threatening their livelihoods and over half the UK's new jobs, while also reducing consumer choice and competition for large retailers. The statutory right is also subject to exceptions that mean the transaction might not be covered anyway. Yet cardholders still have 'chargeback' rights under their card terms, which are more generous and involve less hassle than making a statutory claim.  So, my own view is that the benefit of enabling small traders to offer their customers the convenience of paying by card outweighs the potential lack of a statutory claim against the card issuer, because the cardholder has the greater comfort of being able to initiate a chargeback anyway. 

Statutory Rights

Consumer credit transactions that involve the borrower (e.g. a credit cardholder), the creditor (e.g. a credit card issuer) and a supplier (merchant) under the same agreement benefit from a provision of the Consumer Credit Act (CCA) that makes the creditor liable for any misrepresentation or breach of contract relating to the sale of the item (section 75). Various exclusions apply. For instance, it only covers items over a £100 up to £30,000 and it does not cover or must be more than Another provision covers transactions where the credit agreement did not directly involve the supplier but was specifically linked to the sale of a specific item (section 75A). Again, however, there are exceptions and it only applies to transactions for an amount exceeding £30,000 up to £60,260, so it is unlikely to be relevant to card transactions.

Chargeback Rights

Under rules governing the operation of the card schemes, such as MasterCard, card transactions can be reversed or 'charged back' in various cases including cardholder dispute within 180 days of the transaction. This right is wider than the statutory right under section 75 of the CCA because it applies to debit card transactions as well as credit card transactions, and the reasons for initiating a chargeback go well beyond the scope of the statutory right (see the list of reasons on page 54).

Merchant Aggregators

Card schemes operate by enabling issuers to issue payment cards that can be presented to participating merchants, who send the transaction data to an 'acquirer' who then obtains payment from the relevant card issuers via an 'interchange' process run by the card scheme operator. 

Typically, the merchant must have a direct contract with an acquirer, but that is expensive to set up and administer in the case of small merchants. 

So to give cardholders the convenience of being able to pay small merchants, the card schemes allow approved intermediaries (MasterCard calls them "Payment Facilitators", for example) to represent  small businesses more efficiently and cost effectively under a single contract with the acquirer, enabling those 'submerchants' to accept card payments where their annual transaction volume is less than $1m or local currency equivalent (increased from $100,000 a few years ago). WorldPay, the UK's largest card acquirer, explains its aggregator program here, for example; and MasterCard has a global list of approved Payment Facilitators by region.

In addition, department stores and e-commerce marketplaces may be treated by the card schemes as the merchant, where the obligation to pay the price of an item offered by a third party seller is satisfied by paying the store or marketplace operator rather than the seller directly. Where problems arise in that context, even though section 75 claims would not be possible, the cardholder typically has the right to either use the marketplace's own dispute resolution and compensation process or, in any event, to initiate a chargeback (large third party sellers will also have their own returns and complaints resolution and compensation process). Such 'master merchant' relationships are also important channels for small businesses to gain access to larger markets, again improving convenience, consumer choice and competition.

The point in all these cases is to weigh the benefits to consumers of convenience, increased choice and competition - as well as the benefits to SMEs who are able to access a wider market, grow and create more new jobs - against the loss of the relatively narrow rights under section 75 compared to chargeback rights and other remedies.

#PSD2: The FCA Clarifies The "Business Test"

In deciding whether or not a firm's activities are caught by the new Payment Services Directive (PSD2) as implemented in the UK by new Payment Services Regulations, one needs to first consider whether the activities are conducted by way of business. This is a question of fact and degree that can be difficult to answer. In the consultation on its approach to supervising the new regulations, the Financial Conduct Authority has helpfully done a lot more than it has in other areas to clarify when it considers that a payment activity will constitute 'a regular occupation or business' in itself, as opposed to being merely part of another type of business.

