Introduction and legal basis

On 18 September 2023 and 14 March 2024 the European Central Bank (ECB) received requests from the European Parliament and the Council for an opinion on a proposal for a Regulation of the European Parliament and of the Council on payment services in the internal market and amending Regulation (EU) No 1093/2010 (1) (hereinafter the ‘proposed regulation’) and for an opinion on a proposal for a Directive of the European Parliament and of the Council on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC (2) (hereinafter the ‘proposed directive’, together with the proposed regulation the ‘proposed acts’).

The ECB’s competence to deliver an opinion is based on Articles 127(4) and 282(5) of the Treaty on the Functioning of the European Union, since the proposed acts contain provisions falling within the ECB’s fields of competence, in particular (1) the definition and implementation of monetary policy pursuant to Article 127(2), first indent, of the Treaty; (2) the promotion of the smooth operation of payment systems pursuant to Article 127(2), fourth indent, of the Treaty; (3) the contribution to the smooth conduct of policies pursued by the competent authorities relating to, inter alia, the stability of the financial market system pursuant to Article 127(5) of the Treaty; (4) the tasks conferred upon the ECB concerning policies relating to the prudential supervision of credit institutions pursuant to Article 127(6) of the Treaty; and (5) the ECB’s right to authorise the issue of euro banknotes pursuant to Article 128(1) of the Treaty. In accordance with the first sentence of Article 17.5 of the Rules of Procedure of the European Central Bank, the Governing Council has adopted this opinion.

1.   General observations

1.1.

The ECB welcomes the proposed acts, which aim to help further develop a Union-wide market for payment services, thereby enabling consumers and market participants to fully benefit from the internal market, also taking into account the rapidly developing retail payment landscape.

1.2.

The ECB welcomes the aims of the proposed acts to (1) strengthen user rights and protection against fraud; (2) enhance the competitiveness of open banking services; (3) improve enforcement and implementation in Member States; and (4) improve access to payment systems and bank accounts for non-bank payment service providers (PSPs). The ECB also welcomes that the proposed acts contribute to administrative simplification by bringing together the regimes for two types of non-bank PSPs (payment institutions and e-money institutions) which have hitherto been contained in different pieces of legislation. In addition, the ECB welcomes that the proposed acts contain measures to improve consumer rights and information, and the financial inclusion of disabled persons and others who experience difficulties in using strong customer authentication. The ECB also welcomes that the proposed acts contain measures to improve the availability of cash.

1.3.

Furthermore, the ECB strongly supports, in particular, the following aims of the proposed acts: (1) the greater application of strong customer authentication and the extension of the International Bank Account Number (IBAN)/name of payee verification to all credit transfers (initially only envisaged for instant payments); (2) the introduction of an obligation for account servicing PSPs (ASPSPs) to put in place a dedicated interface for data access; (3) the greater harmonisation and enforcement of some existing provisions in Directive 2015/2366/EU of the European Parliament and of the Council (3) (hereinafter the ‘second Payment Services Directive’ or ‘PSD2’) by introducing a directly applicable regulation; and (4) the proposed integration of the licensing regimes for payment and electronic money institutions.

1.4.

It bears noting that the Union co-legislators recently adopted Regulation (EU) 2024/886 of the European Parliament and of the Council (4), on which the ECB had previously adopted an opinion in response to a separate consultation request by the Parliament (5), and that this Regulation is of relevance to certain elements contained in the proposed directive. In particular, Regulation (EU) 2024/886 amends Directive 98/26/EC of the European Parliament and of the Council (6) (hereinafter the ‘Settlement Finality Directive’ or ‘SFD’) by broadening the categories of participants in systems under the SFD (7) to include payment institutions (8) and electronic money institutions (9). A comparable, albeit differently formulated, amendment to the SFD is included in the proposed directive, whose clear intention is to broaden the categories of institutions eligible to participate in payment systems (10). Given that the ECB has been consulted on this proposal in the context of the proposed directive, the ECB will comment on this particular point in the framework of this opinion.

1.5.

The ECB welcomes the proposed directive’s amendments to the SFD intended to broaden the categories of participants eligible to participate in payment systems designated for the purposes of the SFD. In particular, the ECB welcomes the efforts to achieve a level playing field between banks and non-bank PSPs by ensuring that the latter offer a full range of payment services without dependencies on banks for the processing and settlement of payment transactions. In the same vein, the ECB supports in principle the need for all payment system operators to have in place objective, non-discriminatory, transparent, and proportionate rules on access to payment systems, coupled with clarifications on admission and risk assessment procedures. In this respect it is important that access to payment systems should only be granted if all the necessary risk mitigation requirements are in place, taking into account the proportionality principle. This would ensure that broader direct access does not create impacts in relation to the risk and resilience of payment and settlement systems. In addition, it should be noted that the Eurosystem develops the criteria for access to the TARGET system operated by the Eurosystem. Furthermore, the ECB takes note of the possibility of safeguarding in an account of a central bank at the discretion of the central bank, which is proposed to be introduced in order to extend the options for PSPs in this regard. Subject to its remarks in paragraphs 2.1.6, 2.2.1 and 2.2.2, the ECB welcomes the recognition of the discretion of the central banks belonging to the European System of Central Banks (ESCB) to decide whether to offer (or not offer) services for the safeguarding of users’ and other specified funds.

1.6.

The ECB welcomes the increased clarity in the rules on ‘open banking’ aimed at improving the open banking framework but wishes to make a number of specific observations in this regard.

1.7.

The ECB welcomes the exclusion of licensing requirements for operators of payment systems and payment schemes from the scope of the proposed acts and supports the confirmation of this exclusion in the context of future reviews thereof.

1.8.

