Introduction on Global E-Payments Guide by Aliant Corporate PAG.
Global E-payments Guide was created by Aliant’s Corporate Practice Group, where our experienced and well established lawyers from France, Italy, the Netherlands, Finland, Cyprus, U.K, Israel, U.S.A and China have answered some fundamental and up-to-date questions on E-payments. If you are interested in E-payments in any of the beforementioned countries please follow this five part series.
What do we mean by e-payments?
By “E-payments” (also called digital payments), we mean any payment for a good or service without the use of cash, made electronically, i.e. telematically or by internet, using an electronic device (from the traditional payment cards to computers, smartphones, tablets, smartwatches, as well as the Point Of Sale or “POS”, either contactless or with magnetic stripe reading).
Why are e-payments important?
Even before the pandemic, global digital payments industry has been involved in many innovations, including mobile wallets, P2P mobile payments, real-time payments and cryptocurrencies. This new, simple-to-use, cashless payment methods have become an appealing alternative for billions of people and attracted many users.
Over the years, China and the United States developed into the world’s leading digital payments markets, but Europe is set to witness the most impressive digital payments growth. However, with social distancing rules in place, more people started embracing contactless payments as a safer way to manage their money in both developed and emerging countries and consumers are increasingly inclined to use E-payments.
From the side of the E-payment service providers, even large players such as Amazon, PayPal, Apple and Facebook are continuously investing in online and mobile payment solutions and the ongoing changes in e-commerce solutions, with the transition from individual separate online shops to integrated platforms, is creating space for new business models and new opportunities for E-payments.
In conclusion, due to fast technological developments and the increasing of consumers attitude to pay products and services by their online banking accounts as well as by E-payments and mobile payments via smartphone applications, the transition to a cashless society is inevitable and irreversible, therefore this sector is very profitable at the present and will remain productive for a long time.
Do you need any help in e-payment market?
If you are an entrepreneur who wants to succeed in the E-payments market, you know that in the era of global e-commerce, after launching your services locally, you have to spread beyond national borders and therefore operate in different countries, often subject to very different rules and policies.
How do you choose where to start an E-payment service or in which country is it preferable to expand a service already successfully launched in your country? Are administrative authorisations and/or specific requirements to operate payment services? Which activities are allowed? Are there public supervisory auditing of the activity?
To help tackle these questions, Aliant presents an overview of the different legal frameworks for payment services around the world which, without being considered exhaustive or as a legal opinion, aims of providing entrepreneurs and investors who operate internationally and who are interested in payment services with a preliminary tool for choosing the markets in which to launch or expand their payment services.
This general information is merely offered on the basis that it is not a substitute for legal advice and we cannot accept any kind of liability incurred in reliance on their content.
Of course, for any in-depth analysis or specific legal assistance in this sector, Aliant’s experts are available to advise and share their global expertise in the field of digital payments.
Is there any regulation in your country covering e-payment services? Are there any regulatory / supervisory authorities on the matter and, if so, what are they?
European Union (EU)*
European laws are divided into Regulations, which are directly applicable within the Member States, and Directives, which need instead transposition in each Member State
The main regulations related to e-payments are:
- Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD2), which replaced Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 (PSD)
- Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009, on the taking up, pursuit and prudential supervision of the business of electronic money institutions (EMD)
- Regulation (EC) No 924/2009 of the European Parliament and of the Council of 16 September 2009 on cross-border payments in the Community, as amended by Regulation (EU) 2019/518 of the European Parliament and of the Council of 19 March 2019
- Regulation (EU) No 2015/751 of the European Parliament and of the Council of 29 April 2015 on interchange fees for card-based payment transactions
- EU Commission’s Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication
The EU institutions directly or indirectly involved are essentially
- the European Banking Authority – EBA established by the Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority,
- the EU Commission’s DG FISMA – The Directorate‑General for Financial Stability, Financial Services and Capital Markets Union, that is the Commission department responsible for EU policy on banking and finance, and
- the European Central Bank – ECB, while each Member State designates competent authorities responsible for the authorisation and prudential supervision.
