psd2: the payments world turned upside down? bin-4237 thursday 17 th september 2015

24
PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Upload: june-smith

Post on 29-Dec-2015

220 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

PSD2: The Payments World Turned Upside Down?BIN-4237

Thursday 17th September 2015

Page 2: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com Private & Confidential

2

PSD2: The Payments World Turned Upside Down? The Drivers and Scope of PSD2 Icon Solutions Breakfast Roundtable – 17 September 2015Osborne Clarke – Paul Anning, Partner

Page 3: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com Private & Confidential

3

What are the core regulatory objectives driving PSD2?

Regulated field of

payment services and

funds transfers

Enhanced competition

Greater efficiency

Consumer protection

Digital economy

Page 4: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com Private & Confidential

4

What is all the regulatory change?European level

Payment services and funds transfers:

• Payment Services Directive (PSD) – PSD2, effective late 2017

• Second Electronic Money Directive (2EMD)

• Cross Border Payments Regulation

• Funds Transfers Regulation – proposed revisions for 4MLD, effective 2017

• SEPA End Date Regulation

• ECB's Recommendations on the Security of Internet Payments (SecuRePay) – effective August 2015

• Payment Accounts Directive, effective August 2016

• Interchange Fees Regulation (IFR), effective December 2015 (caps), June 2016 (business rules)

Generic:

• Fourth Anti-Money Laundering Directive (4MLD)

• Consumer Rights Directive

• General Data Protection Regulation

• Proposed new Network and Information Security Directive

Page 5: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com Private & Confidential

5

What is all the regulatory change?UK level

Payment services and funds transfers:

• PSR – Payment Systems Regulator, a new independent economic regulator

• Competition law – CMA's investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs).

• Prepaid – preferential treatment for gift card holders?

• Acquiring – transfer of funds to merchant by Faster Payments

• Account switching service

• Cheque imaging

Generic:

• Consumer Rights Directive – early implementation of surcharging provision

• Data – DWP's Richer Data, Cabinet Office's Government Identity Assurance and HMT's Data Sharing and Open Data in Banking initiatives

Page 6: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

6

What's the scope of the PSD2 changes?

Mobile payments

Overlay (or third party)

services

Operational security and

authentication

Access to payment systems

One-leg transaction

s and all currencies

'Negative scope'

adjustments

Digital economy

Acquiring

Liability framework

Surcharging

Enhanced PI

conditions

PSD 2

Passporting issues

Page 7: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

7

How will the changes affect banks?General (1)

• Extension of scope:

‒ non-EU currencies

‒ OLO (one-leg out) transactions

‒ clarification of "main activity", "regular occupation or business activity"; group collection/payment factories; and acquiring

‒ narrowing of exemptions like: commercial agent; limited network; digital devices; ATM operators

• Business rules:

‒ application of charges/SHA, value dating and availability of funds

‒ obligations on payee's PSPs regarding misdirected payments (incorrect unique identifiers)

Page 8: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

8

How will the changes affect banks?General (2)

• Security measures, including:

‒ operational risk framework

‒ incident reporting

‒ the use of "strong customer authentication" when a payer accesses his payment account online, initiates a "electronic remote payment transaction" or carries on any other action through a remote channel which may imply a risk of payment fraud or other abuses, authentication to include elements dynamically linking the transaction to a specific amount and payee

• Introduction of TPPs, especially PIS TPPs

Page 9: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

9

How will the changes affect banks?New TPP regime (1)

• Two new types of payment service introduced:

‒ Payment initiation services (PIS)

‒ Account information services (AIS)

• PSD2’s approach is to set out framework for:

‒ rights of PSU and obligations of AS PSP and PIS/AIS TPP

‒ modus operandi between AS PSP and PIS/AIS TPP

• PSU’s rights include right to: use a TPP where payment account is accessible online; and seek compensation from his AS PSP for unauthorised payment transactions (but AS PSP may have a remedy against the PIS TPP)

• PIS TPP’s obligations include to: act only within PSU’s explicit consent; authenticate itself towards AS PSP every session; not modify the transaction, nor hold the payer’s funds

Page 10: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

10

How will the changes affect banks?New TPP regime (2)

Key issues include:

• Scope: use of a TPP where the relevant account is “accessible online”? Access not restricted as to geography, access channel or currency? Extent of access?

• Access rights: when can an AS PSP refuse a request for access? When “duly motivated”? One-off or on-going basis? Distinction between AIS and PIS TPPs? High frequency requests?

• Charges: can an AS PSP charge the PSU?

• Use of PSU’s personalised security credentials: not permitted?

• PSU’s consent: required, but on what basis, and to whom?

• Authentication and security: does the requirement for “strong customer authentication” apply?

• Communication standards: development of common and secure requirements for communication between the three parties – PSU, AS PSP and TPP

• Relationship between AS PSP and TPP: effect on existing arrangements? Bilateral additional terms permitted?

Page 11: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

osborneclarke.com

11

osborneclarke.com

11

Contact details – Paul Anning

Paul is head of OC's Financial Institutions Group. He has over 20 years’ experience in the financial services sector across a broad range of work.

He advises clients on the establishment of, and investment into, alternative investment funds – particularly those investing in venture capital, private equity or real estate - as well as M&A transactions, payment services and general regulatory advice.

