DG FISMA provides clarification of requirements of the Instant Payments Regulation
On 8 April 2024, the Instant Payment Regulation (EU) 2024/886 (“IPR”) entered into force. Bird & Bird covered the IPR and its provision on a general level in the article available here.
To further a common understanding of IPR the Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union (“DG FISMA”) held two online implementation workshops where clarification to over two hundred questions from various stakeholders were provided by DG FISMA. The clarification have been recently published in a Q&A on IPR implementation (“Q&A”) available here. The Q&A covers a vast range of general and specific questions in relation to IPR and several other legal acts that were amended by the IPR:
- Regulation EU 260/2012 establishing technical and business requirements for credit transfers and direct debits in euro (“SEPA Regulation” or “SEPAR”),
- Regulation EU 2021/1230 on cross-border payments (“CBPR2”),
- Directive EU 2015/2366 on payment services in the internal market (“PSD2”),
- Directive 98/26/EC on settlement finality in payment and securities settlement systems (“SFD”).
The Q&A is an honourable attempt by DG FISMA at clarifying some areas of uncertainty in relation to the IPR. However some areas remain unclear because not addressed by the Q&A. In addition, some of the Q&As drafted by the Commission lack clarity in places and/or raise some further questions.
It is also worth pointing out that the European Banking Authority (EBA)’s Single Rulebook Q&A has been updated in order to allow interested parties to ask questions on the IPR.
The Q&A is divided into six parts (A-F) addressing the following areas;
A. Questions on the scope of the IPR (questions 1-28),
B. Questions on other obligations included in IPR article 5a (questions 29-89),
C. Questions on the service ensuring verification of the payee, IPR article 5c (questions 90-150),
D. Question on the sanction screening obligations, IPR article 5d (questions 151-171),
E. Question on other IPR provisions – charges in respect of instant credit transfers (IPR article 5b), penalties, reports (questions 172-188),
F. Questions on amendments to SFD and PSD2 (questions 189-203).
The content of the questions and answers in each part varies greatly. Many of the questions are very specific to a certain setup – nevertheless, there are valuable insights that all stakeholders may get from the Q&A. In the following we outline some of the clarifications that we find valuable to highlight.
Part A - Questions on the scope of the IPR
Part A is dedicated to clarifying the scope of IPR’s applicability, from various standpoints and aspects.
To begin with, it is clarified that when the IPR and SEPAR refer to credit transfers it always means credit transfers in euro, unless stated otherwise (Q&A 1). This clarification was called for since some articles in IPR and SEPAR specify the Euro as the currency, while some do not.
As regards an overall obligation to provide instant credit transfers – all payment service providers (“PSP”) that provide a service of receiving and sending regular credit transfer in Euro within the meaning of the SEPAR Article 2 point (1) are under an obligation to provide instant credit transfer in Euro. IPR applies to all PSPs located in the EU (and even in the EEA following the transposition of the IPR in the local legislation for the latter) (Q&A 16). The obligation only applies to account servicing payment service providers (“ASPSP”) based on the definition of credit transfer in SEPAR, as the payment service users (“PSU”) hold their account with ASPSPs. However, initiation is also possible via Payment Initiation Service Provider (“PISP”) (Q&A 15 and 56).
The obligation applies both to PSPs who have direct or indirect (through other direct participants) access to the SFD-designated payment systems (Q&A 17). The obligation applies even to smaller PSPs even if those cannot become direct participants in SFD-designated payment systems (Q&A 18).
A number of clarifications are made on the applicability of IPR article 5a(1) on certain types of accounts and licensed services as provided by the requesters. A general conclusion that is made by DG FISMA in all answers provided to such requests is that a credit transfer in the meaning of the SEPAR Article 2 point (1) has to be made from a payment account; the same applies to instant credit transfers. SEPAR as amended by the IPR defines ‘payment account’ as a payment account as defined in PSD2 Article 4 point (12). Entities shall therefore, on a case-by-case basis, start with an assessment of whether the account they offer is a payment account or service they offer include payments from payment accounts, and if the answer is positive, then the requirement to provide instant credit transfer in IPR article 5a(1) applies (Q&A 5-7).