* In order to create a single payment area where European citizens and businesses have easy access to safe cross-border payments with the same charges and the same rules the EU adopted in 2007 the first payment services directive (the so-called PSD1) applicable inside the European Economic Area to all payments executed in other way that cash, electronic payments included, establishing the rights and obligations related to this kind of services as well as the set of information that operators must give to users, and introducing a new figure of financial intermediary (payment institutions) allowed to provide payment services in competition with banks.
A new directive on payment services has been adopted in 2015 and became applicable starting from 2018 (the so-called PSD2) with the aim to improve the first set of rules and include new digital payment services, such as mobile and internet payment services, preserving consumers from frauds and abuses
France, as an EU Member State, is subject to European regulation as primary legislation on this matter.
In French law, the regulations relating to e-payment services are mainly included in the French Monetary and Financial Code. Articles L314-1 et seq. of the said Code thus relate to payment services. Articles L521-1 et seq. of the Code deal with payment service providers. Electronic payment services are not mentioned as such but are covered by these provisions.
This French regulation comes mainly from two European directives: Directive 2007/64 / EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market (PSD) and Directive (EU) 2015/2366 of the Parliament European Union and of the Council of 25 November 2015 on payment services in the internal market (PSD2). This latter directive has been transposed into French law by law #2016-1321 of October 7, 2016 and ordinance #2017-1252 of August 9, 2017.
The body in charge of regulating players in the payment services market is the Prudential Control and Resolution Authority (in French « ACPR »). This administrative authority is part of the Banque de France and is more generally in charge of the supervision of the banks in France.
The main Italian laws relating to e-payment services, deriving essentially from EU rules, are the following:
- Legislative Decree No. 385/1993 (referred to as the Consolidated Law on Banking – in Italian “Testo Unico Bancario” or TUB) which includes numerous provisions implementing PSD2;
- Legislative Decree No. 11/2010, which transposed PSD;
- Legislative Decree No. 218/2017, which modified Legislative Decree No. 11/2010 to implement PSD2;
- Legislative Decree No. 36/2020, which modified Legislative Decree No. 218/2017 to adapt national provisions to the Regulation (EU) 2015/751 on interchange fees
- Supervisory provisions for Payment institutions and Electronic Money Institutions of 23 July 2019 issued by Bank of Italy, which is the designated national Supervisory Authority;
- Provisions on transparency of banking and financial transactions and services of 29 July 2009 (and its subsequent amendments) issued by Bank of Italy, which includes rules on Payment Institution and Transparency of conditions and information requirements for payment services
The Netherlands, as an EU Member State, is subject to European regulation as primary legislation on this matter.
In the Netherlands, the Financial Supervision Act (Wft) covers the subject of e-payment services. De Nederlandsche Bank (DNB) is the supervising authority on this matter.
Furthermore, there is a section in the Dutch Civil code (Burgerlijk Wetboek 7) which deals with the relationship between e-payment service users and e-payment service providers.
The Sitchting Authoriteit Financiële Martken (AFM) deals with the supervision of this legislation.
Finland, as an EU Member State, is subject to European regulation as primary legislation on this matter.
The main laws relating to e-payment services are:
- Act on Payment Institutions (297/2010);
- Act on Payment Services (290/2010);
- Act on the Activities of Foreign Payment Institutions in Finland (298/2010);
- Act on Preventing Money Laundering and Terrorist Financing (444/2017);
- Act on Bank and Payment Account Monitoring System (571/2019).
The Finnish Financial Supervisory Authority (FSA) is the key regulatory authority responsible for the financial services sector, governed by the Finnish Act on the Financial Supervisory Authority (878/2008).
Regional State Administrative Agencies are responsible for a minor area of the financial sector, governed by the Finnish Act on Regional State Administrative Agencies (896/2009).
European laws are applicable either with direct effect or via transposition to Cyprus law.
The main laws related to e-payments are:
- Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD2), which replaced Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 (PSD). This is transposed into Cyprus Law via the Payment Services and Access to Payment Systems Laws of 2018, PS Law, (as amended).
- Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009, on the taking up, pursuit and prudential supervision of the business of electronic money institutions (EMD). This is transposed into Cyprus Law via the Electronic Money Laws of 2012(as amended).
- Regulation (EC) No 924/2009 of the European Parliament and of the Council of 16 September 2009 on cross-border payments in the Community, as amended by Regulation (EU) 2019/518 of the European Parliament and of the Council of 19 March 2019 – this has Direct Effect.