The ECB believes that it would be important for the Union legislator to reflect on the interplay between the proposed acts and Regulation (EU) 2023/1114 of the European Parliament and of the Council (11). In this context, the relationship of e-money tokens, within the meaning of Regulation (EU) 2023/1114, to conventional e-money is an issue that merits attention. E-money tokens should be deemed to be e-money, and should be treated as such, meaning that the applicable prudential requirements in the proposed directive should apply to them, as should the proposed regulation’s safeguards for the benefit of consumers. Moreover, it is important to consider the additional actions to be taken to assess the impact of the provision across the Union of crypto-lending services, which are currently not included in the list of crypto-assets services under Regulation (EU) 2023/1114, nor are they covered in any other Union legislation.

1.9.

The ECB observes that large non-bank groups, including those that provide financial technology (‘FinTech’) and those that may be regarded as among the most dominant and largest technology companies in their respective sectors (‘BigTech’), are increasing their financial activities within the Union, typically starting by providing payment services. Their activities are intertwined with financial institutions and can also have an important bearing on credit institutions: they can offer competing services, become outsourcing service providers, provide back-office services to credit institutions, act as agents on behalf of credit institutions, be clients by depositing funds or taking credit, act as partners for innovative business models or form part of a credit institution’s consolidated group. In some cases, these non-bank groups operate via a network of different licensed legal entities, including payment and e-money institutions, across Member States. Additional complexity arises when a group also provides other regulated financial services, for example by acting as an agent of, or broker for, supervised entities, or when a group is active both in financial and non-financial services (mixed activities group), as risks stemming from non-financial activities may spill over to the payment/e-money institution or other regulated financial entities. In the case of payment/e-money institutions spill-over risks may arise, for example, when the payment institution relies on the IT infrastructure of the group or if reputational issues affect the whole group. Mixed activities groups can offer a range of different services to private customers and other financial market participants, including credit institutions and, due to their market capitalisation and existing large userbase and network, have the potential to easily scale up their financial service-related activities. In this regard, the ECB welcomes the considerations set forth by the European Supervisory Authorities (ESAs) in their report on BigTech direct financial services provision in the Union (12). Furthermore, as outlined by the ESAs, BigTech activities can result in concentration risks for the financial market beyond the scope of Regulation (EU) 2022/2554 of the European Parliament and of the Council (13), which emphasises the importance of the security of network and information systems that support the business processes of financial entities (14).

1.10.

The Union legislator may wish to reflect on these risks and level playing field considerations when considering the scope of different licences, including in the payment area. In particular, from a payment perspective it would be advisable to ensure a level playing field regarding the use and sharing of data, especially when allowing an entity to add a new role as a PSP to its existing business. As a banking supervisor, the ECB is concerned about the fact that the existing prudential and consolidation frameworks were not necessarily designed with these developments in mind. Thus, large, and complex non-bank groups could provide services that would appear, prima facie, to resemble the services provided by credit institutions without being subject to the same prudential requirements. Although it is not harmonised practice across the Union, the ECB welcomes that various Member States already subject payment institutions that provide banking like services to some prudential requirements. This is, for example, the case in France, where payment institutions granting loans ancillary to the provision of payment services must calculate own funds requirements in accordance with the standardised approach for credit risk under Regulation (EU) No 575/2013 of the European Parliament and of the Council (15), regarding the overall amount of credits granted (16). Nevertheless, even in these cases the absence of a harmonised approach across the Union means that important prudential risks may remain unaddressed, as the relevant supervisory authorities lack an appropriate mandate for group-wide and cross-border activities. This raises level playing field and regulatory arbitrage concerns. Therefore, the ECB invites the Union legislator to consider firstly how best to ensure that competent authorities are adequately informed regarding all direct and indirect (e.g. agent, broker) financial activities conducted by large and complex non-bank groups, and that the relevant information is properly shared between the competent authorities. Only then will it be possible to aggregate information to establish a comprehensive overview of the financial activities of such groups in the Union and ensure that they operate within the boundaries of the regulatory framework. If it were found that complex non-bank groups provide a wide range of significant financial services in the Union, exceeding certain thresholds and providing services very similar to those provided by credit institutions, the Union legislator may wish to consider the introduction of more rigorous and comprehensive group-wide supervision (17). The ECB invites the Union legislator to consider, secondly, expanding in the proposed directive (1) the range and use of supervisory tools, including the ability to impose prudential consolidation requirements on groups of payment institutions and to place payment institutions in liquidation, and (2) the prudential regime applicable to such payment institutions. The measures to be utilised should include standardised risk reporting; appropriate risk-based own funds requirements; requirements for liquidity, recovery planning and stress testing; shielding against non-financial risks; and enhanced cooperation and information exchange between the relevant competent authorities.

1.11.

The ECB notes that this opinion is without prejudice to the proposal for a regulation of the European Parliament and of the Council on the establishment of the digital euro (18) and the proposal for a regulation of the European Parliament and of the Council on the provision of digital euro services by payment services providers incorporated in Member States whose currency is not the euro and amending Regulation (EU) 2021/1230 of the European Parliament and of the Council (19), in respect of which the ECB has adopted a separate opinion (20).

1.12.

The ECB would wish to be informed, along with the Commission and the EBA, of the precautionary measures taken by host Member States in the context of emergency situations (21).

1.13.

Finally, pursuant to the proposed acts (22), payment services potentially provided by the ECB and ESCB central banks when acting in their capacity as monetary authority or other public authorities would continue not to be covered (23).

2.   Payment systems and safeguarding of funds

2.1.   Access to payment systems

2.1.1.

Closely linked to its basic monetary policy tasks, the Treaty and Protocol (No 4) to the Treaty on the Statute of the European System of Central Banks and of the European Central Bank (hereinafter the ‘Statute of the ESCB’) provide for the Eurosystem to conduct oversight of clearing and payment systems as part of its mandate. Pursuant to Article 127(2), fourth indent, of the Treaty, as mirrored in Article 3(1) of the Statute of the ESCB, one of the basic tasks to be carried out through the ESCB is to promote the smooth operation of payment systems. In the performance of this basic task, the ECB and the NCBs may provide facilities, and the ECB may make regulations, to ensure efficient and sound clearing and payment systems within the Union and with other countries (24).