FCA's current guidance on the Payment Services Regulations 2009 states (at PERG 15.2, Q.9):

“…Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations. Accordingly, we would not generally expect solicitors or broker dealers, for example, to be providing payment services for the purpose of the regulations merely through operating their client accounts in connection with their main professional activities.”

The FCA has revised Question 9 as part of its proposed draft changes to the Perimeter Guidance to read as follows:

"Q9. If we provide payment services to our clients, will we always require authorisation or registration under the regulations?

Not necessarily; you will only be providing payment services, for the purpose of the regulations, when you carry on one or more of the activities in PERG 15 Annex 2:

• as a regular occupation or business activity; and

• these are not excluded or exempt activities.

Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations (see definition of "payment services" in regulation 2(1)). In our view this means that the services must be provided as a regular occupation or business activity in their own right and not merely as ancillary to another business activity. Accordingly, we would not generally expect the following to be providing payment services as a regular occupation or business activity:

• solicitors or broker dealers, merely through operating their client accounts in connection with their main professional activities;

• letting agents, handling tenants’ deposits or rent payments in connection with the letting of a property by them;

• debt management companies, receiving funds from and making repayments for a customer as part of a debt management plan being administered for that customer; and

• operators of loan or investment based crowd funding platforms transferring funds between participants as part of that activity.

The fact that a service is provided as part of a package with other services does not, however, necessarily make it ancillary to those services – the question is whether that service is, on the facts, itself carried on as a regular occupation or business activity."

Simlarly, in Question 38, the FCA proposes to state:

"Q38. We are an investment firm providing investment services to our clients - are payment transactions relating to these services caught by the regulations?

Generally, no. Where payment transactions only arise in connection with your the main activity of providing investment services, in our view it is unlikely that you will be providing payment services by way of business. In those limited cases where you are, the PSRs 2017 do not apply to securities assets servicing, including dividends, income or other distributions and redemption or sale (see PERG 15 Annex 3, paragraph (i))."

In relation to e-commerce marketplaces, the FCA proposes to add the following question to its Perimeter Guidance:

"Q33A. We are an e-commerce platform that collects payments from buyers of goods and services and then remits the funds to the merchants who sell goods and services through us – do the regulations apply to us?

The platform should consider whether they fall within the exclusion at PERG 15 Annex 3, paragraph (b). The PSRs 2017 do not apply to payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Recital 11 of PSD2 makes clear that some e-commerce platforms are intended to be within the scope of regulation. An example of where a platform will be acting for both the payer and the payee would be where the platform allows a payer to transfer funds into an account that it controls or manages, but this does not constitute settlement of the payer’s debt to the payee, and then the platform transfers corresponding amounts to the payee, pursuant to an agreement with the payee.

The platform should also consider whether they are offering payment services as a regular occupation or business activity (see Q9). Depending on your business model, the payment service may be ancillary to another business activity, or may be a business activity in its own right. Where the payment service is carried on as a regular occupation or business activity, and none of the exclusions apply, the platform will need to be authorised or registered."

The FCA also proposes to add Question 34A relating to "online fundraising platforms":

"Q34A. We are an online fundraising platform which collects donations in the form of electronic payments and transmits funds electronically to the causes and charities that have an agreement with us - do any of the exclusions apply to us?

Persons collecting cash on behalf of a charity and then transferring the cash to the charity electronically do not fall within the exclusion in PERG 15 Annex 3, paragraph (d), unless they themselves are carrying this out non-professionally and as part of a not-for-profit or charitable activity. For example, a group of volunteers that organises regular fundraising events to collect money for charities would fall within this exclusion. On the other hand, an online fundraising platform that derives an income stream from charging charities a percentage of the money raised for them is unlikely to fall within this exclusion.

Nor will an online fundraising platform accepting donations and then transmitting them to the intended recipient be able to take advantage of the exclusion in paragraph (b), as they are not a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Online fundraising platforms should also consider the guidance in Q33A."

There may be some confusion over whether a platform is an "online fundraising platform" covered by Questions 33A and 34A, as opposed to a 'donation/reward based crowdfunding platform' which I would suggest should be treated consistently with loan/investment based crowdfunding platforms under Question 9 above.

