Position Paper. BITKOM Position Paper "PSD 2" 14 th December 2014 page 1



Similar documents
Securing Internet Payments. The current regulatory state of play

UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010

Review of the European Union s proposal for a new directive on payment services ( PSD2 )

Improving self-regulation through (law-based) Corporate Data Protection Officials *

The Payment Services Directive implementation in Germany regulatory part (Zahlungsdiensteaufsichtsgesetz/ZAG)

1. Will PSD bring deferred settlements by merchant acquirer to an end? (by Dr. Richard Reimer 1 )

4-column document Net neutrality provisions (including recitals)

APPLICATION OF COMMUNICATIONS LEGISLATION TO VOIP SERVICES IN FINLAND

CONSULTATION DOCUMENT REVIEW OF THE EUROPEAN VENTURE CAPITAL FUNDS (EUVECA) AND EUROPEAN SOCIAL ENTREPRENEURSHIP FUNDS (EUSEF) REGULATIONS

Council of the European Union Brussels, 5 March 2015 (OR. en)

Authorisation Requirements and Standards for Debt Management Firms

FinTech Focus: New European Directive on Payment Services (PSD2) Comes into Force

Towards basic electronic payments A roadmap for competitive and inclusive payment systems in Europe

The Future of Direct Carrier Billing in Europe and e-money

The Czech National Bank s opinion

Finansinspektionen s Regulatory Code

EUROPEAN CENTRAL BANK

Final Draft Guidelines

Public Consultation on Member State discretions

tax update january 2013

PUBLIC PROCUREMENT CONTRACTS

EPIF POSITION PAPER ON ACCESS TO BANK SERVICES FOR PAYMENT INSTITUTIONS

d. Members shall not conduct their business in a manner which tends to bring either BRBA or the BMF or its membership into disrepute.

What is a Contracting Authority?

Terms and Conditions for Direct Debit Collection.

INFORMATION AND CONDITIONS CONCERNING THE USE OF PAYMENT SERVICES ACCORDING TO THE PAYMENT SERVICES LAW OF 2009 (L.128(I)/2009)

DP on future RTS on strong customer and secure communication under PSD2 EBA/DP/2015/03. 8 December Discussion Paper

Explanatory notes VAT invoicing rules

EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS No. 2199

Final Draft Guidelines

***I SUPPLEMENTARY REPORT

Proposal for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions

Merchants and Trade - Act No 28/2001 on electronic signatures

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

European Union Law and Online Gambling by Marcos Charif

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

Business white paper Mobile payments

Licensing Options for Internet Service Providers June 23, 2001 Updated September 25, 2002

Public consultation on the possibility for an investment fund to originate loans

ACT on Payment Services 1 ) 2 ) of 19 August Part 1 General Provisions

Code of Practice on Electronic Invoicing in Europe

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Code of Practice on Electronic Invoicing in Europe

Client Asset Requirements. Under S.I No.60 of 2007 European Communities (Markets in Financial Instruments) Regulations 2007

Position Paper - Acquirers. acquire. maximum business advantage. from new EU Regulation on interchange. fees for card-based payment transactions

Application of Data Protection Concepts to Cloud Computing

CCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE)

GRTGAZ NETWORK TRANSMISSION CONTRACT

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

EUROPEAN CENTRAL BANK

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

The Business Value of e-invoicing

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

Guidelines. on the data collection exercise regarding high earners EBA/GL/2014/ July 2014

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

Liechtenstein. Heinz Frommelt. Sele Frommelt & Partners Attorneys at Law Ltd

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

DO NOT DIVULGE DETAILS OF THIS MONEY TRANSFER TO A THIRD PARTY.

A Guide to the Payment Services Regulations in Ireland

UK Government call for views

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING DOCUMENT. Accompanying document to the. Proposal for a

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Visa Europe Our response to the European Commission s proposed regulation of interchange fees for card-based payment transactions

Luxembourg Life Assurance for International Investors

11 November 2014 EBA/CP/2014/39. Consultation Paper. Draft Guidelines on the rate of conversion of debt to equity in bail-in

COMITE MARITIME INTERNATIONAL THE IMPLEMENTATION IN NATIONAL LAW OF MANDATORY INSURANCE PROVISIONS IN INTERNATIONAL CONVENTIONS

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Before turning to detailed remarks on the questions for consultation, we would like to draw EBA s attention to our key issues and concerns.