2.1.2.

Pursuant to its oversight role, the ECB has adopted Regulation of the European Central Bank (EU) No 795/2014 (ECB/2014/28) (25). This Regulation implements the principles for financial market infrastructures issued by the Committee on Payment and Market Infrastructures and the International Organisation of Securities Commissions (26), and covers both large-value retail payment systems and retail payment systems of systemic importance, operated either by a Eurosystem central bank or a private entity. In addition, non-systemic payment systems are overseen based on an oversight framework for retail payment systems (27). Furthermore, the Eurosystem oversight policy framework (28) identifies payment instruments as an ‘integral part of payment systems’ and thus includes such instruments within the scope of its oversight, together with payment systems, payment schemes and payment arrangements (29). In view of its mandate, the ECB may make further regulations, and carries out frequent reviews to check whether the scope of oversight covers all relevant functions and entities in the payment ecosystem. To date, the role of primary overseer for the Eurosystem is assigned by reference to the national anchor of the payment scheme and the legal incorporation of its governance body. For pan-European payment systems, schemes or arrangements, the ECB generally has the primary oversight role. PSPs, including credit institutions, payment institutions and electronic money institutions, are subject to the PSD2. The Eurosystem oversight frameworks complement the supervision of PSPs, where they are also a payment system operator or payment scheme or payment arrangement governance body.

2.1.3.

In view of the role of payment institutions and e-money institutions in the provision of payment services, the ECB welcomes the proposed directive’s amendments to the SFD (30), which are aimed at broadening the categories of participants in a payment system designated for the SFD’s purposes (31).

2.1.4.

The proposed SFD amendments facilitate the participation of payment institutions and e-money institutions (together referred to as ‘payment institutions’ in the proposed acts) in designated payment systems by changing the defined term ‘institution’ (32), which in turn forms part of the definition of a ‘participant’ under the SFD (33). In this respect, the proposed directive creates two categories of ‘institution’: first, credit institutions, investment firms, public authorities and publicly guaranteed undertakings, and undertakings whose head office is outside the Union and whose functions correspond to those of Union credit institutions or investment firms; and second, payment institutions that participate in a system whose business consists of the execution of transfer orders comprising instructions by a participant to place at the disposal of a recipient an amount of money by means of a book entry on the accounts of a credit institution, an NCB, a central counterparty or a settlement agent, or instructions which result in the discharge of payment obligations, but not including instructions by participants to transfer the title to, or interest in, securities by means of a book entry on a register or otherwise. From this bifurcated definition of ‘institution’ under the SFD amendments, the ECB discerns a clear intention by the Union legislator to confine the participation of payment institutions to ‘payment systems’ only, and not to extend this participation to other systems. For the sake of legal clarity, it would, consistent with this clear intention, be helpful to explicitly clarify that the participation of payment institutions does not extend to their participation in central counterparties.

2.1.5.

In addition, the ECB notes that it is proposed that the definition of ‘participant’ under the SFD amendments should include, inter alia, a ‘payment system operator’ (34). This definition should, in principle, cover all system operators, and should not be limited to ‘payment system operators’ only. The current drafting may have the inadvertent consequence of precluding operators of securities settlement systems from participating in other ‘systems’.

2.1.6.

In principle, the ECB welcomes the intention of the Union legislator that payment system operators should ensure a level playing field for all PSPs accessing payment systems (35). The ECB particularly welcomes the requirement for payment system operators across the Union to have in place objective, non-discriminatory, transparent and proportionate rules on access to a payment system, coupled with clarifications on admission and risk assessment procedures. However, as regards the euro area, it should be for the ECB to adopt the access criteria in respect of Eurosystem-operated payment systems, as well as the relevant conditions, including remuneration, and limits. Moreover, the ECB considers that, in view of the ESCB’s independent performance of its basic monetary policy and payment system tasks under Article 130 of the Treaty, the proposed requirements should not apply to payment systems overseen by ESCB central banks. The reason for this is that the oversight frameworks of ESCB central banks, which are currently applicable to payment systems, already cater, inter alia, for non-discriminatory access to payment systems.

2.1.7.

Regarding the introduction of requirements applicable to payment systems (36), the ECB welcomes the recognition of the oversight competences of the Eurosystem for systemically important payment systems. However, the proposed regulation envisages that in respect of other payment systems, Member States should designate national competent authorities (NCAs) to ensure that payment system operators and participants respect such requirements. In this regard, it should be noted that the oversight competences of ESCB central banks are not confined to systemically important payment systems overseen by the Eurosystem under Regulation (EU) No 795/2014 (ECB/2014/28). As noted in paragraph 2.1.1, under Article 127(2) of the Treaty, the promotion of the smooth operation of payment systems is a basic task to be carried out through the ESCB. The ECB may, pursuant to Article 22 of the Statute of the ESCB, make regulations to ensure efficient and sound clearing and payment systems within the Union and with other countries. As noted in paragraph 2.1.2, the Eurosystem has adopted an oversight framework for retail payment systems, and payment schemes and arrangements fall within the scope of the Eurosystem’s oversight function. ESCB central banks are thus responsible for the oversight of non-systemically important payment systems in the Union. It does not therefore seem necessary for the proposed regulation to require Member States to designate NCAs, potentially including authorities other than ESCB central banks, as the authorities responsible for overseeing the compliance of payment systems with the requirements on access.

2.2.   Safeguarding of users’ funds at ESCB central banks

2.2.1.