- Regulation (EU) No 2015/751 of the European Parliament and of the Council of 29 April 2015 on interchange fees for card-based payment transactions – this has Direct Effect.
- EU Commission’s Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication- this has Direct Effect.
The Cyprus institutions directly or indirectly involved is:
The Central Bank of Cyprus is designated as the competent authority of the Republic of Cyprus responsible for the authorisation and prudential supervision of the payment institutions PSPs and EMIs in Cyprus.
UNITED KINGDOM (UK)
In the UK, e-payment services are governed by the Electronic Money Regulations 2011 (EMR 2011) and the Payment Services Regulations 2017 (PSR 2017).
There are strict rules and restrictions for UK businesses providing payment services and/ or issuing e-money in the UK as a regular occupation or business activity. These businesses must be authorised or registered by the Financial Conduct Authority (FCA). Providers and operators of electronic payment systems are regulated by the FCA, the Prudential Regulation Authority and the Payment Systems Regulator.
There are no specific rules or restrictions for digital businesses making use of electronic payment systems provided by other businesses.
Relevant regulatory and supervisory authorities are:
- Competition and Markets Authority (CMA)
- Payment Systems Regulator (PSR)
- Financial Ombudsman (FO).
In Israel, the main laws relating to e-payment services are:
- Paragraph 7D-7F of the Banking Law (Client Service)-1981 (“Banking law”)
- The Debit Cards Law – 1986 (please note that this law refers both to credit cards and debit cards)
- The Supervision of Financial Services (Regulated Financial Services) law – 2016 covers the regulation and supervision of e-payment. (“Supervision of Financial Services law”)
- The Payment Services Law – 2019, which covers all types of payments including e-payment from a client prospective. (Payment Services Law);
- Bank of Israel regulations, July 2016 (“the regulations”).
Besides the regulations the Bank of Israel put out a call for proposals regarding payments with cell–phones in general and peer to peer payments specifically. It is worth bearing in mind that due to this there will most likely be policy and regulation changes in the future.
UNITED STATES of AMERICA (USA)
In the United States the existing laws and regulations on e-payments are evolving. Most of these laws were intended to apply to banking institutions and may or may not apply to non-bank payment service providers. Because a lot of the laws are intended to protect consumers, some laws may apply only to the front (consumer) facing service providers, and may not apply to the back-end providers that focus on clearing, settlement, and processing of payments.
In the United States, electronic payments are governed by the Financial Services Modernization Act, passed in 1999. The primary purpose of the act is to protect consumer privacy, and the act applies broadly to anyone who obtain a financial product or service from any financial institution, whether it is done online or through brick-and-mortar. The information protected by the act is the consumer’s non-public information, including name, address, income, age, and tax identification number.
The primary enforcer of the act is the FDIC (the federal government agency that governs U.S. banks), but rules under this act have also been issued by the Federal Trade Commission (the so-called Red Flag Rules) and other agencies.
FTC’s Red Flag Rules require banks and lenders that accept e-payments (including card-not-present credit card transactions) to implement and identity theft prevention program that will be on the lookout for the “red flags” of identity theft.
Interestingly, most of the security protocols for e-payments are not government promulgated. Instead, most of the security measures were created and are enforced by the Payment Card Industry Security Standards Council. The Council is a coalition of major players in the financial services market, including American Express, Discover, JCB International, and Visa.
Finally, a fast-growing aspect of e-payments is the issuance of non-bank e-money. Last year the United States issued the US STABLE Act, that proposes to regulate stablecoins.
The regulations for managing, administering, controlling e-payment services by non-financial Institutions in the People’s Republic of China (PRC) are mainly:
- the Administrative Measures for the Payment Services Provided by Non-financial Institutions (hereafter referred to as the Measures), and
- the Detailed Rules for Implementation of the Administrative Measures for the Payment Services Provided by Non-financial Institutions (Hereafter referred to as the Detailed Rules for the Measures).
The Measures and the Detailed Rules for the Measures were formulated according to the Law of People’s Bank of PRC.
