COM(2020) 592 final
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
on a Retail Payments Strategy for the EU
LIST OF ACRONYMS
Account Information Services
Anti-Money Laundering and Combating the Financing of Terrorism
Application Programming Interface
Automated Teller Machine
Common Payment Application Contactless Extensions
Clearing and Settlement Mechanism
European Banking Authority
European Central Bank
Euro Legal Tender Expert Group
Revised E-Money Directive
European Payments Council
European Retail Payments Board
International Bank Account Number
Near Field Communication
Payment Initiation Services
Point of Interaction
Point of Sale
Revised Payment Services Directive
Payment Service Provider
Single Euro Payments Area
SEPA Credit transfer
SEPA Instant Credit Transfer
SEPA Direct Debit
Strong Customer Authentication
Settlement Finality Directive
TARGET Instant Payment System
Society for Worldwide Interbank Financial Telecommunication
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
on a Retail Payments Strategy for the EU
I.Context and challenges
Once relegated to the back-office, payments have become strategically significant. They are the lifeblood of the European economy. In its Communication from December 2018, the Commission supported “a fully integrated instant payment system in the EU, to reduce the risks and the vulnerabilities in retail payment systems and to increase the autonomy of existing payment solutions.”
As highlighted in the digital finance strategy, adopted alongside this Communication, digital innovation is radically reshaping the provision of financial services. The retail payments sector is at the forefront of the trend and the pace and scale of technological change in that sector requires specific and targeted policy measures that go beyond the horizontal scope of the digital finance strategy.
Over the last decade, most payments innovations have focused on improving customer interfaces (e.g. mobile apps) or front-end solutions, without fundamentally changing the payment instruments used (cards, bank transfers etc.).
Recently, however several significant trends have emerged. The act of paying has become less visible and increasingly dematerialised and disintermediated. Large technology companies (‘BigTechs’) have become active in the payments sector. Benefitting from significant network economies, they can challenge established providers. Moreover, with the emergence of crypto-assets (including so-called ‘stablecoins’) they may soon be offering disruptive payment solutions based on encryption and distributed ledger technology (DLT). In spite of this wave of innovation, most of the new digital payment solutions are still largely based on traditional cards or bank transfers, irrespective of whether they are offered by incumbent banks, card companies, financial technology firms (FinTechs), or BigTechs.
Innovation and digitalisation will continue to change how payments work. Increasingly payment service providers will abandon old channels and traditional payment instruments and develop new ways to initiate payments, such as ‘wearables’ (watches, glasses, belts etc.) or parts of the body, sometimes even eliminating the need to carry a payment device, building on advanced authentication technologies such as those relying on biometrics. As the internet of things further evolves, devices such as fridges, cars and industrial machinery will increasingly connect to the internet and become conduits for economic transactions.
With digitalisation and changing consumer preferences, cashless transactions are increasing rapidly. The Covid-19 pandemic has further reinforced the shift to digital payments and confirmed the vital importance of safe, accessible and convenient (including contactless) payments for remote and face-to-face transactions. However, cash remains the means used for a majority of retail payments in the EU.
The public and private sectors have complementary roles to play in the future payments landscape. As more and more central banks around the world look into the possibility of issuing central bank digital currencies (CBDCs), there are tangible prospects of further significant changes in the retail payments market.
A fragmented EU market
There have been substantial improvements in recent years, thanks mostly to the development of the Single Euro Payment Area (SEPA) and to the harmonisation of retail payments legislation. However, the EU payments market remains, to a significant degree, fragmented along national borders, as most domestic payment solutions based on cards or instant payments do not work cross-border. This comes to the advantage of a handful of big global players, which capture the whole intra-European cross-border payments market.
With the exception of those large global players, including worldwide payment card networks and large technology providers, there is virtually no digital payment solution that can be used across Europe to make payments in shops and in e-commerce. In their response to the public consultation on this strategy, several FinTechs active domestically reported that this fragmentation was obstructing their efforts to scale-up across the Single Market.
At the same time, there have recently been a number of encouraging developments. For example, on 2 July 2020 a group of 16 European banks launched the European Payment Initiative (EPI) project with a view to offering a pan-European payment solution by 2022. The Commission and the European Central Bank (ECB) had given this initiative their political support from the beginning and welcomed its launch. Other promising market-driven initiatives have emerged recently that are aimed at designing common infrastructures, at increasing cooperation and interoperability between domestic payment solutions and developing new common payment solutions.
In parallel, several initiatives pursued under the auspices of the Euro Retail Payments Board (ERPB) and the European Payments Council (EPC) are aimed at adopting common European schemes and rules, which should eventually facilitate the emergence and interoperability of instant payment solutions in shops and e-commerce.
Why a strategy?
All these initiatives demonstrate the dynamism of the European payments landscape. There is however a risk of inconsistencies and further market fragmentation. There is also a need for a clear ‘governance’ framework to underpin the EU retail payments strategy. EU institutions – and in particular the Commission – can play a role of political catalyst, whilst relying fully on the private sector to design the relevant payments solutions. It is therefore of crucial importance to develop a clear vision, setting out the expected direction of travel and placing future actions under a single, coherent and overarching policy framework. This is the aim of the present Communication.
II.A vision for European retail payments
The Commission’s vision for the EU’s retail payments is that:
-Citizens and businesses in Europe benefit from a broad and diverse range of high-quality payment solutions, supported by a competitive and innovative payments market and based on safe, efficient and accessible infrastructures;
-Competitive home-grown and pan–European payment solutions are available, supporting Europe’s economic and financial sovereignty; and
-The EU makes a significant contribution to improving cross-border payments with non-EU jurisdictions, including remittances, thereby supporting the international role of the euro and the EU’s ‘open strategic autonomy’.
The Commission’s objective is that of a highly competitive payments market, benefitting all Member States, whichever currency they use, where all market participants are able to compete on fair and equal terms to offer innovative and state-of-the-art payment solutions in full respect of the EU’s international commitments.
