I know we're all pretty up-to-speed with the latest in European payment regulations this year, but I figured I'd give a quick recap.
In the rapidly evolving European payments landscape, understanding and adapting to regulatory changes are essential for businesses and entrepreneurs. Compliance ensures transaction security and improves credibility, providing a competitive advantage in the global market. Failure to comply can lead to severe penalties, therefore, staying informed and compliant is paramount in 2024 and beyond.
Efforts to combat money laundering and terrorism financing are a top priority globally, in the EU, and at national levels. However, current laws unintentionally burden legitimate public-benefit organisations like foundations with excessive reporting requirements and hinder their access to essential services due to bank de-risking practices. This limits their ability to provide humanitarian aid, social services, education, cultural support, and fight climate change, as well as hampering governmental accountability and anti-corruption efforts.
On July 20, 2021, the Commission unveiled its series of legislative proposals designed to improve the European Union's regulations concerning anti-money laundering (AML) and combating the financing of terrorism (CFT). This package includes:
On 18 January 2024, the EU Council and European Parliament reached a provisional agreement on two important pieces of the EU AML and CFT package: the new AML/CFT Regulation (which contains directly applicable rules on Beneficial Ownership) and 6th EU AML/CFT Directive.
With the new package, all rules applying to the private sector will be transferred to a new regulation, while the directive will deal with the organisation of institutional AML/CFT systems at a national level in the member states.
The provisional agreement on an AML regulation will, for the first time, exhaustively harmonise rules throughout the EU, closing possible loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
The agreement on the directive will improve the organisation of national AML systems.
The texts will be finalised and shared with member states' representatives in the Committee of Permanent Representatives and the European Parliament for approval. If accepted, the Council and the Parliament will formally adopt them before publication in the EU's Official Journal and enactment.
Europe is undergoing a significant overhaul of its instant payment capabilities, aiming to streamline systems and improve experiences across the Single Euro Payments Area (SEPA). This initiative seeks to position Europe as a key player in unified payment innovation.
Established in 2002, the Single Euro Payments Area (SEPA) aimed to streamline euro-denominated bank transfers and facilitate cross-border payments within the European Union. In 2008, the SEPA Credit Transfer (SCT) scheme allowed electronic euro payments between any bank accounts in the SEPA area, though processing could take a day. As digital technology advanced, demand grew for faster payment solutions to replace traditional, slow bank transfers.
In response to this demand, the European Payments Council (EPC) introduced the SEPA Instant Credit Transfer (SCT Inst) scheme in November 2017. This scheme enables instant euro payments, with funds being credited to the recipient's account within seconds, 24/7/365.
Despite its potential, adoption has been slow and despite industry desires for instant transactions, the fragmented market has hindered progress.
Currently, instant payments account for just 7% of all electronic payments in Europe and, despite being launched in 2017, as of 2023 only 15% of euro credit transfers are instant (SCT Inst).
Regulatory bodies like the European Central Bank, the European Commission, and the European Payments Council are leading efforts to drive improvements in this space.
In November 2023, the Council of the EU announced a provisional political agreement with the European Parliament on the instant payments proposal. This agreement aimed to improve the availability of instant payment options in euro for consumers and businesses in EU and EEA countries, within the context of completing the Capital Markets Union. The proposal, initially drafted by the European Commission in October 2022, introduced amendments to the 2012 Regulation on the Single Euro Payments Area (SEPA) by incorporating specific provisions for instant credit transfers in euro.
The updated regulations aimed to modernise the 2012 SEPA Regulation, ensuring that instant payments in euro were quick, affordable, secure, and efficiently processed across the entire EU. Instant payments offered swift solutions for citizens, meeting various needs such as receiving funds promptly during emergencies or settling shared costs instantly.
Under the new regulations, payment service providers (PSPs) dealing with euro credit transfers were required to offer instant payments to all customers at comparable costs to traditional transfers. They were also responsible for confirming payments reached the intended beneficiary and raising alerts in case of potential errors or fraud before completing transactions.
Moreover, the rules ensured effective sanctions screening through a harmonised procedure, mandating instant payment providers to check clients against EU sanctions lists at least daily, rather than screening individual transactions.
From the European regulator's perspective, there's a clear intent to accelerate the adoption of instant payments, addressing the current status quo and sovereignty issues in the European payment landscape.
This regulation obliges banks and PSPs to comply, ensuring that both EU citizens and companies benefit from instant payments. It represents a significant milestone, establishing instant payments as the new norm across the EU.
On 7 February 2024, the European Parliament endorsed a regulation mandating instant payments, requiring credit transfers to be executed within ten seconds across the EU. The text was adopted with 599 votes to 7 and 35 abstentions..
Subsequently, on 26 February 2024, the European Council adopted the Instant Payments Regulation, fully enabling instant payments in euro for consumers and businesses in the EU and EEA countries.
Like the Proposal, the Regulation will amend the SEPA Regulation.
Fraud prevention and AML measures include:
The requirement to offer instant credit transfers in euro when already offering credit transfers in euro is maintained, and PSPs cannot impose charges that are higher than charges imposed for non-instant credit transfers (in practice, this means that instant payments will usually be free of charge).
The Instant Payments Regulation enables payment service providers, including banks and mobile payment providers licenced in the EU, to offer real-time or near-real-time payment solutions, facilitating euro transfers within 10 seconds.