In the context of hierarchy between instant credit transfer and other types of credit transfers historically offered to PSU, DG FISMA confirms that there is no requirement to direct a PSU to instant credit transfer – a PSU is free to choose what type of credit transfer he or she prefers (Q&A 4).
Q&A 13 provides a clarification on applicability of the requirement in IPR article 5a(1) on payments to organisations with a payment code (e.g. telephony) where no recipient payment account is immediately visible to the PSU. Despite the specific nature of such payment vehicles, DG FISMA confirms that a PSU must be enabled to initiate instant credit transfers via such payment vehicle.
Part B - Questions on other obligations included in IPR article 5a
Part B is the most extensive part of the Q&A and contains a vast variety of questions, e.g. questions in relation to 10 seconds’ limit, time of receipt, information to be provided to the payer, currency conversion as part of the credit transfer, etc.
For example, the time of receipt of the payment order is clarified: it is the moment after the PSU has entered the amount, the name and the IBAN of the payee, the Verification of Payee (”VoP”) service has been performed and the customer has confirmed the information, and possibly the Strong Customer Authentication (“SCA”) has been made by the payer's PSP. In practical terms, in most situations the time of placing a payment order and the time of receipt will coincide, but there are exceptions in IPR article 5a(3) 2nd and 3rd subparagraphs (Q&A 30).
Several clarifications have been provided in relation to the 10 seconds’ limit. As a rule, the starting point of the 10 seconds’ time limit is determined to be the time of receipt of the payment order by the payer’s PSP (however the interpretation might be different in certain situations) (Q&A 29).
There are several questions with respect to currency conversion, from different aspects. Inter alia DG FISMA clarifies that PSPs shall provide currency conversion on sending instant credit transfer immediately after placing the payment order (Q&A 39). As for receiving instant credit transfers, the time limit of 10 seconds set in IPR Article 5a(4) point (c) applies. PSPs are not allowed to reject the incoming euro instant transaction if, for whatever reason, the currency conversion cannot be done within the 10 second timeframe as this would be a breach of IPR article 5a(1) (Q&A 41).
A question on whether it is permissible to automatically convert an instant credit transfer into a regular credit transfer in case of insufficient funds on the payer’s account has been placed. DG FISMA confirms that this shall not be allowed – instead a payer shall be informed that the transaction has not been carried out (Q&A 36).
Valuable clarifications are provided on the payer’s PSP should notify the payer: the payer has to be informed on whether the amount of payment transaction has been made available on the payee’s payment account. In case of multiple payment orders submitted as a package, the payer may prefer that he or she is informed on the status of execution of all payment orders that are included in one package via one global notification, which may be agreed upon between the payer and its PSP in a framework agreement (Q&A 50). With regards to instant credit transfer via PISPs, both the PISP and the PSU have to be informed on execution of the payment order (Q&A 53).
Part C - Questions on Verification of Payee service
In accordance with the IPR article 5c (1), a payer’s PSP shall offer the payer a service ensuring verification of payee when sending a credit transfer, so called VoP service. Part C of the Q&A contains clarifications on VoP, from various perspectives.
PSPs are not allowed to use the VoP service as a reason to reject a credit transfer on suspicion of fraud – it simply does not contain any specific rule in that respect. PSD2 contains some rules that allow the payer’s PSP to refuse the execution of a payment, but these are not applicable in relation to instant credit transfer (Q&A 90).
The ultimate goal of the VoP service is to provide assurance to the payer about the accuracy of the information about the payee to whom the payer intends to make a credit transfer. Therefore, the service shall not be used by a PSU for purposes other than for making credit transfers (Q&A 117).
The IPR requires that the payer’s PSP ensures the verification of the payee for every credit transfer, including instant and regular credit transfers (Q&A 93).
