This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Payments & FinTech Lawyer

UK prepares for PSD2 with FCA’s Approach Document and Handbook update and PSR’s monitoring guidance

The UK’s Financial Conduct Authority (‘FCA’) published its Policy Statement ‘Implementation of the revised PSD2: Approach Document and final Handbook changes’ (‘FCA Policy Statement’) on 19 September 2017, following earlier FCA consultations on the implementation of PSD2 and draft authorisation and reporting forms (CP17/11 and CP17/22, released in April and July 2017 respectively). Separately on the same day, the UK’s Payment Systems Regulator (‘PSR’) confirmed its approach to monitoring and enforcing PSD2, publishing guidance (‘PSR Monitoring Guidance’) on how it will monitor compliance with Regulation 61 and Part 8 of the Payment Services Regulations 2017 (‘Regulations’), those parts of the Regulations for which the PSR is the sole competent authority; this Guidance also follows a consultation, which was released in April 2017.

The FCA Policy Statement introduces a number of changes following consultation. Among the key changes are those to the FCA’s Perimeter Guidance Manual (‘PERG’), including as to when e-commerce platforms might fall within the scope of the Regulations. “In addition to confirming that platforms operating under a reseller model fall outside scope, the guidance provides some more colour on platforms that might appropriately rely on the ‘commercial agent exemption,’” explains Nikki Johnstone, Associate at Paul Hastings. “In the FCA’s view, a person will only qualify as a commercial agent where it has ‘the authority to affect the legal relations of [the firm’s] principal, who is the payer or the payee, with third parties and to bind the payer or payee to a purchase.’ Importantly for many platforms operating under a marketplace model, the FCA notes that this definition ‘would not be fulfilled simply by providing the technical means by which a payer places or a payee accepts an order.’”

Of further note in the FCA Policy Statement is some clarification on the FCA’s position in regards to whether firms accessing and processing customer data without interacting directly with the customer need to be authorised or registered, as this issue prompted a number of consultation respondents to question which firm should be regulated where multiple parties are involved as opposed to just the one account information service provider (‘AISP’) being involved in the provision of information. “The FCA sheds some - albeit rather dim - light on this by stipulating in its guidance that the business requiring registration is the one that provides the consolidated account information to the payment service user, even if this is through an agent, in line with that user’s request to the business. As the FCA has also said that, to be an account information service, the service must have had access to payment accounts, it would appear that an AISP needs to have both access to the payment accounts and provide information to the user, whether through an agent or not,” said Emma Wright, Partner at Kemp Little. “Regardless of the number of entities involved, however, the FCA reiterates that the registered AISP will be responsible for any arrangements it puts in place with other firms, which may be considered to be regulated outsourcing arrangements.”

The PSR Monitoring Guidance covers the rules on requests by PSPs to access payment systems, including rules on indirect access to designated systems and on the prohibition on restrictive rules on access to payment systems under Regulation 103 of the Payment Services Regulations 2017.

Indirect access providers do not have to provide access to every PSP that makes such a request, though they must consider each request on its own merits and ensure that requests are treated in an objective, proportionate and non-discriminatory manner. Should the indirect access provider refuse access, it needs to explain to the PSP its reasoning. “The PSR Monitoring Guidance emphasises that reasons for denial of access cannot be ‘blanket or generic’ statements but must be specific,” said Wright. “Further, the PSR has powers, when investigating compliance, to publish details of compliance failure, impose financial penalties and even to seek an injunction to remedy the compliance. These powers stop short of permitting the PSR to direct an indirect access provider to grant access to specific payment services providers; however, the PSR does have the power to require a change of approach to considering access requests as well to require providers to reconsider denied access requests. On its face this should increase PSPs’ ability to gain access to the payment system, but how this plays out in practice remains to be seen.”

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2006.
Can’t find what you are looking for?
Try an Advanced Search

Log in to payments & fintech lawyer
Subscribe to payments & fintech lawyer
Register for a Free Trial to payments & fintech lawyer
payments & fintech lawyer Pricing

Social Media

Follow payments & fintech lawyer on TwitterView our LinkedIn Profilepayments & fintech lawyer RSS Feed