Consultations On Supervision Of New Payment Services Regs Under #PSD2

The FCA is consulting on its approach to supervising the new regulations that will implement PSD2. It's a huge job, and delays to the release of the draft regulations has left little time to prepare for the regulations to take effect from 13 January 2018. Responses to the FCA consultation are due by 8 June 2017, and can be provided online. 

The consultation is explained in the first 60 pages of the main policy document, and the detailed changes to the FCA Handbook is in the Annexes (another 217 pages worth!), including important updates to the 'perimeter guidance' on activities that are in scope, out of scope or excluded (Annex K from page 223 of the PDF version).

The FCA has also helpfully published a mark-up showing changes to its Approach Document that explains how it regulates the current PSD. The regulations are still in draft, so the FCA's guidance may also change if the regulations do; and there are certain 'regulatory technical standards' being developed that could also produce changes over time.

Meanwhile, the Payment Services Regulator has also issued its guidance on how the draft regulations impact its supervision of payment systems.

Unfortunately, the UK's view of PSD2 may not be consistent with other member states, and further divergence could occur after Brexit. The main consequences of this are explained in my answer to Question 1 of the Treasury consultation.

I will likely publish my general observations on the FCA's proposed changes in the coming weeks, where possible. 

In the meantime, my general response to the Treasury consultation on the draft Payment Services Regulations is here; and I've also previously posted on the following general issues under PSD2:

• Loyalty schemes with volumes over €1m (or GBP equivalent) must register with FCA, which must decide if they are a ‘limited network’; 
• Are Merchant Checkouts ‘Payment Instruments’? – may impact how checkout processes are structured/hosted and who by; 
• What is a ‘Payment Initiation Service’? – could affect merchants and various ‘technical service providers’ who support payment processes but don’t handle funds; 
• What is an ‘Account Information Service’? – new issue for accountants, personal data aggregators, cloud storage providers etc. who handle payment account data; 
• Are ‘bill payment services’ in or out of scope of new UK payments regs? 
• Post-Brexit outlook for passporting – if you need to get authorised to offer services across EU/UK, where do you do it? 

Can It Really Be #PSD2?!

The new Payment Services Directive (PSD2) has been approved by the European Parliament. Following the Parliament’s vote, in order to take effect, the Directive must be formally adopted by the EU Council of Ministers and published in the Official Journal of the EU. This is explained by the European Commission here. I understand that should be done by sometime in November. In the meantime, the official version is published by the European Parliament here. From that date of publication in the Official Journal, Member States will have two years to introduce the necessary changes in their national laws in order to comply with the Directive.

I have updated my note for SCL on PSD2 accordingly.

PSD2 - EU Sleight of Hand?

True to form, the EU Parliamentary process threw up an amended proposal for the new Payment Services Directive last Tuesday, leaving everyone two business days to consider it before this week's Parliamentary session. Conspiracy theorists will wonder what last minute lobbying victories were secured and what might have been different with a few weeks to consider them.

It seems pointless to review the draft, let alone summarise any changes, since further changes may well emerge this week from lurking MEPs. Who knows what will finally pop out in the Journal? Only those swimming in the primordial soup.

My summary of the June draft is here.

#PSD2: The Final Chapter?

I have updated my article for the SCL on the differences between the Payment Services Directive (PSD) and the latest compromise text of PSD2, produced following informal negotiations amongst the European Parliament, Council and the Commission.

It seems we are not far away from the final version.

Lack of Transparency In Negotiation Of #PSD2

I don't think the Beurocrats are terribly concerned by rampant Euroscepticism pervading national electorates. The byzantine EU legislative process trundles on as secretively as ever. All the nonsense about immigration is a nice distraction from lack of transparency on more fundamental issues.

