06 Sep Revolution in the PRS microcosm: premium rate service operators become payment institutions
On September 6, 2019, the European Banking Authority decided that all intermediaries between local loop operators and premium-rate service providers (ie transit operators and PRS operators) are not covered by the telecom exception provided for in Article 3i of the Second European Payment Services Directive (Directive 2015/2366/EC, or PSD2). In other words, all these intermediaries see their activity reclassified as payment services, which can only be provided by payment institutions (or their agents), as prescribed by PSD2.
EBA puts an end to differing interpretations between national financial regulators
The EBA response closes a series of divergent interpretations among European financial regulators about a total harmonisation directive, the implementation of which could not tolerate such divergences.
On the one hand, the clan of pragmatists had extended to intermediaries the exemption granted by the directive to local loop operators. This clan included the UK Financial Conduct Authority and German regulators BaFin for financial services and BNetzA for telecoms.
On the other hand, the Autorité de Contrôle Prudentiel et de Résolution (ACPR), a subsidiary of the Banque de France, led the battle for the literal interpretation of the directive and required French intermediaries in the PRS value chain to become payment institutions or agents of payment institutions.
To find a common ground, AFMM, the French Association of Multimedia Mobile operators and service providers, whose members intervene on European markets regulated in a contradictory way, had asked an interpretative question 18 months ago to the European Banking Authority, which today publish their answer.
What does this status change mean for the PRS industry in each country?
The PRS value chain exists at the national level in each member state of the European Union. Billing and payment mechanisms between actors differ significantly from one country to another, but within a country, all actors follow the same rules: interconnection modes, definition of retail prices, and wholesale prices, billing and payment terms are almost uniform across a country. Implementing the EBA response will therefore require close industry-wide discussions between PRS players in each country, then between operators (or their trade associations) and the financial regulator, the telecoms regulator. ‘being present only to support the financial regulator.
What does this change of status entail for each intermediary to become compliant?
According to Article 5 of PSD2, ‘Accreditation as a payment institution is subject to submission to the competent authorities of the home Member State of an application accompanied by the following information: :
(a) an activity program indicating, in particular, the type of payment services envisaged;
(b) a business plan containing, in particular, a forecast budget calculation for the first three financial years, demonstrating that the applicant is able to implement the appropriate and proportionate systems, resources and procedures necessary for its proper functioning;
(c) proof that the payment institution has the initial capital provided for in Article 7;
(d) for the payment institutions referred to in Article 10 (1), a description of the measures taken to protect the funds of payment service users in accordance with Article 10;
(e) a description of the corporate governance arrangements and internal control mechanisms, including the applicant’s administrative, risk management and accounting procedures, demonstrating that such corporate governance arrangements, control mechanisms and procedures are proportionate, responsive, healthy and adequate;
(f) a description of the procedure in place for the monitoring, processing and follow-up of security incidents and customer complaints related to security, including an incident reporting mechanism that takes into account the reporting obligations of the payment institution pursuant to Article 96 EN L 337/60 Official Journal of the European Union 23.12.2015
(g) a description of the process in place to record, monitor and restrict access to, and keep track of, sensitive payment data;
h) a description of the business continuity provisions, including a clear identification of essential activities, appropriate contingency plans and a procedure for testing these plans and periodically reviewing their adequacy and efficiency;
(i) a description of the principles and definitions applied for the collection of statistical data relating to performance, operations and fraud;
(j) a security policy document, including a detailed risk analysis of the proposed payment services and a description of the control and mitigation measures taken to adequately protect payment service users against identified security risks, including fraud and the misuse of sensitive or personal data;
(k) for payment institutions subject to the anti-money laundering and terrorist financing obligations provided for in Directive (EU) 2015/849 of the European Parliament and of the Council (1) and in Regulation (EU) 2015/847 of the European Parliament and of the Council (2), a description of the internal control mechanisms that the applicant has put in place to comply with those obligations;
(l) a description of the applicant’s structural organization, including, where appropriate, a description of the agent and branch project and the at least annual on-site and on-site inspections that the applicant undertakes to perform with respect to these agents and branches, as well as a description of the outsourcing agreements and its participation in a national or international payment system;
(m) the identity of the persons directly or indirectly holding a qualifying holding within the meaning of Article 4 (1) (36) of Regulation (EU) No 575/2013 in the capital of the applicant, the size of their holding and the evidence of their quality, taking into account the need to ensure sound and prudent management of the payment institution;
(n) the identity of the officers and persons responsible for the management of the payment institution and, where appropriate, the persons responsible for managing the payment service activities of the payment institution, and proof thereof they are of good repute and possess the skills and experience required for the provision of payment services as determined by the home Member State of the payment institution;
(o) where applicable, the identity of the statutory auditors and audit firms, as defined in Directive 2006/43 / EC of the European Parliament and of the Council (3);
(p) the legal status and status of the applicant;
(q) the address of the applicant’s central administration. “
Needless to say, most telecom operators involved in the PRS value chain are one hundred leagues away from controlling a regulation of such complexity.
What does this change mean for each intermediary on an on-going basis?
Second revolution for the intermediaries concerned: this is not a matter of setting up a complex application form to be compliant, but of living from day to day respecting new and complex processes. These processes include the control of the composition of the shareholding, the recurring equity requirements, the measures for the protection of funds subject to payments, the way to intervene in the market of another member state of the EU than the one in which the payment institution holds its license (passporting), the way in which the payment institution makes payment services accessible to all (non-discrimination), the prohibition to deal with an unauthorized intermediary, the information to be given to the payer and payee on the status of each payment in progress or past, the control of amounts transferred and amounts received, compliance with value dates, management of operational and security risks, incident management and the obligations to report on it.
What are the opportunities and risks of this process?
Rigor, professionalization, better assurance that the recipient of the funds will receive them well and in due time: these are the main opportunities for such a reform, applied to PRS. But exactly what are the PRSs suffering from? The major problem in this industry is not that premium rate service providers are not paid when the service is fulfilled, but that the consumer is fooled by misleading advertising, misleading or aggressive marketing practices, as stated in the Consumer Code. One can therefore legitimately wonder how an arsenal of measures taken to protect the payee will improve the payer’s fate.