The European Parliament and the Council are proposing a new
directive on payment services and electronic money services in the
Internal Market (https://finance.ec.europa.eu/system/files/2023-06/230628-proposal-payment-services-directive_en.pdf).
This directive, which will amend Directive 98/26/EC and repeal
Directives 2015/2366/EU and 2009/110/EC, introduces several key
aspects and elements that existing payment institutions need to be
aware of.
Key Aspects of the Directive:
- Risk Avoidance and Safeguarding of Customer Funds: The
directive emphasizes the importance of risk avoidance, particularly
concentration risk, in the safeguarding of customer funds.
- Payment institutions shall be allowed to engage in other
activities beyond those covered by this directive, including the
provision of operational and closely related ancillary services and
the operation of payment systems or other business activities
regulated by applicable Union law and national law to further
diversify activities.
- Prohibition of Deposit-Taking Activity: The directive prohibits
payment institutions offering payment services from accepting
deposits from users and requires them to use funds received from
users solely for providing payment services.
- Regulation of Credit Granting: The directive allows payment
institutions to grant credit, but this activity is subjected to
strict conditions. Credit can be granted in the form of credit
lines and the issuance of credit cards, provided the credit is
granted for a period not exceeding 12 months.
- Record Keeping: The directive requires payment institutions to
keep all appropriate records for at least five years.
- Transparency and Exemptions for Small Payment Institutions: The
directive requires Member States to communicate decisions regarding
possible exemptions for small payment institutions to the
Commission.
- Specific Prudential Regime for Account Information Service
Providers: The directive provides for a specific prudential regime
for account information service providers, with a lighter
registration requirement.
- Outsourcing of Operational Functions: The directive requires
payment institutions to inform competent authorities when it
intends to outsource operational functions.
- The proposed directive also sets out specific rules on information and communication technology (ICT) security controls and mitigation elements for obtaining an authorisation to provide payment services. These requirements are aligned with the requirements under Regulation (EU) 2022/2554 of the European Parliament and of the Council, also known as the Digital Operational Resilience Act (DORA).
PSD3 is accompanied by a proposed Payment Service Regulation (PSR - COM(2023) 367 final; 2023/0210 (COD)) and a proposal for a regulation on a framework for open financial data access (COM(2023) 360 final; 2023/0205 (COD).
The proposed Payment Service Regulation (PSR) is another crucial
element to consider. It provides a regulatory framework governing
the conduct of payment services in the EU and European Economic
Area (EEA), separating them from the rules on authorisation and
supervision of payment institutions, which will be governed by PSD3
in the future.
In light of these changes, existing payment institutions may find
themselves in need of expert legal advice. This is where Bergt Law,
a Liechtenstein-based law firm, comes in. With a deep understanding
of the European financial market and the new directive we are
well-positioned to provide comprehensive advice on the implications
of the directive for your business – contact us now if you
have any questions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.