EY Malta Newsletter

Financial Institutions Regulatory Compliance Newsletter

EY Malta is delighted to share the first, in a series of quarterly  Financial Institutions Regulatory Compliance Newsletter.           

This newsletter provides a high-level overview of the publications issued by the different EU stakeholders dealing with Financial Institutions, in the last year 2021. Following this first newsletter, any subsequent ones will cover developments happening in the previous quarter.

Within this newsletter, we will explore the:

  • Retail Payments Strategy of the EU;
  • EBA opinion on de-risking;
  • Cross-border payments in the EU; and
  • Guidelines on the limited network exclusion under PSD2

Retail Payments Strategy of the EU: a summary 

In September 2020, the European Commission (EC) adopted a new Digital Finance Package, which consists of the Retail Payments Strategy, the Digital Finance Strategy, legislative proposals for an EU regulatory framework on crypto-assets, and proposals for an EU regulatory framework on digital operational resilience.

The Retail Payments Strategy is a policy framework intended to support the EC’s objective of “a highly competitive payments market, benefitting all Member States, whichever currency they use, where all market participants are able to compete on fair and equal terms to offer innovative and state-of-the-art payment solutions in full respect of the EU’s international commitments”.

Objectives of the Retail Payments Strategy

  • Citizens and companies in Europe to benefit from a broad and diversified range of world-class payment services and instruments, supported by a competitive and innovative payments market and relying on safe, efficient and accessible infrastructures.
  • Enable home-grown and pan-European payment solutions in order to support Europe’s open strategic autonomy.
  • Support the international role of the euro by contributing to improving the cost-efficiency of international payments, including remittances.

The Retail Payments Strategy focuses on four key pillars:

  1. increasingly digital and instant payment solutions with pan-European reach;
  2. innovative and competitive retail payments markets;
  3. efficient and interoperable retail payment systems and other support infrastructures; and
  4. efficient international payments, including remittances.

Pillar 1 – Increasingly digital and instant payment solutions with pan-European reach Key objectives and aims of the EC’s strategy in relation to the focus of pillar 1 include:

  1. Encouraging the use of instant payments as the “new normal” across the EU
  2. Expecting payment solutions to be interoperable, accessible, to add value and meet the needs of a broad range of users
  3. Expecting broad adherence of market participants to the schemes and recommendations developed by the Euro Retail Payments Board (ERPB) and the European Payments Council (EPC)
  4. Considering that the development of a single, open and secure European standard for QR-codes would support the uptake and interoperability of instant payments
  5. Increasing consumer trust in the use of instant payments
  6. Reaping the full potential of the Single Euro Payments Area (SEPA)
  7. Exploring the potential of electronic identity (eID) for customer authentication
  8. Improving the acceptance of digital payments

Key actions:

  • Late 2021 – as part of the planned review of PSD2 – see also pillar 2 – the EC assessed:
    • the extent to which the EU’s existing consumer protection measures can provide consumers making instant payments with the high level of protection offered by other payment instruments.
    • the impact of charges levied on consumers for instant payments and, if relevant, will require that they are no higher than those levied for regular credit transfers
    • whether specific measures should be taken to enhance the effectiveness of the crisis management of payment systems, and to ensure sound mitigation measures on the liquidity risk for financial institutions
    • whether additional measures should be taken to address other specific risks, such as money laundering, terrorist financing and related predicate offences.
  • End 2021 – The EC started to closely follow acceptance and availability of euro cash and may eventually decide to take appropriate action to maintain the availability of central bank money.
  • 2022 – The EC will carry out a study of the level of acceptance of digital payments in the EU (including by SMEs) and may propose legislation if deemed appropriate
  • By end of 2023 – The EC will explore the feasibility of developing a “label”, accompanied by a visible logo, for pan-European payment solutions. It will also consider ways to promote the use of electronic identity solutions under the (revised) eIDAS Regulation to support SCA requirements under PSD2.

Pillar 2 – Innovative and competitive retail payments markets

Key objectives and aims of the EC’s strategy in relation to the focus of pillar 2 include:

  1. Reaping the full potential of PSD2, and making open banking a full success, which will inform the EC’s work on a broader framework for open finance.
  2. Re-examining existing legal limits of contactless payments, with a view to striking a balance between convenience and fraud risks, and identifying solutions for consumers to monitor their transactions.
  3. Considering any risks stemming from unregulated services, especially technical services ancillary to the provision of regulated payment services
  4. To ensure a high level of security for retail payments in Europe, the EC is proposing to

4.1 evaluate how well SCA has decreased payment fraud in the EU; and

4.2 explore what further measures might be needed to combat new types of fraud, in particular with regard to instant payments.

