PSD2: The Payments World Turned Upside Down?BIN-4237
Thursday 17th September 2015
osborneclarke.com Private & Confidential
2
PSD2: The Payments World Turned Upside Down? The Drivers and Scope of PSD2 Icon Solutions Breakfast Roundtable – 17 September 2015Osborne Clarke – Paul Anning, Partner
osborneclarke.com Private & Confidential
3
What are the core regulatory objectives driving PSD2?
Regulated field of
payment services and
funds transfers
Enhanced competition
Greater efficiency
Consumer protection
Digital economy
osborneclarke.com Private & Confidential
4
What is all the regulatory change?European level
Payment services and funds transfers:
• Payment Services Directive (PSD) – PSD2, effective late 2017
• Second Electronic Money Directive (2EMD)
• Cross Border Payments Regulation
• Funds Transfers Regulation – proposed revisions for 4MLD, effective 2017
• SEPA End Date Regulation
• ECB's Recommendations on the Security of Internet Payments (SecuRePay) – effective August 2015
• Payment Accounts Directive, effective August 2016
• Interchange Fees Regulation (IFR), effective December 2015 (caps), June 2016 (business rules)
Generic:
• Fourth Anti-Money Laundering Directive (4MLD)
• Consumer Rights Directive
• General Data Protection Regulation
• Proposed new Network and Information Security Directive
osborneclarke.com Private & Confidential
5
What is all the regulatory change?UK level
Payment services and funds transfers:
• PSR – Payment Systems Regulator, a new independent economic regulator
• Competition law – CMA's investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs).
• Prepaid – preferential treatment for gift card holders?
• Acquiring – transfer of funds to merchant by Faster Payments
• Account switching service
• Cheque imaging
Generic:
• Consumer Rights Directive – early implementation of surcharging provision
• Data – DWP's Richer Data, Cabinet Office's Government Identity Assurance and HMT's Data Sharing and Open Data in Banking initiatives
osborneclarke.com
6
What's the scope of the PSD2 changes?
Mobile payments
Overlay (or third party)
services
Operational security and
authentication
Access to payment systems
One-leg transaction
s and all currencies
'Negative scope'
adjustments
Digital economy
Acquiring
Liability framework
Surcharging
Enhanced PI
conditions
PSD 2
Passporting issues
osborneclarke.com
7
How will the changes affect banks?General (1)
• Extension of scope:
‒ non-EU currencies
‒ OLO (one-leg out) transactions
‒ clarification of "main activity", "regular occupation or business activity"; group collection/payment factories; and acquiring
‒ narrowing of exemptions like: commercial agent; limited network; digital devices; ATM operators
• Business rules:
‒ application of charges/SHA, value dating and availability of funds
‒ obligations on payee's PSPs regarding misdirected payments (incorrect unique identifiers)
osborneclarke.com
8
How will the changes affect banks?General (2)
• Security measures, including:
‒ operational risk framework
‒ incident reporting
‒ the use of "strong customer authentication" when a payer accesses his payment account online, initiates a "electronic remote payment transaction" or carries on any other action through a remote channel which may imply a risk of payment fraud or other abuses, authentication to include elements dynamically linking the transaction to a specific amount and payee
• Introduction of TPPs, especially PIS TPPs
osborneclarke.com
9
How will the changes affect banks?New TPP regime (1)
• Two new types of payment service introduced:
‒ Payment initiation services (PIS)
‒ Account information services (AIS)
• PSD2’s approach is to set out framework for:
‒ rights of PSU and obligations of AS PSP and PIS/AIS TPP
‒ modus operandi between AS PSP and PIS/AIS TPP
• PSU’s rights include right to: use a TPP where payment account is accessible online; and seek compensation from his AS PSP for unauthorised payment transactions (but AS PSP may have a remedy against the PIS TPP)
• PIS TPP’s obligations include to: act only within PSU’s explicit consent; authenticate itself towards AS PSP every session; not modify the transaction, nor hold the payer’s funds
osborneclarke.com
10
How will the changes affect banks?New TPP regime (2)
Key issues include:
• Scope: use of a TPP where the relevant account is “accessible online”? Access not restricted as to geography, access channel or currency? Extent of access?
• Access rights: when can an AS PSP refuse a request for access? When “duly motivated”? One-off or on-going basis? Distinction between AIS and PIS TPPs? High frequency requests?
• Charges: can an AS PSP charge the PSU?
• Use of PSU’s personalised security credentials: not permitted?
• PSU’s consent: required, but on what basis, and to whom?
• Authentication and security: does the requirement for “strong customer authentication” apply?
• Communication standards: development of common and secure requirements for communication between the three parties – PSU, AS PSP and TPP
• Relationship between AS PSP and TPP: effect on existing arrangements? Bilateral additional terms permitted?
osborneclarke.com
11
osborneclarke.com
11
Contact details – Paul Anning
Paul is head of OC's Financial Institutions Group. He has over 20 years’ experience in the financial services sector across a broad range of work.
He advises clients on the establishment of, and investment into, alternative investment funds – particularly those investing in venture capital, private equity or real estate - as well as M&A transactions, payment services and general regulatory advice.