As payments are at the forefront of digital innovation in finance, implementing this strategy will contribute to the Commission’s broader vision for digital finance and to its objectives of: removing market fragmentation, promoting market driven innovation in finance and addressing new challenges and risks associated with digital finance whilst ensuring technology neutrality. This strategy is therefore presented alongside the digital finance strategy and the two legislative proposals on a new EU framework for strengthening digital operational resilience and on crypto-assets. It is also complementary to the updated retail payments strategy presented by the ECB/Eurosystem in November 2019.
This strategy focuses on the following four key pillars, which are closely interlinked:
1)increasingly digital and instant payment solutions with pan-European reach;
2)innovative and competitive retail payments markets;
3)efficient and interoperable retail payment systems and other support infrastructures; and
4)efficient international payments, including remittances.
III. Pillars for strategic actions
A.Pillar 1: Increasingly digital and instant payment solutions with pan-European reach
The Commission wants citizens and companies in Europe to be able to access and rely on high quality payment solutions to make all their payments. These solutions should be secure and cost-efficient, and enable similar conditions for cross-border transactions as for domestic ones. Given the competitive and innovative potential of instant payments, as recognised in its December 2018 Communication, the Commission believes that such solutions should largely rely on instant payment systems.
1.Instant payments as the ‘new normal’
With instant payments, funds are immediately available to the payee. Combined with the development of mobile payment services, instant payments may offer EU payment service providers (PSPs) an additional opportunity to compete with their EU and global competitors. As stated in the Commission’s December 2018 Communication: “an EU-wide cross-border instant payment solution would complement current card schemes, reducing the risk of external disruption and making the EU more efficient but also more autonomous.”
Instant payments are suitable for many uses beyond traditional credit transfers, in particular for physical and online purchases, which are currently dominated by payment card schemes.
The Commission is aiming for the full uptake of instant payments in the EU by end-2021. That will depend on significant advances on three levels: rules, end-user solutions and infrastructures. Significant progress has already been achieved on all three fronts, but some challenges remain and need to be addressed.
Having uniform rules for the execution of payment transactions that set out, for example, payment service providers’ mutual rights and obligations, is indispensable. The European Payments Council (EPC) developed a 'Scheme’ for instant payments in euro (the ‘SCT Inst. Scheme’) in 2017, as it had already done in the past for SEPA direct debits and credit transfers. The scheme enables funds to be available on the account of the payee in less than ten seconds.
Unfortunately, in August 2020, after nearly three years since its introduction, only 62,4% of all EU payment service providers offering SEPA credit transfers had joined the SEPA Credit Transfer Inst. Scheme. In terms of payment accounts, the European Payments Council estimates that there are 12 EU Member States (all from the euro area) where more than half of the payment accounts are reachable for SCT Inst.
As the owner of the SCT Inst. Scheme, the European Payments Council has made efforts to promote adherence. For example on 1 July 2020 it increased the maximum amount per SEPA Instant Credit Transfer transaction from 15.000 to 100.000 euro. However, the current voluntary nature of the Scheme has not attracted sufficiently rapid and broad participation. Some euro area Member States are clearly lagging behind. The Commission therefore believes that action is likely to be necessary in order to accelerate the pace of adherence to the SCT Inst. Scheme.
The SEPA Regulation requires the participants in the payment scheme to represent “a majority of PSPs within a majority of Member States, and constitute a majority of PSPs within the Union, taking into account only PSPs that provide credit transfers or direct debits respectively.” With the National Bank of Belgium (which is the national competent authority monitoring the SCT Inst. Scheme under the SEPA Regulation), the Commission is examining the legal implications of the expected failure to fully comply by 21 November 2020 (i.e. the end of the temporary exemption period) with those adherence requirements.
In November 2020, i.e. at the expiration of the temporary exemption period set by the SEPA Regulation for meeting the adherence requirements of the SEPA Instant Credit Transfer (SCT Inst.) Scheme, the Commission will examine the number of payment service providers as well as the number of accounts able to send and receive SEPA instant credit transfers. The Commission will assess whether these numbers are satisfactory and, on that basis, decide whether it is appropriate to propose legislation requiring payment service providers’ adherence to the SCT Inst. Scheme by the end of 2021. Such a proposal, if decided, would lay down the criteria for determining which payment service providers should be subject to obligatory participation.
The Commission fully supports and is involved in the important work carried out by the Euro Retail Payments Board (ERPB) on the interoperability of instant payment solutions for payments in shops and in e-commerce. In addition, various completed or ongoing workstreams under the auspices of the European Payments Council have the potential to add value to the SEPA Instant Credit Transfer (SCT Inst.) Scheme, to improve the usability of instant payment solutions and ultimately to support the uptake of instant payments.
This work should be inclusive, involving all categories of PSPs, including Payment Initiation Service (PIS) and Account Information Service (AIS) providers and other relevant players, which may not be payment services providers, such as providers of end-user interfaces and user representatives.
The Commission expects broad adherence of market participants to the Schemes and recommendations developed by the Euro Retail Payments Board and European Payments Council. So far, payment service providers have not taken advantage of some of the newly developed Schemes, e.g. the ‘SEPA proxy-look-up’, launched by the European Payments Council in 2019 and updated in June 2020. This enables customers to use their mobile device to transfer money from their payment account to the account of another individual in the EU without manually exchanging payment information such as the International Bank Account Number (IBAN).
A growing number of end-user payment solutions offer point-of-interaction (POI) payments relying, for example, on QR-codes, Bluetooth (BLE) or Near Field Communication (NFC) technologies. However, QR-codes are not standardised at EU level, which restricts their acceptance, in particular for cross-border transactions. In addition, payment service providers’ access to Near Field Communication technology in mobile phones is restricted by some providers of mobile devices. This makes it difficult for providers of instant payment solutions to offer merchants and consumers convenient and affordable solutions using unified QR-codes as an alternative to cards, or to offer Near Field Communication-enabled mobile payments.
The Commission considers that the development of a single, open and secure European standard for QR-codes would support the uptake and interoperability of instant payments. It therefore welcomes the ongoing work of the Euro Retail Payments Board working group on a ‘Framework for instant payments at Point of Interaction’, carried out in cooperation with the European Payments Council Multi-Stakeholder Group on mobile-initiated SEPA credit transfers, and on a single standard for both merchant-presented and consumer-presented QR-codes.