The proposed directive contains provisions regarding the safeguarding arrangements to be put in place by payment institutions, in respect of users’ funds and other specified funds, when providing payment and e-money services (37). To safeguard users’ funds, payment institutions must deposit those funds either in a separate account in a credit institution authorised in a Member State, or at a central bank at the discretion of that central bank, or invest those funds in secure, liquid, low-risk assets, as determined by the competent authorities of the home Member State. The offering of such a service by the relevant central bank must be understood as an additional option for the safeguarding of users’ funds. This additional option would be free of credit risk and could in principle reduce concentration risk. However, it is important to note that safeguarding part of, or even all, clients’ funds at central banks might also have potential implications for financial stability and monetary policy transmission if otherwise users’ funds are deposited at a single credit institution or invested in a single asset class. Specifically, depositing the funds at central banks instead of credit institutions may lead, among other potential financial stability implications, to a reduction in deposits at credit institutions, which may in turn have an adverse impact on their funding and thus result in a contraction of the credit supply to the economy. Reallocating funds to the central bank could also adversely impact the euro short-term rate (€STR), thereby impacting the most important benchmark rate for the transmission of monetary policy. Therefore, the ECB welcomes that the legislator recognises the discretion for a central bank not to offer such a service, based on its organic law. Subject to the ECB’s remarks in paragraph 2.1.6, it should be clarified that the potential offering of such a service may be subject to certain conditions and limits, including the rate of remuneration, set by the central bank in accordance with its organic law.

2.2.2.

The ECB highlights that access to central bank accounts for credit institutions in the context of Eurosystem monetary policy operations, or for the settlement of transactions by ancillary systems in the context of TARGET services, is based on the eligibility criteria and conditions set out in Guideline (EU) 2022/912 of the European Central Bank (ECB/2022/8) (38). At present, payment institutions must either be eligible Eurosystem counterparties or operate through a correspondent bank with an account at the relevant Eurosystem central bank. Consequently, the ECB welcomes the reference in the proposed directive to the discretion of the central bank.

2.3.   Safeguarding of users’ funds at credit institutions or through safe asset investments

2.3.1.

Appropriate safeguarding of customer funds is key to maintaining trust in payment services. Where the safeguarding of funds is covered by an insurance policy or other comparable guarantee provided by an insurance company or a credit institution, it will be important to ensure that these insurance policy providers or credit institutions are able in practice to deliver the insured or guaranteed amount.

2.3.2.

The ECB recognises that the proposed regulation imposes restrictions to prevent a possible concentration of users’ funds, requiring payment institutions to avoid concentration risk to the extent possible by ensuring that the same safeguarding method is not used for the totality of their safeguarded funds. In principle, the ECB supports this but does not inherently view the use of a single safeguarding method as problematic; rather, the focus should be on diversifying counterparty relationships and assets classes. In particular, reliance on a single safeguarding counterparty (i.e. a single credit institution) or limiting exposure to a single asset class are key areas of concern. The ECB strongly recommends clarifying the proposed regulation accordingly, to ensure that payment institutions diversify (1) across safeguarding methods and/or (2) within a given method. However, to reduce the impact on smaller non-bank PSPs, Member States may consider applying the optional exemptions laid down in Article 34(1) regarding the diversification of safeguarding methods. For those funds potentially safeguarded at a central bank, no diversification within this method is needed, as central banks do not pose a concentration risk.

2.3.3.

To this end, the ECB welcomes that the European Banking Authority (EBA) is mandated to develop regulatory technical standards (RTS) on risk avoidance in the safeguarding of customer funds. The draft RTS should be developed in close cooperation with the ECB in order to achieve best practices that balance concentration risk and credit risk. Since credit risk considerations outweigh concentration risk considerations, it may be preferable in some cases to allow for safeguarding at a single credit institution rather than at two credit institutions with lower ratings. For the sake of clarity, it should be specified that the RTS only concerns safeguarding the funds at credit institutions and in safe assets, and not safeguarding at central banks.

2.3.4.

The ECB notes the requirements set out in the proposed regulation, limiting the grounds on which a credit institution can refuse to open, or is allowed to close, a payment account for a payment institution, for its agents or distributors or for an applicant for a licence as a payment institution. In this context it needs to be ensured that credit institutions have sufficient tools at their disposal to identify, manage, monitor and report the risks which they are or might be exposed to in connection with this requirement, including concentration risk and money laundering and terrorist financing risk. The requirements for credit institutions to manage their risks will also need to be duly considered when the EBA develops the draft technical standards specifying the information to be contained in the reasoning supporting the decision of a credit institution to refuse to open or to close a payment account.

3.   Fraud monitoring and reporting, strong customer authentication, open banking, the EBA’s temporary intervention powers, and RTS on authentication, communication and transaction monitoring mechanisms

3.1.   Fraud monitoring and reporting

3.1.1.

Efforts to monitor payment fraud are of great importance (39). Consideration should also be given to including the payee side in transaction monitoring mechanisms. In this regard, it is not clear whether the transaction monitoring mechanism is intended to operate in real time, which, the ECB would, in principle, support. In addition, the Union legislator may wish to consider, following an impact assessment, the introduction of a notification requirement for PSPs in respect of payee-initiated transactions, with a view, inter alia, to protecting payment service users (PSUs) from fraudulent transactions.

3.1.2.

The ECB supports the extra ‘post-execution’ data sharing requirements for PSPs following the notification of fraudulent payment transactions (40). It may be worth considering an additional requirement to facilitate the sharing of relevant data between the PSPs involved in the event of unintended credit transfers.

3.1.3.

The ECB takes note of the liability for impersonation fraud regime to be established under the proposed regulation (41). To ensure that PSPs are only liable proportionately to their level of control for this type of fraud, the ECB understands that the proposed regime is only intended to cover complex and sophisticated cases of fraud, where no amount of customer education by the PSPs or due diligence by good-faith PSUs would suffice to detect impersonation fraud, and does not cover other types of impersonation beyond bank impersonation fraud.

3.1.4.