Paul is rated by Chambers as a leading individual for Private Equity Funds and Non-Contentious Financial Services, which commented in 2015:
"He's a very sensible guy, a very good tactician. Automated payment transactions is one of his areas of expertise."
Paul has market leading experience and expertise in the payments industry where he has guided clients through new product development, regulatory change and transformational projects. He is well versed in the complexities of the payments industry's network arrangements and has a deep knowledge of relevant legal and regulatory developments, both in Europe and elsewhere (through international surveys).
Paul's recent work includes advising on bitcoin and other virtual currencies, various applications to the FCA for authorisation and consumer credit, particularly around the transition from the OFT to the FCA and in relation to the UK’s Green Deal framework.
Paul AnningPartnerT +44 (0) 20 7105 [email protected]
Law Firm of the Year
Legal Business Awards 2015
Law Firm of the Year
The Lawyer Awards 2015
PSD2 Access to Accounts
Strategy and implementation
Tom Hay, head of Payments Practice, Icon Solutions
17/09/2015
Surf the wave or wipe-out?
17/09/2015 13PSD2 Breakfast Briefing
Thinking strategically
17/09/2015 14PSD2 Breakfast Briefing
Delivering the vision
17/09/2015 15PSD2 Breakfast Briefing
A platform for the future
17/09/2015 16PSD2 Breakfast Briefing
Controlled Access to Payment Services
September 2015
Confidential
• VocaLink firmly believes the opening up of banking services is a good thing to promote
innovation and foster competition for the benefit of service users.
• Observations regarding PSD2:
• PSD2 could bring dramatic changes in merchant payment models, and how customers interact with Banks
• Banks should explore how PSD2 can create opportunities for them, rather than just regulatory compliance
• Modern API infrastructure is required to support emerging TPP’s to decentralise development
• Standardisation of core to prevent fragmentation, aggregation can provide level playing field
• Banks encouraged to allow access in addition to ‘payment accounts’
• Contracts could give TPPs more flexibility, but not mandatory
• Delicate balance of regulatory technical standards; too prescriptive will hamper innovation; too vague
creates fragmentation
VocaLink’s thoughts on PSD2
www.vocalink.com 18
Confidential
• Potential for the market to fragment which could create barriers for new entrants
• Variation in standards and expectations will be confusing for users
CAPS Introduction
www.vocalink.com 19
TPP
Bank Bank Bank Bank
TPP TPP TPP
CAPS
TPP
Bank Bank Bank Bank
TPP TPP TPP
versus
Confidential
TPPTPP
CAPS Product Overview
www.vocalink.com 20
TPP
CAPS PSD2 Compliance layer
CAPS Framework
CAPS +
TPPTPPBank
TPPTPPTPP
TPPTPPBank
TPPTPPTPP
TPPTPPBank
No CAPSMany to many relationship between TPPs and Banks relying on basic PSD2 interpretation, differing API specifications, lack of trust.
1. CAPS PSD2 Compliance LayerTechnical outsource for Banks. One to many connectivity for TPPs based on a common understanding of PSD2 and APIs. All PSD2 compliant actors able to join.
2. CAPS FrameworkIn addition to compliance layer, defining further common principles such as SLAs, risk, liabilities. Requires sign up to standard framework agreement.
3. CAPS +Additional transactions or access requirements included that are not mandated in PSD2 such as age or address verification.
TPP TPP TPP TPP
TPP TPP TPP
Bank Bank Bank Bank
Bank Bank Bank
Confidential
Summary Benefits
www.vocalink.com 21
PSD2 Compliant Improved
Liability Control
Robust Governance
Trusted Network
Data Integrity
and Confidential
itySeamless Operations
Faster on-boarding
for TPPs
Highly Resilient
Global Reach
CAPS
PSD2 believes Strong Authentication is the way forward, to manage complex payment transactions. Thereby maintaining data integrity and strict confidentiality. CAPS will support this requirement.
Removes complexity
for FI’s
Confidential
CAPS Framework and CAPS+
22www.vocalink.com
• Standard framework created for all participants to join
• Framework designed not to preclude any reasonable participants
• Promotes a better service since business and operational rules can be clearly defined
• Flexible frictionless authentication since different liability models can be adopted
• Clear on-boarding, liability and dispute handing processes
• CAPS+ promotes services beyond those in PSD2
• Useful for consumers to know that can rely on services from regulated entity, even if the
service is unregulated
Confidential
TPPs and Financial Institutions
23
Market entry• CAPS will help TPPs, especially new entrants & new models• Standardised approaches will help ease adoption• Framework will help ease process of creating a trusted network• That can be relied on by TPPs, AS PSPs, merchants, and consumers• Risk otherwise that first spate of breaches will taint the whole market
Governance• Rule book• Vision and objectives• Roles and participation• Open framework with objective participation criteria• Business rules• Non-bank TPPs involved in governance• Will evolve as market, technology and regulations evolve
www.vocalink.com
17/09/2015 24PSD2 Breakfast Briefing
Questions?