The latest attempt at a fait accompli is the revised proposal for a new Payment Services Directive (PSD2), which is designed to shape the EU's payment systems for the decade to come. Having published several drafts previously with some attempt to mark-up the changes from previous meetings of member state representatives, a rapid-fire draft (dated 21 November) was suddenly published on 24 November, the same day it was due to be debated.

Today, as a result of the 24 November negotiations, a further draft (dated 1 December) was published without any changes marked, along with a recommendation that it be used as the basis for negotiations with the EU Parliament. Never mind that alternative service providers and other stakeholders with minimal lobbying power are attempting to understand and warn of the impact of seismic changes to the payments regulatory framework.

This is no way to approach the regulation of the EU financial system - if you have any interest at all in bringing the market along with you. But it's a perfect way to leave control of the market to the major banks and card schemes who have lobbyists plugged into the process.

Rant ends. I'll be trying to update my article on the changes to the proposals in the coming week.

Though it's hard to see the point.

Card Scheme MIF Regulation [Updated 20 Jan 2015]

In addition to a new Payment Services Directive (PSD2), the Beurocrats have been busy on a Regulation aimed at payment card transactions - mainly to cap merchant interchange fees, but also to introduce some 'business rules' (MIF Regulation). Unlike PSD2, the MIF regulation will take effect directly in each member state, rather than having to be implemented into national law first. The caps on fees described below apply from 6 months after the regulation enters into force, while the grace period for the business rules is 12 months after the regulation enters into force. The MIF regulation must be reviewed by the Commission four years after entering into force, with any recommendation to amend the fee cap. Underlining and strike-through reflects changes made to the MIF Regulation since October 2014.

Capping fees:

The January 2015 version of the MIF Regulation (updating the October 2014 version) caps the hidden interchange fees that card issuers receive from merchant acquirers for cross-border all debit card transactions at 0.2%. However, for domestic debit card transactions, Member States may apply either a lower cap per transaction and a fixed maximum fee amount, or allow payment service providers (PSPs) to apply a per transaction fee of up to €0.05 in combination with a maximum percentage rate of no more than 0.2%, provided that the interchange fees of the payment card scheme does not exceed the fee is capped at a weighted average of 0.2% of the annual transaction value of the domestic debit card for all transactions within each payment card a scheme, or 0.2% per transaction. But for 5 years, Member States may allow PSPs to apply to domestic debit card transactions a weighted average interchange fee of up to 0.2% of the annual average transaction value of all domestic debit card transactions within each payment card scheme, or a lower weighted average if they wish.

The interchange fee for each credit card transaction is to be capped at 0.3%, although member states can reduce this for domestic transactions.

If domestic payment transactions are not distinguishable as debit or credit card transactions by the payment card scheme, the provisions on debit cards or debit card transactions apply. However, for 1 year after the fee caps apply, Member States may rule that up to 30% of the indistinguishable transactions are considered to be credit card transactions to which the credit card cap shall apply.

At these levels, the authorities believe that retailers should not be allowed to impose additional charges for use of cards that are subject to the caps (such 'surcharging' is controlled by PSD2). However, cards issued to businesses ('commercial cards') and those issued by 'three party payment schemes' (like Amex) are exempt from the caps. That's because businesses are thought to be able to fend for themselves (unlike consumers); and in a three party scheme all fees are charged by the scheme operator, so both the consumer and the merchant know who's paying what to whom. In those cases, then, the merchants can charge for the pain of accepting such cards and it's up to the scheme operators whether to lower their fees. But there are certain limits to the exemption for three party schemes.

In addition, the caps will not apply to 'limited network' payment instruments (like gift cards) which:

• allow the holder to acquire goods or services only within a limited network of service providers under direct commercial agreement with a professional issuer; or
• can only be used to acquire a very limited range of goods or services; or
• instruments valid only in a single Member State provided at the request of an undertaking or public sector entity and regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers having a commercial agreement with the issuer.