By way of background, the ECB has entered into a Memorandum of Understanding with the EBA, the relevant NCAs and the NCBs (hereinafter the ‘MoU’) to streamline the reporting of payment fraud data that NCAs must provide to the ECB and the EBA in accordance with the PSD2 (42), by means of a single reporting of payment fraud data to the ECB (which then further transmits it to the EBA). This arrangement has been made possible due to the fact that the detailed reporting requirements applicable to payment fraud data under the EBA Guidelines on reporting requirements for fraud data under Article 96(6) PSD2 (EBA/GL/2018/05) (43) and Regulation (EU) No 1409/2013 of the European Central Bank (ECB/2013/43) (44) (hereinafter the ‘ECB Payment Statistics Regulation’), are consistent. Consequently, the ECB strongly recommends that the draft RTS and draft implementing technical standards (ITS) to be developed under the proposed regulation should be aligned to the maximum extent possible with the requirements provided under the ECB Payment Statistics Regulation. Furthermore, the ECB recommends that PSPs should comply with the reporting obligations under the proposed regulation (45), and where relevant the supplementary ITS, by leveraging on the reporting framework and infrastructure established under the ECB Payment Statistics Regulation and the MoU. The ECB also suggests that the EBA should be required to develop the ITS in close cooperation with the ECB.

3.2.   Strong customer authentication

3.2.1.

Under the proposed regulation two or more elements categorised as knowledge, possession and inherence, on which strong customer authentication are to be based, do not necessarily need to belong to different categories as long as their independence is fully preserved (46). In this respect, the ECB highlights that the EBA Opinion on the implementation of the RTS on SCA and CSC (EBA-Op-2018-04) (47) (hereinafter the ‘EBA Opinion’) suggests a different approach to strong customer authentication under which the authentication elements need to belong to two different categories (48). This approach is supportive of a higher degree of protection against fraud. Conversely, the provisions under the proposed regulation would lead to less stringent security requirements and thus negatively impact PSPs’ customers’ protection against fraud. The ECB accordingly recommends the amendment of the proposed regulation to clarify that PSPs should apply strong customer authentication by using at least two independent elements from different categories.

3.2.2.

The ECB generally supports the consideration that the proposed regulation gives to the interests of the most vulnerable individuals in society, as well as the strong customer authentication accessibility requirements set out therein but would welcome more emphasis and further clarification regarding their special needs in order to make it easier for such individuals to use strong customer authentication.

3.3.   Open banking

3.3.1.

The ECB welcomes the efforts to reduce uncertainty in the market about what constitutes a ‘prohibited obstacle’ to the provision of payment initiation services (PIS) and account information services (AIS). Specifically, the proposed regulation contains a non-exhaustive list of obstacles to data access, which is longer than those contained in previous EBA instruments (49).

3.3.2.

However, requiring PIS providers and AIS providers to pre-register their contact details does not count as a prohibited obstacle when pre-registering is indispensable, in particular for updating the ‘dashboard’. As it is likely that a PIS provider and an AIS provider would exchange updated information with an ASPSP upon interacting with that ASPSP, i.e. during a customer transaction with that ASPSP, the process should be designed by the ASPSP in a way that does not hinder the customer in making use of its right to use a PIS provider or AIS provider. Therefore, the ECB suggests amending the relevant provision (50) so that the pre-registration for the purpose of the dashboard is done without interrupting the customer journey.

3.3.3.

Further, the ECB welcomes the proposed amendments on the data access by PIS and AIS providers to payment accounts that they service (51). However, the collection of data on payment services, including PIS and AIS, is also regulated under the ECB Payment Statistics Regulation. Therefore, to ensure alignment between the relevant frameworks, the ECB suggests amending the proposed regulation to require the EBA to develop draft RTS on data on open banking to be provided to competent authorities in close cooperation with the ECB.

3.3.4.

The ECB welcomes the focus on dedicated interfaces for access to payment accounts, as access based on an application programming interface is the most bespoke, secure and reliable method of achieving access. The ECB notes that various targeted proportionality measures are proposed, such as the exemption under the proposed regulation (52), for example for very small ASPSPs or for ASPSPs with a specific, non-payments business model (53), from the obligation to have in place a dedicated interface. In this regard, the ECB understands that if an ASPSP benefits from a derogation from the requirement to provide a dedicated interface but not a total derogation from the requirement to provide access to payment account data, it should provide access via one of the customer interfaces under the conditions set out in the proposed regulation (54). The ECB would welcome the provision of further detail in the proposed regulation and proposes adding an obligation for the ASPSPs to make available the technical documentation of the customer interface as well as a testing facility. The ECB also suggests that the EBA should be required to develop the relevant RTS in close cooperation with the ECB (55) to ensure that the implications of granting a derogation are clearly spelled out and that the interests of PSUs are dully protected at all times.

3.3.5.

As regards the requirements for interfaces (56), in particular performance requirements, the ECB proposes adding the following requirements to improve the functionality of the interfaces for the provision of efficient and secure payment services: (1) adding to the list of the minimum required functionalities for interfaces under the proposed regulation (57) to ensure the ability of a third-party payment service provider (TPP) and a payer to identify and select the desired payment account in the event that multiple payment accounts are held with a ASPSP; and (2) clarifying the breadth of information available through account information services in the proposed regulation (58), by way of analogy to the clarity provided for payment initiation services under the proposed regulation (59). Moreover, industry-led specifications to further harmonise the implementation of the European Committee for Standardization and International Organization for Standardization standards (60), unavailable at the time of adoption of the PSD2, could be considered with a view to increasing the level of harmonisation of dedicated interfaces. This point could be added to the recitals to the proposed regulation (61).

3.3.6.

The ECB supports the removal of the requirement previously set out in the PSD2 for confirmation of the availability of funds, as market participants did not make use of it. In this respect, the provisions of the proposed regulation concerning payment initiation services acknowledge a form of confirmation of availability of funds. To the extent that it is not motivated by regulatory compliance obligations of the PSPs (e.g. data protection), the ECB suggests reconsidering the inclusion of this provision, which need not be an element of PIS.

3.3.7.

Finally, the ECB welcomes the fact that the EBA register on payment institutions is an electronic register, which is updatable and easily accessible via the EBA’s official website, making it easier for users to access and search for information.

3.4.   The EBA’s temporary intervention powers

3.4.1.

