On 22 July 2009, the Czech Parliament implemented the new EU Payment Services Directive (2007/64/EC). The new Payment Act limits the liability of consumers who are victims of unauthorised payments and increases the burden on payment institutions who will now have to pay more attention to their IT security and anti-fraud systems.
In addition to banks, financial institutions and entrepreneurs with a foreign currency licence, the new Payment Act introduces two new categories of payment service providers, which have not been regulated so far, and will impose new requirements on both the payment institutions and entrepreneurs that handle payments of a limited scope.
The first new category includes institutions authorised to provide payment services based on a permission issued by the Czech National Bank and recognised in other EU Member States. A payment institution will only be allowed to carry out the payment services listed in its permission notice and must first meet a number of requirements, such as a minimum amount of starting capital and specified levels of business, technical and legal readiness.
The second new category includes entrepreneurs which do not qualify as payment institutions. These entrepreneurs must register with the Czech National Bank and can only provide payment services of limited scope. They will be subject to a lesser level of regulation and scrutiny but will not be authorised to provide services outside of their home state.
The required amount of the starting capital depends on the type of service applied for in the permission and must be maintained to cover the associated risks (capital adequacy). The payment institution must also introduce and maintain a control and supervision system in order to provide secure services and comply with anti-money laundering regulations.
The Payment Act defines many new terms including a payment service and electronic money. It unifies standards of payments and user protection and affords consumers (as well as small businesses) more comprehensive protection.
The Act sets out new obligations to provide information before and during a contract on payment services, authorisation of payment transactions, manner and deadlines for carrying out payment transactions and the liability of the payment service provider. The deadlines for transactions have been shortened so that a payment within one institution must be completed in a single day. The liability of the consumer or small business in most cases will be limited to EUR 150.
The new Payment Act has been effective since 1 November 2009 and replaces the previous Payment Act 124/2002 Coll. (which implemented EU Directives 97/5, 98/26, 2000/46 and 2006/48).
Under the new Payment Act, payment institutions may potentially face more liability as they could end up compensating more payment service users than under the old Payment Act and, for this reason, should pay more attention to the security and anti-fraud elements of their IT systems.