Search This Blog

Tuesday, 7 February 2017

#PSD2: What Is A Payment Initiation Service?

The Treasury is currently consulting on regulations to implement the new Payment Services Directive (PSD2). There is little commentary in the consultation paper and many old questions remain unanswered, with the regulations to go live on 13 January 2018.  Government policy is to simply gold plate 'copy out' EU directives, which creates a rod for the UK's own back leaves the FCA to say how it will interpret the new rules in a consultation paper it proposes to issue in Q2.  But some new services will be regulated, and time is getting very tight for firms who offer them to figure out whether to outsource the operation of the service to a duly authorised firm or its agent, or become authorised or the agent of an authorised firm. In this post, I'll briefly explore the new regulated service of "payment initiation" and why it takes a very careful analysis of the facts to figure out who is offering that service in any given payment scenario.

The decision to regulate "payment initiation services" is said to have resulted from the popularity of services that enable you to pay for online purchases by making a bank transfer (see recital 27 and the Commission's FAQs 18, 21).

But "payment initiation service" seems to have been defined in article 3 to cover any payment method:
“a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider .”
Note also, that a "payment instrument" is defined as "a personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order.

The UK government also says it reads the definition of "payment initiation service" broadly and that users will have the right to use payment initiation services in connection with all online payment accounts, including current accounts, credit card accounts, savings and e-money accounts (paras 6.22, 6.23 and 6.27).  That makes sense, as to exclude providers of payment initiation services for some payment methods and not others would be discriminatory, and shield the excluded firms from competition (see PSD2 recitals 29, 32 and 68).

There is no definition of “initiate a payment order” in PSD2 and different payment methods comprise different processes, actors and events - and sometimes several payment transactions are involved, as in the case of card payments (see PSD2 recital 68).

The European Banking Authority has issued regulatory technical standard for security of online payments that also identifies "payment integrators" as firms who "provide the payee (i.e. the e -merchant) with a standardised interface to payment initiation services provided by PSPs". In other words, even within the payment initiation process, there are technical service providers who support the process but are not responsible for the "payment initiation service" that initiates the relevant payment order.

So when considering who is providing a payment initiation service, one needs to consider: which type of payment method or instrument is being used; which of potentially several payment orders is involved; which payment account each order relates to; which payment service user is making the request to initiate the relevant payment order; which element of which service actually initiates that payment order; and who provides that service.

Yet there are divergent views on who initiates card payments, for example, since there are actually multiple transactions involved...

PSD2 concedes (at recital 68) there are (at least) three steps to a credit card payment - authorisation, an initial transaction where the issuer pays the acquirer (which can be a complex netting process involving a scheme operator), and a later one between cardholder's bank and the issuer (to pay the card bill). There's a third, of course, where the acquirer pays the merchant - and the fact this is not mentioned in the recital underscores why it is silly to refer to the cardholder as the 'payer' and merchant as his intended 'payee', since the cardholder intends to pay the card issuer, rather than the merchant. 

Recital 68 sidesteps the critical issue by stating that the "use of a card or card-based instrument... triggers" the whole payment flow, as does the provision that addresses the scenario where the card issuer is separate from operator of the related payment account:
"the payer has initiated the card-based payment transaction for the amount in question using a card based payment instrument issued by the payment service provider" (Article 65(2)(b))
"Payer" means either "a natural or legal person who holds a payment account and allows a payment order from that payment account, or, where there is no payment account, a natural or legal person who gives a payment order.

"Allowing" a payment order is not necessarily the same as "initiating" what has been 'allowed'.  And it's important to consider which payment instrument is being used and who really 'uses' it.

So it's easy to see why, in the context of a credit card payment, there is disagreement as to whether the cardholder is initiating one or more payment order(s) when offering to pay by card and/or entering her PIN in the relevant card terminal; or the merchant initiates a payment order when it accepts the transaction at the terminal and/or sends the transaction to the acquirer; or whether the acquirer initiates the first payment order when it accepts the transaction from the merchant and/or submits the transaction to the card issuer via the card scheme systems. 

Only when you determine the answer to this question can you then identify the payment method or instrument involved; the relevant payment order; the payment account to which the order relates; the payment service user who is making the request to initiate the order; which element of which service actually initiates that payment order; and who provides that service. 

Clearly, it's important for the authorities to provide greater clarity here; and it looks like the EU and the Treasury has left it to the FCA to do so...

Update on 21 April 2017:

In its consultation, the FCA proposes to add the following Question 25B to its Perimeter Guidance:
"Q25B. When might we be providing a payment initiation service?
The service of payment initiation is defined in regulation 2 as “a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider”.

This includes businesses that contract with online merchants to enable customers to purchase goods or services through their online banking facilities, instead of using a payment instrument or other payment method. However, it is not limited to arrangements where the service provider has a pre-existing relationship with the merchant. Any business offering payment initiation services as a regular occupation or business activity will require this permission unless exempt under Schedule 1 Part 2.
In our view, the provider of a service that transmits a payer’s card details, along with a payment order, to the payer’s payment service provider, but does not come into possession of personalised security credentials, is not carrying out a payment initiation service."