COMMISSION RECOMMENDATION. of (Text with EEA relevance)

E-money Niche market that might be expanding

Deposits and investments with Deutsche Bank AG are covered by two German protection

DSM Communication of May 6, 2015 (

PAYMENT SERVICES AND SYSTEMS ACT (ZPlaSS) CHAPTER 1 GENERAL PROVISIONS SUBCHAPTER 1 CONTENT OF THE ACT. Article 1. (scope)

2013 No FINANCIAL SERVICES AND MARKETS. The Alternative Investment Fund Managers Regulations 2013

How To Become A Payment Institution

CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL

Under European law teleradiology is both a health service and an information society service.

Act on Payment Services

Data protection issues on an EU outsourcing

Transcription:

14 th December 2014 page 1 The German Association for Information Technology, Telecommunications and New Media (BITKOM) represents more than 2,100 companies in Germany. Its 1,300 direct members generate an annual turnover of more than 140 billion Euros and employ 700,000 people. They include more than 900 small and medium-sized enterprises, over 100 start-ups as well as nearly all global players. BITKOM represents providers of software and IT, telecommunications and Internet services, manufacturers of hardware and consumer electronics, as well as digital media and Internet economy businesses. BITKOM Statement with respect to the Proposal dated 24 July 2013 of the European Commission for a new Payment Services Directive (PSD 2) 1 Introduction On 13 November 2007 the European Union and the Council of the European Union have adopted Directive 2007/64/EC of the European Parliament and of the Council on payment services in the internal market ( PSD 1 ). Since PSD 1, the international payments market has changed dramatically. The volume of digital payment transactions has risen immensely and new business models around payments have emerged. The overall intention has always been to further harmonize the European payments market. The implementation of SEPA is an important step in achieving standardized processes across the Euro zone and the rest of the EU. However there are still substantial differences in the payment networks across the different countries. This has induced the European Commission to carry out an assessment of the impact of PSD 1 on the European payment market. Those results have led to a new directive on payment services ("Proposal PSD 2"), which was proposed on 24 July 2013. The Proposal PSD 2 includes most of the content of PSD 1, but also contains a large number of changes of its predecessor directive. Federal Association for Information Technology, Telecommunications and New Media Albrechtstr. 10 A 10117 Berlin-Mitte Germany Tel.: +49.30.27576-0 Fax: +49.30.27576-400 bitkom@bitkom.org www.bitkom.org Contact Steffen v. Blumröder Head of Banking & Financial Services Tel.: +49.30.27576-126 s.vonblumroeder@bitkom.org President Prof. Dieter Kempf Management Dr. Bernhard Rohleder In the following statement BITKOM would like to deal with the more important reforms that can be expected from the Proposal PSD 2 and comment on that. BITKOM believes that the regulatory framework in the European Union provides an adequate environment for business and innovation in the area of e- and m- commerce, including payments. EU legislation on payments, e-money and consumer rights, among others, is among the most advanced globally, and serves as examples for many countries around the world that want to achieve similar market integration, innovation and prosperity. This holds also for the European payments market. BITKOM strongly supports the initiative to foster a single European market for retail payments and protection of consumer interests. We are certain that the

page 2 prospect of economic reward is the key driver for innovation. More regulation will not lead automatically to more customer protection. The pace of development in payments innovation has increased significantly with the development and increasing prevalence of the internet and more recently multi-functional smart phones. The evolution is still ongoing and any final scenario cannot be predicted. Regulatory neutrality must be respected as regards the various types of payment systems and methods. BITKOM therefore insists that any regulatory interference deemed necessary must not disrespect regulatory neutrality. 1.1 The negative scope of application of the Proposal PSD 2 The European Commission has proposed to amend the negative scope of application of PSD 1. The most relevant amendments pursuant to the Proposal PSD 2 are as follows: 1.1.1 Commercial Agent Exemption ecommerce platforms During the past two years, various e-commerce platforms sought to collect the payments owed by the buyer to the seller transacting on their platform in order to control the flow of funds. At the same time such platforms sought to avoid the requirement of an authorisation by the regulatory authorities. Most e-commerce platforms have therefore tried to invoke the exemption as commercial agent. The Proposal PSD 2 has left the wording of the commercial agent exemption untouched. However, the European Commission in the introductory of the Proposal PSD 2 and in the recitals has made it very clear that e-commerce platforms, in particular those who are acting at the same time on behalf of both the buyer and on behalf of the seller, must not be included in the "commercial agent exemption". In Germany, it has been the established practise of the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) since summer 2012 that it will not apply the "commercial agent exemption" to e- commerce platforms. BITKOM wishes to point out that the spectrum of e-commerce platforms is manifold. The EU Commission wishes to target platforms where there is no direct personal link between the platform and the sellers placing their offers on the platform. We deem it important to differentiate. The commercial agent exemption should be available and justified for business models where there is a direct and personal link between the seller and the platform, where the seller actually entrusts his offer including the transfer of the funds to be paid by the buyer - to the platform.