The Commission will assess whether it would be appropriate to require adherence by relevant stakeholders to all, or a subset of, the additional functionalities of SEPA Instant Credit Transfer (SCT Inst.), which could also include any future standards for QR-codes.
Cross-border infrastructures for the clearing and settlement of instant payments already exist in Europe, but full interoperability between these clearing and settlement mechanisms (CSMs) is yet to be achieved. As this creates a clear obstacle to the uptake of instant payments in the EU, on 24 July 2020 the ECB announced measures to address these issues. There is a firm expectation that clearing and settlement mechanisms and payment service providers will ensure timely implementation of these measures, before end-2021, in view of their legal obligation to be reachable EU-wide when providing instant payments.
2.Increasing consumers’ trust in instant payments
The quasi real-time availability of the funds on the payee’s account, combined with the irrevocability of payments, may have implications for consumers in cases, for example, of erroneous transactions, fraud, etc. Instant payments may also present challenges in terms of money laundering, financing of terrorism, cyber-attacks, as well as operational and liquidity risks for financial institutions. If not appropriately identified and addressed, these risks may undermine the confidence of consumers and merchants using instant payments, potentially hindering their full rollout as the new normal. The Commission recalls that, when providing instant payment services, payment service providers must ensure that they have in place appropriate and real-time fraud and money laundering/terrorist financing prevention tools, in full conformity with existing legislation.
In order to be more attractive to consumers, instant payment services should offer features that put them on an equal footing with other payment instruments (e.g. cards) that offer chargebacks, i.e. the return of credit card funds used to make a purchase to the buyer in certain cases (e.g. mistakes).
If instant payments are to become the new norm, the Commission considers that it would be appropriate that the charges of both regular and instant credit transfers should be the same. Otherwise, instant payments would remain a niche product, alongside regular credit transfers. On the other hand, it is clear that there can be additional costs for the provider if some features and add-ons, such as chargebacks, are offered with instant payments.
In the context of the Payment Services Directive (PSD2) review, the Commission will assess the extent to which the EU’s existing consumer protection measures (e.g. rights to refunds) can provide consumers making instant payments with the high level of protection offered by other payment instruments. The Commission will assess the impact of charges levied on consumers for instant payments and, if relevant, require that they are no higher than those levied for regular credit transfers.
The Commission, where appropriate with the European Central Bank and/or the European Banking Authority (EBA), will examine whether specific measures should be taken to enhance the effectiveness of the crisis management of payment systems, and to ensure sound mitigation measures on the liquidity risk for financial institutions resulting from the rapid, low-friction outflow of funds via instant payments, in particular when taking place outside normal office hours. This would go beyond central bank oversight expectations, mechanisms under the Bank Recovery and Resolution Directive (BRRD) or the Single Resolution Mechanism Regulation (SRMR) or payment systems rules.
The Commission will also investigate whether additional measures should be taken to address other specific risks, such as money laundering, terrorist financing and related predicate offences.
3.European-grown payment solutions that work cross-border
Completion of the key actions for facilitating instant payments, as identified in Sections 1 and 2 of this Chapter, may not be sufficient to ensure the successful deployment of pan-European payment solutions. Additional actions may need to be taken for European actors to thrive in a landscape occupied by well-established incumbent competitors.
New actors wishing to offer pan-European solutions may face a number of significant challenges:
·acceptance by merchants and consumers;
·customer recognition of new brands;
·designing a competitive and innovative business model catering for differing national payment traditions and habits;
·financing costly infrastructures; and
·restrictions to access certain technical infrastructures or functionalities, etc.
In addition, the strict conformity of governance and financing patterns with competition rules must be ensured.
The Commission is fully aware of these challenges. Given the strategic nature of payments, it will continue to play an active political role to foster the development of competitive pan-European payment solutions that rely extensively on instant payments, and to address the above challenges, in full compliance with EU competition rules.
By the end of 2023 the Commission will:
•explore the feasibility of developing a ‘label’, accompanied by a visible logo, for eligible pan-European payment solutions;
•explore ways to facilitate the deployment of European specifications for contactless card-based payments (CPACE), e.g. through funding programmes such as InvestEU, subject to the compliance with relevant eligibility criteria;
•support the modernisation and simplification of EU merchants’ payment acceptance facilities, enabling for example, cash registers to issue e-receipts. This support could be achieved through guidance and awareness-raising amongst retailers, particularly SMEs, about ways to modernise and digitalise, including through the use of Digital Innovation Hubs. Funding and training possibilities will also be explored.
The Commission will also continue to provide guidance, if required, to ensure that instant payments solutions and their respective business models comply with EU competition rules.
4.Reaping the full potential of the Single Euro Payments Area (SEPA)
The Single Euro Payments Area (SEPA) was created to make all cross-border electronic payments in euro as easy as domestic payments by harmonizing the way cashless euro payments are made across Europe.
Today, six years after the end-date for SEPA Credit Transfers (SCT) and SEPA Direct Debits (SDD) in euro Member States, and four years after the end-date for non-euro Member States, many citizens still face unacceptable refusals of cross-border SEPA Direct Debit transactions (‘IBAN discrimination’). This means that they cannot use IBANs from a different country to make a payment. Payees are still often unwilling or not technically able to accept cross-border SEPA Direct Debits. The Commission’s attention has frequently been drawn to cases of tax and other public administrations refusing to send or receive payments to or from a foreign account. These cases of IBAN discrimination are a breach of the SEPA Regulation, as confirmed by established case law.
Even though the relevant competent authorities are required by law to monitor compliance by payment service providers with the SEPA Regulation, and to take action in case of a breach, they do not always adequately and systematically address such breaches of SEPA rules, as evidenced by the many complaints received by the Commission services.
The Commission reminds national competent authorities of their enforcement obligations under the SEPA Regulation. It expects them to swiftly investigate and remedy all breaches to the Regulation by putting an immediate end to illegal activities and imposing appropriate sanctions. It will closely monitor cases of non-compliance and will launch any necessary infringement procedures.