Besides these laws and regulations, we also have the Law for E-commerce of PRC, the Law for Cyber Security of PRC, the Law for Data Security of PRC; the Law for Protection of Personal Data of PRC, the Law on Protection of Consumer Rights and Interests of PRC, the Civil Code of PRC, the Criminal Law of PRC etc for governing certain activities related E-payment services.
According to the above laws and regulations, the regulatory/supervisory authorities managing, administering, controlling and supervising e-payment services include Administration for Market Regulation at all levels (including State Administration for Market Regulation); the People’s Bank of China (PBC); Ministry of Industry and Information Technology of PRC; the Ministry of Public Security of PRC, Administration for Telecommunications.
Which e-payment services are allowed in your country?
EUROPEAN UNION (EU)
According to Annex I of PSD2, e-payment services include:
- services which allow cash to be placed on a payment account (and all the operations required to operate the account);
- services which allow which allow the withdrawal of cash from a payment account (and all operations required for the operation of the account);
- execution of payment transactions, including direct debits (also one-off direct debits), payment transactions through a payment card or similar device and credit transfers, including standing orders;
- execution of payment transactions (direct debits – including one-off direct debits, payment transactions through a payment card or similar device and credit transfers, including standing orders) where the funds are covered by a credit line for a payment service user;
- issuing of payment instruments and/or acquiring of payment transactions;
- money remittance;
- payment initiation services (first of two new services allowed by rules on open banking provided for by PSD2), that means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider;
- account information services (second new service allowed by rules on open banking provided for by PSD2), which is an online service which provides consolidated information on payment accounts held by a User with PSPs.
Authorised PSPs are also entitled to execute operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data.
E-payment rules instead do not apply to payment transactions made exclusively in cash and other paper-based payment transactions (as cheques, drafts, vouchers, traveller’s cheque etc.), as well as professional physical transport of banknotes and coins, payments related to securities asset servicing and other services provided for by art. 3 of PSD2.
Some examples of electronic payment services authorized in France (the list is not exhaustive):
- Transfers and e-wallet
- Online payment solutions for an e-commerce site and platform
- Automated transfer solution
- Banking aggregation and payment initiation solution
- Online funding pot.
In Italy, the e-payments allowed are exactly the same as those provided for by EU regulations, i.e. services enabling cash to be placed on and / or cash withdrawals from a payment account, execution of payment transactions, issuing of payment instruments and/or acquiring of payment transactions, money remittance and the new two services allowed by rues on open banking provided for by PSD2, namely payment initiation services and account information services.
E-payment services in Italy, therefore, range from traditional payment instruments (also called “Old Digital Payments”), such as credit transfers, direct debits and credit and debit cards, to more innovative services (also called “New Digital Payments”), such as:
- Electronic credit transfer;
- Payment initiation services (“PIS”);
- Staged wallet;
- Instant payment;
- Card issuer services (“CIS”);
- Account information services (“AIS”).
- Mobile-payments (“M-payments”), both remotely (“Mobile Remote Payments”) and via POS devices in shops (“Contactless payment”);
- Mobile POS and Smart POS.
The Wft distinguishes seven types of payment services. These can occur independently or in combination with each other. The payment services are listed in the appendix to the European Payment Services Directive (2007/64/EC). This concerns the following payment services:
- Services offering the option of placing cash in a payment account as well as all operations required to operate a payment account: this concerns the service offering the option of placing cash (coins or banknotes) on a payment account with the provider of this service. A company that has a payment account as a product in which cash can be deposited into that account, offers this service.
- Services offering the option of withdrawing cash from a payment account as well as all operations required to manage a payment account: this service concerns the option of withdrawing cash or bank transfer money that is held on a payment account with the service provider. A company that has a payment account as a product with a payment instrument (such as a debit card) with which cash can be withdrawn from that account, offers this service.
- Execution of payment transactions, including transfers of funds, on a payment account with the user’s payment service provider or with another payment service provider: this payment service concerns the execution of payment transactions, that is to say: the execution of an order to transfer, deposit or withdraw money from a payment account. It does not matter whether it concerns a payment account with the provider of this service or a payment account with another payment service provider:
- Execution of payment transactions where the funds are covered by a credit line provided to the payment service user: in principle, service 4 is the same as service 3, on the understanding that service 4 involves a credit line. This may include the situation in which the amount to be paid is advanced by the payment service provider or services relating to the operation of a payment account (service 1/2) on which overdrafts are permitted.
