Payment Services Regulations and Electronic Money Regulations

This page gives an overview of the Electronic Money Regulations 2011 and the Payment Services Regulations 2017, which implement the Second Electronic Money Directive and the revised Payment Services Directive, respectively.

Find out more in Payment Services and Electronic Money – Our Approach.

Payment Services

What is a payment service?

Payment services are listed in Schedule 1 to the Payment Services Regulations 2017 (PSRs 2017). In summary they are:

  • services enabling cash to be paid into or withdrawn from a payment account and all of the operations required for operating a payment account
  • execution of payment transactions - such as direct debits, credit transfers and card payments
  • issuing of payment instruments (for example credit or debit cards)
  • acquiring payment transactions
  • money remittance
  • account information services
  • payment initiation services

Who do the PSRs 2017 affect?

The PSRs 2017 affect firms providing payment services and their customers. These firms include:

  • banks
  • building societies
  • e-money issuers
  • money remitters
  • non-bank credit card issuers
  • non-bank merchant acquirers
  • providers of account information services and payment initiation services

Consult our Perimeter Guidance to see if you fall within the scope of these regulations.

A UK business that provides payment services as a regular occupation or business activity in the UK needs to apply to us to become either an authorised payment institution, a small payment institution or a registered account information service provider unless it is already another type of payment service provider or exempt. 

Payment service providers must comply with conduct of business requirements set out in the PSRs 2017. They must also comply with relevant provisions of the FCA Handbook.

Electronic Money

Electronic money (e-money) is electronically (including magnetically) stored monetary value, represented by a claim on the issuer, which is issued on receipt of funds for the purpose of making payment transactions. It must be accepted as a means of payment by a person other than the electronic money issuer. Types of e-money include:

  • pre-paid cards
  • electronic pre-paid accounts for online use

Who do the EMRs affect?

The Electronic Money Regulations (EMRs) affect:

  • electronic money issuers
  • their customers

A UK business that intends to issue e-money in the UK  must be authorised or registered by us, unless it has permission to issue e-money under Part 4A of FSMA or is exempt.

E-money issuers must comply with certain conduct rules about issuing and redeeming e-money set out in the EMRs. They must also comply with relevant provisions of the FCA Handbook.

The Revised Payment Services Directive

The revised Payment Services Directive (PSD2) is the EU legislation which sets regulatory requirements for firms that provide payment services.   

The original Payment Services Directive (PSD) was introduced in 2007 and became UK law in 2009 through the Payment Services Regulations  (PSRs).

PSD2 aims to:

  • contribute to a more integrated and efficient European payments market
  • improve the level playing field for payment service providers
  • promote the development and use of innovative online and mobile payments
  • make payments safer and more secure
  • protect consumers
  • encourage lower prices for payments

PSD2 updates and replaces the authorisation and prudential requirements for payment institutions and the conduct of business requirements for providing payment services, and amends the second Electronic Money Directive. To find out how PSD2 affects your business, use the PSD2 Navigator.

Timeline

The implementation date for PSD2 is 13 January 2018. The job of implementing some of the provisions has been delegated to the European Banking Authority (EBA). These provisions include developing regulatory technical standards (RTS) and guidelines.  Some of these will not be effective until after January 2018, including the RTS on strong customer authentication and common and secure communication, which is expected to take effect from September 2019.

The Treasury consulted on implementing PSD2 through the Payment Services Regulations 2017 in February 2017. The Treasury published the final Payment Services Regulations 2017. We issued a joint communication with the Treasury on PSD2 and open banking following the publication of these regulations. 

We issued a consultation (CP17/11) to reflect the Treasury’s new regulations in April 2017. This included proposals for guidance in our revised Approach Document, which combines the existing Payment Services and E-Money Approach Documents. It also included proposed changes to our Handbook and notifications for businesses using exclusions from regulation.

We issued a further consultation (CP17/22) on authorisation forms and certain reporting forms under PSD2 in July 2017.

We issued a Policy Statement in September 2017 confirming the revised Approach Document and Handbook changes following consultation feedback.