5.Exploiting the potential of electronic identity (eID) for customer authentication
As financial services shift progressively from traditional face-to-face business towards the digital environment, digital identity solutions that can be reliably used for remote customer authentication become increasingly relevant. PSD2 has stimulated innovation in this area through the introduction of strong customer authentication (SCA), with its strict security requirements for access to payment accounts and the initiation of digital payments. In some EU Member States, electronic identification schemes have been developed for customer authentication based on national electronic identification (eID) schemes offering the highest levels of assurance.
However, the picture across the EU involves a plethora of different authentication solutions at national level with limited cross-border interoperability. This may hinder further innovation and the development of new payment services.
With the eIDAS Regulation, the EU introduced in 2014 a first cross-border framework for trusted digital identities and trust services. The aim of the Regulation is to facilitate access of all EU citizens to public services across the EU by means of eID issued in their home country. The experience with the application of eIDAS reveals, however, a number of structural shortcomings, which restrict its capability of effectively supporting a comprehensive digital ID framework. In the February 2020 Communication “Shaping Europe’s digital future”, the Commission committed to revise the eIDAS Regulation to improve its effectiveness, extend its application to the private sector and promote trusted digital identities for all Europeans. The intention is to provide a future proof regulatory framework to support an EU-wide, simple, trusted and secure system to manage identities in the digital space, covering identification, authentication and the provision of attributes, credentials and attestations that will play a key role also in the payments field.
The Commission is determined to harness the potential offered by the rapid development of digital identity solutions in the financial sector. As set out in the digital finance strategy, the Commission will implement by 2024 a sound legal framework enabling the use of interoperable digital identity solutions that will allow fast and easy access of new customers to financial services. This will facilitate, as part of such solutions, their deployment in payments, with a view to improving interoperability, efficiency, ease of use (especially across borders), and safety and security, in particular to reduce instances of fraud and other crimes.
With a view to facilitating cross-border and domestic interoperability, the Commission will explore, in close cooperation with the EBA, ways to promote the use of electronic identity (eID) and solutions based on trust services, building on the further enhancement of eIDAS, to support the fulfilment of Strong Customer Authentication requirements under PSD2 for account login and initiation of payment transactions.
6.Improving the acceptance of digital payments
The Covid-19 pandemic has shown how important it is that digital payments be widely accepted by merchants. However, acceptance of digital payments varies significantly in the EU. There are still many entities (merchants, public administrations, hospitals, public transports) which do not accept digital payments.
The Single Digital Gateway Regulation will bring strong improvements. It will facilitate online access to the information, administrative procedures and assistance services that citizens and businesses need to get active in another EU country. By the end of 2023, citizens and companies moving across EU borders will be able to perform a number of procedures in all EU member states without the need for any physical paperwork, like registering a car or claiming pension benefits.
The Commission expects Member States, in particular, to:
-explore and address the reasons for reluctance to accept digital payments, and encourage merchants to accept digital payments, including contactless payments;
-increase the digitalisation of government payments, beyond those covered by Regulation (EU) 2018/1724; and
-equip public administrations, hospitals, etc. with terminals for digital payments.
In 2022, the Commission will carry out a study on the level of acceptance of digital payments in the EU, including by SMEs and public administrations, and to explore the possible reasons in case of a low level of acceptance. If appropriate, it may propose legislative action.
7.Maintaining the availability of central bank money
Cash accessibility and acceptance
Cash is a means of payment that offers instant settlement in face-to-face transactions, without any technical infrastructure. It is still the only form of money individuals can hold directly. As such, it should remain widely accessible and accepted.
In the euro area, euro banknotes and coins are the only legal tender pursuant to Article 128 TFEU and to Council Regulation (EC) No 974/98 of 3 May 1998 on the introduction of the euro. A Commission Recommendation of 2010 explains that, where a payment obligation exists, the legal tender of euro banknotes and coins implies:
mandatory acceptance by the creditor;
at full face value; and
with the power to discharge the payment obligation.
The Recommendation also states that the acceptance of euro banknotes and coins as a means of payment in retail transactions should be the rule, and that refusals should be possible only on the basis of the “good faith principle” (e.g. if the retailer has no change available).
Over the years, the use of non-cash means of payment has consistently increased in Europe. However, cash remains the dominant means of payment in the euro area, where it is still used for 78% of all transactions.
The statistics for cash usage conceals a wide range of situations. Some euro area countries (Austria, Germany Ireland, Slovakia and Slovenia) have a marked preference for cash. Estonia and the Netherlands are situated at the other end of the spectrum, with cash being used for less than half of transactions at points of sale. Outside the euro area, Sweden is a country where the use of cash has substantially decreased. In all EU countries, the Covid-19 pandemic has reduced the number of cash-based transactions during lockdown, but precautionary holdings of cash have actually risen markedly in some economies.
In practice, the availability of cash has decreased in recent years. Cases of non-acceptance of cash increased during the Covid-19 crisis, due to public concerns about viral transmission caused by handling cash and to the increasing need for remote transactions generated by lockdowns, which favoured a shift to digital payments.
While promoting the emergence of digital payments to offer more options to consumers, the Commission will continue to safeguard the legal tender of euro cash. It is aware of and shares the concerns expressed by consumer associations that there is a tangible risk that as more services are digitalised, those without access to digital services may find themselves more excluded than they are today. There are still about 30 million adults in the EU who do not have a bank account.
In order to preserve access to and acceptance of cash, and its legal tender, the Commission:
•Recalls that, as legal tender, euro banknotes and coins must be accepted by the creditor at full face value where a payment obligation exists and they have the power to discharge the payment obligation.
•Expects Member States to ensure the acceptance and accessibility of cash as a public good, in line with Article 128 TFEU and Council Regulation (EC) No 974/98 of 3 May 1998 on the introduction of the euro, while acknowledging the possible legitimacy of duly justified and proportionate limitations to the use of disproportionate amounts of cash for individual payments that may be necessary, inter alia, in order to prevent the risk of money laundering, terrorist financing and related predicate offences, including tax evasion. One means whereby Member States might preserve access to cash could be to provide for minimum coverage of automated teller machines (ATM), or equivalent means of access, on their territory.
In the framework of the Euro Legal Tender Expert Group (ELTEG), the Commission will take stock of latest developments regarding the acceptance and availability of cash within the euro area with the ECB, national central banks and treasuries.
In parallel, it will closely follow the work on access to cash to be carried out under the auspices of the Euro Retail Payments Board. Taking this work into account, as well as the deliberations of the Euro Legal Tender Expert Group, it may decide to take appropriate action to protect the acceptance and availability of euro cash at the end of 2021.
Central Bank Digital Currencies and further innovation in payments
The decline in the use of cash, the increasing weight of private sector payment solutions and the prospective emergence of asset-referenced tokens have led central banks to explore the issuance of Central Bank Digital Currencies (CBDCs). Depending on its design, a retail CBDC can serve both as a digital substitute for cash and private payment solutions, as well as a driver for continued innovation in payments, ﬁnance and commerce, addressing speciﬁc use cases in our increasingly digitalised economies and societies. A retail CBDC can also enhance the international role of the euro and the EU’s ‘open strategic autonomy’, and support ﬁnancial inclusion. It may also contribute to the provision of resilient, fast and inexpensive payments, whilst enabling automated and conditional payments.
As highlighted in the digital finance strategy, the Commission supports work by central banks (in particular the ECB), which are looking into the possible issuance of a retail CBDC available to the general public (households and businesses) while safeguarding the legal tender of euro cash. This work complements the Commission’s proposed regulatory framework on asset-referenced tokens used for payment purposes.
Further work is needed to assess the potential impacts of CBDC on monetary policy, financial stability and competition, and to avoid undue disintermediation. In close coordination with the ECB, the Commission will continue to work to foster cooperation between the private and public sectors.
In order to support the issuance of a euro retail Central Bank Digital Currency, the Commission will work closely with the ECB on the objectives and policy options and on ensuring a high level of complementarity between the payment solutions developed by the private sector and the necessary intervention of public authorities.
B.Pillar 2: Innovative and competitive retail payments markets
1.Reaping the full potential of the Payment Services Directive (PSD2)
The revised Payment Services Directive (PSD2) has enabled the emergence of new business models based on the sharing of payment account data (‘Open Banking’), such as payment initiation services (PIS) and account information services (AIS). It has also improved the general level of the security of payment transactions through the implementation of strong customer authentication (SCA). It has become a worldwide reference in terms of open banking and secure transactions.
In the wake of PSD2, more than 400 non-bank entities – third party providers (TPPs) – are now authorised to provide either payment initiation or account information services, and an increasing number of banks are themselves offering account information services and payment initiation services. However, the large potential of open banking still remains largely untapped. Two years after its entry into force the Directive has not yet yielded its full impact. Strong Customer Authentication – particularly in e-commerce – is not yet fully enforced, largely because of late or insufficient market preparedness. The uptake of regulated services based on access to payment accounts by third party providers, one of the PSD2’s cornerstones, still poses challenges to regulators and stakeholders. The existence of many different application programming interfaces (API) standards, which are key for efficient and secure access to payment accounts data, as well as different API functionality levels, have presented challenges for third party providers, in particular those that were already in business before PSD2. These third party providers had to integrate and adapt their business to different technical specifications and customer journeys for accessing payment accounts.
Given the magnitude and the complexity of the transition required by PSD2, these early challenges were to be expected. The Commission, the European Banking Authority (EBA) and national competent authorities have been working hard to address and overcome them. Important clarifications have been given via more than 100 responses provided to Q&As submitted by external stakeholders, EBA Guidelines, EBA Opinions, clarifications provided as a result of requests made by members of the EBA Working Group on Application Programming Interfaces, and numerous meetings in which the Commission has sought to shed light and facilitate dialogues between various communities.
The Commission reaffirms its strong belief in the potential of open banking and is determined to make PSD2 a full success. The Commission will continue to work with the EBA to ensure that illegal obstacles to third party providers’ services are removed, and to promote a constructive dialogue between all stakeholders. In particular, it will support the finalisation of the work on a ‘SEPA Application Programming Interfaces Access Scheme’ that was launched in 2019 under the auspices of the Euro Retail Payments Board.
Going forward, the experience gathered from the full implementation of PSD2 will inform the Commission’s work on a broader framework for open finance, as set out in the Digital Finance Strategy.
At the end of 2021, the Commission will launch a comprehensive review of the application and impact of PSD2.
Building on the PSD2 experience and as announced in the digital finance strategy, it plans to present a legislative proposal for a new ‘Open Finance’ framework by mid-2022.
2.Ensuring a high level of security for retail payments in Europe
PSD2 requires all payment service providers to apply strong customer authentication (SCA) whenever a user initiates an electronic payment or accesses their online banking interface. Payment service providers across the EU have developed authentication solutions based on the use of two or more elements categorised as ‘knowledge’ (something only the user knows), ‘possession’ (something only the user possesses) and ‘inherence’ (something the user is, e.g. biometrics).
Looking to the future, strong customer authentication must become the norm when paying online, e.g. in e-commerce or online travel booking. Payment service providers’ authenticating solutions compliant with strong customer authentication must provide users with a seamless and accessible experience to access their payment accounts online and to facilitate the completion of transactions. They should rely on the most secure authenticating factors, moving away, where possible, from transmittable elements (e.g. static passwords) and from older technologies and communication channels that are prone to attacks (e.g. SMS text messages).
As new types of fraud keep appearing, strong customer authentication alone may not be enough to ensure that payment service users remain fully protected. Payment service providers should always be at the cutting edge of fraud detection and prevention. PSD2 is widely acknowledged to have enabled the EU and companies operating in the EU to become world leaders in terms of operational risk, IT security and major incident reporting, partly thanks to the European Banking Authority’s Guidelines.
For payments posing a higher fraud risk, the Commission will assess whether requiring a match between the beneficiary name and IBAN may be effective in preventing frauds, such as ‘social engineering’ where people are manipulated into performing actions or divulging confidential information.
To counter phishing, it will be of key importance that EU PSP’s adopt internationally recognized controls, such as Domain-based Message Authentication, Reporting and Conformance (DMARC).
While protecting users against payment fraud is vital to preserve trust in payment systems and in digital payments more generally, it is equally important that payment service providers do their utmost to protect themselves against cyber-attacks, as well as against any other man-made and natural risks.
It is equally important to ensure that the authentication approaches chosen by PSPs that rely exclusively on advanced technological devices do not lead to the exclusion of categories of customers, such as older persons.
In close coordination with the European Banking Authority, the Commission will carefully monitor the implementation of strong customer authentication requirements.
In its review of PSD2, it will take stock of strong customer authentication’s impact on the level of payment fraud in the EU and explore whether additional measures should be considered to address new types of fraud, in particular with regard to instant payments.
Alongside the Digital Finance Strategy, the Commission is also proposing a Regulation on digital operational resilience for the financial sectors across the Union, with a view to enhancing the ICT risk management of various financial institutions, including payment services providers. This initiative is consistent with the European Critical Infrastructure (ECI) Directive.
The Commission will work in close coordination with the European Banking Authority in order to draw on lessons learned from the implementation of the EBA Guidelines on ICT and security risk management, which have been applicable since June 2020.
3.Fostering consumer protection
The retail payments acquis aims to ensure that EU payment service users enjoy transparency and security when paying digitally. However, the payments market continues to evolve rapidly, and further safeguards to protect consumers may be needed in the future.
In addition to the initiatives announced in this Communication, which will improve consumer protection in payments, the Commission considers that the increased use of digital payments calls for further reflection on payments transparency, as well as on the features of increasingly popular types of payments, such as contactless.
At the outbreak of the Covid-19 crisis, following the European Banking Authority’s Recommendation, the banking and payment communities in most EU countries increased the maximum value for contactless payments to the €50 limit under the PSD2 regulatory technical standards. Following this, the number of contactless payments increased significantly.
Having made greater use of contactless payments, in particular for health reasons, it is likely that in future consumers will retain this habit. That would be a positive development. However the Commission does not consider it appropriate, at least at this stage, to raise the legal maximum (per transaction and cumulative) amounts of contactless payments without strong customer authentication. In the absence of strong customer authentication, there is a risk that an increase in contactless payments might be accompanied by a parallel increase in fraud. The impact of any increase to the limits would therefore have to be carefully assessed before any decision could be taken.
When reviewing PSD2, the Commission will, in close coordination with the European Banking Authority, re-examine the existing legal limits on contactless payments, with a view to striking a balance between convenience and fraud risks.
In the meantime, the Commission will examine, with both stakeholders and Member States, the technical conditions that could enable consumers to set their own individual contactless limit (subject to the €50 maximum). The only choice that most consumers have today is to whether to activate or disable contactless payments. As there is no strong customer authentication for contactless payments, consumers are in any event protected for the full amount.
Enhancing the transparency of transaction statements
As the payments chain of actors involved in a single transaction becomes longer and more complex, payment service users may find it increasingly difficult to identify to whom, where and when they made a payment. This can lead to confusion, e.g. for instance where the name and place of the payment beneficiary in the transaction statement is not the commercial name of the company. This may in turn make it more difficult for consumers to spot fraudulent transactions.
The Euro Retail Payments Board is currently tackling this issue with a view to identifying solutions that allow users to more easily monitor their transactions.
The Commission supports the Euro Retail Payments Board’s ongoing work on enhancing transparency for retail payments users and will take account, in the context of the PSD2 review, of any recommendations that the Euro Retail Payments Board makes in this area.
4.Future-proof supervision and oversight of the payments ecosystem
As highlighted in the digital finance strategy, the financial ecosystem is becoming increasingly complex with a more fragmented value chain. The payments chain involves many players (some regulated, others not) and increasing levels of complexity and inter-dependency. While regulation must guarantee a level playing field, promote fair competition and low barriers to entry and spur innovation, it must also uphold users’ rights and protect the overall ecosystem from financial and operational risks. To achieve these objectives, the regulatory perimeter needs to be well balanced.
While PSD2 implementation is still in its infancy, the E-money Directive (EMD2) has been in force for over a decade, so there is sufficient experience to draw lessons from its implementation. After the adoption of PSD2, the two regimes converged, but remained separate. The differences between the services provided by payment institutions and e-money institutions no longer seem to justify a distinct authorisation and supervision regime and could therefore be brought under a single framework. As the respective scopes of PSD2 and EMD2 exclude certain services and instruments, it is also important to ensure that any exemptions granted to businesses posing low risks remain justified.
Need for a level playing-field between payment service providers
In a world increasingly dominated by digital platforms, large technology providers are taking advantage of their vast customer base to offer front-end solutions to end-users. Their entry into finance may consolidate the network effects and their market power. As highlighted in the digital finance strategy, several initiatives have emerged involving crypto-asset service providers using distributed ledger technologies. These actors may provide payment services that compete with those offered by regulated players (e.g. payment service providers, payment systems and payment schemes). They must therefore be regulated on the same basis in order to ensure a full level-playing field (‘same business, same risks, same rules’). On the one hand, they may broaden the range of available payment services and contribute to an innovative market. On the other hand, they could, if not properly regulated, supervised or overseen, pose a threat to monetary sovereignty and financial stability.
Over the years, competition issues observed in the payments sector related to access to data and information exchanges between competitors, as well as increased risks of foreclosure and abuse of dominance. Such risks may increase further through digitization. For example, newly emerging digital financial services platforms may quickly acquire dominant positions or market power. Large technology providers can use their customer data and network effect advantages to enter the payments sector, leveraging their market power from social media or search services. As part of its competition policy enforcement in digital markets, the Commission is closely monitoring digital developments in financial services and enforcing EU competition law, where necessary, to promote competition and to prevent entry barriers in these markets.
Supervision and oversight of the payments ecosystem
Supervision and oversight of the relevant actors in the payments chain has become increasingly complex, taking into account the emergence of many new business models and group structures. The potential supervisory implications became apparent in a recent case involving a technology company providing payment-related services.
Payments conglomerates may include both regulated and unregulated entities. Problems encountered by unregulated entities providing technical services to support some of the Group’s affiliates could potentially have a spill-over effect. Recent experience has demonstrated that the bankruptcy of an unregulated entity can have tangible consequences for other regulated subsidiaries (e.g. freezing of the institutions’ services by the national competent authority).
PSD2 does not currently cover services provided by “technical service providers” that support the provision of payment services without entering into possession of funds at any time. As payment services increasingly rely on the provision of ancillary services by or on outsourcing arrangements with unregulated entities, the Commission considers it indispensable to assess, in the context of the PSD2 review, whether some of these services and providers should be brought into the regulated sphere and be made subject to supervision.
Players in the payments chain may be under the supervision or oversight of different entities. The ECB and national central banks play a central role in the oversight of payment systems, schemes, instruments and their service providers. This complements the role of national and European supervisors in supervising payment service providers. It is important that supervisory and oversight frameworks are coherently structured, taking into account the dependencies between payment service providers, payment systems and payment schemes.
In order to address adequately the potential risks posed by unregulated services, ensure greater consistency in the various pieces of legislation on retail payments and promote robust supervision and oversight, the Commission will:
as part of the Payment Services Directive (PSD2) review process, evaluate any new risks stemming from unregulated services, especially technical services ancillary to the provision of regulated payment or e-money services, and assess whether and how these risks can best be mitigated, including by subjecting the providers of ancillary services or outsourced entities to direct supervision. This could be done by bringing certain activities under the scope of PSD2 where justified. The Commission will also assess the adequacy of the exemptions listed in PSD2 and evaluate the need for changes in prudential, operational and consumer protection requirements;
as part of the PSD2 review, align the PSD2 and E-Money Directive (EMD2) frameworks by including the issuance of e-money as a payment service in PSD2;
in the proposal for a Regulation on Markets in Crypto Assets, subject issuers of e-money tokens to additional provisions complementing EMD2.
where necessary, ensure proper linkages between the supervision of payment services and the oversight of payment systems, schemes and instruments.
C.Pillar 3: Efficient and interoperable retail payment systems and other support infrastructures
1.Interoperable payment systems and infrastructures
Not all payment service providers that have signed up to the SEPA Instant Credit Transfer (SCT Inst.) Scheme, and are reachable domestically, are also reachable cross-border. This is both a violation of the SCT Inst. scheme rules and of Article 3(1) of the SEPA Regulation. This is due in part to the lack of interoperability between clearing and settlement mechanisms. Payment service providers have to connect to several (national and/or European) clearing and settlement mechanisms and set aside and monitor multiple liquidity pools. This is neither ideal nor effective, since even with multiple connections they cannot achieve full, pan-European reachability for SCT Inst. It is also costly due to the liquidity split between clearing and settlement mechanisms.
The operators of retail payment systems should therefore ensure efficient interoperability between the systems. In 2019, the ECB announced that in the absence of satisfactory private solutions for interoperability issues, the Eurosystem would look at appropriate solutions. On 24 July 2020, it announced its decision to put in place measures ensuring pan-European reach for euro instant payments by the end of 2021. As a consequence, all payment service providers which have adhered to the SCT Inst. Scheme and are reachable in TARGET2 should also become reachable in a TARGET Instant Payment System (TIPS) central bank money liquidity account, either as a participant or as reachable party (i.e. through the account of another payment service providers which is a participant).
The Commission fully supports these proposed measures, which are necessary to ensure euro-area-wide reachability of instant payments, help payment service providers to comply with the SEPA Regulation, remove liquidity traps, and bring benefits to all clearing and settlement mechanisms competing in the provision of instant payment services, which will no longer have to depend on reaching bilateral agreements to set up links.
The Commission considers that extending the availability of these cross-border infrastructures from euro to other EU currencies is important to ensure pan-European instant payments. It therefore expects that the first cooperation agreement to allow settlement of instant payments in non-euro (Swedish krona) in the TARGET Instant Payment System, which was concluded on 3 April 2020, will pave the way for solutions that facilitate cross-currency instant payments.
2.An open and accessible payments ecosystem
Access to payment systems is essential for effective competition and innovation in the payment systems market. As payment and e-money institutions compete with banks to provide payment services and contribute to innovation in the payments market, it is important to guarantee that all players have fair, open and transparent access to payment systems.
While the revised Payment Services Directive (PSD2) requires objective and non-discriminatory access to payment systems for authorised payment service providers, the Settlement Finality Directive (SFD) makes access dependent on statutory criteria. This has prevented e-money institutions and payment institutions from gaining direct access to payment systems designated under the SFD.
PSD2 requires Member States to ensure that direct participants (i.e. mostly banks) in an SFD-designated payment system allow indirect access by non-bank payment service providers in an objective, proportionate and non-discriminatory manner. However, indirect access via banks may not be the best option for many non-bank payment service providers, as this makes them dependent on those banks.
The Commission is aware that some national central banks have allowed payment and e-money institutions direct or indirect participation, subject to certain criteria. This has led to level playing field issues and further fragmented the payments market. As indirect access is the only option in systems like the TARGET Instant Payment System, it can create unintended effects and operational challenges, also in relation to compliance with requirements on anti-money laundering and combating the financing of terrorism. In turn, this may distort the level playing-field between banks and non-bank payment service providers.
In the framework of the Settlement Finality Directive (SFD) review (to be launched in Q4 2020), the Commission will consider extending the scope of the SFD to include e-money and payment institutions, subject to appropriate supervision and risk mitigation.
3.Access to necessary technical infrastructures
The Commission believes that European payment service providers should be able to develop and offer to all European users, without undue restrictions, innovative payment solutions using all relevant technical infrastructures, under fair, reasonable and non-discriminatory terms and access conditions.
The Commission is aware of a variety of situations in which some operators might restrict or block access to necessary technical infrastructures. These may include a range of software and hardware elements that are necessary if innovative payment solutions are to be developed and offered, e.g. the non-public layers embedded in mobile device operating systems (including Near Field Communication antennae), biometric identity readers such as fingerprint or face recognition scanners, app stores, point of sale kernels, SIM cards, etc.