- Issuance and/or acceptance of payment instruments: a payment instrument is a means or method by which an order for payment can be given. Debit cards and credit cards are examples of this. The instrument can be a physical object, such as a card, or a logical remote communication procedure, such as a password or ‘TAN code’.
- Money transfers: The provision of the ‘money transfer’ service is when, without opening an account, money is received from a payer for the sole purpose of transferring the corresponding amount directly to a payee or to another payment service provider that transfers the funds. to the ultimate beneficiary. Money transfers (or money transfers) are in practice mainly provided for the purpose of transferring money to beneficiaries abroad, especially to countries with a less developed banking system and where the use of bank accounts is less common. Money transfers are also used for unexpected urgent payments.
- Execution of payment transactions where the payer’s consent to a payment transaction is communicated by means of a telecommunications, digital or IT instrument and the payment is made directly to the operator of the telecommunications services, IT system or network, acting solely as intermediary between the payment service user and the person supplying the goods or providing the services: This service only relates to payment services provided by a telecommunications, IT or network operator. Examples of such operators are a telecom provider, a cable operator or an internet provider.
Payment services allowed in Finland are:
- Online banking;
- digital wallets;
- mobile payment services;
- electronic bank card payment services;
- contactless payment services, and
- payment services utilising tokenization (a technique that allows making a payment using an algorithmically generated number, instead of having to disclose any banking or credit card details).
Annex 1 of the PS Law, enlists the below Payment Services:
- Services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account.
- Services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account.
- Execution of payment transactions, including transfers of funds on a payment account with the user’s payment provider or with another payment service providers)
- Execution of direct debits, including one-off direct debits; b) execution of payment transactions through a payment card or a similar device; c) execution of credit transfers, including standing orders.
- Execution of payment transactions where the funds are covered by a credit line for a payment service users) Execution of direct debits, including one-off direct debits; b) execution of payment transactions through a payment card or a similar device; c) execution of credit transfers, including standing orders.
- Issue of payment instruments and/or acquiring of payment transactions.
- Money remittance.
- Payment initiation services.
- Account information services.
E-payment services, therefore, range from traditional payment instruments used online to more innovative services such as payments via mobile phones and tablets, contactless cards and solutions based on mobile phones or tablets using near field communication technology (so-called NFC) to enable payment by tapping the devices on a contactless payment terminal.
Authorised PSPs are also entitled to execute operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data.
E-payment rules instead do not apply to payment transactions made exclusively in cash and other paper-based payment transactions (as cheques, drafts, vouchers, traveller’s cheque etc.), as well as professional physical transport of banknotes and coins, payments related to securities asset servicing and other services provided for by art. 3 of PSD2 (art. 18 of the PS Law).
UNITED KINGDOM (UK)
The following types of firms will require authorisation or registration for their payment services activities, amongst others:
- money remittances;
- payment services offered by certain electronic communication network operators;
- issuing of non-bank credit card;
- acquiring of merchant firms for the acceptance of payment services
- payment initiation services;
- account information services.
In Israel, there are not of e-payment services which are restricted in Israel.
The most common e-payment services are:
- credit cards,
- electronic banking and
- payment apps.
UNITED STATES OF AMERICA (USA)
The United States allows all conceivable variations of e-payments, including:
- card-not-present transactions
- wire payments
- various forms of crypto currency, and
- mobile device enabled payments, including peer-to-peer systems.
According to the Measures and the Detailed Rules for the Measures, “payment services provided by non-financial institutions” refers to some or all of the following monetary capital transfer services provided by non-financial institutions as middlemen between payers and payees:
- Payment through the network (refers to the transfer of monetary funds between payers and payees via public or private networks, including currency exchange, internet payment, mobile phone payment, fixed phone payment, payment by digital TV etc);
- Issuance and acceptance of prepaid cards (refers to cards with prepaid values which are issued for making profits and are used for buying goods or services at institutions other than the issuers, including those issued in the form of cards or passwords by adopting such technologies as magnetic stripes or chips);
- Bank cards acquiring (refers to the collection of monetary funds on behalf of franchised merchants of bankcards via the POS terminals);
- Other payment services as specified by the People’s Bank of China (PBC).