Explanatory Memorandum to COM(2023)366 - Payment services and electronic money services in the Internal Market - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2023)366 - Payment services and electronic money services in the Internal Market. |
|---|---|
| source | COM(2023)366 |
| date | 28-06-2023 |
1. CONTEXT OF THE PROPOSAL
• Reasons for and objectives of the proposal
The second Payment Services Directive (PSD21) provides a legal framework for all retail payments in the EU, both Euro and other currencies, domestic and cross-border. The first Payment Services Directive (PSD12), adopted in 2007, established a harmonised legal framework for the creation of an integrated EU payments market. Building on PSD1, PSD2 addressed barriers to new types of payment services and improved the level of consumer protection and security. Most of the rules in PSD2 have been applicable since January 2018, but some rules, such as those on Strong Customer Authentication (SCA) have only applied since September 2019.
PSD2 contains both rules on the provision of payment services by payment service providers (PSPs) and rules on the licensing and supervision of one specific category of PSP, namely payment institutions (PIs). Other categories of PSP include notably credit institutions, which are regulated under EU banking legislation3, and electronic money institutions (EMIs), which are regulated under the Electronic Money Directive4.
The Commission’s 2020 Communication on a Retail Payments Strategy (RPS) for the EU5 laid down the Commission’s priorities regarding the retail payments sector for the term of office of the current College of Commissioners (2019-2024). It was accompanied by a Digital Finance Strategy, which set out priorities for the digital agenda in the finance sector other than payments. The RPS announced that “at the end of 2021, the Commission will launch a comprehensive review of the application and impact of PSD2”. This review was duly undertaken, essentially in 2022, and led to a decision by the Commission to propose legislative amendments to PSD2, in order to improve its functioning. These amendments are set out in two proposals, the present proposal for a Directive on payment services and electronic money services, focussing on licensing and supervision of payment institutions (and amending certain other Directives) and a proposal for a Regulation on payment services in the EU.
The proposed revision of PSD2 features in the Commission Work Programme for 2023, along with a planned legislative initiative on a framework for financial data access, extending financial data access and use beyond payment accounts to more financial services.
• Consistency with existing policy provisions in the policy area
Existing policy provisions of relevance to this initiative include other legislation in the area of retail payments, other financial services legislation also covering payment services providers and Union legislation of horizontal application that impacts the retail payments sector. Care has been taken in the preparation of this proposal to ensuring coherence with those provisions.
Other legislation in the field of retail payments, apart from those mentioned above, includes the Single Euro Payments Area (SEPA) Regulation of 2012, which harmonises the technical requirements for credit transfers and direct debits in euro6. On 26 October 2022, the Commission proposed an amendment to the SEPA Regulation, to accelerate and facilitate the use of instant payments in euro in the EU7. The Regulation on cross-border payments equalises pricing of domestic and cross-border transfers in euro8. The Regulation on Interchange Fees lays down maximum levels for such fees9.
Other relevant financial services legislation includes the Settlement Finality Directive (SFD)10, to which a targeted change is made in this proposal, the Markets in Crypto-Assets Regulation (MiCA)11, the Digital Operational Resilience Act concerning cyber-security (DORA)12 and the Anti-Money Laundering (AML) Directive, for which a package of proposed amendments is currently under discussion by the co-legislators.
The initiative is fully consistent with other Commission initiatives laid out in the Commission’s digital finance strategy for the EU13 which was adopted together with the RPS and aims to promote digital transformation of finance and the EU economy and to remove fragmentation in the digital internal market.
• Consistency with other EU policies
The initiative is also consistent with the Commission’s 2021 Communication ‘The European economic and financial system: fostering openness, strength and resilience’14, which reiterated the importance of its retail payments strategy and of digital innovation in finance for strengthening the single market for financial services. The same Communication confirmed that the Commission and European Central Bank services would jointly review at technical level a broad range of policy, legal and technical questions emerging arising from a possible introduction of a digital euro, taking into account their respective mandates provided for under the EU Treaties.
The Commission is submitting a proposal for an EU legal framework on financial data access, which is presented in conjunction with the two proposals to amend PSD2; that proposal covers access to financial data other than payment account data, which remains covered by payments legislation.
More general EU legislation of relevance includes the General Data Protection Regulation15.
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
The legal basis of PSD2 is Article 114 of the Treaty on the Functioning of the European Union (TFEU), which tasks the EU institutions with laying down provisions to establish the internal market and ensure its proper functioning in line with Article 26 TFEU. However, given that the Electronic Money Directive16 is based on Articles 53 and 114 TFEU, and that that act is integrated into the present proposal for a Directive, it follows that any new legal act incorporating rules for authorisation of institutions issuing electronic money should also have such a dual legal base.