  1. Ensuring future-proof supervision and oversight of the payments ecosystem, in respect of a level playing-field between PSPs.

Key actions:

  • End of 2021 – The EC launched a comprehensive review of the application and impact of PSD2.
    • In its review of PSD2, the EC will take stock of SCA’s impact on the level of payment fraud in the EU and explore whether additional measures should be considered to address new types of fraud, in particular with regard to instant payments.
    • When reviewing PSD2, the EC will, in close coordination with the European Banking Authority, re-examine the existing legal limits on contactless payments, with a view to striking a balance between convenience and fraud risks.
    • In the context of the PSD2 review, the EC will take account of any recommendations by the ERPB regarding solutions for consumers to identify the beneficiary and time of a payment.
    • The review will include an evaluation of any new risks stemming from unregulated services, especially technical services ancillary to the provision of regulated payment or e-money services, and how these risks can best be mitigated.
    • The EC will look to align the PSD2 and Electronic Money Directive (EMD2) frameworks.
    • Where necessary, the EC will ensure proper linkages between the supervision of payment services and the oversight of payment systems, schemes and instruments.
  • Mid-2022 – The EC plans to present a legislative proposal for a new “Open Finance” framework.

Pillar 3 – Efficient and interoperable retail payment systems and other support infrastructures

Key objectives and aims of the EC’s strategy in relation to the focus of pillar 3 include:

  1. Expecting operators of retail payment systems to ensure efficient interoperability between systems (particularly directed at SCT Inst).
  2. Removing restrictions on access to necessary technical infrastructure considered necessary to support the provision of payment services under fair, reasonable and non-discriminatory conditions (“FRAND“), and consider whether legislation is necessary taking into account the potential security and other risks that such access could pose.

Pillar 4 – Efficient international payments, including remittances

  1. The last pillar of the retail payments strategy for the EU takes a look at the need for efficiency and transparency in the arena of international payments and how this should strengthen the position of the euro as a global currency.
  2. The objective is for cross-border payments involving non-EU countries, including remittances, to become faster, more affordable, more accessible, more transparent and more convenient.

Key actions:

  • The EC expects payment system operators to facilitate linkages between European systems such as TARGET Instant Payment System (TIPS) or RT1 and non-European instant payment systems, as long as those systems have appropriate levels of consumer protection, fraud and money-laundering prevention and risk mitigation measures.
  • The EC calls for the adoption of global international messaging standards such as ISO 20022 at the latest by end 2022, and encourages the use of SWIFT’s Global Payment Initiative (GPI), which facilitates the tracking of cross-border payments in real time for participating institutions.
  • As part of the PSD2 review, the EC will assess the appropriateness of extending the maximum execution time applicable to ‘two-leg’ transactions to ‘one-leg’ transactions.
  • Referencing the European Payments Council’s work on further harmonisation of business rules and messaging standards for euro one-leg transactions, the EC will assess whether it is necessary to make these mandatory.

The EC will support SEPA-like initiatives in regional groupings of low and middle-income countries, and in relevant cases the possibility of non-European countries to join SEPA.

Next steps

The strategy identifies key priorities and objectives for retail payments in Europe over the next four years. The European Commission encourages all stakeholders to engage actively in the implementation of this strategy.

EBA Opinion on de-risking

On the 5th January 2022, the European Banking Authority (EBA) published its Opinion on ‘de-risking’, along with a report on the impact De-risking has on customer’s access to financial services (Opinion).

In the report the ECB explains that financial and credit institutions are required to ratify and maintain policies and procedures to comply with their legal obligations and to identify and manage the risks which they are exposed to.

The report defines ‘De-risking’ which occurs when a financial institution makes the decision to refuse to enter into, or to terminate, business relationships with individual customers or categories of customers associated with higher ML/TF risk, or to refuse to carry out higher ML/TF risk transactions.

Although such decisions may be required to be in line with the provisions of Directive (EU) 2015/849 (AMLD), de-risking entire categories of customers, without considering individual customers’ risk profiles, may be unwarranted and is a sign of ineffective ML/TF risk management.

Through a series of information gathering exercises from competent authorities and external stakeholders, the EBA found that: 

To assess the scale and impact of de-risking across the EU and to better understand why institutions decide to de-risk particular categories of customers instead of managing the risks associated therewith, the EBA launched in 2020-21 a series of information gathering exercises, reaching out to competent authorities across the EU, as well as to external stakeholders. The EBA observed:

  • De-risking occurs across the EU and affects a great variety of customers, including customers that are themselves institutions such as respondent banks, payment institutions (PIs) and electronic money institutions (EMIs)
  • De-Risking can lead to adverse economic outcomes or amount to financial exclusion.
  • De-risking at EU level, especially if unwarranted, negatively impacts the achievement of the EU’s objectives. Where a Member State’s respondent banks are being de-risked, de-risking can also affect the stability of the financial system of that Member State.

