The Payment Services Directive
The Payment Services Directive (PSD) has been law since 1 November 2009. In the UK, it was implemented through the Payment Services Regulations 2009 (PSRs) and is the first law to affect domestic sterling payments.
The purpose of the PSD is:
To facilitate the development of the Single Euro Payments Area (SEPA)
The regulation of payment institutions (including institutions which are not banks and were not previously regulated)
Consumer protection and increased transparency
The Payment Services Regulations
The Payment Services Regulations 2009 (PSRs) came into force on 1 November 2009. HM Treasury appointed the Financial Services Authority (FSA) to monitor and enforce the PSRs. The Office of Fair Trading (OFT) deals with the competition issues concerning access to payment systems.
Scope and definitions
The PSRs set out what payment services are within scope (and what are not) and provides definitions of key terms used throughout the regulations.
Examples of such definitions are:
- “Payment account” – this determines which accounts fall within scope of the regulations
- “Business day” – this is central to understanding how long payments should take to arrive at the destination account and when interest should start being paid on the funds.
- “Unique identifier” – the information that a customer must provide for a payment transaction to be processed.
The key payment services activities that will be regulated are:
Cash deposits and withdrawals
Execution of payment transactions
Credit transfers, including standing orders
Direct debits, including one-off direct debits
Payment card transactions
Issuing payment instruments (e.g. debit cards) or acquiring payment transactions
Payments sent through the intermediary of a telecom, IT system or network operator
The Regulations also list activities excluded from scope, including:
Cash only transactions (but any cash transaction involving movement to or from a payment account is caught)
Cheques and paper instruments
Cash transportation (e.g. cash deliveries by commercial security companies)
Payment transactions related to securities asset servicing
Technical services including independent ATM deployers.
The regulations apply to payments where the payment service providers (PSP) of both the payer and the payee are in the EEA and the transaction is being made in euro or another member state currency. The only exception to this is regulation 73, which concerns value dating and availability of funds, and also applies to transactions where the payer’s PSP is outside of the EEA (but still in euro or another member sate currency).
A key section of the PSRs is the conduct of business requirements, which are set out in parts 5 and 6. The provisions in these parts essentially govern the relationship between the payment service provider and the customer, setting common standards across the EU. However, PSPs are always able to offer better services to their customers provided that they do not risk non-compliance with the regulations and can, for example, choose to apply the requirements to products and services that are outside of scope. It is also important to note the option of the corporate opt-out, which is explained under the section on the treatment of different customers.
Where there is an overlap in the requirements with those under the Consumer Credit Act (CCA) for regulated agreements, the CCA takes precedence. This is particularly relevant for credit cards.
Information requirements (part 5 of the PSRs)
The PSRs include information that must be provided to a customer before the conclusion of a contract and before and after a payment transaction takes place. This information includes:
The main characteristics of the payment service(s) to be provided
The specific information or unique identifier required to make payments
The maximum execution time for payments
A reference enabling the payment service user to identify the transaction
The amount of any charges for the payment transactions
Rights and obligations (part 6 of the PSRs)
This part is important because it sets out the rights and obligations of both the payment service provider and customer in respect of payment transaction processing.
Key provisions under rights and obligations include:
- The corporate opt-out recognises the differing positions of consumers and businesses, with the option, in relation to certain regulations, that “the parties may agree” that they do not apply.
- PSPs may not charge customers for providing information required under the regulations, or for taking specified corrective or preventative measures.
- There is a legal obligation on the customer to use any payment instrument (e.g. a credit card) in accordance with its terms and conditions, to take all reasonable steps to keep it secure, and to notify the issuer immediately of its loss, theft, misappropriation or unauthorised use.
- PSPs issuing payment instruments are subject to various obligations such as ensuring that the personalised security features are not accessible to other people and not sending unsolicited payment instruments (except as a replacement).
- The PSRs introduce a long-stop 13-month time limit after the date of debit for a customer to claim that a transaction was unauthorised or incorrectly executed. However, these claims should ideally be made straight away. In the UK a policy decision was taken not to change the unlimited period of the Direct Debit Guarantee. So a 13-month time limit does not apply to claims against Direct Debits.
- Where a transaction is found to be unauthorised, the PSP has an obligation to immediately refund the amount of the transaction and, where applicable, restore the account to the state it would have been in had the transaction not happened.
- For payments in euros, in the domestic currency of the EU member state concerned or where there is only one currency conversion between euro and the domestic currency, and the transfer is cross-border and denominated in euro, the PSRs introduce a default maximum timescale for execution of D+1, but PSPs can agree up to D+3 until 1 January 2012 with their customers. D+1 means the business day following the business day on which the payment was made (e.g. payment initiated on a Tuesday would reach the payee on the Wednesday). D+3 means it would take three business days to reach the payee. Further information regarding the use of the UK payment schemes to meet the D+1 maximum execution time requirement can be found in the Payments Council industry best practice guidance note.
- For transactions in a member state currency other than those listed above the regulations allow agreement between PSP and customer of an execution time of up to four business days.
The PSRs aim to remove “float” by requiring that the credit value date (i.e. the day that the funds are put in the customer’s account) for the payee’s payment account must be no later than the business day on which the amount is credited to the account of the payee’s PSP.
Treatment of different customers
The PSD was written with consumer protection in mind. However, it also applies to banking relationships with corporates, which have different needs and requirements to consumers.
Therefore, the option of a ‘corporate opt-out’ exists for certain provisions, which can be agreed between a PSP and its corporate customer. The optional opt-out applies to all of part 5 (in whole or in part) and to certain provisions in part 6 such as consent and withdrawal of consent, liability for unauthorised transactions and refunds. The full list of the regulations under part 6 that can be agreed as not applying to corporate customers can be found in regulation 51. The option for part 5 is set out in regulation 33.
The application of the corporate opt-out is decided at bank level and is therefore up to individual PSPs to discuss and agree with their corporate customers. This should be seen as an area where banks can particularly compete in their offerings to customers.
The PSD contains a member state option – a “derogation” - that allows national governments to mandate in their legislation that micro-enterprises should be treated as consumers. The definition of a micro-enterprise is an enterprise that has an annual turnover and/or balance sheet total that does not exceed €2 million and employs fewer than 10 people. The Treasury chose to exercise this derogation when transposing the directive into national law and also extended it to small charities (those with an annual income of less than £1 million).
This wider group of ‘consumers’ will have access to the Financial Ombudsman Service (FOS) for complaints concerning payment services.
Where to find more information
- The FSA hosts a section on its website concerning the PSRs. The information includes a set of FAQs and links to various documents, including its Approach Document. This outlines the FSA’s approach to its role in payment services regulation and provides guidance on understanding the requirements placed upon payment service providers. http://www.fsa.gov.uk/pages/Doing/Regulated/banking/psd/index.shtml
- The OFT has a selection of Q&As on its website dealing with its oversight of access to payment systems (part 8 of the PSRs). http://www.oft.gov.uk/OFTwork/financial-and-professional/fss/banking-conduct
- The European Commission’s website keeps a track on member states’ progress and provides a substantial number of FAQs that have been submitted to the Commission for answer. http://ec.europa.eu/internal_market/payments/framework/index_en.htm
N.B. Following a review of PSD by the European Commission, on 24 July 2013 the Legislative proposal for the second Payment Services Directive (PSD2) was published by the Commission. The proposal continues to go through the Ordinary Legislative Procedure. This page will be updated in due course to reflect the adoption of the Directive following its publication in the Official Journal of the EU.
- Payments Council welcomes three new members (18 Jul 2014)
- New report shows UK leading the way on mobile payments (17 Jul 2014)