Under the proposed regulation the EBA may, where certain conditions are fulfilled, temporarily prohibit or restrict in the Union a certain type or a specific feature of a payment service or instrument or an electronic money service or instrument (62). Before deciding to take any action under the proposed regulation, it is also envisaged that the EBA will notify competent authorities of the action it proposes. In view of the ECB’s oversight competence, encompassing payment systems, payment instruments (which are an integral part of payment systems), payment schemes and payment arrangements (63), the ECB suggests amendment of the proposed regulation to include a requirement to consult the ECB on any envisaged decision.

3.5.   RTS on authentication, communication and transaction monitoring mechanisms

3.5.1.

It follows from the proposed regulation that the EBA is to develop draft RTS in relation to the requirements of strong customer authentication, the technical requirements for transaction monitoring mechanisms and the requirements for common and secure open standards of communication for identification, authentication, notification and information purposes, as well as for the implementation of security measures, between ASPSPs, PIS providers, AIS providers, payers, payees and other PSPs (64). It may be worth specifying the scope of this draft RTS as regards the requirements for common and secure open standards of communication, given that various provisions are directly included in the proposed regulation. In view of the ECB’s oversight competence and the strong cooperation between the ECB and EBA in the domains of payments and fraud, the ECB suggests that the draft RTS should be developed by the EBA in close cooperation with the ECB.

4.   Foreign exchange management

4.1.

The proposed regulation aims at achieving comparability regarding currency conversion charges (65). In this respect the proposed regulation provides that the estimated currency conversion charges for credit transfers and money remittances carried out within the Union and from the Union to a third country should be expressed in the same way, namely as a percentage mark-up over the latest available euro foreign exchange reference rates issued by the ECB or the relevant central bank. Furthermore, the proposed regulation provides that when reference is made to ‘charges’, it should also cover, where applicable, ‘currency conversion’ charges.

4.2.

As previously noted by the ECB (66), since 1998 the ECB has published euro foreign exchange reference rates (ECBRRs) on the basis of a framework approved by the ECB Governing Council in 1998 and subsequently amended in 2015 (67) (hereinafter the ‘ECBRR Framework’). The ECBRRs are provided as a public good for individual citizens and institutions (68) and are used by a wide range of institutions. The aim of the ECBRR Framework is to preserve the integrity of the ECBRRs by (1) discouraging their use for transaction purposes and (2) limiting their use to reference purposes. Using the ECBRR for transaction purposes is strongly discouraged and the ECBRRs are published for information purposes only (69). In this regard the ECBRR Framework aims to reinforce the difference between the ECBRR and exchange rate benchmarks, which are intended for transaction purposes.

4.3.

The reference to the ECBRRs in the proposed regulation could, contrary to the objectives of the ECBRRs, create incentives for some market participants to trade at the ECBRRs. Therefore, the ECB recommends that the reference in the proposed regulation to the ECBRRs or a foreign exchange rate issued by the relevant central bank (70) should be removed and replaced by an appropriate reference to a foreign exchange benchmark rate that falls within the scope of Regulation (EU) 2016/1011 of the European Parliament and of the Council (71) and which may be used in the context of the currency conversion charges. The accuracy and integrity of such benchmarks, which is ensured by the regime for benchmark administrators introduced by Regulation (EU) 2016/1011, protects the interests of customers of PSPs and parties providing currency conversion services.

5.   Banknotes-related aspects

5.1.   Availability of cash at retail stores (without purchase)

5.1.1.

The ECB understands that services where cash is provided in retail stores following an explicit request by the PSU, but independently of the execution of any payment transaction and without any obligation to make a purchase of goods or services, are excluded from the scope of application of the proposed regulation (72). Furthermore, the proposed directive allows the provision of cash in retail stores independently of any purchase but envisages a cap of EUR 50 per withdrawal transaction (73).

5.1.2.

The ECB does not fully understand the basis on which a EUR 50 threshold has been chosen. In particular, this limit represents the lowest threshold provided in the impact assessment accompanying the proposed acts (74). Such a limit may hamper the provision of these services compared to the provision of cash-back services, which typically allow for a higher value to be withdrawn.

5.1.3.

Clarification on the regime applicable to cash provision services at retail stores without a purchase and above the EUR 50 threshold is required. In particular, the following should be clarified: (1) whether the requirements for the performance of cash provision services would apply to PSPs that enter into contractual arrangements with merchants to execute cash withdrawal operations; and (2) whether these merchants should be treated as agents of a PSP when participating in cash provision services to the extent that they only physically distribute cash on behalf of a PSP. These clarifications are also important in relation to the provisions for manual authenticity and fitness checking of euro banknotes distributed by merchants on behalf of PSPs to consumers (75). It should also be clarified whether these cash provision services at retail stores without a purchase and above the EUR 50 cap should be characterised as one of the payment services currently listed in the proposed regulation (76) or whether an ad hoc payment service should be introduced. The considerations expressed above regarding cash withdrawals at retail stores above a EUR 50 cap should apply mutatis mutandis to any cash deposits at retail stores.

5.2.   Independent ATM deployers

5.2.1.

To ensure adequate access to cash and complement traditional cash access points provided by the ATM network operated by credit institutions, independent ATM deployers (hereinafter ‘IADs’) should continue to be exempted from the scope of application of the proposed regulation, insofar as they do not serve a payment account or provide an additional payment service listed in the proposed regulation (77). However, the ECB understands that a more prudent treatment of IADs may be needed from an oversight and reporting perspective, thereby allowing NCAs to supervise IADs’ activities.

5.2.2.

Furthermore, and for the avoidance of doubt, IADs are considered PSPs (not subject to authorisation) subject to the measures necessary for the protection of the euro against counterfeiting under Council Regulation (EC) No 1338/2001 (78), as well as other measures applicable to PSPs (e.g. the anti-money laundering framework).

5.3.   Cash-in-transit companies (CITs) and cash management companies (CMCs)

5.3.1.

The proposed acts do not explicitly exclude CITs that physically transport cash from their scope, whereas such an exclusion is provided under the PSD2 (79).