European Banking Authority (EBA) Mandates

The EBA is responsible for developing Regulatory Technical Standards (RTS) and Guidelines under PSD2.  National Competent Authorities in EU Member States are required to notify the EBA of whether or not they intend to comply with EBA Guidelines. Visit the EBA’s website for more information.

Guideline

Overview

EBA Guidelines under Directive (EU) 2015/2366 (PSD2) on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers

The FCA is complying with these Guidelines.

These Guidelines specify the information that applicants for authorisation as a PI or an EMI or registration as a registered account information service provider will be required to submit.  Details on these requirements are set out in chapter 3 of our document Payment Services and Electronic Money - Our Approach.

 

Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2)

The FCA will comply with these Guidelines.

These Guidelines set out the criteria, thresholds and methodology to be used by payment service providers to determine whether or not an operational or security incident should be considered major and, therefore, be notified to the competent authority in the home Member State.

 

Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2)

The FCA is complying with these Guidelines. Please see the FCA’s statement on these Guidelines.

These Guidelines set out the requirements that PSPs should implement in order to mitigate operational and security risks derived from the provision of payment services.

 

Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4) of Directive (EU) 2015/2366 (PSD2)

The FCA is complying with these Guidelines.

These Guidelines specify criteria and indicators on how to stipulate the minimum monetary amount of the professional indemnity insurance (PII) or other comparable guarantee to be held by providers of account information services or payment initiation services.

 

Guidelines on procedures for complaints of alleged infringements of Directive (EU) 2015/2366

 

The FCA will comply with these Guidelines.

These Guidelines apply to complaints submitted to competent authorities with regard to payment service providers’ alleged infringements of PSD2. These complaints are to be taken into consideration by competent authorities (the FCA) to ensure and monitor effective compliance with PSD2.

 

Guidelines on fraud reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (PSD2)

 

We will update this page when the Guidelines are finalised.

These guidelines provide detail on statistical data on fraud related to different means of payment that payment services providers have to report to their competent authorities and the aggregated data that the competent authorities have to share with the EBA and ECB.

 

RTS and Implementing Technical Standards

Overview

RTS on cooperation between competent authorities in the home and host Member States in the supervision of payment institutions operating on a cross-border basis under Art. 29 (6) of PSD2

 

The RTS specify the framework for cooperation and the exchange of information between competent authorities of the home and host Member States. The RTS also clarify the type of information as well as the templates to be used by payment institutions when reporting to the competent authorities of the host Member States on the payment business activities carried out in their territories.

 

RTS on central contact points under Directive (EU) 2015/2366 (PSD2)

 

These RTS specify the criteria for determining when the appointment of a central contact point under the PSD2 is appropriate and the functions that these contact points should have.

 

RTS setting technical requirements on development, operation and maintenance of the electronic central register and on access to the information contained therein, under Article 15(4) of Directive (EU) 2015/2366 (PSD2)

 

The RTS set out requirements for manual and automated provision of information from competent authorities to the EBA and the timely synchronisation between the national public registers under the PSD2 and the EBA Register. They also specify the procedure for accessing the information in the EBA Register, which includes the functionality for downloading its content. This, in turn, allows market participants to automatically search and retrieve the information needed.

 

Implementing Technical Standards (ITS) on the details and structure of the information entered by competent authorities in their public registers and notified to the EBA under Article 15(5) of Directive (EU) 2015/2366 (PSD2)

 

 

The ITS specify the type of information that will be contained in the register from a pre-defined list of institutions that is provided by the PSD2 itself, including:

  • payment and electronic money institutions, their agents and foreign branches;
  • exempted payment and electronic money institutions and their agents;
  • account information service providers, their agents and foreign branches;
  • providers of services based on specific payment instrument that can be used only in a limited way; and
  • providers of electronic communication networks executing payment transactions or providing services in addition to electronic communications services.

 

RTS on Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366 (PSD2)

 

These RTS specify the requirements, under PSD2, of the strong customer authentication (SCA), the exemptions from the application of SCA, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials, and the requirements for common and secure open standards of communication (CSC).

On 27 November 2017 the European Commission published a draft Commission Delegated Regulation.