• Subsidiarity (for non-exclusive competence)
The freedom to provide services and freedom of establishment are widely used by payment service providers. In order to ensure harmonious conditions and a level playing field within the internal market for retail payment services, EU-level legislation is required. This logic underlies the first and second Payment Services Directive and continues to apply to this proposal.
• Proportionality
The proposal contains targeted proportionality measures, such as different initial capital and own funds requirements for different types of payment services. The proposal also allows Member States to exempt small payment institutions with turnover of less than EUR 3 million from some of the authorisation requirements. The proposed new provisions on cash withdrawals services in shops or for cash withdrawals provided by independent ATM deployers are also proportionate.
• Choice of the instrument
PSD2 is currently a directive which is applied by transposing legislation in the Member States. However, in various areas of EU financial services legislation17, it has been found appropriate to enact rules applicable to financial undertakings in a directly applicable Regulation, in order to enhance the coherence of implementation in the Member States. The PSD2 review concluded that this approach would also be appropriate in payments legislation, which has led to the proposed amendments to PSD2 being contained in two distinct legislative acts: this proposal for a directive, containing in particular rules concerning licensing and supervision of payment institutions and an accompanying proposal for a regulation, containing the rules for PSPs (including PIs and some other categories of PSPs) providing payment and electronic money services. A directive is appropriate in the present case, given that licensing and supervision of financial institutions in general (including PIs and other categories of PSPs, such as credit institutions) remains a national competence of the Member States, and no EU-level licensing or supervision is proposed.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Ex-post evaluations/fitness checks of existing legislation
An evaluation of PSD2 was carried out in 2022. Input to the evaluation included a report by an independent contractor, and views of stakeholders in various public consultations. The evaluation report is published as an annex of the impact assessment accompanying the present proposal18. The evaluation report concludes that PSD2 has had varying degrees of success in meeting its objectives. Overall, the evaluation concludes that, despite certain shortcomings, the current PSD2 framework has enabled progress towards its objectives, while being relatively efficient with regard to its costs and delivering EU added value.
• Stakeholder consultations
To ensure that the Commission’s proposal takes account of the views of all interested stakeholders, the consultation strategy for this initiative comprised:
- an open public consultation, open from 10 May 2022 to 2 August 202219;
- a targeted (but nevertheless public and open) consultation, with more detailed questions than the public consultation, open from 10 May 2022 to 5 July 202220;
- a call for evidence, open from 10 May 2022 to 02 August 202221;
- a targeted consultation on the SFD, open from 12 February 2021 to 7 May 2021;
- consultation of stakeholders in a Commission expert group, the Payment Systems Market Expert Group;
- ad hoc contacts with various stakeholders, either on their initiative or that of the Commission;
- consultation of Member States’ experts in the Commission Expert Group on Banking Payments and Insurance.
The outcome of these consultations is summarised in Annex 2 to the impact assessment accompanying this proposal.
• Collection and use of expertise
Contents
A number of inputs and sources of expertise were used in preparing this initiative, including the following:
- evidence supplied through the various consultations listed above and on an ad hoc basis by stakeholders.
- evidence provided by the European Banking Authority in its Advice22.
- a study carried out by a contractor, Valdani Vicari & Associati Consulting, delivered in September 2022, “A study on the application and impact of Directive (EU) 2015/2366 on Payment Services (PSD2).23.
- data obtained from private sector operators.
• Impact assessment
This proposal (and the proposal for a Regulation on payment services in the internal market) is accompanied by an impact assessment, which was examined by the Regulatory Scrutiny Board (RSB) on 1 March 2023. The RSB issued a positive opinion with reservations on 3 March 2023 (the reservations were dealt with in the final version). The impact assessment found that there are four key problems in the EU payment market, despite the achievements of PSD2:
- consumers are at risk of fraud and lack confidence in payments;
- the open banking sector functions imperfectly;
- supervisors in EU Member States have inconsistent powers and obligations;
- there is an unlevel playing field between banks and non-bank PSPs.
- users (consumers merchants and SMEs) continue to be exposed to fraud risk and have limited choice of payment services, with prices higher than they need to be;
- open banking providers face obstacles to offering basic OB services and find it harder to innovate;
- PSPs experience uncertainty about their obligations, and non-bank PSPs are at a competitive disadvantage vis-à-vis banks;
- there are economic inefficiencies and higher costs of commercial operations, with negative impact on EU competitiveness;
- the internal market for payments is fragmented, with “forum shopping” occurring.
1. Strengthen user protection and confidence in payments;
2. Improve the competitiveness of open banking services;
3. Improve enforcement and implementation in Member States;
4. Improve (direct or indirect) access to payment systems and bank accounts for non- bank PSPs.
The impact assessment presents a package of preferred options, aiming to achieve the specific objectives (the list below covers both measures contained in this Directive and in the accompanying Regulation):
- For specific objective 1, improvements to the application of SCA, a legal basis for exchange of information on fraud and an obligation to educate customers about fraud, extension of IBAN verification to all credit transfers, and on conditional reversal of liability for authorised push payment fraud; an obligation on PSPs to improve accessibility of SCA for users with disabilities, older people and other people facing challenges regarding the use of SCA; measures to improve the availability of cash; improvements to user rights and information.