Confusingly, however, there's a similar exemption under PSD2 which carries an additional limitation that “The same instrument cannot be used to make payment transactions to acquire goods and services within more than one limited network or to acquire an unlimited range of goods and services”. So it's conceivable that a scheme may be exempt from the need to be authorised under PSD2, yet have its interchange fees regulated under the MIF Regulation.

Business Rules:

The MIF Regulation has some additional 'business rules':

1. there can't be any territorial licensing restrictions on scheme membership within the EU;
2. card schemes (other than three party schemes) must: ensure their system is technically interoperable with other systems of processing entities within the EU; must separateensure the rule-making entity is independent from entities providing payment processing and other services; eliminate cross-subsidies among scheme services; and not make any one service conditional on taking or providing another;
3. all card schemes must:

• allow 'co-badging', so that a single card can be accepted under multiple schemes;
• enable co-branded instruments on the same card, if possible, but give clear and objective information on the different instruments and their characteristics;
• not discriminate between issuers or acquirers concerning co-badging of payment brands or applications or in terms of reporting, fees or other obligations, routing of transactions or by using mechanisms that limit the choice of application by payer and payee when using a co-badged instrument (though prioritising is okay);
• not charge fees on a blended basis for different card types, unless requested;
• not insist that all their types of cards are honoured if a merchant only wants to accept some of them (and so must enable customers to readily distinguish between the different types of cards offered by the scheme);
• not prevent retailers ‘steering’ customers toward using a preferred payment method, without prejudice to rules under the PSD or the consumer rights directive.

While the MIF Regulation is reasonable advanced, the UK Payment Systems Regulator (PSR) recently warned that if the adoption of the MIF Regulation is delayed, or the implementation of its domestic fee caps is deferred from the caps on cross-border interchange fees, it will consider taking action in advance of the Regulation; and that it may still consider whether it is appropriate to take any further action even if the MIF Regulation is adopted.

In other words, official trust in card schemes is low.

Payment Systems Regulator Publishes Regulatory Proposals

It's all go in the payments world at the moment. The EU is trying to hammer out a new payment services directive (PSD2), while the UK's new Payment Systems Regulator (PSR) is setting up shop ahead of its official launch in April 2015.

The PSR has just announced the results of a joint market study with Ofcom on the level of innovation in the payments sector, which casts doubt on certain aspects of PSD2.

In addition, the PSR has published its response to an earlier consultation on its proposed rules for regulating payment systems. The term "payment system" is defined very broadly as:

“a system which is operated by one or more persons in the course of business for the purpose of enabling persons to make transfers of funds, and includes a system which is designed to facilitate the transfer of funds using another payment system.”

The intention behind the rules are to:

• set a new approach to industry strategy development - a new 'Payments Strategy Forum';
• change the governance and control of payment systems to ensure greater transparency and representation of users in decision making, avoidance of conflicts of interest, publication of board minutes and compliance reports to the PSR;
• make it easier for participants of all sizes to access payment systems – directly or indirectly;
• action on interchange if EC regulation is delayed; and
• require system operators to discuss significant developments with the PSR in advance and on an on-going basis.

If the rules still aren't to your liking, you have until 12 January to kick up a fuss.

The Updated Updated Review Of #PSD2

The European Council produced a further update of the proposed new Payment Services Directive (PSD2) in late October, and I have now updated my review article for the SCL, as well as the posts assessing the impact on:

• loyalty schemes, including store card and gift card programmes;


• third party gateways and other technical service providers;


• the providers of the newly regulated payment initiation and account information services; and


• security, innovation and competition.

Regulatory Creep Hits Big Loyalty Schemes - Updated

Store cards, gift cards and loyalty rewards are currently exempt from payments regulation where they are only accepted within the issuer’s premises or certain ‘limited networks’. The new European Payment Services Directive (PSD2) extends the scope of this exemption - which is helpful to some extent - but also introduces a notification requirement that will bring big schemes within the regulatory sphere from 13 January 2018, and oblige the authorities to decide whether the exemption is available. This post explains the changes, and the options open to the operators of such schemes. For other significant changes proposed under PSD2, see my longer SCL article). The Treasury's consultation on introducing PSD2 in the UK has just been published.