These rules, agreed upon by the Council and the European Parliament in 2023, allow people to transfer money within ten seconds at any time, including outside business hours, within and across EU member states. PSPs offering standard euro credit transfers will also be required to provide instant payment services at no extra cost.
The regulation will be implemented in two stages, with a shorter transition period in the euro area and a longer one in EEA countries. It not only makes instant euro payments universally accessible and affordable but also improves trust by mandating providers to verify the match between the IBAN and the beneficiary's name provided by the payer.
Additionally, the rules aim to bolster European payment firms' competitiveness against US giants Visa and Mastercard.
The Proposal amends the Settlement Finality Directive (SFD) to enable payment institutions and electronic money institutions to join designated payment systems. Under PSD2, it also allows these institutions to deposit remaining funds at the close of the business day in separate commercial or central bank accounts, and mandates measures for fund safeguarding, internal controls, and a winding-up plan for participation in designated payment systems.
On 19 March 2024, the Official Journal of the EU (OJ) was updated with a publication regarding Regulation (EU) 2024/886 of the European Parliament and of the Council of 13 March 2024 amending the SEPA Regulation, the Cross-Border Payments Regulation, the Settlement Finality Directive, and the Second Payment Services Directive (PSD2) as regards instant credit transfers in euro.
The regulation enters into force on the twentieth day following its publication in the OJ, namely 8 April 2024, which sets a tight deadline for compliance.
On 28 June 2023, the European Commission introduced a package of three proposals to improve the payment services market and make financial data more accessible. The package includes a proposal for a new Payment Services Directive 3 (PSD3), a proposal for a Payment Services Regulation (PSR), and a proposal for a Financial Data Access Regulation (FIDA).
Since the implementation of PSD2 in 2015, the retail payment services market has undergone significant transformations. The usage of cards and other digital payment methods has surged, while cash transactions have declined. Moreover, there has been a notable increase in the emergence of new players and services, such as digital wallets and contactless payments.
While PSD2 has undeniably achieved many of its objectives, the Commission has identified areas where its goals have not been fully realised. Specifically, despite the strides made by PSD2, consumers still face risks of fraud and lack confidence in payment systems. Additionally, the Open Banking framework operates with imperfections, EU supervisors possess inconsistent powers and obligations, and there exists an uneven playing field between banks and non-bank PSPs.
The initiative aims to tackle each of these challenges head-on.
The European Parliament and Council are reviewing PSD3 and PSR; once finalised, they will enter into force by 2024/2025, with Member States transposing PSD3 and firms complying within 24 months.
On 28 June 2023, the European Commission introduced the Open Finance Framework, a part of the Digital Finance Strategy, emphasising the access and reuse of customer data with consent in diverse financial services.
The framework, including the proposed Financial Data Access Regulation (FIDA), aims to modernise the financial sector by facilitating secure sharing and customer data access.
FIDA focuses on consumers and businesses, establishing rights and obligations for managing customer data sharing beyond payment accounts. It addresses rules on access, sharing, and use of specific customer data categories, along with the authorisation and operation of financial information service providers.
FIDA introduces some key novelties:
FIDA is set to drive Europe’s transition to Open Finance, working with PSD3. The two initiatives complement each other by fostering the opening up of choice and control over customers’ financial data.
Reflecting on the enormous legislative progress of 2023, we can only expect that 2024 will be a game-changer for Open Finance. Indeed, the Open Finance Framework lies among the EU legislative priorities for 2023-2024, as shown in the Joint Declaration on EU Legislative Priorities for 2023 and 2024.
In the months ahead, we expect both the Parliament and the Council to advance their individual stances and contribute to the formation of the final version of FIDA.
Building on the work already done, policymakers are now expected to give a notable emphasis on creating a regulatory framework that promotes open and secure access to financial data, likely to encourage innovation and competition within the financial industry.
DORA, effective from January 16, 2023, and enforceable from January 17, 2025, aims to harmonise cybersecurity regulations in the European financial market. It introduces comprehensive ICT risk management, early warning indicators, and emergency plans, with companies having 24 months to comply, bolstering digital security.
DORA's scope encompasses a broad array of financial and related entities, spanning credit institutions, investment firms, payment and electronic money institutions, central counterparties, trade repositories, alternative investment managers, (re)insurance undertakings, intermediaries, crypto-asset service providers, issuers, and crowdfunding service providers.
Businesses are required to enhance or construct robust systems and protocols, subjecting them to thorough testing, and ensure the implementation of measures to safeguard operational and personal data from potential harm. Neglecting this responsibility could result in sanctions, potentially affecting top management, and causing substantial harm to operations and reputation.
CESOP, aimed at combating electronic VAT fraud in cross-border payments within European ecommerce, mandates banks and payment service providers to report payment data to financial authorities. Beginning January 1, 2024, this data will be centralised for fraud prevention purposes.
MiCA, the EU regulation governing crypto-assets and stablecoins issuance and services provision, stands out as one of the most anticipated pieces of legislation in recent years, marking the world's first comprehensive regulatory framework of its kind and setting a precedent for global jurisdictions. It will become applicable 18 months after its entry into force, with provisions related to e-money tokens and asset-referenced tokens taking immediate effect. A fully applicable framework for crypto-assets legislation in the EU is expected by late 2024 or early 2025.
Amidst rapid changes in European payment regulations, businesses must stay informed and ensure compliance for operational security and competitiveness. These regulations focus on improving security, protecting consumers, and fostering innovation. Adhering to these provisions enables businesses to navigate the evolving payment landscape successfully.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now