Mike Ayres – Senior Manager
PSD 2 and the emoney regulations
Some abbreviations to start…
A company may be authorised as a Payment Institution (PI) or be a Small Payment Institution (SPI) under the Payment Services Directive 2 (PSD 2), a European Directive.
To apply the directive in the UK, the Payment Services Regulations 2017 (PSR) were enshrined in law. The Financial Conduct Authority (FCA) then publicised the approach that should be followed to help firms navigate the PSRs. Alongside PSD II, the approach documentation also covers the Electronic Money Regulations 2011 (EMR), this enacts a European Directive called the 2nd E-money Directive (2EMD), due to the cross over between these regulations.
Under PSD 2 an entity may now be a Payment Initiation Services Provider (PISP) or an Account Information Service Provider (AISP) whereas under EMR a company may be an Authorised or Small Electronic Money Institution (EMI).
The type of entity that each company is will then be recorded in the Financial Services Register (FSR).
Clear? Then I’ll continue.
So does this affect my company?
Probably best to start with a disclaimer, FCA registration and authorisation are complicated and it is important that your business is correctly authorised to do what it does. To ensure that is the case an initial registration, or any change in permissions, should be discussed a with a compliance consultant, I am happy to share names of good ones I know!
Anyone who provides payment services in the UK will be affected by PSD 2. Though some firms may already be covered under an existing FCA registration, like e-money issuers or even banks, they will still need to comply with the regulations.
The FCA Handbook has the detail, with PERG 15 providing guidance on PSR and payment services firms and PERG 3A covering EMR. However, as an example, a firm who offers a facility to hold cash and carry out payment services or can execute payment services on behalf of a customer is a Payment Institution.
Types of PI and EMI
Payment institution – main sub-categories
Money transfer/remittances that do not involve creation of payment accounts.
Payment Initiation Services
A business that contracts with online merchants to enable customers to purchase goods or services through their online banking facilities, instead of using a payment instrument or other payment method.
Account Information Services
A business that provides users with an electronic “dashboard” where they can view information from various payment accounts in a single place or use account data to provide personalised comparison services.
An example of an e-money firm would be a business that provides an e-wallet, an online account or a card that is topped up with money (usually for a specific purpose – possibly a gift card or foreign currency card for holiday spending). Therefore, they are most likely to be providing payment services and would be required to comply with PSD 2.
Different registration types
Authorised PIs and authorised EMIs can passport (see further details below) their services across the EEA, this gives them the right to establish or provide services across the EEA.
PIs and EMIs that process below €3m in monthly payment transactions may be registered instead of authorised, they are unable to passport, nor may they provide AIS or PIS, but have less requirements and a more straightforward registration process. These are Small PIs or Small EMIs.
Businesses that just provide AIS only need register rather than obtain full authorisation. RAISP’s, as they are known, are still able to passport their registration throughout the EEA.
All the above ‘principals’ can appoint agents to act on their behalf. Agents must be registered on the FSR and the principal retains responsibility for the acts and omissions of any agents it appoints.
The registration process is detailed in Chapter 3 of the FCA’s approach document.
Deposit holders that provide payment services may not need to be authorised or registered as PIs. This is important as holding deposits requires a more onerous registration, they could be considered a bank!
There are further exclusions, see chapters 2.15 – 2.21 of the approach document for more detail.
There are certain capital requirements that must be maintained depending on the type of permissions that have been applied for and granted.
Initial Capital Requirements
Authorised PIs – €0 for an AISP; €20,000 for a money remittance provider; €50,000 for a PISP; and €125,000 for any other payment institution.
Authorised EMIs – €350,000
Small EMIs – If business activities (or expected business activities) generate an average of under €500,000 of outstanding e-money there is no capital requirement. Above this and capital equalling at least 2% must be held.
RAISP – €0
Ongoing Capital Requirements
Authorised PIs – there are a choice of methods for calculating these based on: overheads, monthly payment volumes or income. The firm would be required to maintain the higher of the chosen method and the initial capital.
