Payment Services #.0: When Payments Finally Become Less Visible

Today marks the dawn of new payments regulation under the second Payment Services Directive (PSD2). Yawn, you say. But, unusually for a technology-based industry, the experience for customers should outstrip the hype. Is this Payment Services 2.0? 3.0? 4.0?  Who cares? After all, "paying" for something or "checking your balance" should not be an activity all on its own. It should be just a small part of something else you're in the middle of doing. In other words, it's what you won't see that should make all the difference...

You might not deal with your bank anymore when paying or checking statements

New “payment initiation services” will mean you can use a separate service provider to make payments from your bank account or other payment accounts, without logging-in to your payment account provider's systems.

New “account information services” will combine the information from all your payment accounts and display it to you in one place. You could also permit that information to be sent to others (e.g. a lender, a comparison website or professional adviser). 

Not only will such services cut the amount of time you spend logging-in to different providers. They'll also make it easier for you to gather your financial information, understand and control your financial affairs and make payments from a range of accounts. 

You won't see retailers charging you for the privilege of paying them

From now on, nobody can add a charge based purely on how you pay them. So all their profit will be in the price of the goods or services you buy, not the extras. 

The UK has typically gone further than other EU countries to apply this to every type of consumer payment method. So, any contract term requiring such a 'surcharge' will not be enforceable. In fact, there will be an implied requirement to refund the excess. Or you could initiate a chargeback via your debit/credit card issuer, or make a claim against your credit card issuer under section 75 of the Consumer Credit Act. 

In addition, any extra charge for using a commercial payment method must be limited to the supplier's cost of accepting that type of payment. Again, no room for extra margin here.

You won't realise that big loyalty schemes are now policed by the FCA

Retail loyalty schemes, such as gift cards, fuel cards and other ‘limited network’ programmes, will need to be registered with the Financial Conduct Authority if the value of their transactions meets or exceeds €1 million (or the GBP equivalent) in any 12 month period.

The intention is to safeguard customer funds that are paid into wider schemes, as with any other e-money or payment service.

The FCA must then decide if the scheme really is a ‘limited network’ that's entitled to an exclusion from e-money and payments regulation. 

If not, then the retailer may have already committed an offence by offering the scheme in the first place.

The retailer also commits an offence if it fails to notify the FCA within 28 days after reaching the €1 million threshold. So retailers should check the status of their loyalty programmes well before then!

You will see less delay in handling your complaints 

The time for processing customer complaints has been cut from 8 weeks to 15 business days. This increases the pressure on payment service providers to operate much more efficiently, so they have fewer complaints and find it easier and less costly to solve any problems you do have. 

You won't see the increased security

You won't see all the standards-setting and development work that's going on behind the scenes to make all of this happen in a far more secure way than payment services have worked before.

The new regulations bring mandatory technical standards for better ways to make sure customers are who they claim to be, and for the different types of payment service providers to work together where you need them to do so.

So, finally, "payments" will become less visible... if you know what I mean.

Final UK Regulations Implementing #PSD2

The UK government has today announced its final approach to implementing the new Payment Services Directive (PSD2), along with the final version of the Payment Services Regulations 2017. A final assessment of the impact of the new regulations is yet to be published. The FCA is expected to finalise its guidance on its approach to supervising PSD2 - along with application forms and so on - by September, and to accept applications for authorisation/registration from October 2017 to meet the implementation deadline of 13 January 2018.

It turns out that the responses to the consultation in February have only persuaded the government to change a few aspects of its approach to implementation (explained below). But it seems from the summaries that many responses didn't account for the fact that the government's hands have been tied since 2015, when the UK agreed the final version of PSD2 at EU level. As it's a maximum harmonisation directive, member states can only depart from PSD2 where it specifically allows them to. The ship has sailed (albeit with some awkward passengers on board, as explained in my own response). For the most part, implementation is now a question of how the FCA interprets the language in its application to the real world, which it consulted on in April. This does not suggest any lack of 'sovereignty', just a failure to influence EU negotiations (assuming those affected took the opportunity to engage at that time).

Ban on surcharging

One area of departure from the government's initial plan is to prohibit retailers from charging customers any additional amount for using any type of payment method/instrument.

