.svg)
In documents seen by VIXIO, the Electronic Money Directive (EMD) looks set to be repealed and integrated into the third Payment Services Directive (PSD3), while changes to strong customer authentication (SCA) and safeguarding also look likely.
As with most EU legislation — including the instant payments and the Markets in Crypto Assets proposals — the European Commission’s proposals for PSD3 and a new payments regulation have now been circulated around Brussels and further afield prior to their official publication later this month.
Eric Ducoulombier, the European Commission civil servant charged with developing the legislation, has said many times that it will be “an evolution, not a revolution”. The industry now has the chance to see if this rings true.
With both a PSD3 and a first Payment Services Regulation (PSR) set to be introduced on June 28, there is still much that looks set to change for payments firms.
One of the most significant of these changes is that the PSD3 updates and clarifies the provisions relating to payment institutions and, should the proposal survive, will integrate e-money institutions (EMI) as a subcategory of payment institutions — consequently repealing the second E-Money Directive.
The reasoning given for this change in the legislation is that national competent authorities have found it hard to delineate between the two types of institution. Further, there is concern that some institutions may have exploited the regulatory arbitrage.
However, the licensing rules for EMIs, including initial capital and own funds requirements, as well as some key basic concepts governing the e-money business, such as the issuance of e-money, e-money distribution and redeemability, will remain in the integrated regulation.
Changes to SCA
While the Commission’s text regards SCA as a success, the new legislation does include some changes.
In particular, according to the documents seen by VIXIO, improvements will be made to the application of SCA to create a legal basis for the exchange of information on fraud, as well as an obligation to educate customers about fraud.
Further, the PSD3 document looks set to extend IBAN verification to all credit transfers, conditionally remove customer liability for authorised push payment (APP) fraud and there is an obligation on payment service providers (PSPs) to improve the accessibility of SCA for vulnerable communities, such as the elderly and disabled.
In the separate PSR, the Commission has said that SCA will need to be applied in the case of merchant initiated payment transactions (MITs) the first time one is undertaken. After this, SCA on MITs will not be necessary.
For mail orders and telephone orders (MOTOs), the PSR clarifies that the initiation of a payment transaction needs to be non-digital in order for that transaction to not be covered by the SCA obligations, otherwise only cash payments would fall outside the scope of SCA.
However, the PSR suggests that payment transactions that are based on paper-based payment orders, mail orders or telephone orders should be subjected to security standards and checks by the PSP of the payer, allowing authentication of the payment transaction in order to prevent abusive circumvention of the SCA rules
In addition, the scope of SCA exemption looks set to be narrowed in the cases of payment transactions for direct debits.
Here, an obligation to require SCA has been introduced in cases where a mandate is placed through a remote channel with the direct involvement of a PSP.
The document also suggests changes could be on the horizon for PSP relationships with technical service providers (TSPs).
TSPs, who provide services such as the processing and storing of data, may now need to enter into outsourcing agreements in cases where they are providing and verifying the SCA elements; specifically, inherence, possession, and knowledge.
Safeguarding
The Commission’s view in the documents seen by VIXIO show it views safeguarding, which aims to protect user funds in the event of a company liquidation, as having worked relatively well.
However, the documents show that the Commission wants to expand the possibility of safeguarding in an account with the member state central bank, but this will remain at the discretion of the latter.
In part, this accounts for payments and e-money institutions occasional troubles opening a bank account due to de-risking.
The documents also show the Commission’s keenness to amend the 1998 Settlement Finality Directive.
Here, an amendment is made to the SFD to add Payment Institutions to the list of institutions which have the possibility to participate directly in payment systems designated by a member state.
Members of the European Parliament and lobbyists in Brussels have already been working to make this happen via the Instant Payments regulation due to the likelihood of it passing sooner.
However, some have conceded that legally it makes more sense to amend the regulation through other methods such as the PSD3, due to the fact that the instant payments regulation only accounts for instant payments.
During the next few days, VIXIO will be explore further these pre-published documents, including looking at potential changes with open banking and open finance and what to expect with the digital euro legislation.
