PSD2 Fact 3: Striking the Roots of the European Single Market?
Payment Institutions are – in principle – supervised by the Member State where they are authorised (eg. the home country). In the event a Payment Institution provides payment services in another Member State, they can ‘passport’ their license and the supervision of these activities remain within the home country. This is in line with the single access to the EU market principle.
The European Commission is proud to state on its website that: “The Single Market refers to the EU as one territory without any internal borders or other regulatory obstacles to the free movement of goods and services. A functioning Single Market stimulates competition and trade, improves efficiency, raises quality, and helps cut prices. The European Single Market is one of the EU’s greatest achievements. It has fuelled economic growth and made the everyday life of European businesses and consumers easier.” (http://ec.europa.eu/growth/single-market_en)
Passporting Process: Then versus Now
The passporting exercise was relatively easy. A letter was sent via the home country supervisor and some EU supervisors responded with a confirmation, while others let time pass triggering an automatic acceptance of that company’s access to their market. A company could immediately start providing payment services without incurring too many costs and without adjusting any processes. If a company would use the right to establish itself, through a branch for instance, those host Member States received a little more power in case EU rules were breached. Lately, passporting has become a more burdensome exercise (more documentation is required in the Netherlands) and EU supervisors take the liberty to accompany their confirmation with a list of local regulations that the company additionally has to comply with. This already strikes the roots of the single market principle and PSD2 can potentially make it worse.
Passporting Process: The Future of Paperwork and Extra Resources
The EU legislator has used the new directive to provide further improvements towards cooperation and information exchange between the national supervisors. According to consideration 44 of the PSD2: “Member States should be able to require that payment institutions operating on their territory, whose head office is situated in another Member State, report to them periodically on their activities in their territories for information or statistical purposes. Where those payment institutions operate pursuant to the right of establishment, it should be possible for that information also to be used for monitoring compliance with Titles III and IV of this Directive and Member States should be able to require those payment institutions to appoint a central contact point in their territory in order to facilitate the supervision of networks of agents by competent authorities. EBA should develop draft regulatory standards setting out the criteria to determine when the appointment of a central contact point is appropriate and what its functions should be. The requirement to appoint a central contact point should be proportionate to achieving the aim of adequate communication and information reporting on compliance with Titles III and IV in the host Member State.”
Whether or not this will really ensure better cooperation and information exchange between the national supervisors is yet to see. At first sight, these requirements seem to give host Member States more independent powers which results in less cooperation and information needed from the home Member State. The central contact point of the Payment Institution is responsible to ensure adequate communication and information with regard to the activities of the Payment Institution in the host Member State. More burden is put on the company rather than supervisors exchanging relevant information and working out a better way to communicate and work together.
Central point of contact
The central point option under PSD2 can only be invoked for the purpose of adequate communication and information by the payment institution on compliance with the rules under PSD2. But why should host Member States mingle in? Isn’t one supervisor enough? In essence, the host Member States would supervise on any other requirements, so is it not double work? The central point of contact will be there to provide competent authorities with documents and information on request. Why is it important to have this done locally? Cannot a contact point in the head office in the home country facilitate such requests just as easily or even better? How will this affect local resources and budgets?
Compliance with 28 different laws?
Not only are host Member States granted more investigative powers, they also receive more supervisory powers with regard to a Payment Institution’s compliance with title III and IV of PSD2 (the transparency and information requirements, consumer protection rules and authorization of payment transaction rules) as transposed into national law (article 29 paragraph 2 PSD2). The risk here is that, since the directive includes minimum harmonization rules, each and every national legislator/supervisor can set additional requirements. This could potentially mean that a company operating in 28 member states will have to implement 28 different processes to ensure compliance with the national rules of each country. The EU single market would no longer be without internal borders or regulatory obstacles to the free movement of goods and services.
Which principle will the EBA give priority?
Member States may require a central contact point if a Payment Institution operates with agents or branches that are established in their territory. The EBA will need to draft regulatory technical standards on the criteria under which a central contact point can be requested, and the functions of such contact point. With the recent released draft regulatory standards for customer authentication, we see that consumer protection has been given most priority, resulting in standards that are – according to the market – impossible to work with. We will have to wait and see how these other regulatory technical standards will be designed by the EBA. For instance, can the central contact person be outsourced or should it be an employee of the agent or the branch? The criteria will likely be bound to total volume/value of local transactions, the type of payment services and the total number of agents in a host country. It would be interesting to see which numbers the EBA will attach to it. A money remitter will have much more agents in a country than a payment institution just executing payment transactions. Does that necessarily mean those money remitters are more risky and therefore will need to be supervised more closely? It is not that black and white, however it looks like the criteria will be.
The EBA has also been mandated to draft regulatory technical standards on the cooperation and information exchange between authorities. Let’s hope the required regulatory technical standards do not become too burdensome and further diminish the value of the EU single market. The EBA has not set the right tone with the currently drafted regulatory technical standards for customer authentication. In this case, will the EBA give lower priority to the principle of free movement of goods/services? We will know more by 13 January 2017.
Life is not going to be easy for European businesses
You may question whether these additional passporting requirements overall are improving efficiency and raising quality, the proclaimed benefits of the EU single market. The result is more likely that Payment Institutions will be faced with more bureaucracy and even more paperwork. It definitely does not make the everyday life of European businesses easier.