The original idea was only to ban surcharging for the use of cards covered by the Interchange Fee Regulation (as required under PSD2), as well as cross border bank transfers and direct debits in euros (under the Single Euro Payments Area regulations); and limit the surcharges for other payment methods to the direct cost borne by the retailer for making them available.

But the government has opted instead for a blanket ban on businesses surcharging consumers for using any type of payment method, on the basis that it: 

"will create a level playing field between payment instruments and create a much clearer picture for consumers in which they know the full price of the product/service they are purchasing upfront and [can be] confident that there will be no additional charges when they come to pay [with] any payment instrument they choose to use. A blanket ban will also be much easier to enforce than the current position in which merchants are able to pass on costs (but the consumer has no easy way of assessing what these are).

Meanwhile, the government says it will "assess the scale" of claims that interchange fees for card payments have been rising again.

Scope of account information services

PSD2 introduces a new “account information service” which basically involves providing information from one or more payment accounts held by the user with one or more other payment service providers.

Initially, the list of services the government said it believed might constitute account information services included some services of a much broader in nature:

"• price comparison and product identification services;

• income and expenditure analysis, including affordability and credit rating or credit worthiness assessments...

[and] might include accountancy or legal services, for example” (para 6.30)."

This provoked concern that the government's interpretation was too broad and overlooked the requirement that an account information service would need to be conducted by way of business in its own right, rather than merely as an ancillary part of a wider service. Examples of services that the government says that respondents were concerned about include: 

"banks’ corporate functions; price comparison websites; accountants; financial advisors; legal firms; and Credit Reference Agencies (CRAs). Many of these services are currently provided via a contractual relationship between service providers, users, and ASPSPs, often referred to as Third Party Mandates (TPMs)."

The government now confirms, however, that:

"many uses of these mandates are likely to be outside of the scope of the PSDII. Examples could include power of attorney, where the services are unlikely to be undertaken ‘in the course of business’."

In addition, the FCA has already suggested this narrower view, based on the 'business test' in its own consultation on how it proposes to supervise PSD2.

Next steps

The FCA is expected to finalise its guidance on its approach to supervising PSD2 - along with application forms and so on for the various types of authorisation/registration - by September, and to accept applications for authorisation/registration from October 2017.

#PSD2: The FCA Clarifies The "Business Test"

In deciding whether or not a firm's activities are caught by the new Payment Services Directive (PSD2) as implemented in the UK by new Payment Services Regulations, one needs to first consider whether the activities are conducted by way of business. This is a question of fact and degree that can be difficult to answer. In the consultation on its approach to supervising the new regulations, the Financial Conduct Authority has helpfully done a lot more than it has in other areas to clarify when it considers that a payment activity will constitute 'a regular occupation or business' in itself, as opposed to being merely part of another type of business.

FCA's current guidance on the Payment Services Regulations 2009 states (at PERG 15.2, Q.9):

“…Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations. Accordingly, we would not generally expect solicitors or broker dealers, for example, to be providing payment services for the purpose of the regulations merely through operating their client accounts in connection with their main professional activities.”

The FCA has revised Question 9 as part of its proposed draft changes to the Perimeter Guidance to read as follows:

"Q9. If we provide payment services to our clients, will we always require authorisation or registration under the regulations?

Not necessarily; you will only be providing payment services, for the purpose of the regulations, when you carry on one or more of the activities in PERG 15 Annex 2:

• as a regular occupation or business activity; and

• these are not excluded or exempt activities.

Simply because you provide payment services as part of your business does not mean that you require authorisation or registration. You have to be providing payment services, themselves, as a regular occupation or business to fall within the scope of the regulations (see definition of "payment services" in regulation 2(1)). In our view this means that the services must be provided as a regular occupation or business activity in their own right and not merely as ancillary to another business activity. Accordingly, we would not generally expect the following to be providing payment services as a regular occupation or business activity:

• solicitors or broker dealers, merely through operating their client accounts in connection with their main professional activities;

• letting agents, handling tenants’ deposits or rent payments in connection with the letting of a property by them;

• debt management companies, receiving funds from and making repayments for a customer as part of a debt management plan being administered for that customer; and

• operators of loan or investment based crowd funding platforms transferring funds between participants as part of that activity.