The most commonly reported issue relates to some mobile device manufacturers restricting third party access to the Near Field Communication technology embedded in smart mobile devices. The Commission has recently launched competition proceedings to examine the conditions for access by third parties to the Near Field Communication technology of one mobile device manufacturer.
Some European card schemes report that they have difficulties in accessing the contactless kernel in the point of sale terminals, which, for cross-border payments in Europe, is deployed by international card schemes. The European Card Payment Cooperation is developing a proprietary kernel, but its rollout throughout the payment chain would, according to the industry, will take several years.
These restrictions could result in significant vulnerabilities for the European payments ecosystem, hindering competition, innovation and the emergence of pan-European payment solutions. At the same time, unilateral intervention at Member State level could lead to market fragmentation and distort the level playing field.
In parallel with its ongoing and future competition enforcement, the Commission will examine whether it is appropriate to propose legislation aimed at securing a right of access under fair, reasonable and non-discriminatory conditions, to technical infrastructures considered necessary to support the provision of payment services. In doing so, it will take into account:
- the ongoing review of its competition policy to ensure that it is fit for the digital age;
- its ongoing work carried out on the Digital Services Act with regard to ex-ante rules for large online platforms acting as gatekeepers.
Such legislation would take due account of the potential security and other risks that such access could pose. In particular, it would lay down the criteria for identifying the necessary technical infrastructures and determining to whom and under what conditions access rights should be granted.
D.Pillar 4: Efficient international payments, including remittances
In Europe, regulation and industry efforts to achieve SEPA have drastically reduced the costs of transferring money over the last decade. However, payments across the EU’s external borders are slower, more costly, more opaque and more complex.
Global remittances have expanded almost six-fold since 2000, reaching an estimated USD 714 billion in 2019. This rapid growth has been largely driven by flows to low and middle income countries, which account for three quarters of the total. Together, the EU, the United States and Saudi Arabia are by far the main source of remittance flows to low and middle income countries, accounting for about two thirds of the total.
For low and middle-income countries, remittance inflows are of high macroeconomic relevance, representing for many over 10% of their GDP. They also provide an essential financing lifeline for many recipient families and often act as an informal social safety net, enabling 800 million family members (for whom remittances represent on average about 75% of their income) to pay for food and for healthcare, education and other basic needs. As measured by the World Bank’s Remittance Prices Worldwide database, the global average cost of remittances is still close to 7%, whereas the international community has committed to reducing those costs to less than 3% by 2030. As a consequence of the Covid-19 pandemic, remittances are projected to fall by about 20% in 2020, as migrants face job losses and uncertainty.
The Commission’s objective is for cross-border payments involving non-EU countries, including remittances, to become faster, more affordable, more accessible, more transparent and more convenient. This will also encourage greater use of the euro and strengthen its position as a global currency.
The main frictions affecting international cross-border payments were recently identified in the Financial Stability Board’s (FSB) Stage 1 report on cross-border payments
. Taken together, these frictions create barriers for payment intermediaries seeking to provide cross-border services, can increase prices for end-users, dampen investment in modernising cross-border payment processes and also affect remittances.
The Commission believes that a mix of actions at global and jurisdiction-specific level is required. In line with the findings of the Committee on Payments and Market Infrastructures (CPMI), these can be broken down into EU-specific actions and actions to facilitate remittances.
-Where feasible, the Commission expects the relevant payment system operators, in particular where the recipient jurisdiction has also adopted instant payment systems, to facilitate linkages between European systems such as TARGET Instant Payment System (TIPS) or RT1 and instant payment systems of Third countries - as long as the latter benefit from an appropriate level of consumer protection, fraud and ML/TF prevention and interdependencies risks mitigation measures. The direct access of non-bank payment service providers to payment systems may increase the potential benefits of such linkages. Consideration could also be given to establishing linkages for other types of payment systems, including retail and wholesale, where relevant, subject to similar safeguards.
-The Commission calls for the implementation, at the latest by end 2022, of global international standards, such as ISO 20022, which facilitate inclusion of richer data in payment messages.
-In order to further increase the transparency of cross-border transactions, the Commission encourages payment service providers to use the Global Payment Initiative (GPI) of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which facilitates the tracking of cross-border payments for participating institutions in real time. Wide usage of the tracker would make it possible for originating payment service providers to better estimate and disclose to the payer the maximum execution time of a cross-border payment. The Commission will assess, in the framework of the PSD2 review, whether transparency of cross-border international transactions needs further improvements.
-As instant payments also become the norm internationally, the Commission will assess, in the context of the PSD2 review, the appropriateness of requiring that the maximum execution time in ‘two-leg’ transactions also applies to ‘one-leg’ transactions
-The Commission is following with interest the ongoing work carried out in the framework of the European Payments Council on possible further harmonisation of business rules and messaging standards for one-leg transactions. The Commission will assess whether it is necessary to make these mandatory.
Addressing specific issues affecting remittances:
All of the above-mentioned strategic actions can facilitate cross-border flows, and therefore also benefit remittances. In addition:
-The Commission encourages Member States’ initiatives to support the remittance sector, subject to commitments by remittance service providers to progressively reduce the cost of remittance services over time.
-The Commission will, in the framework of EU development policy, support SEPA-like initiatives in regional groupings of low and middle income countries, and in relevant cases the possibility for Third countries to join SEPA (e.g. in the Western Balkans and in the Eastern Neighbourhood).
-The Commission will promote the access to payment accounts in low and middle-income countries, which will also facilitate the digitalization of remittances.
All these actions could support the international role of the euro by enhancing the ability of citizens and companies to use the euro as a currency for person-to-person transfers, investment, financing, and trade flows.
This strategy identifies key priorities and objectives for retail payments in Europe over the four years to come, based on extensive input from all stakeholders and taking in full consideration the outcome of the public consultation.
To achieve these objectives, the Commission is committing to a number of important actions. The Commission encourages all stakeholders, at national and EU level, to engage actively in the implementation of this strategy.