LANDING IN EUROPEA REGULATORY APPROACH
Ignacio González-Páramo, Vice President Global Compliance, Payvision
A presentation for CNP EXPO 2014 – GRAD SCHOOL
19 May 2014, Orlando | Florida
Structure and goals of the presentation
• Understand why a regulatory approach is needed.
• Get familiar with: Main actors in the EU Policy making process. Types of EU legal and regulatory instruments. Key pieces of legislation (for the payments business). Specific issues to overcome.
• Provide guidance on regulatory hurdles and how to overcome them.
Strategic alliances & partnerships. Licensing options.
1. Introduction
www.payvision.com
Handling the legal & regulatory boundaries
• Business now global; regulation does not keep up to speed and it’s too complex (stopper).
• Regulation can be shaped: Engagement with policy makers. Networking, knowledge sharing, training (here we are!).
2. Why is EU Regulation strategically important?
www.payvision.com
EU Payments business is at a new stage:
• SEPA (Single Euro Payments Area) - EU initiative (governments, European Commission, European Central Bank) for:
Harmonizing € payments market (1 currency, 1 market) and increasing competition (among banks and B2C providers).
Enabling customers to make cheaper & faster cashless € payments to anyone located in the area, using 1 account and 1 set of payment instruments.
• SEPA region: EU + Iceland, Liechtenstein, Norway, Switzerland, Monaco, San Marino.
3. Who is who in EU Policy making process
www.payvision.com
EU Parliament (EP)
• Only directly-elected body of the EU.• Draft, amend & adopt legislative proposals (Directives,
Regulations) jointly with EUC (co-decision process ).• Organizes its work through a system of specialized
committees.
EU Council (EUC)
• Represents governments of EU Member States.• Any EU legislative pertaining to SEPA (Directive,
Regulation) would have to be approved by them and EP to take effect.
EU Commission (EC)
• Independent body; ensures EU law is properly applied - by individuals, national authorities and other EU institutions.
• Can impose sanctions on individuals/Corps who break EU law.
3. Who is who in EU Policy making process (2)
www.payvision.com
European Central Bank (ECB)
• ECB = central bank for EU single currency.• Main task:
Guaranteeing price stability (growth, not part of statutes).
Integrating € payments market & monitoring SEPA progress (issuing reports and “recommendations” –e.g. Secure Pay Recommendations for Internet Payments).
European Banking Authority (EBA)
• Independent EU Authority with supervisory role.• Co-op. with ECB in issuing compliance guidelines.
European Payments Council (EPC)
• Coordination & decision-making body of EU banking industry in relation to payments. Purpose: support & promote SEPA.
• Several responsibilities, amongst others, issuing voluntary initiatives (e.g. SEPA Cards Framework, aka SCF).
4. Types of legal instruments in the EU
www.payvision.com
EU directives
• Lay down end results that must be achieved in every Member State.• National authorities to adapt their laws to meet goals, but free to decide how to
do so (as long as they meet the deadline). • Scope: one or more Member States, or (most often) all of them.• Goal: to align national laws as much as possible.• Issued jointly by EP and EUC (co-decision).
EU regulations
• Most direct form of EU law – once passed, have binding legal force in all Member States.
• Passed either jointly by EUC & EP, or by EC alone.
EU decisions
• EU laws relating to specific cases, coming from EUC (sometimes jointly with EP) or the EC.
• Scope: specific cases only, involving particular authorities, Corp´s, sectors, individuals, etc.
• Can require affected parties either do or not do something, & can confer rights on them.
5. Key pieces of legislation – for CNP payments (1)
www.payvision.com
Payment Services Directive (PSD)
• Goals: Increase competition (e.g. creating Payment
Institutions). Gain clarity & simplicity (1 set of rules -information
requirements, rights/obligations for provision of services).
Ensure a high level of consumer protection.
• New developments around the corner (PSD2), with the aim of:
Enhancing competition (e.g. access to bank accounts). Introducing changes in scope: new services (e.g.
payment initiation) and new actors (Third Party Providers –TPPs-).
EBA granted with broader role in terms of guidance and supervision (to facilitate compliance).
Relevant factors for CNP business (e.g. new security requirements, like mandatory strong customer authentication for e-payments, unless exemption by EBA guidelines).
5. Key pieces of legislation – for CNP payments (2)
www.payvision.com
Regulatory trends on interchange fees (IF)
• IF (def.): fees paid between banks for accepting card-based transactions.
• Current framework (Decisions issued by EC). Card schemes´ commitments for personal debit & credit (commercial cards:
N/A). Caps: 0.2% (debit) and 0.3% (credit). MC: only applicable to intra-EU/EEA txns. Visa Europe wider territorial scope:
Applies to intra-VE region txns (i.e. also to non-EEA countries; e.g. Turkey, Israel).