5.3.2.

Since most CITs and CMCs do not hold a licence as a payment institution, their potential registration as payment institutions could impact the CIT/CMC sector and the conduct of their business. In the absence of any further provisions related to the CIT/CMC business, the ECB understands that such services remain out of scope of the proposed acts. However, to better clarify the personal scope of application of the proposed acts, the ECB suggests maintaining in the proposed directive the exemption provided in the PSD2 for the professional physical transport of banknotes and coins, including their collection, processing and delivery.

6.   Definitions and other provisions

6.1.1.

The ECB supports the definition of certain terms in the proposed acts as well as the clarification of certain other terms already defined in PSD2 (80). At the same time, the definition of ‘electronic money services’ should be revised to include the withdrawal and redemption of electronic money, but only to the extent that these are not part of the payment transaction itself.

6.1.2.

Moreover, the Union legislator may wish to consider introducing a provision according to which the payer and the payee are afforded rights and obligations proportionate to their roles in the processing of credit transfers.

6.1.3.

The ECB welcomes the definition of ‘instant credit transfer’, which would, however, benefit from a further alignment with the definition in Article 2, point (1a), of Regulation (EU) No 260/2012 of the European Parliament and of the Council (81). Moreover, the ECB would welcome further clarification on how to differentiate in practical terms between ‘instant credit transfers’ and other credit transfers, and their respective conditions. It is essential for PSPs to ensure that PSUs are at all times made aware whenever they are initiating an instant credit transfer, thus helping PSUs distinguish between those and other credit transfers.

6.1.4.

The ECB strongly supports the provision in the proposed regulation for PSPs including in payment account statements the information needed to unambiguously identify the payee, including a reference to the payee’s commercial trade name (82). In this regard, an amendment should be included to mandate that the date of receipt of the payment order should be further enhanced so that when the debit value date is different to the date of receipt of the payment order, both dates should be provided to the payer. Finally, as regards the need to ensure the safety and efficiency of new payment instruments that are gradually becoming universally used, the ECB proposes that the Union legislator should reflect further on instances where the proposed regulation would be limited strictly to card-based payment transactions. For instance, the current wording of the proposed regulation (83) envisages that the mechanism through which the payer’s PSP may block an amount of funds on the payer’s payment account in proportion to the amount of the payment transactions reasonably expected of the payer (where the payer has given his/her consent for the blocking of that amount) applies only to card-based payment transactions. The ECB sees a need to enhance the formulation of this requirement, and to introduce additional requirements, to encompass instances where the payment instrument is not a card but another payment instrument. The ECB would therefore welcome modifications to the proposed regulation, to ensure that its requirements also apply to payment instruments other than cards, in line with the evolution in payment methods.

Where the ECB recommends that the proposed regulation is amended, specific drafting proposals are set out in a separate technical working document accompanied by an explanatory text to this effect. The technical working document is available in English on EUR-Lex.

---

(1)  COM(2023) 367 final.

(2)  COM(2023) 366 final.

(3)  Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

(4)  Regulation (EU) 2024/886 of the European Parliament and of the Council of 13 March 2024 amending Regulations (EU) No 260/2012 and (EU) 2021/1230 and Directives 98/26/EC and (EU) 2015/2366 as regards instant credit transfers in euro (OJ L, 2024/886, 19.3.2024, ELI: http://data.europa.eu/eli/reg/2024/886/oj).

(5)  See Opinion CON/2023/4 of the European Central Bank of 1 February 2023 on a proposal for a regulation amending Regulations (EU) No 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euro (OJ C 106, 22.3.2023, p. 2). All ECB opinions are published on EUR-Lex.

(6)  Directive 98/26/EC of the European Parliament and Council of 19 May 1998 on settlement finality in payment and securities settlement systems (OJ L 166, 11.6.1998, p. 45).

(7)  See Council of the European Union press release of 7 November 2023 ‘Instant payments: Council and Parliament reach provisional agreement’, available on the Council of the European Union’s website at www.consilium.europa.eu.

(8)  See Article 4, point (4), of the PSD2.

(9)  See Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).

(10)  See Article 46 of the proposed directive.

(11)  Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40). See also paragraph 2.2.4 of Opinion CON/2021/4 of the European Central Bank of 19 February 2021 on a proposal for a regulation on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 (OJ C 152, 29.4.2021, p. 1).

(12)  See ‘Report on 2023 stocktaking of BigTech direct financial services provision in the EU’, Joint-ESA Report, 1 February 2024, available on the website of the European Securities and Markets Authority’s (ESMA) at www.esma.europa.eu.

(13)  Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).

(14)  See ‘Report on 2023 stocktaking of BigTech direct financial services provision in the EU’, paragraph 34, page 14.

(15)  Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).

(16)  See Arrêté du 29 octobre 2009 portant sur la réglementation prudentielle des établissements de paiement, titre II, chapitre 1er, section 2 (Fonds propres relatifs aux opérations de crédit), article 33, tel que modifié, JORF n° 0253 du 31 octobre 2009, texte n° 10.

(17)  See ‘Joint European Supervisory Authority response to the European Commission’s February 2021 Call for Advice on digital finance and related issues: regulation and supervision of more fragmented or non-integrated value chains, platforms and bundling of various financial services, and risks of groups combining different activities’, 31 January 2022 (ESA 2022 01), available on ESMA’s website at www.esma.europa.eu.

(18)  COM(2023) 369 final.

(19)  COM(2023) 368 final.

(20)  See Opinion CON/2023/34 of the European Central Bank of 31 October 2023 on the digital euro (OJ C, C/2024/669, 12.1.2024, ELI: http://data.europa.eu/eli/C/2024/669/oj).

(21)  See Article 32(4) of the proposed directive.

(22)  See Articles 2(1), point (d), and 2(2), point (g), of the proposed regulation, and Article 2(12) of the proposed directive.

(23)  See Article 1(1), point (e), of the PSD2.