The limited network exemption under PSD1 applies to services based on instruments that can be used to acquire goods or services only: (a) in the premises used by the issuer; or (b) under a commercial agreement with the issuer either (i) within a limited network of service providers or (ii) for a limited range of goods or services (my numbering/emphasis).

The exemption under PSD2 is for:

"services based on specific payment instruments that can be used only in a limited way, that meet one of the following conditions:

(i) instruments allowing the holder to acquire goods or services only in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a 'professional issuer' [not defined];

(ii) instruments which can be used only to acquire a very limited range of goods or services;

(iii) instruments valid only in a single Member State provided at the request of an undertaking or a public sector entity and regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers having a commercial agreement with the issuer." (my emphasis)

Some guidance as to what is meant by 'limited' or 'very limited' is to be found in the relevant recital to PSD2, which states:

"Instruments which can be used for purchases in stores of listed merchants should not be excluded from the scope of this Directive as such instruments are typically designed for a network of service providers which is continuously growing."

In addition, operators of large limited network schemes will be obliged to notify the regulator “if the the total value of payment transactions executed over the preceding 12 months exceeds the amount of EUR 1 million”. The regulator must then decide whether the exemption criteria actually apply, and notify the service provider if the regulator concludes that it does not. There is no provision for a transition period to explore alternative methods of supporting the scheme.

This means that loyalty scheme operators need to consider now whether their scheme will be covered by the revised limited network exemption in January 2018 and, if not, whether they should outsource the operation of the programme to an authorised firm (or the agent of one); or seek their own authorisation (or agency registration). Ultimately, they might restructure the scheme to fit the exemption, or shut it down.

The UK Treasury was due to issue its consultation paper in August 2016 on how it plans to implement PSD2, but has not done so yet. Hopefully, either the Treasury and the FCA will clarify further how they plan to handle the notification process, including whether pre-clearances will be possible during 2017, for example, given the lack of any transition period should the FCA conclude that the exemption does not apply.  Otherwise, queries arising out of any uncertainty in the application of the exemption might be directed to the FCA's Innovation Hub. 

This kind of regulatory 'scope creep' is not at all healthy, however. PSD2 should be clearer on what activities are in or out of scope. Instead, we have activities that are out of scope altogether; in scope but exempt; in scope with authorisation required; in scope with registration required; or in scope with only notification required (as here).

The question also remains why loyalty schemes are being targeted in this way. There is no evidence of any harm to consumers in such scenarios, as discussed in the context of earlier plans by the UK Treasury to propose self-regulation to ring-fence retail loyalty scheme funds (here and here).  It seems a case of mistaken identity with retail pre-payment schemes such as operated by Farepak and certain tour companies which don't appear to be caught anyway.  Similarly, there is no distinction made for 'limited network' schemes whose rules do not allow cash to be obtained by either redeeming the limited network value or seeking a refund for a purchase made using that value.

[First published 23.10.14, and since updated to reflect the change to the notification threshold; again to reflect the removal of 'unlimited' in a late draft of PSD2; and again to include the date when PSD2 takes effect in national law]

PSD2, The Saga Continues - Updated

The European Council issued its revised proposal for PSD2in September 2014.

The Society for Computers and Law has kindly published an update to my earlier article on PSD2 to reflect the revised proposal.

Possibly the key issues relate to:

• limiting the technology service providers exemption to those who supply their services to payment service providers, rather than users - for example, this would no longer seem to apply to 'gateway' data services supplied to merchants/retailers, as opposed to acquirers;
• the distinctions between technology services, on the one hand, and services involving payment initiation, account access, bill payment and acquiring;
• the inconsistent treatment of bill payment services, e-commerce marketplaces and the suppliers of public communications networks (telcos);
• the notification requirements for large store card, gift card and loyalty programmes and other 'limited network' payment schemes;
• the requirement for payment service providers to release to payers the names of payees who refuse to surrender funds that have been paid to them by mistake;
• host state reporting for cross-border service providers, in addition to home state reporting;
• prescriptive security provisions affecting different types of payment service provider, which must meet (as yet unpublished) standards issued by the European Banking Authority;
• e-money institutions having to provide fresh evidence that they meet the threshold conditions for authorisation.