EMIs (authorised and small) – required to maintain the greater of the initial required capital (I.e. €350,000) or 2% of the average outstanding e-money issued by the EMI.
RAISP – €0
Small PIs have no initial or ongoing capital requirements.
As a general rule, the capital that can be used towards the requirement is included in the equity section of the statutory balance sheet.
See Section 9 of the FCA’s guidance for more information on capital resource requirements.
Various submissions are required on GABRIEL for all entity types covering information on fraud, complaints and risk. They key financial reports are noted below:
Authorised PIs and RAISPs
A capital adequacy return must be submitted on the FCA reporting portal, GABRIEL, to confirm ongoing capital requirements as well as various other financial and non-financial data. This is annual and must be submitted within 30 days of the accounting reference date. Section 13.5 of the FCA’s guidance has more detail.
An annual report covering the calendar year must be submitted on GABRIEL covering various details including high level income and transactional data. This must be submitted by the end of the following January i.e. 31 days after the calendar year end.
Authorised and Small EMIs
An annual return must be submitted on GABRIEL covering broadly the same details as a payment institution’s capital adequacy return, as well as additional information on e-money levels. This must be submitted within 30 days of the accounting reference date.
Safeguarding and audit requirements
Essentially a firm must be able to show that they are taking all reasonable steps to protect the interests of its customers including any client money held in the course of its trade, known as ‘relevant funds’.
For Authorised PIs, Small PIs and Authorised EMIs There are two methods that may be used, segregation or insurance. Segregation involves the funds being held in a separate account from all the other funds it holds and named to make this clear (for example including ‘client’ in the account name). Insurance passes the liability for repayment of these funds to a third-party.
Detailed systems and controls would need to be maintained to ensure that loss or diminution of these funds is minimised. 10.57 to 10.66 of the FCA’s approach document suggest what should be in place.
The FCA’s approach document provides guidance from 3.111 to 3.112 and in Chapter 10 on audit arrangements.
They do not state that a client money audit, such as those required of companies covered by the CASS rules, would be required – even when client money is held. Though where a statutory audit is carried out, the auditor would be required to report to the FCA if, during the course of their work as the statutory auditor, it believes there was any breaches of the safeguarding requirements.
Though PIs that qualify as small companies may be exempt from the requirement to have a statutory audit, e-money issuers of any size are required to have one as they are specifically excluded from the small companies audit exemption. I have written a separate article on financial services firms exemption from audit which can provide more detail.
Small PI’s can choose whether to comply with these requirements.
Authorised PIs, RAISPs and Authorised EMIs are able to carry on activities across the EEA that they are authorised for in their home state. This can be done through the formation of branches in other states, but one is not required.
Following Brexit based on the withdrawal agreement, passporting will continue through the Implementation Period, currently to the end of December 2020.
In a no deal scenario, firms in the EEA who conduct business in the UK will be able to continue to carry out their business (as if passported) under the temporary permissions regime. UK firms passporting out would need to look at the states that they passport to an establish whether temporary permissions have been put in place.
PSD 2 is often spoken about hand in hand with ‘Open Banking’. Both came into force all the way back on the 13th January 2018. Initially the expectation was that many clever Fintechs would start to offer innovative ideas, and whilst there are businesses working on these, they have been somewhat delayed by the banks’ struggles in implementing the required APIs that allow companies to access the data.
When this eventually happens there should be a flurry of apps to help us predict future pinch points, avoid charges and maximise interest rates on savings. More tailored financing products should be available with better interest rates and quicker implementation. Fraud will be easier to detect and quicker to stop. Third parties can make payments through your bank on your behalf (see Curve for how this can be useful).
Please note that the above information is a summary of selected chapters of the FCA Handbook and the Payment Services Regulation and should not be solely relied upon when making decisions. Please always ensure the appropriate professional advice is obtained to ensure compliance. The FCA Handbook contains the detailed rules and can be accessed here. This information is correct as at 15 November 2019.