EU Retail Payments: 3 Say No Way. 2 Say Part Way.

Posted June 10, 2015

Three EU Countries Unable to Comply; Two Will Partially Comply with European Banking Authority’s Online Payment Guidelines

The European Union’s European Banking Authority or EBA has set minimum standard security guidelines for protecting European consumers from payment fraud. While scheduled to come into force on August 1st, the UK, Slovakia and Estonia have said they are unable to comply and Cyprus and Sweden will only be able to comply partially.

A story on out-law.com explains the various reasons why the five EU countries will not be in full compliance by the August deadline. The following has been excerpted from the out-law.com story and edited to fit our format. You may find the complete, unedited article by clicking on this link.

Minimum requirements temporary

They are an interim measure until the upcoming revised Payments Services Directive (PSD2) comes into force in 2018/19. The European Commission Council and Parliament are currently in the final negotiation stages of PSD2.

Comply or explain why not

The guidelines as based on a “comply or explain” principle, the EBA said, in that national authorities have to notify the authority of whether they will comply, and give reasons if they will not.

The UK’s noncompliance excuse

The UK’s Financial Conduct Authority (FCA) said that it will not be compliant because it “does not have the power without legislative change to make binding rules requiring all payment service providers (credit institutions, payment institutions and e-money institutions) comply with the EBA Guidelines.”

It will, however, incorporate the detail of the guidelines in its supervisory framework, and will subsequently add further guidelines under PSD2. The FCA is, it said, “fully supportive of the objectives behind the EBA Guidelines….”

Noncompliance may not be an option

“[Businesses which] operate on a cross-border basis, perhaps with a website targeting Spanish or German customers, will need to be aware that they could still be caught by compliance requirements from August of this year,” said [Angus McFadyen of the UK law firm Pinsent Masons.]

Noncompliance because we don’t want to?

Slovakia and Estonia also said that their current national frameworks will not allow compliance.

Can’t comply with certain clauses

Sweden and Cyprus named specific clauses which they will not be able to meet.

The EBA released details of the compliance notifications as part of an announcement about its on-going work on harmonizing regulatory and supervisory practices in payment services across Europe.

Down the road

The EBA is developing requirements to fulfill its mandates under the revised Payments Services Directive (PSD2) and the Interchange Fee Regulation (IFR).

Once PSD2 is agreed, the EBA will work with the European Central Bank to improve operational and security requirements for payment services. The EBA will also approach the industry and “other interested parties” to gather input on its plans.

ThreatMetrix

ThreatMetrix

close btn