- For specific objective 2, a requirement for account servicing PSPs (ASPSPs) to put in place a dedicated data access interface; “permissions dashboards” to allow users to manage their granted open banking access permissions; more detailed specifications of minimum requirements for OB data interfaces;
- For specific objective 3, replacing the greater part of PSD2 with a directly applicable Regulation; strengthening of provisions on penalties; clarifications of elements which are ambiguous; integrating the licensing regimes for PIs and EMIs.
- For specific objective 4, strengthening of PI/EMI rights to a bank account; granting the possibility of direct participation of PIs and EMIs to all payment systems, including those designated by Member States pursuant to the SFD, with additional clarifications on admission and risk assessment procedures.
A number of options were rejected in the impact assessment, on grounds of high implementation costs and uncertain benefits. Costs of the selected options are mainly one-off costs and fall largely on ASPSPs (essentially banks). In open banking, costs are offset by savings (such as the removal of a permanent fall-back interface and of its exemption procedure) and by the adoption of proportional measures (possible derogations for niche ASPSPs). The cost to Member States of improved enforcement and implementation will be limited. The costs of direct access to key payment systems for PIs will be limited and fall on the payment systems in question. The benefits, on the other hand, will accrue to a wide range of stakeholders, including users of payment services (consumers, businesses, merchants and public administrations) and also PSPs themselves (especially non-bank fintech PSPs). The benefits will be recurrent, while the costs will be mainly one-off adjustment costs; therefore the cumulative benefits should exceed the total costs over time.
● Regulatory fitness and simplification
The present initiative is not a regulatory fitness and performance programme (REFIT) initiative. Nevertheless, as part of the evaluation and review process, opportunities for administrative simplification were sought. The main example of such simplification contained in the present initiative is the integration of the Second Electronic Money Directive into PSD2 and the large-scale reduction in differences between the regulatory regimes for EMIs and PIs (with some residual remaining differences, such as own funds requirements). This proposal involves a repeal of the Second Electronic Money Directive.
● Fundamental rights
The fundamental right which is particularly concerned by this initiative is the protection of personal data. To the extent that processing of personal data is necessary for the compliance with this initiative, the processing must be in line with the General Data Protection Regulation (GDPR)24, which applies directly to all of the payment services concerned by this proposal.
● Application of the ‘one in, one out’ principle
The present initiative does not involve new administrative costs for businesses or consumers, as the initiative will not lead to any increased oversight or supervision of PSPs, or to specific new reporting obligations not already contained in PSD2. There are also no regulatory fees and charges arising from the initiative. The Commission therefore considers that this initiative does not generate administrative costs which require offsetting under the 'one in one out' principle (although it is relevant for “one in one out” in that it creates implementation costs). It may be noted that the bringing together of the legislative regime for EMIs and that for PIs will reduce administrative costs, for example, removing the requirement to obtain a new license in certain circumstances.
● Climate and sustainability
No negative implications of the initiative for climate of this initiative have been identified. The initiative will contribute to target 8.2 of the UN Sustainability Development Goals: “to achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors”.
4. BUDGETARY IMPLICATIONS
The present proposal has no implications for the EU budget.
5. OTHER ELEMENTS
• Implementation plans and monitoring, evaluation and reporting arrangements
The proposal will provide for a review, to be completed 5 years after entry into force.
• Detailed explanation of the specific provisions of the proposal
This proposal for a Directive on licensing and supervision of payment institutions is largely based on Title II of PSD2, regarding “Payment Service Providers”, which only applies to payment institutions. It updates and clarifies the provisions relating to PIs, and integrates former EMIs as a sub-category of PIs (and consequently repeals the second Electronic Money Directive, 2009/110/EC). Furthermore, it includes provisions concerning cash withdrawal services provided by retailers (without a purchase) or independent ATM deployers and amends the Settlement Finality Directive (Directive 98/26/EC).
