The European Banking Authority (EBA) has issued a variety of legal clarifications regarding the payments landscape in the EU, responding to queries from both the market and regulators.
In the second part of Vixio’s analysis of the EBA’s latest collection of Q&As clarifying parts of the revised Payment Services Directive (PSD2) and other payment services regulation, we look at how the EU’s banking watchdog is addressing issues regarding safeguarding and cross-border payments.
Both have been among the biggest challenges faced by payment service providers (PSPs) and consumers alike in the trading bloc.
The updates provided by the Paris-based authority aim to ensure consistent regulatory application in the single market.
Use of own funds as comparable guarantee
In response to a question on the difficulty of obtaining professional indemnity insurance (PII) in some EU member states, the EBA confirmed that payment initiation service providers (PISPs) and account information service providers (AISPs) may use their own funds as a comparable guarantee under PSD2.
Article 5 of PSD2 requires PISPs and AISPs to hold PII or a comparable guarantee to cover liabilities to account servicing payment service providers (ASPSPs) and payment service users (PSUs).
The EBA clarified that own funds can qualify, provided they meet the same protection standards as PII.
These include compliance with minimum monetary amounts per the EBA Guidelines, ringfencing to ensure accessibility in insolvency scenarios and alignment with PSD2’s liability provisions.
National authorities will assess compliance with these requirements, offering flexibility to providers while maintaining robust safeguards for financial systems and users.
This response is likely to be welcomed by fintechs, due to the fact that it offers more flexibility.
It touches upon the long-established issue of de-risking that these sorts of firms have faced in the EU’s payments market.
PISPs and AISPs have to contend with the fact that many insurers are reluctant to cover the specific risks associated with these services, especially as the fintech sector is still evolving rapidly in Europe.
In addition, some member states have stricter regulatory environments, making it more difficult for these providers to find appropriate and affordable PII policies.
The ability to use their own funds as a guarantee gives these service providers more flexibility and a viable way to meet PSD2 requirements without being excluded from the market due to insurance challenges.
Exchange rate mark-ups in cross-border payments
The EBA also clarified the rules on disclosing exchange rate mark-ups in cross-border payments.
An inquiry from Wise Europe highlighted inconsistent practices, with some PSPs disclosing mark-ups upfront and others embedding them in inflated exchange rates or obscuring them in terms and conditions.
Under PSD2, PSPs must disclose "all charges payable", and the exchange rate applied to transactions. However, the EBA explained that exchange rate mark-ups are not standalone charges under PSD2.
Instead, under the Cross-Border Payments Regulation (CBPR2), PSPs must disclose currency conversion charges for card-based transactions as a percentage mark-up over the ECB reference rate.
This requirement does not apply to credit transfers, however, and the EBA emphasised that transparent disclosure of mark-ups enhances consumer protection and promotes fair competition, even as the percentage mark-up is considered an indicator of comparability rather than a charge under PSD2.
The EBA’s clarification could trigger a significant impact on PSPs, such as those with revenue streams from remittances.
For example, it could lead to more pressure to disclose the exact percentage of the exchange rate mark-up applied to transactions, which could prompt firms to reassess their pricing structures to maintain competitive pricing while also complying with the rules.
Although the mark-up is not classified as a charge under PSD2, the requirement for disclosure will help enhance transparency, and Wise could be one of the key beneficiaries from this.
Unlike many traditional remittance firms, Wise has built its business model around offering real exchange rates (the mid-market rate) and is upfront about its fee structure.
The EBA's clarification on this issue sets an expectation that PSPs disclose their exchange rate mark-ups and provide visibility into the true cost of transactions.
Capital requirements for multi-licensed payments institutions
The EBA addressed whether payment institutions (PIs) holding both a PSD2 licence and a crowdfunding licence must meet the capital requirements for both licences in aggregate.
According to PSD2, entities cannot reuse eligible funds across multiple licences.
However, the EBA clarified that payment firms that are authorised under the European Crowdfunding Service Providers Regulation (ECSPR) do not need to meet the prudential requirements set out in the regulation, as these entities are already subject to PSD2’s capital requirements.
Here, the EBA has effectively reduced the compliance burden for firms operating in the crowdfunding sphere.
It is advantageous because it simplifies capital management, while also reducing the need to maintain separate pools for each licence.
As with other Q&As, this clarity from the EBA should also reduce the risk of different interpretations from competent authorities across the member states.
ASPSP liability in fraud-related cancellations
The EBA provided guidance on ASPSPs’ liability when cancelling payment orders initiated by PISPs due to fraud concerns.
PSD2 mandates that authorised payment orders must be executed unless specific conditions, such as contractual breaches or fraud prevention measures under EU or national law, are met.
Unilateral ASPSP decisions to block payments could lead to liability if they cause financial loss to payers or PISPs.
The EBA clarified that providing a simple “yes/no” response about fund availability does not guarantee payment execution, and liability determinations remain subject to national legal systems.
Safeguarding requirements for payments institutions
The EBA has reaffirmed that under Article 10(1)(a) of PSD2, PIs must safeguard client funds using credit institutions authorised in the EU/EEA or branches of third-country institutions authorised under EU law.
Funds held solely with non-EU institutions, such as those based in the UK, do not meet PSD2 safeguarding requirements unless their branches are authorised to operate within the EU/EEA.
The EBA’s clarification here diverges with the plans of the UK's Financial Conduct Authority (FCA), which has said in its proposals for safeguarding that firms should be able to segregate funds into an authorised third-country bank, rather than exclusively those authorised in the EU or third-country institutions authorised to operate within the EU.