(24)  See Article 22 of the Statute of the ESCB.

(25)  Regulation of the European Central Bank (EU) No 795/2014 of 3 July 2014 on oversight requirements for systemically important payment systems (ECB 2014/28) (OJ L 217, 23.7.2014, p. 16).

(26)  Available on the Bank for International Settlements’ website at www.bis.org.

(27)  Available on the ECB’s website at www.ecb.europa.eu.

(28)  Available on the ECB’s website at www.ecb.europa.eu.

(29)  See the revised and consolidated Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA framework) available on the ECB’s website at www.ecb.europa.eu.

(30)  See Article 46 of the proposed directive (amending Article 2, points (b) and (f), of the SFD).

(31)  The proposed amendments are in line with paragraph 7 of the Eurosystem’s retail payments strategy (2021).

(32)  See Article 46(1) of the proposed directive (amending Article 2, point (b), of the SFD).

(33)  See Article 46(2) of the proposed directive (amending Article 2, point (f), of the SFD).

(34)  See Article 46(2) of the proposed directive (amending Article 2, point (f), of the SFD).

(35)  See Article 31 of the proposed regulation.

(36)  See recital 32 and Article 31(7) of the proposed regulation.

(37)  See recital 31 and Article 9 of the proposed directive.

(38)  Guideline (EU) 2022/912 of the European Central Bank of 24 February 2022 on a new-generation Trans-European Automated Real-time Gross Settlement Express Transfer system (TARGET) and repealing Guideline ECB/2012/27 (ECB/2022/8) (OJ L 163, 17.6.2022, p. 84).

(39)  See Article 83(1) and (2) of the proposed regulation.

(40)  See Article 83(3) of the proposed regulation.

(41)  See Article 59 of the proposed regulation.

(42)  See Article 96(6) of the PSD2.

(43)  Available on the EBA’s website at www.eba.europa.eu.

(44)  See Article 3 and Annex I, Part 1.1, Tables 5a and 5b, Part 2.4.1, Part 2.4.2 and Annex III, Tables 5a and 5b of Regulation (EU) No 1409/2013 of the European Central Bank of 28 November 2013 on payments statistics (ECB/2013/43) (OJ L 352, 24.12.2013, p. 18).

(45)  See Article 82 of the proposed regulation.

(46)  See Articles 3(35) and 85(12) of the proposed regulation.

(47)  Available on the EBA’s website at www.eba.europa.eu.

(48)  See paragraphs 33 and 34 of the EBA Opinion.

(49)  See Article 44 of the proposed regulation.

(50)  See Article 44(1), point (e), of the proposed regulation.

(51)  See Article 48(7) of the proposed regulation.

(52)  See Article 39 of the proposed regulation.

(53)  See recital 62 of the proposed regulation.

(54)  See Article 45 of the proposed regulation.

(55)  See Article 39(2) of the proposed regulation.

(56)  See, in particular, Articles 35 and 36 of the proposed regulation.

(57)  See Article 36(4) of the proposed regulation.

(58)  See Article 36(3) of the proposed regulation.

(59)  See Article 36(4), points (a) to (e), of the proposed regulation.

(60)  See Article 35(3) of the proposed regulation.

(61)  See recital 58 of the proposed regulation.

(62)  See Article 104(4) of the proposed regulation.

(63)  See the revised and consolidated Eurosystem oversight framework for electronic payment instruments, schemes and arrangements, November 2021, available on the ECB’s website at www.ecb.europa.eu.

(64)  See Article 89 of the proposed regulation.

(65)  See recital 50 and Article 13(1), point (f), of the proposed regulation.

(66)  See Opinion CON/2021/3 of the European Central Bank of 25 January 2021 on a proposal for a regulation on cross-border payments in the Union (OJ C 65, 25.2.2021, p. 4).

(67)  See the ECB’s Framework for the euro foreign exchange reference rates, available on the ECB’s website at www.ecb.europa.eu.

(68)  See the ECB’s press release of 7 December 2015, ‘ECB introduces changes to euro foreign exchange reference rates’, available on the ECB’s website at www.ecb.europa.eu.

(69)  The ECBRR Framework expressly provides that ‘the term “reference rate” is taken to mean an exchange rate that is not intended to be used in any market transactions, whether directly or indirectly (as an underlying benchmark). The rates are intended for information purposes only.’

(70)  See recital 50, Article 5(2), Article 7, Article 13(1), point (f), Article 20, point (c)(v), and Article 24, point (b), of the proposed regulation.

(71)  Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1). See also Opinion CON/2021/3 of the European Central Bank of 25 January 2021 on a proposal for a regulation on cross-border payments in the Union () (OJ C 65, 25.2.2021, p. 4).

(72)  See Article 2(2), point (e), of the proposed regulation.

(73)  See Article 37(1), point (b), of the proposed directive.

(74)  See Annex 9, Section 3, to the impact assessment accompanying the proposed acts.

(75)  See Decision ECB/2010/14 of the European Central Bank of 16 September 2010 on the authenticity and fitness checking and recirculation of euro banknotes (OJ L 267, 9.10.2010, p. 1).

(76)  See Annex 1 of the proposed regulation.

(77)  See Annex 1 of the proposed regulation.

(78)  See Article 6 of Council Regulation (EC) No 1338/2001 of 28 June 2001 laying down measures necessary for the protection of the euro against counterfeiting (OJ L 181, 4.7.2001, p. 6).

(79)  See Article 3, point (c), of the PSD2.

(80)  For instance, the inclusion of the definition of ‘mandate’ clarifies the distinction between direct debits and instant payments at the point-of-interaction, i.e. both at the physical point-of-sale and in e-commerce.

(81)  Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22).

(82)  See Article 16 of the proposed regulation. Beyond the scope of the proposed acts, the Union legislator may wish to reflect on ways in which to ensure that merchants provide to their PSP, and are responsible for keeping up to date, their commercial trade name and commercial location.

(83)  See Article 61 of the proposed regulation.