This issue’s question

“What is the state of play with the Payment Services Directive 2 (PSD2)? What will the major changes be? And what do I, as the treasurer of a European company, need to think about in relation to the PSD2?”

The Payment Services Directive (PSD) came into force on 1^st November 2009 with the goal of making payments across Europe more efficient and easier to understand. The European Commission is now in the process of replacing PSD with PSD2, which is currently starting its First Reading in the Trilogue negotiations as part of the EU’s Ordinary Legislative Procedure. Each of the three main EU institutions: the European Commission, European Parliament and Council of the EU have reached their own individual positions on the new laws, and will work together to agree a final text of the new Directive through this process, with an agreement possibly reached by Q215. Following agreement, EU Member States have two years to transpose any new agreements into national legislation.

The European Commission’s objectives for PSD2 are to:

• Contribute to a further integrated and efficient European payments market.
• Improve the level playing field for payment service providers (including for new players).
• Ensure a high level of consumer protection and of payments security.
• Encourage lower prices for payments.
• Facilitate the emergence of common technical standards and interoperability.

The major alterations envisaged by the Commission’s proposal are primarily consumer-focused. For example, providers of so-called ‘payment initiation services’ and ‘account information services,’ who are currently unregulated, will be brought into scope. New rules regarding the security of internet payments will also require payment service providers to use strong customer authentication by adopting multi-layered practices which will better protect customers from a data breach.

While the main implementation impact of PSD2 will be felt by payment service providers (PSPs), there are some elements of the proposals which are likely to be of interest to treasurers. The draft legislation seeks to extend the scope to one-leg transactions (where either the payer’s or payee’s PSP is located outside the European Economic Area) and non-EU currencies, although precisely which provisions will apply will need to be agreed during the Trilogue process as there are differing views held by the Commission, Parliament and Council on this topic.

The present version of the Payment Services Directive (PSD1) – in Article 3(n) – exempts “payment transactions between a parent undertaking and its subsidiary or between subsidiaries of the same parent undertaking.” This exemption remains in place in PSD2. However, the Council of the EU, in its General Approach, proposes a new Recital to provide some context, which appears to seek to allay concerns expressed by the European Association of Corporate Treasurers (EACT). The EACT had identified some problems arising from transposition of PSD1 as to whether or not the intra-group exemption, mentioned above, applies. The Council’s suggested new Recital recognises this by stating: “One of the main objectives of the introduction of SEPA was to facilitate the creation of pan-European payment factories and allow the creation of collection factories, centralising all transactions of a corporate group, using the ‘on behalf’ functionalities.” The new Recital is, of course, subject to agreement on it being reached during Trilogue.

Article 51 of PSD1 relates to the scope of rights and obligations in relation to the provision and use of payment services. It allows PSPs to opt out of applying a number of provisions to corporate clients, subject to the clients’ agreement. One such example is the irrevocability of a payment order. This corporate opt-out remains unchanged in PSD2 (Article 54). Furthermore, there is no change to the maximum execution time of payment orders introduced in PSD1.

The Payment Services Directive 2 (PSD2) seeks to achieve a number of objectives that not only build upon the laws implemented in the original PSD regulation, but also reflect changes that have occurred in the payments industry. For example, since the original PSD was introduced, there has been a boom in the uptake of mobile and e-payment solutions. Partly due to this, we have seen the gradual disaggregation of the payments chain as different providers, often independent of banks, enter the payments process at different points.

It is expected that PSD2 will introduce a myriad of small amendments together with a number of significant changes, most notably bringing third party payment providers (TPPs) under the scope of the regulation. Including TPPs under the legislative umbrella will impact the industry in a number of ways, such as: encouraging adoption of this business model by requiring existing market players to adapt in order to work with TPPs in a standardised way; and increasing the payment options available that merchants can offer customers.

Another area that PSD2 is likely to impact is so-called one-leg payment transactions, (payments that are made from within the EU to outside it or vice versa) and also intra-EU, non-EU currency transactions, such as dollar or yen payments. These types of transactions largely fell outside the scope of the original PSD and many countries therefore took different approaches to regulating them. PSD2 seeks to harmonise these rules and create a more consistent environment, something that will be welcomed by corporate treasurers.

Of course, any new law can have unintended consequences if the wording is not sufficiently precise. From a corporate treasury perspective, an example of where discussion has been taking place to avoid this risk in relation to PSD2 concerns the wording of the article that seeks to exclude parent-subsidiary payment transactions from the scope of the Directive. If the final text were not to be carefully worded, there could be a chance of those corporates operating shared services centres being classed as providing payment services, requiring them to be regulated as such. However, this is highly unlikely to happen since legislators are well aware of this potential issue.

While the changes are expected to be far more incremental than the original PSD, and should not have a dramatic impact on corporate treasurers, they can’t be detached from the process. At this stage, therefore, corporate treasurers should keep track of the developments and leverage their peer groups and banking providers to ensure that they are aware of any important details that may arise from the ongoing PSD2 process.

The number of exemptions available will be reduced under PSD2, and the scope of the remaining available exemptions will be narrowed. These changes will need to be carefully reviewed by all firms that have sought to rely on any exemptions under the PSD.

In light of rapid technological developments in the payments space and different implementation and interpretations of the provisions of PSD by European
regulators, the European Commission published, in July 2013, proposals for a new Payment Services Directive (PSD2) to repeal and replace PSD.

PSD2 will increase the scope of regulation. First, the geographical scope will be increased in that certain provisions (relating to transparency of terms and conditions and information requirements) will apply to ‘one-legged’ transactions namely, transactions where either the payer’s or the payee’s payment service provider (rather than both the payer or payee) is located outside the EEA. Secondly, under PSD2, the abovementioned transparency and information requirements will apply to all currencies, not just to EU currencies as is the case under PSD. Thirdly, PSD2 introduces two new payment services: a payment initiation service and an account information service.

Some of the most relevant conduct of business changes in PSD2 relate to security requirements, liability for unauthorised transactions and refunds.

PSD2 introduces new requirements relating to operational and security risks. These include requiring a Payment Service Provider (PSP) to: (i) report security incidents and provide annual information on its assessment of the operational and security risks associated with its payment services; (ii) notify its customers directly and without undue delay if a security incident might impact the financial interests of those customers; and (iii) apply ‘strong customer authentication’ in respect of electronic payment transactions.

With regard to unauthorised transactions, the maximum liability that a payment user will have for such transactions will be reduced from €150 (as it was under PSD) to €50. In addition, in the case of late execution of a payment transaction, the payer can opt to have the amount value-dated at the date the amount should have been received instead of having the amount refunded.

Refund rights in the case of direct debit transactions are to be broadened under PSD2 so that a payer will have an unconditional right of refund within eight weeks of the debit date (as long as the payee has not already fulfilled its contractual obligations).

PSD2 updates the existing regulatory framework on payment services by bringing into its scope payment service providers that were previously unregulated and addressing issues such as transparency and security of payments through new payment channels. During the two year implementation period, efforts will need to be made to ensure that PSD2 is applied in a consistent and co-ordinated manner across the EU if objectives such as the SEPA area are to be realised. Firms will also need to carefully review the application and scope of PSD2 in light of the proposed changes including those mentioned above.