The EBA has since identified a number of drivers of institutions’ decisions to de-risk. Such decisions include:

Situations where ML/TF risks or reputational risks exceed institutions' risk appetite & where the institutions lack the relevant knowledge or expertise to assess the risks associated with specific business models or situations in which the real or expected cost of compliance exceeds profits.

Link with PSD2

The EBA explains that de-risking may have various differences when contrasted with other EU provisions.  Such an issue is Article 36 of PSD2, which provides that Member States shall ensure that PIs have access to CIs’ payment accounts services, and that credit institutions shall notify Competent Authorities when accounts of PIs/EMIs are rejected, was not properly implemented across the EEA. Respondents to the Call claimed in particular that very few Member States currently have:

  • a formal mechanism in place for CIs to report to the NCA under this Article;
  • guidance for CIs in relation to their obligations under this Article (i.e. at what stage a refusal to onboard must be notified, what mechanism to use, and in what circumstances the closure of an account must be notified);
  • transparent or formal mechanisms for PIs or EMIs to submit a complaint about being de-risked

The EBA issued proposals to EU bodies and the European Commission to clarify the relationship between PSD2 AMLD requirements, due to there being a lack of guidance for credit institutions.

In the EBA’s view, the high-level nature of this provision, coupled with the lack of guidance for credit institutions on the circumstances in which the closure of an account must be notified have given rise to divergent application across the EU member states and divergent interpretations across the NCAs. For this reason, the EBA addressed proposals to EU bodies, in particular the European Commission (EC), seeking to clarify the relationship between PSD2 AMLD requirements.

Cross-border Payments in the EU

Regulation (EU) 2021/1230 applies to cross-border payments denominated in Euro and the national currencies of EU member states which have signed up to the legislation and have informed the European Commission.

The regulation has been applied since 19th August 2021. The background to the regulation is that the single euro payments area aims at making electronic payments in the euro area as easy as making cash payments and ensuring that no extra charges are involved when making an electronic euro payment from one Member State to another.

The regulation codifies the rules within the EU on cross-border payments and the transparency of currency conversion changes.

The regulation allows for the uniformity of charges for corresponding member states on cross-border payments in Euro or in the currency of a participating members state.

Payment service providers are required to provide the following services for free to customers using card-based transactions:

  • total currency conversion charges as a percentage markup of the latest European Central Bank euro reference exchange rates in a comprehensible and easily accessible manner before the payment is made
  • details electronically without undue delay, and at least once a month, after the transaction
  • making online credit transfers with clear, neutral and comprehensible information before the transaction of the total amount of the transfer, including any transaction fee and currency conversion charges

Customers and suppliers of goods and services applying the regulation to make and receive payments use their international payment account number identifier (IBAN) and the payment service provider’s business identifier code (BIC).

The European Commission is expected to present a report on the application and the impact of the regulation by April 2022 to the European Parliament, the Council of the European Union, the European Central Bank and the European Economic and Social Committee.

Guidelines on the limited network exclusion under PSD2

On 27th February, 2022 the European Banking Authority (EBA) published its final Guidelines on the limited network exclusion under PSD2.  The Guidelines introduce provisions, and where relevant, criteria and indicators, aimed at ensuring that payment instruments that can benefit from the exclusion are used in a limited way, thus reducing potential risks that may arise for the users of such instruments. 

Following the responses received during the public consultation, the EBA further clarified certain aspects in relation to the assessment criteria and indicators, including their mandatory nature. The EBA also clarified that the functional connection between goods and services should be based on a specific category of goods and services with a common purpose, rather than a leading good or service, as originally proposed in the consultation paper.

In order to address potential concerns on circumvention of the requirements of PSD2 and to increase transparency for consumers who may not be aware that they do not benefit from the protection PSD2 provides to regulated services, the Guidelines also provide clarity on the provision of excluded services by regulated firms.

Finally, in order to ensure transparency on the provision of excluded services, the Guidelines provide clarity on the calculation of the payment transaction value thresholds, the submission of the related notifications to national competent authorities and the information to be covered in the description of the excluded activity on the national and EBA registers.  

The Guidelines will apply as of 1 June 2022 with an additional 3-month transitional period for issuers that already benefit from the exclusion to submit a new notification to their national competent authority.

Contact us

Karl Mercieca
EY Malta Financial Services Regulatory Compliance
Associate Partner 
karl.mercieca@mt.ey.com

Photographic portrait of Karl Mercieca

Daniel Attard
EY Malta Financial Services Regulatory Compliance
Manager
daniel.attard@mt.ey.com

Photographic portrait of Daniel Attard