Paul is rated by Chambers as a leading individual for Private Equity Funds and Non-Contentious Financial Services, which commented in 2015:

"He's a very sensible guy, a very good tactician. Automated payment transactions is one of his areas of expertise."

Paul has market leading experience and expertise in the payments industry where he has guided clients through new product development, regulatory change and transformational projects. He is well versed in the complexities of the payments industry's network arrangements and has a deep knowledge of relevant legal and regulatory developments, both in Europe and elsewhere (through international surveys).

Paul's recent work includes advising on bitcoin and other virtual currencies, various applications to the FCA for authorisation and consumer credit, particularly around the transition from the OFT to the FCA and in relation to the UK’s Green Deal framework.

Paul AnningPartnerT +44 (0) 20 7105 [email protected]

Law Firm of the Year

Legal Business Awards 2015

Law Firm of the Year

The Lawyer Awards 2015

Page 12: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

PSD2 Access to Accounts

Strategy and implementation

Tom Hay, head of Payments Practice, Icon Solutions

17/09/2015

Page 13: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Surf the wave or wipe-out?

17/09/2015 13PSD2 Breakfast Briefing

Page 14: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Thinking strategically

17/09/2015 14PSD2 Breakfast Briefing

Page 15: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Delivering the vision

17/09/2015 15PSD2 Breakfast Briefing

Page 16: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

A platform for the future

17/09/2015 16PSD2 Breakfast Briefing

Page 17: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Controlled Access to Payment Services

September 2015

Page 18: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

• VocaLink firmly believes the opening up of banking services is a good thing to promote

innovation and foster competition for the benefit of service users.

• Observations regarding PSD2:

• PSD2 could bring dramatic changes in merchant payment models, and how customers interact with Banks

• Banks should explore how PSD2 can create opportunities for them, rather than just regulatory compliance

• Modern API infrastructure is required to support emerging TPP’s to decentralise development

• Standardisation of core to prevent fragmentation, aggregation can provide level playing field

• Banks encouraged to allow access in addition to ‘payment accounts’

• Contracts could give TPPs more flexibility, but not mandatory

• Delicate balance of regulatory technical standards; too prescriptive will hamper innovation; too vague

creates fragmentation

VocaLink’s thoughts on PSD2

www.vocalink.com 18

Page 19: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

• Potential for the market to fragment which could create barriers for new entrants

• Variation in standards and expectations will be confusing for users

CAPS Introduction

www.vocalink.com 19

TPP

Bank Bank Bank Bank

TPP TPP TPP

CAPS

TPP

Bank Bank Bank Bank

TPP TPP TPP

versus

Page 20: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

TPPTPP

CAPS Product Overview

www.vocalink.com 20

TPP

CAPS PSD2 Compliance layer

CAPS Framework

CAPS +

TPPTPPBank

TPPTPPTPP

TPPTPPBank

TPPTPPTPP

TPPTPPBank

No CAPSMany to many relationship between TPPs and Banks relying on basic PSD2 interpretation, differing API specifications, lack of trust.

1. CAPS PSD2 Compliance LayerTechnical outsource for Banks. One to many connectivity for TPPs based on a common understanding of PSD2 and APIs. All PSD2 compliant actors able to join.

2. CAPS FrameworkIn addition to compliance layer, defining further common principles such as SLAs, risk, liabilities. Requires sign up to standard framework agreement.

3. CAPS +Additional transactions or access requirements included that are not mandated in PSD2 such as age or address verification.

TPP TPP TPP TPP

TPP TPP TPP

Bank Bank Bank Bank

Bank Bank Bank

Page 21: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

Summary Benefits

www.vocalink.com 21

PSD2 Compliant Improved

Liability Control

Robust Governance

Trusted Network

Data Integrity

and Confidential

itySeamless Operations

Faster on-boarding

for TPPs

Highly Resilient

Global Reach

CAPS

PSD2 believes Strong Authentication is the way forward, to manage complex payment transactions. Thereby maintaining data integrity and strict confidentiality. CAPS will support this requirement.

Removes complexity

for FI’s

Page 22: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

CAPS Framework and CAPS+

22www.vocalink.com

• Standard framework created for all participants to join

• Framework designed not to preclude any reasonable participants

• Promotes a better service since business and operational rules can be clearly defined

• Flexible frictionless authentication since different liability models can be adopted

• Clear on-boarding, liability and dispute handing processes

• CAPS+ promotes services beyond those in PSD2

• Useful for consumers to know that can rely on services from regulated entity, even if the

service is unregulated

Page 23: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

Confidential

TPPs and Financial Institutions

23

Market entry• CAPS will help TPPs, especially new entrants & new models• Standardised approaches will help ease adoption• Framework will help ease process of creating a trusted network• That can be relied on by TPPs, AS PSPs, merchants, and consumers• Risk otherwise that first spate of breaches will taint the whole market

Governance• Rule book• Vision and objectives• Roles and participation• Open framework with objective participation criteria• Business rules• Non-bank TPPs involved in governance• Will evolve as market, technology and regulations evolve

www.vocalink.com

Page 24: PSD2: The Payments World Turned Upside Down? BIN-4237 Thursday 17 th September 2015

17/09/2015 24PSD2 Breakfast Briefing

Questions?