Interested in hearing your thoughts, either here or via the SCL site.

 

ECB Moves To Kill Innovation in Payment Services

Last July, the European Commission proposed a new Payment Services Directive (PSD2), which was voted on in committee on 20 February. Apparently it was passed with certain changes, which have not yet been published. However, it's worth noting that earlier in February the ECB published its proposed changes to the draft directive, which are discussed below in a post that I've been trying to finish for the past 3 weeks (sorry). The Parliament is due to vote in plenary on 2 April. PSD2 will take effect 2 years after it is adopted.

The ECB's stated concern is to help the development of the payment services market. Yet readers in common law countries will be struck by the irony in its proposal to regulate on matters that the industry could otherwise agree contractually. So, rather than allowing for flexible contractual solutions, the ECB wants a rigid code that won't take effect for 2 years and will take many more to change. In addition, the ECB wants "further business rules, including technical and operational arrangements" to be "defined through the creation of a payment scheme."

But we can ill afford the pace of innovation and competition in payment services to be dictated by the glacial speed of the EU legislative process or the snail's pace at which established players form new trade organisations and agree standards. I mean, it took a decade to force UK banks just to implement Faster Payments.

The ECB's approach is of course typical of the civil law attitude to innovation and entrepreneurship, which is at odds with the vital role that contracts play in shaping markets, particularly in a global context. In common law countries we are free to act unless the law restricts us. The law follows commerce. Contracts therefore provide the rails on which entrepreneurial activity runs. Meanwhile, the citizens of civil law countries wait for their lawmakers to define how they may act - in continental Europe, commerce follows the law. Contracts should be used sparingly, if at all, to supplement civil law codes. As a result, entrepreneurship and innovation from outside the scope of existing law is viewed by continental Europeans as being rather dodgy, as are global contractual terms of service that transcend national laws and treaties. Europeans consider that governments should agree international rules through treaties, not the likes of you and me at the click of a mouse. So it's no surprise that so much global innovation thrives in common law markets, as illustrated by the growth of e-commerce. The European Commission's comment on amendments to the commercial agents' exemption in PSD2 is a case in point:

"The ‘commercial agent’ exemption has been amended to only apply to commercial agents which act on behalf of either the payer or the payee, and not to those which act for both payer and the payee. The exemption under the current PSD has increasingly been used with regard to payment transactions handled by e-commerce platforms on behalf of both the seller (payee) and the buyer (payer). This use goes beyond the purpose of the exemption and should thus be further circumscribed."

What UK officials make of all this is unclear. The Cabinet Office and the Treasury have held at least one workshop with some representatives of challenger businesses in the UK financial technology sector. But we have not seen whether and, if so, how those discussions have translated into UK policy. Meanwhile, the House of Commons European Scrutiny Committee has complained of receiving very little detail on the Treasury's position on PSD2, and only seems to have entertained submissions from MasterCard, the UK Cards Association and a few charities (see section 8 of its recent report).

Against this background, you might wonder if there's much point in caring about PSD2, and I suspect that is the point of government bureaucracy: to bore and frustrate everyone into submission - including many of those who are paid good money to participate directly. So let's call it sick fascination. At any rate, here's a quick summary of the ECB's proposals (none of which resolves the gobbledygook in Articles 67-68 and 72-75, by the way):

1. Payment access/initiation services: when you use a separate service to check the balance in one of your payment accounts or initiate a payment, you will not be able to allow the third party service provider ("TPP") to use your log-in details for the payment account you want to check or make a payment from. The TPP and your payment account servicer provider ("ASP") will need to figure out another way to interoperate using a European standard interface specified (eventually) by the European Banking Authority. 