● Subject matter scope and definitions
The proposal concerns access to the activity of providing payment services and electronic money services by payment institutions (not by credit institutions). A number of key definitions are clarified and aligned with the proposal for a Regulation accompanying this proposal
● Licensing and supervision of payment service providers
The procedures for application for authorisation and control of shareholding are mostly unchanged from PSD2, with the exception of a new requirement for a winding-up plan to be submitted with an application, but made fully consistent for institutions providing payment services and electronic money services. Amongst other changes, it is acknowledged that payment initiation service providers and account information service providers may hold initial capital instead of a professional indemnity insurance, considering that the requirement to hold a professional indemnity insurance at the licensing stage may be difficult to fulfil, taking into account previous experience. Requirements for initial capital are updated for inflation since the adoption of PSD2 (except for Payment Initiation Service Providers as this is considered not appropriate given the relatively short time they have been in operation). The possible methods for calculation of own funds are not changed, either for payment institutions covered by PSD2 or for former electronic money institutions; it is provided that one of the three possible methods of calculation of own funds should be considered the default option in order to enhance the level playing field – but exceptions are allowed for particular business models.
Safeguarding rules for payment institutions are unchanged except that the possibility of safeguarding in an account of a central bank (at the discretion of the latter) is introduced in order to extend the options for PSPs in this regard and that payment institutions must endeavour to avoid concentration risk in safeguarded funds; EBA regulatory technical standards on risk management of safeguarded funds are to be adopted in this respect. For payment institutions providing electronic money services, the safeguarding rules are fully aligned with those applying to payment institutions only providing payment services. More detailed provisions on internal governance of payment institutions, including EBA guidelines, are introduced.
Provisions regarding agents, branches and outsourcing are unchanged from PSD2, but a new definition of distributors of electronic money and related provisions, closely aligned with those applicable to agents, are added.
Provisions on cross-border provision of services by PIs, and the supervision of such services are broadly unchanged. With respect to the exercise of the right of establishment and freedom to provide services where PIs use agents, distributors and branches, specific provisions are laid down for cases where three Member States are involved (the Member State of establishment of the PIs, that of the agent, and a third Member State to which the agent provides services on a cross-border basis), thereby enhancing clarity.
Member States and the European Banking Authority shall continue to maintain a register of authorised payment institutions and in addition develop a list of machine-readable payment initiation services providers and account information service providers.
As in PSD2 and the Electronic Money Directive, competent authorities, with adequate powers, must be designated by Member States for licensing and supervision. Provisions for cooperation between national competent authorities are laid down, clarifying the rules in this regard, and adding the possibility for NCAs to request assistance of the EBA in solving possible disagreements between other NCAs.
As in PSD2, PIs which only carry out account information services are subjected to a requirement of registration not authorisation. The proposal specifies the documentation that must accompany the registration application. Account information service providers remain supervised by competent authorities. The optional exemptions from certain provisions which Member States may grant to small payment institutions are unchanged.
● Provisions concerning cash withdrawals
Operators of retail stores are exempted from the requirement for a payment institution license when they offer cash withdrawal services without a purchase on their premises (on a voluntary basis), if the amount of cash distributed does not exceed EUR 50, in line with the need to avoid unfair competition with ATM deployers.
Distributors of cash via ATMs who do not service payment accounts (the so-called “independent ATM deployers”) are exempted from the licensing requirements of payment institutions, and subjected only to a registration requirement. The registration must be accompanied by certain documentation.
● Transitional provisions
Transitional measures are appropriate regarding existing activities under PSD2 given the creation of a new legal licensing regime. For example, existing licenses for PIs and EMIs are prolonged in validity (“grandfathered”) until 30 months after entry into force (one year after the transposition deadline and the beginning of application) on condition that application for a license under this Directive is made at the latest 24 months after entry into force.
● Repeals and amendments to other legislation
The second Electronic Money Directive (Directive 2009/110/EC) is repealed, with effect from the date of application of this Directive.
The second Payment Services Directive (Directive 2015/2366/EC) is repealed as of the same date. A correlation table of articles with respect to the corresponding articles of PSD2 and EMD2 is annexed, for purposes of legal continuity.
An amendment is made to the SFD (Directive 98/26/EC) to add PIs to the list of institutions which have the possibility to participate directly in payment systems designated by a Member State pursuant to that Directive (but not to designated securities settlement systems). An amendment is also made to the definition of indirect participation in SFD, to revert the definition to the text which existed before 2019, when Directive (EU) 2019/87925 changed this definition.
Article 47 provides for an amendment of Directive (EU) 2020/1828 to bring into its scope Regulation (EU) 20../…. on financial data access. This amendment will allow representative actions to be brought against infringements of the said Regulation.
● Other provisions
There is an empowerment to the Commission to update amounts of own funds to take account of inflation by Delegated Act. The directive is a full harmonisation directive. It will enter into force 20 days after publication in the Official Journal. The deadline for Member States to transpose this Directive and the date of application of the transposing measures is 18 months after entry into force (except for amendments to the SFD, in which case it is 6 months). A review report will have to be presented 5 years after the entry into force of the Directive, focusing in particular on the appropriateness of the Directive’s scope, on its possible extension to payment systems and technical services, and on the impact of the safeguarding of payment institutions funds of the rules proposed by the Commission on 18 April 202326 which, when adopted, would amend Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes.