The difficulties have been:
* the transparency of the service provider to both the consumer and their payment account provider;
* the security implications of a third party accessing a payment account; and
* problems with liability if anything goes wrong.
In the spirit of fostering competition, the European Commission has tackled these issues by bringing the providers into regulation, obliging them to hold professional indemnity insurance and requiring them to meet certain standards. It’s a bold move given the resistance of the banks and the step away from the established understanding of a payment service as involving the provider taking possession of the funds (these entities will be regulated as a payment service provider but will never touch the money).
Who are payment initiation service providers?
In its consultation document, HM Treasury stated its intention to take a broad interpretation of payment initiation services. We expect there will have been significant push back from the many providers who find they could be within scope, such as technology platform providers, commercial Bacs bureaux and payroll companies that initiate payments by way of business but do not take possession of the funds.
The technology service provider exemption remains in the new directive, but it has been amended to exclude payment initiation service providers (emphasis added):
services provided by technical service providers, which support the provision of payment services, without the provider entering at any time into possession of the funds to be transferred, excluding payment initiation services or account information services but including—
(i) the processing and storage of data;
(ii) trust and privacy protection services;
(iii) data and entity authentication;
(iv) information technology;
(v) communication network provision; and
(vi) the provision and maintenance of terminals and devices used for payment services.
The consultation closed in mid-March so we anticipate HM Treasury’s conclusions will be delivered in the next few weeks so that those who are caught can prepare for the impending changes to their business.
What rules will they have to follow?
The European Commission has recognised that the risks posed by payment initiation service providers are different to those presented by other payment service providers. They clearly pose a security risk given their access to payment accounts and a liability to the extent that they are the conduit of the details of the payment instruction, but they do not take possession of the funds. Therefore, payment initiation service providers have to meet an initial capital requirement of €50,000 (in contrast to the €125,000 initial capital required of a payment institution that provides payment accounts), which becomes their ongoing capital requirement as they do not need to calculate using a variable method. Instead, payment initiation service providers must hold professional indemnity insurance.
Payment initiation service providers will be subject to:
* the anti-money laundering obligations imposed on regulated entities;
* reporting requirements that will allow the FCA to monitor the firm’s activities to ensure compliance with the regulations, including the obligation to report major incidents (see Crisis management under PSD2: what you need to know); and
* the conduct of business requirements, to the extent that they are applicable to the business model and the interaction with customers.
Authorisation
Those businesses that have to be authorised as payment institutions must have their application approved by 13 January 2018 to continue doing business. The gateway for applications will be open from 13 October with the application forms being available from mid-September. This will be a tight window for applications, both for new authorisation and variation of permissions (where an existing payment or e-money institution wishes to provide payment initiation services), so firms are well advised to be prepared to complete and submit the application pack as promptly as possible.
Applicants will have to provide:
* the address of their head office and/or registered office (must be within the UK, along with the ‘mind and management’ of the firm);
* details of their incorporation, ownership and the individuals who direct the business:
* a business plan (the background of the business, future plans and target markets);
* a description of the governance arrangements (the internal policies and procedures, reporting lines and so forth); and
* 36 month financial forecasts.
If you would like to know more about payment initiation service providers, their regulatory obligations and how to get authorised, please get in touch.
