Viewpoint: A Regulatory Snapshot for Payment Services and E-Money in Europe
By Robert Courtneidge and Charlie Clarence-Smith, Locke Lord, and David Wilford, Wave Crest
A business that decides to become incorporated in the European Economic Area (EEA) to provide payment services or issue e-money in and across EU member states must navigate at least two layers of regulatory control:
- Regulations and requirements outlined by its own “home state” regulator; and
- Three EU directives and an EU regulation, in particular, both in concept and as interpreted and applied by each EU member state in which the company does business:
- Payment Services Directive (PSD) provides the legal foundation for the creation of an EU-wide single market for payments services. The PSD aims to establish a modern and comprehensive set of rules applicable to all payment services in the EU. The PSD is soon to be repealed by the introduction of the second Payment Services Directive (PSD2), which aims to update the current framework on payment services, extending its scope to payment service providers that were previously unregulated and to improve the transparency and security of payment services. The European Council published its final PSD2 compromise proposal in June 2015. The date it comes into force has yet to be determined.
- Multilateral Interchange Fees Regulation (MIF) regulates interchange fees and merchant fees of card-based payment transactions across Europe. MIF enhances harmonization by defining business rules and standards applicable throughout the EU. It aims to increase competition by enabling retailers to choose which cards to accept, unless they’re subject to the same interchange fee, and it provides for organizational separation between card schemes and processing entities to reduce the bundling of services in the payment cards market. The interchange fee caps go into effect on Dec. 9, 2015, and the majority of provisions relating to business rules will be effective on June 9, 2016.
- Second E-Money Directive (2EMD) aims to enable new, innovative and secure electronic money services, provide market access to new companies, and foster real and effective competition between all market participants. Currently, the EU awaits the third E-Money Directive (3EMD). The first Consultation Paper originally was scheduled to be released in the first quarter of 2014, but we’re still awaiting its release.
- Money Laundering Directive (MLD) aims to combat money laundering and terrorist financing and imposes, among other things, know your customer (KYC), transactional monitoring and reporting obligations on providers. The third Money Laundering Directive (MLD3) currently in force sets out more specific details relating to identifying the customer and identity verification. The fourth Money Laundering Directive (MLD4), is designed to further strengthen the EU’s defenses against money laundering and terrorist financing, while also ensuring that the EU framework is aligned with the Financial Action Task Force’s (FATF’s) AML and counterterrorist financing (CTF) standards. MLD4’s adoption means that, for the first time, EU member states will be obliged to maintain central registers, listing information on the ultimate beneficial owners of corporate and other legal entities, as well as trusts. Furthermore, personal data collected should be limited to what’s strictly necessary for the purpose of complying with the requirements of MLD4. In addition, MLD4 addresses the risks relating to cross-border activities and cross-border correspondent relationships. Member states are required to bring into force the laws, regulations and administrative provisions necessary to comply with MLD4 by no later than June 26, 2017.
Addressing the U.K. Specifically
EU businesses must determine how each country implements the directives and any applicable state-specific regulations, which might include notification and registration requirements or even setting up a physical presence in that country.
According to the U.K.’s financial regulator, the Financial Conduct Authority (FCA), non-EEA payment institutions providing payment services to U.K. customers from a location outside the EEA, including the U.S., do not require authorization or registration under the U.K. Payment Services Regulations 2009 (PSR 2009). When the FCA considers whether non-EEA payment institution falls within the scope of the PSR 2009, its starting point is to consider whether a U.K. payment services provider would be providing cross-border services in analogous circumstances (for example, when it provides payment services to EEA customers from a location in the U.K.). Accordingly, the FCA generally wouldn’t expect a payment services provider incorporated and located outside the EEA to be within the scope of the PSR 2009, if all it does is provide Internet-based and other services to U.K. customers from that location.
Home and Host State Regulation for Passporting Services
In the case of an e-money license, businesses can “passport” that license from one EEA member state to all other member states (subject to certain country-specific requirements). PSD2 will stipulate a revised process for payment institutions and e-money institutions to exercise their rights to offer their services in other member states on either a branch basis (within 60 days) or cross-border service basis (within 40 days).
Host states, however, also are empowered to require passporting firms operating through branches or agents under the right of establishment to report to them on the activities carried out in the host territory by the firm’s agents or branches. Host states then may contact the passporting firm’s home state authority with any allegations of non-compliance, thereby appearing to create a process by which a host state could escalate any differences in its interpretation of PSD2 with the home state. Such action could undermine the concept of home state control that’s especially important for consistency in services provided using agents that refer electronic transactions across borders. Contrast this with the state-based money services business (MSB) license rules in the U.S., where licenses must be secured in 48 states.
Opportunities Come with Complex Requirements
Operating a payments services or e-money business in the EU is complex. There are significant opportunities, but it’s important to understand the ever-changing European and national legislation and how they’re implemented in each member state where consumers or clients use your products.
Robert Courtneidge is Locke Lord’s global head of cards and payments, and is recognized for his knowledge and experience in the e-money area, where he has acted on matters for major financial institutions around the world. Robert, who has more than 24 years of experience in cards and payment systems, recently was named No. 1 in the Payments 2015 Power 10 rankings as well as a Paybefore Top 10 Payments Lawyer. He may be reached at email@example.com.
Charlie Clarence-Smith is a member of Locke Lord’s cards and payments team and his growing areas of expertise include e-money, payment services and financial services regulation. He may be reached at firstname.lastname@example.org.
David Wilford is general counsel and chief compliance officer at Wave Crest Group Limited. David came to Wave Crest from FIS, a top-ranked technology provider to the banking industry, where he was division counsel for FIS’s prepaid and e-payments business. Prior to FIS, David was in private practice at an international law firm. David is a former NBPCA board member. He may be reached at email@example.com.