On 4 October 2018, the Court of Justice of the European Union (CJEU) ruled that a bank account which does not allow the account holder to make payments to third parties, or to receive payments from third parties, does not qualify as a "payment account". This has important implications for the "Open Banking" regime under PSD2.
In Case C-191/17, the CJEU concluded that online savings accounts should not be considered as "payment accounts" under EU law if the only access which they provide to the funds within them is through a separate current account. The key factor in determining whether an account is a payment account is "the ability to perform daily payment transactions from such an account". The case concerned holders of online savings accounts offered by ING-DiBa who could not make payments to third parties directly from those accounts but could move those monies into a current account (either with ING-DiBa or another bank) from which third party payments could then be made. The CJEU determined that the ability to make such payments through an intermediate account was not sufficient to make the accounts into 'payment accounts' for the purposes of either the Payment Account Directive (PAD) or the first Payment Services Directives (PSD1). Although the case was decided on the basis of PSD1, it will also apply to PSD2 since the definition of "payment account" is the same in both directives.
It is worth stressing that the decision certainly does not establish any kind of principle that savings accounts cannot be payment accounts. On the contrary, it is clear that the determining factor is whether payment transactions can be performed directly using the account, not its description or other features. So a savings account can certainly be a payment account if it can be used directly for daily payment transactions. But it is now clear that this direct use test will not be met just because transfers from the savings account can be used to fund an intermediate account from which payments can then be made.
This judgment does not come as a surprise as it follows the opinion of Advocate General Tanchev on 19 June 2018.
However, it has significant implications for Third Party Providers (TPPs) under PSD2. In particular, given that a large number of EEA savings accounts will not qualify as payment accounts in accordance with the judgement, TPPs will not have a right of access to them and the scope of "open banking" as envisaged under PSD2 will therefore be notably reduced.
That does not, of course, mean that many TPPs will not continue to gain access to the relevant savings account. In particularly, they are likely to continue to use the more controversial pre-PSD2 methods of "screen scraping" or, less commonly, "reverse engineering". It is clear that the existence of a dual regime of regulated access through Application Programming Interfaces (APIs or "dedicated interfaces") for payment accounts operating alongside screen scraping (or reverse engineering) for non-payment accounts is less than ideal.
Another possibility might be for bank customers to invoke their right under the General Data Protection Regime (GDPR) to data portability (Article 20 GDPR). In principle this would enable a customer to require its bank or other account servicing payment service provider (ASPSP) to transfer non-payment account data to its chosen TPPs (e.g. one or more account information service providers). However this would be likely to pose significant technical and practical problems for ASPSPs.
Instead, we may see some ASPSPs being prepared to grant TPPs access even to non-payment accounts through the API access route, either for free (on the basis that, if the alternative they have to live with is screen scraping, it is better and safer to offer a more secure channel) or for a fee (sometimes referred to as "Premium APIs").
If ASPSPs refuse to grant access to non-payment accounts via secure channels, it is possible that some legislators will propose amendments to their national legislation which will require them to do this. As stated in one of our previous client alerts France was considering such an initiative, but ultimately the French parliament rejected the idea on the basis that it would create an uneven playing field within the EU. Although the French government promised to bring the idea forward as a recommendation to the EU, it seems unlikely that the EU will have much appetite for implementing further changes while PSD2 is still in the course of implementation.
The judgment of the CJEU is available here.
If you have any questions, please do not hesitate to get in touch with any member of the Bird & Bird international payments team – see below.