Payment Services Regulations 2017 and Electronic Money Regulations 2011

Find out more about the regulation of payment services and e-money, including who is affected by the rules.

Find out more in Payment Services and Electronic Money – Our Approach.

Payment services

What is a payment service?

Payment services are listed in Schedule 1 to the Payment Services Regulations 2017 (PSRs). In summary, they are:

  • services enabling cash to be paid into or withdrawn from a payment account and all of the operations required for operating a payment account
  • execution of payment transactions - such as direct debits, credit transfers and card payments
  • issuing of payment instruments (for example credit or debit cards)
  • acquiring payment transactions
  • money remittance
  • account information services
  • payment initiation services

Who do the PSRs affect?

The PSRs affect firms providing payment services and their customers. These firms include:

  • banks
  • building societies
  • e-money issuers
  • money remitters
  • non-bank credit card issuers
  • non-bank merchant acquirers
  • providers of account information services and payment initiation services

Consult our Perimeter Guidance to see if you fall within the scope of these regulations.

If you provide payment services as a regular occupation or business activity in the UK, you need to apply to us to become either:

  • an authorised payment institution
  • a small payment institution
  • a registered account information service provider

The exception to this is if you’re already another type of payment service provider (PSP), or if you’re exempt. 

PSPs must comply with conduct of business requirements set out in the PSRs. You must also comply with relevant provisions in our Handbook.

Electronic money

Electronic money (e-money) is electronically (including magnetically) stored monetary value, represented by a claim on the issuer, which is issued on receipt of funds for making payment transactions. 

It must be accepted as a means of payment by a person other than the electronic money issuer. Types of e-money include:

  • pre-paid cards
  • electronic pre-paid accounts for online use

Who do the EMRs affect?

The Electronic Money Regulations (EMRs) affect:

  • electronic money issuers
  • their customers

If you intend to issue e-money in the UK, you must be authorised or registered by us, unless you have permission to issue e-money under Part 4A of FSMA, or you’re exempt.

E-money issuers must comply with certain conduct rules about issuing and redeeming e-money set out in the EMRs. You must also comply with relevant provisions in our Handbook.

Timeline

PSD2 was implemented in the UK on 13 January 2018. The job of implementing some of the provisions was delegated to the European Banking Authority (EBA). These provisions include developing regulatory technical standards (RTS) and guidelines. The RTS on strong customer authentication and common and secure communication became applicable on 14 September 2019.

The Treasury consulted on implementing PSD2 through the PSRs in February 2017.

The Treasury published the final Payment Services Regulations 2017. We issued a joint communication with the Treasury on PSD2 and open banking following the publication of these regulations. 

We issued a consultation (CP17/11) to reflect the Treasury’s new regulations in April 2017. This included proposals for guidance in our revised Approach Document, which combines the existing Payment Services and E-Money Approach Documents. It also included proposed changes to our Handbook and notifications for businesses using exclusions from regulation.

We issued a further consultation (CP17/22) on authorisation forms and certain reporting forms under PSD2 in July 2017.

We issued a Policy Statement in September 2017 confirming the revised Approach Document and Handbook changes following consultation feedback.

We issued a Handbook Notice in July 2018 confirming further Approach Document and Handbook changes following a Quarterly Consultation Paper in March 2018.

We issued a Policy Statement in December 2018, confirming further Approach Document and Handbook changes to incorporate new rules and guidance to implement regulatory technical standards for strong customer authentication and common and secure open standards of communication and related guidelines developed by the EBA under the revised PSD2. We consulted on these changes in CP18/25.

The PSRs and EMRs implemented the PSD2 and the second Electronic Money Directive (2EMD) in the UK. Following EU withdrawal, the PSRs and EMRs were amended by the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018 (the EPPRs). 

Following EU withdrawal, we made technical standards on strong customer authentication and common and secure methods of communication (SCA-RTS) to apply in the UK, together with changes to our Handbook. The EU regulatory technical standards on the same were revoked. 

EBA Guidelines

Following the UK’s exit from the EU, businesses should continue to apply the EBA Guidelines to the extent that they remain relevant. See our approach to EU non-legislative materials

Guideline

Overview

Guidelines under Directive (EU) 2015/2366 (PSD2) on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers.

These guidelines specify the information that applicants for authorisation as a payment institution (PI) or an e-money institution (EMI) or registration as a registered account information service provider will be required to submit. Details on these requirements are set out in Chapter 3 of Payment Services and Electronic Money - Our Approach.

 

Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2)

These guidelines set out the criteria, thresholds and methodology to be used by PSPs to determine whether or not an operational or security incident should be considered major and, therefore, be notified to us.

Details on these requirements are set out in Chapter 13 of Payment Services and Electronic Money - Our Approach

 

Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2)

These guidelines set out the requirements that PSPs should implement to mitigate operational and security risks derived from the provision of payment services.

Details on these requirements are set out in Chapter 18 of Payment Services and Electronic Money - Our Approach and REP018 in our Handbook.

Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4) of Directive (EU) 2015/2366 (PSD2)

These guidelines specify criteria and indicators on how to stipulate the minimum monetary amount of the professional indemnity insurance (PII) or other comparable guarantee to be held by providers of account information services or payment initiation services.

 

Guidelines on procedures for complaints of alleged infringements of Directive (EU) 2015/2366

These guidelines apply to complaints submitted to us with regard to PSPs' alleged infringements of the PSRs. These complaints are to be taken into consideration by competent authorities (the FCA) to ensure and monitor effective compliance with PSD2.

 

Guidelines on fraud reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (PSD2)

These guidelines provide detail on statistical data on fraud related to different means of payment that PSPs must report to their competent authorities and the aggregated data that the competent authorities have to share with us.

Details on these requirements are set out in Chapter 13 of Payment Services and Electronic Money - Our Approach and REP 017 in our Handbook.

Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 These guidelines provide detail on the conditions that must be met to benefit from an exemption from setting up a fall-back interface.