Payment processing: the new Dutch supervisory framework

07 May 2014

Adam Pasaribu

As of 1 January 2014, a supervisory framework was incorporated in to the existing Dutch Financial Supervision Act (Wet op het financieel toezicht; the ‘DFSA’) pursuant to which the activities of payment processors are regulated in the Netherlands. Payment processors will have to comply with provisions, which apply to (a) all financial undertakings falling within the scope of the DFSA and (b) to provisions that apply to payment processors only. Adam Pasaribu, Advocaat at Bird & Bird LLP, provides an outline of the supervisory framework.

In September 2009, former Minister of Finance Mr Wouter Bos introduced a proposal for an act on processing services in the Dutch Parliament. His proposal aimed to regulate both payment transactions as well as transactions in markets for financial instruments. Regulation of these services was deemed necessary considering their core function in Society. Disruption of such services could result in a situation wherein (cashless) payments can't be made.

However, on 20 October 2009, the European Commission (EC) announced its intention to start the process of drafting legislation with the aim of ensuring an efficient, safe and sound derivatives market. The intention of the EC (eventually) resulted in the adoption of the European Market Infrastructure Regulation (the ‘EMIR’). The EMIR regulates, in short, transactions in financial instruments. As a result of the announcement from the EC, the proposal for an act on processing services was put on hold by the Dutch Parliament. As the EMIR became effective in summer 2012, it was decided by the Ministry of Finance that the proposal for an act on processing services could not be adopted unaltered. In the spring of 2013, a new proposal was introduced in the Dutch Parliament by the Minister of Finance, Mr Jeroen Dijselbloem. The said proposal has led to the current framework, which only applies to the processing of payment transactions.

Payment processing services

Payment processors (afwikkelondernemingen) within the meaning of the DFSA are persons who provide payment processing services (afwikkeldiensten). These services include (i) the forwarding of requests for approval of payment instructions, (ii) the approval of such requests or (iii) netting (salderen). Netting involves the determination of monetary claims or obligations of payment service providers in keeping with the payment instructions of payment service users. With respect to the latter, note that the main Dutch regulator, the Dutch Central Bank (De Nederlandsche Bank; ‘DNB’), uses the term 'settlement agent' on its website to refer to payment processors - slightly confusing as chronologically settlement follows netting. The new framework regulates the provision of netting services, but does not regulate settlement services.

Licence required?

A payment processor requires a licence from the DNB to offer payment processing services in or to the Netherlands, provided a certain threshold is exceeded. Currently, the threshold is set at 120 million transactions processed in 2013 but it can be adjusted by the Ministry of Finance annually. To put this number into perspective, in 2011 around 2.2 billion transactions took place with debit and credit cards in the Netherlands; the threshold is thus set at around 5% of transactions.

A licence  is, however, not required if the payment processor has a seat in a so-called 'designated state' (aangewezen staat). A state can be designated as such if it has oversight in place which sufficiently safeguards the interests that the DFSA is intended to protect. At the moment, no state, not even countries where payment processors already fall under oversight arrangements on the basis of the European Central Bank and/or the Eurosystem, has been designated as such.

A licence will be granted by the DNB when certain conditions are met. Inter alia, a payment processor will have to demonstrate that it complies with ongoing supervisory requirements (please see below). To my knowledge, four parties have currently been approached by the DNB to seek a licence on the basis of the DFSA.

On the basis of transitory provisions, however, some of the parties involved will be granted a temporary licence and will have limited time to demonstrate that they comply with the relevant provisions of the DFSA.

Registration and notification

Regardless of whether or not a licence is required, all payment processors will have to register themselves with the DNB. Furthermore, prior to 1 March of each year, payment processors will have to notify the DNB of the number of cashless payment transactions processed in or to the Netherlands, and they will have to indicate which payment processing services are provided.

Consequently, payment processors will always have to register themselves and keep the DNB informed with respect to the number of transactions processed, but not all payment processors are required to obtain a licence from the DNB. Failure to register in a timely fashion can lead to administrative fines being imposed by the DNB.

Ongoing supervisory requirements

A payment processor must also meet ongoing supervisory requirements. As mentioned, the new regulatory framework is embodied in the DFSA, which means that a payment processor not only has to comply with provisions which apply to all financial undertakings but also with specific provisions tailored to payment processors in general.

Examples of provisions which apply to all financial undertakings within the meaning of the DFSA are as follows. Financial undertakings are required to pursue their business in a sound and controlled manner. This requires that financial undertakings have policies in place which, amongst others, prevent conflicts of interests, noncompliance with legislation and/or other acts that are undesirable from a social point of view. If a financial undertaking outsources activities, the undertaking will have to ensure that it does so in a sound and controlled manner. Besides having policies in place, financial undertakings are required to have the members of their management board and/or supervisory board tested on integrity and expertise.

Specific provisions in the DFSA tailored to payment processors in general include the requirement that a payment processor ensure that it has objective, risk-based, and publicly disclosed criteria for participation in place, which permit fair and open access. Moreover, a payment processor should be efficient and effective in meeting the requirements of its participants and the markets it serves. A payment processor should also use, or as a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing and recording. Furthermore, a payment processor should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the payment process. All relevant rules and key procedures should be publicly disclosed.

Failure to comply with the ongoing supervisory requirements can lead to administrative fines or other supervisory measurements. Compliance with the ongoing supervisory requirements is monitored by DNB and/or the Netherlands Authority for the Financial Markets (Autoriteit Financiële Markten; the ‘AFM’). The involvement of the AFM is the outcome of the 'twin peaks'- approach chosen by the Dutch legislator for the supervisory framework that is in place in the Netherlands. This (functional) twin peaks approach means that the DNB is responsible for carrying out prudential supervision (i.e. to ensure the financial soundness of financial undertakings) and that the AFM is responsible for conduct-of-business supervision. The two Dutch regulators cooperate together; however, only one of the regulators is deemed to be the main regulator for certain types of financial undertakings (e.g. banks, investment firms, payment processors). In the case of payment processors, the DNB is considered to be the main regulator. As such, it is the DNB (and not the AFM) that can grant a licence to operate as a payment processor. As a consequence of the twin peaks approach, each payment processor will always have to deal with two Dutch regulators.

Status

Although the supervisory framework has been in place as of 1 January 2014, it is still a work-in-progress. The DNB is said to be issuing this month a regulation containing additional provisions which will apply specifically to payment processors. The regulation will contain provisions which are based on the Principles for Financial Market Infrastructures (PFMI), the set of principles which has been drawn up by the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO).

As the new supervisory framework for payment processors is embodied in the DFSA, payment processors will also have to keep track of changes to the DFSA. Any changes in the general framework might, after all, also have consequences for payment processors. In the past four years, the DFSA has undergone a change per 1 January of each year (and several changes in-between). A proposal for an act containing changes as per 1 January 2015 will most likely be introduced in the Dutch Parliament this spring.