2. Direct debit refunds: for privacy reasons (apparently), direct debit refunds should not be conditional on whether goods or services have already been consumed. Instead there should be an unconditional refund right for 8 weeks for all direct debits, except in relation to goods and services listed by the European Commission as items that 'debtors and creditors' can agree upon as not being subject to a refund. There is no suggestion that this will be consistent with consumer cancellation rights for distance sales. Note also the use of 'debtors and creditors' by the ECB in its explanation, when PSD2 refers to 'payer' and 'payee'. This highlights a problem with definitions in the PSD generally, where it is assumed that the payee and creditor (e.g. a merchant or the issuer of a bill) are the same when often they are not, a point the ECB has missed in trying to define the "acquiring of payment transactions" (see 5 below).

3. Territorial scope:  the scope provisions of the PSD and PSD2 are overly simplistic, given the range of situations involving payment transactions outside the EEA and the potential for a single transaction to be governed by the law in multiple jurisdictions. The ECB amendments not only fail to clarify these issues, but also increase the pressure on the interpretation by applying the customer disclosure and contractual requirements, as well as provisions relating to the supply and use of payment services.

4. Network and Information Security Directive: The ECB says this directive should not apply directly, but supervisory bodies may take that directive and any related guidance into account when assessing payment service providers' management of information security. Which means that they will have to comply with the NISD, in effect, but won't realise that's what they are doing because they didn't follow the tortuous passage of PSD2 through the EU quagmire.

5. Definitions: The ECB has recommended some additional definitions to clarify the application of PSD2. In particular, “acquiring of payment transactions” is defined to mean:

"a payment service provided by a payment service provider contracting with a payee to accept and process the payee’s payment transactions initiated by a payer’s payment instrument, which result in a transfer of funds to the payee; the service could include providing authentication, authorisation, and other services related to the management of financial flows to the payee regardless of whether the payment service provider holds the funds on behalf of the payee;"

Yet the issue of whether merchant acquiring is covered by the PSD lies entwined in the definitions of "payment transaction", "payer" and "payee"; mistakenly equating buyers with payers and merchants with payees; mistaken assumptions about exactly how payments are intitiated and by whom; and the fact that acquiring is actually achieved through a series of back-to-back contracts between principals that does not involve a direct contractual relationship between the buyer and seller at any point. There's even a Court of Appeal decision to this effect. But, again, that's clearly lost on officials.

The result? Slow, creeping, incremental change in payment services. Not exactly fertile ground for what you would genuinely call "innovation".

The Future of EU Payments Regulation?

I thought it would only ruin the Summer. But it's taken me until Autumn to get my head around the European Commission's plans for a new Payment Services Directive, or 'PSD2' (nope, that's not the train). I'm told that leaves falling from the local trees is purely coincidental and not some kind of arboreal reaction to the complexity.

At any rate, my review of the proposals is now up on the SCL website, along with my earlier article on how card acquiring really works.

If you receive payments by direct debit or you operate an online marketplace, gift card programme, loyalty scheme, mobile/digital wallet, bill payment service, telecoms network, payment initiation service, account information service or a small payment institution you should be particularly concerned. Existing institutions will need to work carefully through the detail.

All will need to take the time to explain to the Commission how their services actually work, and how the regulations might unduly constrain innovation and competition.

The Commission aims to get the changes adopted by Spring 2014, and Member states will have two years to implement. The Commission is giving itself a further five years to review its effectiveness, so it will be along time before we have another opportunity to rectify the mistakes...

Image from EuropeanBusinessReview.

How Card-based Merchant Acquiring Works

The requirement for the European Commission to review the operation of the Payment Services Directive provides a great opportunity to consider, amongst other things, how card-based merchant acquiring works. I've explained my take on it in an article for SCL, complete with a you-beaut, funky graphic: 

How card acquiring works

View more documents from Simon Deane-Johns