Second Payment Services Directive (PSD2) dates for your diary

The regulatory landscape is facing significant change over the incoming months with the implementation of four major European initiatives (impacting the payment services, anti-money laundering, investment and data protection regimes) creating a whirlwind of change for compliance professionals and their regulated firms. And that’s aside from the changes and uncertainty flowing from Brexit! This article sets out the key dates that should be marked in your diary so that you can draw up your Second Payment Services Directive (PSD2) – readiness plan.

Existing e-money and authorised payment institutions

If you’re one of the 375 authorised payment institutions, 92 authorised e-money institutions or 22 small e-money institutions in the UK then the crunch date for you is 12 July 2018. This is the date by which the FCA must have approved the additional information you provide under PSD2 or you will lose your authorisation. You will be grandfathered into the new regime, meaning you can continue past the 13 January 2018 implementation date on your existing authorisation, but you must provide evidence that you meet the new, additional requirements before the six-month grace period runs out.

There will be new forms to complete, which the FCA intends to make available in September, and the gateway to receive them should be opened on 13 October. The exact content of the forms is not yet known; the European Banking Authority (EBA) is charged with producing guidelines. They published their draft guidelines in November 2016, the consultation closed in February and we await the publication of their final guidelines, which is expected in the summer. At the very least, the following information will be required.

  • The procedure for monitoring, handling and following up security incidents and security-related customer complaints, including an incident reporting mechanism which takes account of the notification obligations.
  • The process for filing, monitoring, tracking and restricting access to sensitive payment data.
  • The business continuity arrangements, including a clear identification of the critical operations, effective contingency plans, and a procedure for regular testing and reviewing of the adequacy and efficiency of such plans.
  • The principles and definitions used by the applicant in collecting statistical data on performance, transactions and fraud.
  • The IT security policy.

The FCA has said that they will probably charge a fee for processing the application and it’s likely to be half the fee applicable to new applicant (which equates to a fee of £750 for those with only money remittance permission and £2,500 for others).

The other date to mark is 13 April 2018 since that’s the date by which the additional information must be submitted in order to benefit from the grandfathering process.

Small payment institutions

Small payment institutions, of which there are 725, will no longer be registered from 12 January 2019 unless they have applied for authorisation or reapplied for registration. The FCA has the option of requiring further information from those that wish to continue as small payment institutions, but they have not yet indicated what that might be. 13 October 2018 is the latest date for these small payment institutions to make their application if they hope to continue in business is 12 January 2019.

Inflight applications

Businesses may still submit applications now, and indeed many still are. Those that are authorised or registered and providing payment services by 13 January 2018 will benefit from the transitional provisions outlined above but for those with applications inflight, the additional requirements under PSD2 will apply. This is likely to protract the process since the new forms, and therefore the exact details of what will be required will not be available until September, but the benefit will be that your application will be already with a case worker and therefore at the front of the queue. It’s worth bearing in mind that the FCA’s payment services authorisation department is a team of only five case workers and there will be a lot of applications coming via Connect (payment institutions) and in the post (e-money).

Newly in-scope applicants

The FCA estimate that about 150 firms should apply for permission to be authorised or registered for the first time because they are payment initiation service providers, account information service providers or will no longer be exempt under the limited network or commercial agent exemption. There are no transitional arrangements for such firms so they must submit their application in October to be approved in time to continue doing business after 13 January 2018.

Other dates

We expect the finalised regulations to be published in April and that the FCA will publish their consultation on the approach document and changes to the Handbook, including the perimeter guidance, at the same time. You can receive email updates from the FCA by signing up here.

The next most important date for your diary is 5 April, as this is the date of our free briefing on PSD2 and the fourth Money Laundering Directive. Join us to find out more about the changes ahead and to kick-off your regulatory change planning.

Related Posts

CASS Audit

TISA CASS Compliance Survey

Earlier this year, TISA launched a CASS compliance survey in association with fscom, aiming to gather insights on key areas of interest related to CASS

Read More