The IPR does not contain any provision on “whitelisting” beneficiaries to avoid applying VoP service (unlike the possibility for the payer’s PSP to avoid SCA when the payee initiates a payment to a payee that is included in a list of trusted beneficiaries pursuant to Article 13 of the RTS on strong customer authentication and common and secure open standards of communication[1]). The only possibility not to provide VoP service is the cases where (1) the payment order is initiated on the basis of paper-based payment order but only if the payer is not present at the time of receipt of that payment order (IPR article 5c(4)) and (2) when the PSU that is not a consumer opts out from receiving the VoP service when submitting multiple payment orders as a package (Q&A 93). They can also agree with their PSPs on receiving other services leading to further security of payments (outside the scope of Article 5c of the IPR) (Q&A 118). Non-consumer PSUs are not allowed to opt out from VoP service when it comes to single payment orders (Q&A 138). Microenterprises may opt out as well, as they shall not be understood as consumers (Q&A 139).
However DG FISMA seems to agree that when a payer places a payment order for a recurring credit transfer (i.e. a standing order), VoP is only required at the time of creation of that standing order (not upon each individual payment transaction) (Q&A 113).
It is sufficient to verify the Legal Entity Identifier (LEI) or another data element other than the name of the payee when conducting a VoP (Q&A 106).
PSPs shall not be held liable for the execution of a credit transfer to an unintended payee on the basis of an incorrect unique identifier, as laid down in Article 88 of PSD2, if it has fulfilled the requirements of Article 5c, i.e. providing the VoP service (Q&A 143).
If the payee’s PSP provides incorrect information and this leads to the payer’s PSP failing to comply with its VoP service provision obligations, the payee’s PSP shall compensate the financial damage caused to the payer’s PSP by that failure (Q&A 144).
The IPR does not provide any specific guidance on situations where the payee’s ASPSP cannot be reached due to technical reasons. In such case the payer shall be notified that the VoP service was not possible to perform (the notification may explain the reason to that) and the payer shall be able to proceed with authorising the payment order. If any loss occurs, the liability will be determined based on where the “technical reasons or problems” have occurred (Q&A146).
Part D - Questions on sanction screening obligations
With regards to sanction screening obligations, if a new designation on the sanction lists is adopted between the daily sanction list checkpoints, in accordance with Article 5d(1), a check of own clients must occur immediately after the entry into force of a new designation (Q&A 152).
Since the European Commission does not assume any liability for the consolidated list of persons, groups and entities subject to financial sanctions, PSPs currently rely on external private providers for that purpose. However, this consolidated version is not envisioned to serve the purpose of PSPs’ obligation referred to in Article 5d(1). i.e. sanction screening obligation. PSPs are responsible for and must put in place the necessary measures to comply with this obligation. Therefore, fulfilment of their obligations to effectively comply with targeted financial restrictive measures cannot be dependent on the Commission’s ability to provide updates to its list (Q&A 161).
Part E - Questions on other IPR provisions
Part E concerns IPR provisions on charges on instant credit transfers, penalties and reports.
The charges for an instant credit transfer in euro cannot exceed charges for credit transfers of a corresponding type, where the notion of “corresponding” should be determined on the basis of criteria such as payment initiation channel, customer status, provision of additional features and services, etc (recital (17) of IPR). In case where there are several alternative “corresponding” regular credit transfers in euro, the charges for an instant credit transfer in euro cannot exceed the charges applicable to those other alternatives (Q&A 173).
Part F - Questions on amendments to SFD and PSD2
The amendment of the SFD enables PIs and EMIs to participate directly in SFD-designated payment systems. It is not specified which payment services should be provided by the PSPs that are apply for participation in a SFD-designated payment system, hence PISPs can also become direct participants of SFD-designated systems, subject to them complying with the new Article 35a of PSD2 and the access rules of the relevant SFD-designated payment system. It is however questionable whether the business model of PISPs would benefit from access to such systems (Q&A 189).
The possibility for PSPs to safeguard client funds with a central bank would be an additional option to the currently available options to non-bank PSPs. Central banks are not obliged but have discretion to allow PIs and EMIs to deposit client funds in accounts that PIs and EMIs may hold with them, for the purpose of compliance with their safeguarding obligations.
[1] COMMISSION DELEGATED REGULATION (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, OJ 13.3.2018, L 69/23.
