European Union: Payments, E-Money And Crypto-Assets:-Quarterly Legal And Regulatory Update-Jan_2021

1. PAYMENTS

1.1 RTS supplementing PSD2 regarding the appointment of central contact points published in the Official Journal of the European Union

On 9 October 2020, the Commission Delegated Regulation (EU) 2020/1423 supplementing the Directive on payment services in the internal market (EU) 2015/2366 (Payment Services Directive 2 or PSD2) with regard to regulatory technical standards (RTS) on the criteria for appointing central contact points within the field of payment services, and on the functions of those central contact points, was published in the Official Journal of the European Union (OJ).

The RTS specify the criteria to be applied when determining the circumstances when the appointment of a central contact point pursuant to Article 29(4) PSD2 is appropriate, and the functions of those contact points.

A copy of the RTS can be accessed here.

1.2 EBA launches public consultation on guidelines on major incident reporting under PSD2

On 14 October 2020, the European Banking Authority (EBA) launched a public consultation, and accompanying consultation paper, on the proposed revision of the guidelines on major incident reporting under PSD2 (Guidelines).

The Guidelines apply in relation to the classification and reporting of major operational or security incidents in accordance with Article 96 PSD2 and are addressed to Payment Service Providers (PSPs) and the competent authorities (CAs) under PSD2.

The aim of the amendments is to simplify the major incident reporting under PSD2 and the reporting templates, to capture additional security incidents and to reduce the number of operational incidents that are required to be reported by no longer including those that do not have a significant impact on the operations of PSPs.

The consultation paper proposes, amongst other items:

• to increase the absolute amount thresholds of the incident classification criterion 'Transactions affected';
• to introduce changes to the calculation of the criteria 'Transactions affected' and 'Payment service users affected' in the 'lower impact level';
• to introduce a new incident classification criterion 'breach of security measures' aimed at capturing incidents where the breach of the security measures of the PSP has an impact on the availability, integrity, confidentiality and/or authenticity of the payment services related data, processes and/or systems.

The consultation period ended on 14 December 2020, and the Final Report on the application of the revised Guidelines on major incident reporting under PSD2 is expected to be published shortly. The amended Guidelines are expected to become applicable in Q4 2021.

The consultation paper can be accessed here.

1.3 CJEU publishes decision on application of PSD2 to contactless payment cards

On 11 November 2020, the Court of Justice of the European Union (CJEU) published a preliminary ruling in DenizBank AG v Verein fur Konsumenteninformation (Case C 287/19). An opinion by Advocate General Campos Sánchez-Bordona was published in this case on 30 April 2020.

The request for a preliminary ruling concerns the application of PSD2 to the use of personalised multifunctional bank cards that are equipped with near-field communication (NFC) functionality, known as "contactless payment cards."

The CJEU held that Article 52(6)(a) PSD2, read in conjunction with Article 54(1), must be interpreted to mean that PSD2 does not restrict the type of terms of the framework contract between the PSP and the user of its services that can be amended by tacit consent. This is without prejudice to a review of the unfairness of these terms in the light of the provisions of the Directive on unfair terms in consumer contracts (Directive 93/13/EEC). The CJEU diverged from the Advocate General's opinion on this point.

The CJEU held that the NFC or 'contactless' function is legally separable from the other functions of a bank card, therefore it constitutes a 'payment instrument' within the meaning of Article 4(14) PSD2.

The CJEU also held that contactless low-value payment using the NFC functionality of a contactless payment card constitutes 'anonymous' use of the payment instrument in question, within the meaning of Article 63(1)(b) PSD2.

Finally, the CJEU held that, per Article 63(1)(a) PSD2, a PSP who intends to rely on the derogation provided for in that provision may not simply assert that it is impossible to block the payment instrument concerned or to prevent its continued use, where, in the light of the objective state of available technical knowledge, that impossibility cannot be established.

The CJEU judgment can be accessed here.

1.4 European Union (Interchange Fees for Card-based Payment Transactions) (Amendment) Regulations 2020 (S.I. No. 525 of 2020) published in Iris Oifigiúil

On 17 November 2020, the European Union (Interchange Fees for Card-based Payment Transactions) (Amendment) Regulations 2020 (Statutory Instrument No. 525 of 2020) (Amendment Regulations) were published in Iris Oifigiúil.

The Amendment Regulations amend the European Union (Interchange Fees for Card-based Payment Transactions) Regulations 2015 (S.I. No. 550 of 2015) (2015 Regulations).

The 2015 Regulations are amended by the substitution of the following Regulation for Regulation 5:

"5. Payment service providers shall not offer or request a per transaction interchange fee of more than 0.10% of the value of the transaction for any domestic debit card transaction."

Regulation 5 of the 2015 Regulations is replaced in order to update a provision that falls away on the 09 December 2020. This was a discretion contained in the Regulation on interchange fees for card-based payment transactions (Regulation (EU) No. 751/2015) that Ireland chose to avail of in 2015. The change to the existing legislation involves the replacement of a weighted average approach set out in Regulation 5 to capping interchange fees for consumer debit transactions with a per transaction cap approach.

The Amendment Regulations came into operation on 9 December 2020.

The Amendment Regulations are available here.

The 2015 Regulations are available here.

1.5 EPC publishes 2021 EPC SEPA payment scheme rulebooks

On 26 November 2020, the European Payments Council (EPC) published the 2021 EPC Single Euro Payments Area (SEPA) payment scheme rulebooks and the related Implementation Guidelines.

• 2021 SEPA Credit Transfer rulebook version 1.0, which can be accessed here.
• 2021 SEPA Instant Credit Transfer rulebook version 1.0, which can be accessed here.
• 2021 SEPA Direct Debit Core rulebook version 1.0, which can be accessed here.
• 2021 SEPA Direct Debit Business-to-Business rulebook version 1.0, which can be accessed here.

The 2021 rulebooks replace version 1.2 of the 2019 rulebooks. Annex IV of each 2021 rulebook contains a table summarising all changes made in each rulebook, as compared to the 2019 rulebook.

The rulebooks enter into force on 21 November 2021.

To view the full article, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.