page 3 1.1.2 Limited Network Exemption store cards, transport cards, fuel cards etc. The limited network exemption has been invoked vis-à-vis national regulators in numerous cases. Public transport cards, fuel cards, cards issued by a department store chain and in particular discount cards are examples. In France, the Printemps decision by the French high administrative court (Conseil d'etat) has set the stage for an extensive interpretation of the exemption in France. Under French law, the members of a group of companies as well as partners of a franchise or other cooperation are accepted to form a limited network within the meaning of the French payment regulation. In Germany, BaFin argues that limited networks should also be geographically limited in all cases, therefore limiting the scope of this exemption intensely. The UK and in France, the interpretation of the exemption has been more liberal. The Proposal PSD 2 confines the current "limited network exemption" of PSD 1. The European Commission alleges that it can currently apply to quite large networks and therefore a high number of payment transactions, a high payment volume and a large range of products and services. According to the European Commission the broad application of the "limited network exemption" leaves a large volume of payments outside the scope of the PSD 1 and disadvantages those actors who fall under the scope of the regulation. The Proposal PSD 2 tries to constrain the exemption to specific instruments that are designed to address precise needs that can be used only in a limited way. BITKOM advocates that the new specifications proposed for the limited network exemption under PSD2, namely "specific instruments", "designation to address precise needs" and "use only in a limited way" will be interpreted such that they do not restrict useful instruments: One of those examples are public transport cards & ticketing as well as parking. These should be exempted irrespective of their local reach - as they fulfil needs of public interest (öffentliche Daseinsvorsorge). Further, it should be made clear that franchises online / offline may profit from the limited network exemption in order not to disadvantage those structures vis-á-vis chains of stores. 1.1.3 Digital Content or Telecommunication Exemption changes for Music and App Stores, Games Platforms etc. Currently, a consumer can purchase ring tones, text messaging services, etc. via its mobile phone and pay the relevant amount in connection with the telephone bill. This sort of payment processing is currently provided by the relevant telecommunication provider and is expressly exempted from the requirement of an authorisation under PSD 1, even if the seller is a third party. This exemption also applies to platforms which offer digital music, apps, etc. The reason is, that pursuant to PSD 1 payment services which are managed via telecommunication equipment, IT-devices or digital devices shall not apply, provided that the pur-

page 4 chased goods and services can be delivered to such telecommunication equipment, IT-device or digital device. In practice, the digital content exemption has been unlike the other exemptions - widely accepted in Germany without further restrictive interpretation by BaFin. The Proposal PSD 2 now wishes to restrict the exemption. Only a payment for a purchase of digital content which is an ancillary service to an electronic communication service is included in the scope of the exemption. Additionally, the exemption shall only apply if the value of any single payment transaction does not exceed EUR 50.00 and the aggregate amount of the sum of the single payment transaction does not exceed EUR 200.00 in any billing month. BITKOM very clearly sees the need for the cost efficient micro payments. In the past, the digital content exemption did enable micro payments not only for ring tones and short message service (sms) newsletters etc. provided on platforms of mobile network operators (MNOs), but also for micro payments for computer / online games, small payments for music and application software. Such small payments cannot be transacted efficiently in a highly regulated environment with all consequential costs involved; we believe that PSD 1 had a meaningful and balanced approach. Further, there is no need for dense regulation in such micro payment environment, as they are as well an important instrument under the commission s digital agenda. In their report on Germany, the Financial Action Task Force on Money Laundering (FATF) clearly pronounced that AML regulation should not strangle useful payment transactions in particular in the micro payment field. BITKOM believes that a transaction amount limitation should be at least 500 EUR and should not be on a monthly but yearly basis. But it has to be taken into consideration that those monitoring mechanisms will cost time and money. The limitation can only be done by SIM card rather than invoice recipient/ customer. 1.2 Novelties for Payment Service Providers 1.2.1 Third Party Payment Service Provider new regulation for credit transfer facilitation, account aggregation and for certain (mobile) wallets The Proposal PSD 2 introduces a new category of payment service providers, the so called third party payment service provider. It defines the third party payment service provider as providing (i) payment initiation services or (ii) account information services. The definition of payment initiation services is quite complex; it includes the provision of access to a payment account by such third party, which is not the account servicing payment service provider, in order to initiate push transactions (credit transfer) as well as pull transactions (direct debit). The definition of payment initiation service is applicable even of the service provider is at no time in the possession of the funds to be transferred. Account information services provide for information regarding payment accounts maintained by (several) other payment service providers.