The fact that a service is provided as part of a package with other services does not, however, necessarily make it ancillary to those services – the question is whether that service is, on the facts, itself carried on as a regular occupation or business activity."

Simlarly, in Question 38, the FCA proposes to state:

"Q38. We are an investment firm providing investment services to our clients - are payment transactions relating to these services caught by the regulations?

Generally, no. Where payment transactions only arise in connection with your the main activity of providing investment services, in our view it is unlikely that you will be providing payment services by way of business. In those limited cases where you are, the PSRs 2017 do not apply to securities assets servicing, including dividends, income or other distributions and redemption or sale (see PERG 15 Annex 3, paragraph (i))."

In relation to e-commerce marketplaces, the FCA proposes to add the following question to its Perimeter Guidance:

"Q33A. We are an e-commerce platform that collects payments from buyers of goods and services and then remits the funds to the merchants who sell goods and services through us – do the regulations apply to us?

The platform should consider whether they fall within the exclusion at PERG 15 Annex 3, paragraph (b). The PSRs 2017 do not apply to payment transactions from the payer to the payee through a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Recital 11 of PSD2 makes clear that some e-commerce platforms are intended to be within the scope of regulation. An example of where a platform will be acting for both the payer and the payee would be where the platform allows a payer to transfer funds into an account that it controls or manages, but this does not constitute settlement of the payer’s debt to the payee, and then the platform transfers corresponding amounts to the payee, pursuant to an agreement with the payee.

The platform should also consider whether they are offering payment services as a regular occupation or business activity (see Q9). Depending on your business model, the payment service may be ancillary to another business activity, or may be a business activity in its own right. Where the payment service is carried on as a regular occupation or business activity, and none of the exclusions apply, the platform will need to be authorised or registered."

The FCA also proposes to add Question 34A relating to "online fundraising platforms":

"Q34A. We are an online fundraising platform which collects donations in the form of electronic payments and transmits funds electronically to the causes and charities that have an agreement with us - do any of the exclusions apply to us?

Persons collecting cash on behalf of a charity and then transferring the cash to the charity electronically do not fall within the exclusion in PERG 15 Annex 3, paragraph (d), unless they themselves are carrying this out non-professionally and as part of a not-for-profit or charitable activity. For example, a group of volunteers that organises regular fundraising events to collect money for charities would fall within this exclusion. On the other hand, an online fundraising platform that derives an income stream from charging charities a percentage of the money raised for them is unlikely to fall within this exclusion.

Nor will an online fundraising platform accepting donations and then transmitting them to the intended recipient be able to take advantage of the exclusion in paragraph (b), as they are not a commercial agent authorised via an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of either the payer or the payee but not both the payer and the payee.

Online fundraising platforms should also consider the guidance in Q33A."

There may be some confusion over whether a platform is an "online fundraising platform" covered by Questions 33A and 34A, as opposed to a 'donation/reward based crowdfunding platform' which I would suggest should be treated consistently with loan/investment based crowdfunding platforms under Question 9 above.

Consultations On Supervision Of New Payment Services Regs Under #PSD2

The FCA is consulting on its approach to supervising the new regulations that will implement PSD2. It's a huge job, and delays to the release of the draft regulations has left little time to prepare for the regulations to take effect from 13 January 2018. Responses to the FCA consultation are due by 8 June 2017, and can be provided online. 

The consultation is explained in the first 60 pages of the main policy document, and the detailed changes to the FCA Handbook is in the Annexes (another 217 pages worth!), including important updates to the 'perimeter guidance' on activities that are in scope, out of scope or excluded (Annex K from page 223 of the PDF version).

The FCA has also helpfully published a mark-up showing changes to its Approach Document that explains how it regulates the current PSD. The regulations are still in draft, so the FCA's guidance may also change if the regulations do; and there are certain 'regulatory technical standards' being developed that could also produce changes over time.

Meanwhile, the Payment Services Regulator has also issued its guidance on how the draft regulations impact its supervision of payment systems.

Unfortunately, the UK's view of PSD2 may not be consistent with other member states, and further divergence could occur after Brexit. The main consequences of this are explained in my answer to Question 1 of the Treasury consultation.

I will likely publish my general observations on the FCA's proposed changes in the coming weeks, where possible. 