• Future framework. Consistent evolution….but likely introducing some changes:
EP Proposal for EU Regulation on interchange fees. Changes in business rules (e.g. surcharging). Potential inclusion of commercial cards.
Inter-regional (e.g.: US cardholder in EEA merchant”). N/A yet: EC continues proceedings against Visa Inc. to look into it.
5. Key pieces of legislation – for CNP payments (3)
www.payvision.com
Data Protection (DP) Directive - Directive 95/46/EC
• Current framework (FW) has flaws. The strictest regime (far-fetched, disregard for business reality). National implementation by each country regulator (local deviations):
Multiple requirements & implementation policies. Need to deal with several Data Protection Authorities (DPA).
Not able to cope with current challenges, as was laid down when: Personal data not as important as now. Less players in the value chain, less mainstream technologies.
• EP Proposed EU Regulation (likely to be published in 2015, the soonest). Supposed to increase harmonization (EU Regs’ direct applicability, “one
stop shop”) & consumer protection (implied consent not allowed). And to reduce bureaucracy.
Extended territorial scope (might apply to companies without establishment & equipment in EU, if they process EU citizen’s data).
Many issues remain unsolved: increased red tape (–e.g. many new & mandatory impact assessments-); fragmentation, conflict with AML.
www.payvision.com
5. Key pieces of legislation – for CNP payments (4)
Third AML/ATF Directive (AMLD3) – Directive 2005/60/EC
• Goal of AML/ATF rules: to identify any transaction that seeks to conceal or disguise the nature or origin of funds derived from illegal activities or that will be used to channel money for terrorist purposes.
• Current FW (AMLD3) has many flaws: Minimum harmonization instrument (even more local deviations). Conflict with DP and PSD rules (which is the greater good?). Requirements are not proportional (competition implications).
• Proposed FW (AMLD4): Still a minimum harmonization instrument. Still a difficult interrelationship with DP (e.g. profiling, data
retention) and PSD (e.g. factually disables cross-border licenses). Theoretically, further sticks to Financial Action Task Force (FATF)
guidance.
www.payvision.com
Local approach for a global business• Local/regional rules to regulate a borderless environment, with impact:
On competition. Hurdle for cross-border and global players, particularly SMEs, who might not
have enough resources for compliance. Lack of proportionality, too many regulations to control.
On customer experience, which is different depending on applicable local law (e.g. PSD2 Security requirements).
Overregulation, complexity• The more regulations, the less consistency, and the more complexity:
Overlaps, conflicts & inconsistencies between the initiatives. Complexity: too many initiatives (either too vague or too prescriptive).
• Actual or proposed rules cover subjects that are already well managed through self-regulation (is this timely and/or necessary?).
E.g.: 2-factor authentication mandate in PSD2.
6. Issues to overcome (1)
www.payvision.com
Fragmentation• Main reason: lack of co-operation between home and host regulators.
Too much is being left to development by supervisory bodies (that are under budgeted).
• Result: players with cross-border license to deal with numerous regulators & regimes (higher compliance costs, complex framework -especially AML-).
6. Issues to overcome (2)
7. And then, what? (1)
www.payvision.com
Having the right EU partnerships
•The right EU partner (especially if it has a global focus) will help you to: Learn from its expertise and deal with the complexities of a fragmented
market, constantly flooded with new regulations and legislation. Shape the legislative process to your interest and business convenience
(especially if it has connections with EU & local regulators/policymakers). Gain contact/access with regional schemes (Visa Europe, MC Europe). Gain access to its partner’s network. Reduce fixed overhead (outsourcing, scale economies).
7. And then, what? (2)
www.payvision.com
Licensing
•A license is not a must if you wish to do business in Europe. PSPs can operate through the partner’s license. If wider presence is wanted, a partner with cross-border license is best.
•If willing to operate in EU in own name and risk license is necessary. Picking the right country of establishment is key; facts to bear in mind:
Reputation. Business wise: not all regulators have the same procedure in place. The line of business one wants to be in (the regulatory approach to
certain sectors vary on a country-by-country basis).
8. One last tip
White Paper: “Insight into SecuRE Pay recommendations for Internet payments”.
• Authors: Mark Baaijens, Nick Smaling and Yara van Hal (Innopay).
• Editors: Ignacio González-Páramo and Rolf Visser (Payvision); Douwe Lycklama
(Innopay).
• This document provides useful insights for professionals in the online payments industry including banks, policy makers, scheme operators, merchants, acquirers and PSPs.
Chapter 1: An introduction to the security of Internet payments. Chapter 2: The SecuRe Pay recommendations. Chapter 3: The survey results. Chapter 4: Discussion on the strengths and weaknesses of the
recommendations. Chapter 5: Possible ways forward and conclusions.
• DOWNLOAD: http://www.payvision.com/white-papers