page 5 The most important consequence of this: A third party service provider must in the future hold an authorisation to perform payment services. The creation of this new category requires adapting the authorisation rules and the regulation of payment institutions. According to the European Commission it is necessary to set up criteria under which third party payment service providers are allowed to access and use the information on the availability of funds on the payment service user account held with another payment service provider to satisfy data protection and security requirements. With respect to liability, the Proposal PSD 2 sets out that a third party payment service provider may be responsible vis-à-vis the account servicing payment service provider in the event of an unauthorized payment transaction. In the future the main responsibility to avoid phishing or pharming attacks may reside with the third party payment service provider. BITKOM criticizes this new regulation. The third party payment service provider is only marginally involved in payment transactions. It will not hold nor transfer any customer funds itself. It is not justified to require such third party service provider to obtain a regulatory authorisation (like a payment institution) under the PSD (and national law). The concerns of internet security and performance of such third party service provider can be dealt with on a pure civil law (liability) basis. BITKOM also agrees that data protection and banking secrecy are of high importance with respect to third party service providers. BITKOM believes that the payment initiation and account information services in Annex 1 No 7 are defined too vague and should be specified in a more precise manner. BITKOM wishes to avoid that (mobile) wallet providers (as defined in the recent white paper of the EPC) fall into the realm of the new definition of third party service providers, thereby being in need of a regulatory authorization under the PSD. In our understanding Mobile wallets are technical infrastructure services that help services provider facilitate payment and value added services, but are no account initiation or account information services itself. This would strangle a very important new industry. 1.2.2 Safeguarding requirements, Article 9 In the PSD 1 article 9 stated that the funds shall be separated and be deposited in a separate account or funds shall be covered by an insurance. The respective article in PSD 2 reads as it would be necessary to apply both safeguarding requirements at once. However, a doubling of safeguarding requirements would be inappropriate and overly burdensome for undertakings. BITKOM asks to clarify that it is still sufficient to apply one of the safeguarding requirements.

page 6 1.2.3 Network and information security At the beginning of 2013, the European Commission proposed a new directive on network and information security, the so called NIS-Directive. The Proposal PSD 2 would apply, if both proposal directives will be enacted, the NIS-Directive to payment service providers. The European Commission wishes to ensure that damages to other payment service providers and payment systems, such as a substantial disruption of a payment system, and to users are kept to a minimum. Therefore the Commission deems it essential that payment service providers have the obligation to report within undue delay major security incidents to the competent national authority. It is intended that such competent authority is authorised to investigate potential breaches of the NIS Directive and to pursue those breaches. Further, the European Commission wishes to establish a regular reporting mechanism to ensure that payment services should provide the competent authorities on an annual basis with updated information on the assessment of their security risks and the (additional) measures that they have taken in response to these risks. Also, the Commission proposes that payment service providers should provide for a strong customer authentication. This means a procedure for the validation of the identification of a natural or legal person based on the use of two or more elements categorised as knowledge, possession and inherence that are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data. However, such strong customer authentication makes the procedure more complex and thus less attractive for the customer. The customer authentication should be proportionate to the risk of the transaction. BITKOM fundamentally agrees with the application of the NIS-directive to payment service providers. We suggest that authentication must be proportionate to the transaction risk. There have to be different possibilities to comply with the requirements and those will need to be practicable! Details of the NIS-directive will be commented in a further and broader statement of BITKOM to this proposed directive.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information