In the meantime, my general response to the Treasury consultation on the draft Payment Services Regulations is here; and I've also previously posted on the following general issues under PSD2:

• Loyalty schemes with volumes over €1m (or GBP equivalent) must register with FCA, which must decide if they are a ‘limited network’; 
• Are Merchant Checkouts ‘Payment Instruments’? – may impact how checkout processes are structured/hosted and who by; 
• What is a ‘Payment Initiation Service’? – could affect merchants and various ‘technical service providers’ who support payment processes but don’t handle funds; 
• What is an ‘Account Information Service’? – new issue for accountants, personal data aggregators, cloud storage providers etc. who handle payment account data; 
• Are ‘bill payment services’ in or out of scope of new UK payments regs? 
• Post-Brexit outlook for passporting – if you need to get authorised to offer services across EU/UK, where do you do it? 

How The UK Will Introduce #PSD2

The UK Treasury has published its plans for implementing the new Payment Services Directive (PSD2), which must be done by 13 January 2018.  We have until 16 March 2017 to comment on the draft regulations.  No doubt we will also soon hear what how the FCA will approach its supervisory role.

I've previously covered the key differences between PSD2 and the current directive, and there are many areas for differing interpretation...

I will share my thoughts on the current consultation in the coming week(s).

Update: a copy of my submission to the Treasury consultation is here.

Will EU Red Tape Kill Store Cards And Loyalty Schemes?

Following my earlier SCL article on PSD2, I've had a few more thoughts on the European Commission's proposals aimed at ‘limited network’ services, such as retail store cards, gift cards, fuel cards and loyalty programmes. Remember, the Commission wants the changes agreed by Spring 2014, and Member states will have two years to implement them. It will be another five years before the Commission revies the effect of the changes, so this is the last chance to rectify the mistakes in PSD1 and avoid more in PSD2...

You will recall (no doubt) that the PSD exempts payment transactions based on payment instruments accepted only within the issuer's premises or certain 'limited networks'. Such instruments are also exempt from the definition of 'electronic money' in EMD2 by reference to the PSD exemption. While this exemption survives under PSD2, operators will be obliged to notify the regulator if the average of their transactions in the preceding 12 months exceeds €1m per month. The regulator may then disagree that the exemption applies. This catches 'closed loop' stored value and other instruments such as retail store cards, gift cards, fuel cards and loyalty programmes. Yet, as discussed previously here and here when the UK Treasury considered self-regulation to ring-fence funds in this area, there is no evidence of any harm to consumers in such scenarios, compared to the collapse of retail pre-payment schemes such as those offered by Farepak or tour operators which appear not be caught.

Here are my additional thoughts:

1. Other than simply the volume/value, there seems to be implied an additional basis on which a regulator might decide that a service which otherwise fell within limited network exemption below the threshold average of €1m per month would no longer qualify when it reached that threshold. What basis would that be?


2. If the regulator were to disagree that the limited network exemption under PSD2 applies, is the service provider automatically guilty of an offence without any possibility of an orderly transition to full authorisation or finding an authorised payment institution or PSD agent to operate the service?


3. Similarly, if the regulator were to disagree that the limited network exemption under PSD2 applies to a ‘closed loop’ stored value service, does that amount to a decision that the exemption from the definition of “electronic money” under EMD2 would also cease to apply to that service? If so, a service provider who was lawfully operating within the exemption below the volume threshold would suddenly find itself in breach of both PSD2 and EMD2, again without any possibility of an orderly transition to full authorisation or finding an authorised e-money institution to operate the service.


4. Outcomes such as those in scenarios 2 and 3 above seem to conflict with the privilege against self-incrimination and may be otherwise unacceptable from a public policy standpoint (e.g. the avoidance of retrospective regulation). Practically speaking, this mechanism could also drive every service provider with a programme operating anywhere near the volume threshold to approach the regulator for an indication of whether it’s programme would, if it reached the threshold, be deemed in breach. However, even doing that would open up a similar risk that the regulator may disagree that the exemption applies, with the ugly consequences that may follow. Accordingly, we may find that the operators of all limited network payment schemes apply for authorisation, or use an authorised firm to operate their schemes merely as a precaution against the possible commission of an offence. Or they cancel their programmes altogether. 

Surely such 'regulatory creep' is not the intention...?