The Payment Services Regulations 2017 – are you prepared?
12 January 2018
To implement the Second Payment Services Directive (PSD2), the majority of the provisions of the Payment Services Regulations 2017 (PSR 2017) will take effect on 13 January 2018. The PSR 2017 will affect a variety of firms including: Banks and Building Societies, Online retailers, Payment aggregators, Credit and Debit card companies and any other firms providing payment accounts, account aggregation and/or initiating a payment order on behalf of its customers. As a consequence several hundred UK firms will become regulated for the first time such as aggregated account management portals, payment initiators and some e-commerce platforms.
What is the background to the PSR 2017?
The PSR 2017 seeks to enable competition and support innovation in payments. Customers will have access to greater choice over how to pay for goods and services, move funds and manage their payment accounts. To enable this banks are required to open up their payment infrastructure and customer data to third party providers (TPPs) that will offer payment and information services to customers. The PSR 2017 also builds on the provisions of the first directive and has touch points with other areas of regulation, most notably across the scope of transactions, security provisions, data protection, conduct, AML, consumer credit and consumer rights. The changes will pose combined compliance and technological challenges for firms.
Other changes in the payments space
The PSR 2017 isn’t the only change to the payments landscape. SEPA instant Credit Transfers and phase one of SWIFT global payment innovation are now live. There is also growing regulatory interest in cryptocurrencies by the FCA and ESMA who are scrutinising initial coin offerings (ICOs) and cryptocurrency contracts for difference (CFDs) to establish whether new rules are needed to regulate the activities involving cryptocurrencies. We expect to see what regulation of cryptocurrency related activities will look like by the end of 2018. We also have some non-bank Payment Institutions being provided access to Real Time Gross Settlement coming later on this year and the Payment Strategy Forum blueprint of the future of UK payment systems passing onto UK Finance and the New Payment System Operator (NPSO) for delivery.
Amid the payments landscape changes, most notably through the PSR 2017 we also have the Open Banking and Competition and Markets Authorities (CMA) remedies for retail banking to increase innovation and improve competition in the market. The introduction of Open Banking requires the nine largest current account providers to make product/reference data, and customer account transaction available to TPPs who with customer consent will be able to initiate payments. We expect the pathway towards Open Banking will be evolutionary as opposed to a ‘big bang’ in part due to some banks delays in meeting Open Banking deadlines.
Dates for your diary
- 13 January 2018 – PSR 2017 go live date
- 13 April 2018 – closure of re-authorisation/re-registration application window for Authorised Payment Institutions (APIs), Electronic Money Institutions (EMIs) and Small Electronic Money Institutions (SEMIs)
- 13 October 2018 – closure of re-registration window for Small Payment Institutions (SPIs)
- September 2019 – Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) expected to go live
- March 2021 – transitional provisions for firms only providing Account Information Services (AIS) and Payment Initiation Services (PIS) ends
Preparations for PSR 2017
In preparing for MiFID II and GDPR, firms affected by PSR 2017 have also been reviewing their payments compliance arrangements. If, however, your firm is feeling less than fully prepared, here are some steps you can take:
- Ensure senior management are engaged with the changes
- Undertake a gap analysis of your current Payment Services policies and procedures against the PSR 2017
- Update your policies and procedures to be aligned with the PSR 2017, and the control enhancements required
- Train relevant members of staff on the changes to your policies and procedures
- If you are an Authorised Payment Institutions, Authorised e-money Institutions or Small e-money Institution you must re-apply for authorisation to the FCA by 13 April 2018 to continue providing services on or beyond 13 July 2018
- Small Payment Institutions must re-apply by 13 October 2018 to the FCA to continue providing services beyond 13 January 2019
If you would like some help Bovill has the expertise to support your implementation of the PSR 2017. We are happy to:
- Conduct a PSR 2017 gap analysis on current state versus the Payment Services Regulations 2009
- Update your PSR policies and procedures
- Work with you to draft your re-authorisation application.
- Provide training to senior management and relevant members of staff on how the PSR 2017 effects their roles