PSD2: Public consultation on Bank of Italy’s regulation on sanctions and administrative penalty procedure

On 22 February, the Bank of Italy launched a public consultation for a number of proposed amendments to the "Regulation on sanctions and administrative penalty procedure" set out in the Regulation of 18 December 2012 (“Regulation” - see here).

The proposed amendments, implement article 32, paragraph 1-ter, of the Legislative Decree No. 11 of 27 January 2010 ("Legislative Decree 11/2010"), as amended by the Legislative Decree No. 218 of 15 December 2017, which transposed Payment Services Directive 2 – “PSD2” (Directive 2015/2366/EU) into Italian law.

The aforementioned provision empowers the Bank of Italy, inter alia, to define, by means of a general provision and "taking into account the impact of the conduct on the overall business organisation and risk profiles", the criteria for the relevance of breaches committed in relation to the rights and obligations of the parties in the provision of payment services which, if proven, could lead to the application of a fine ranging from; EUR 30,000 to EUR 5 million, or up to 10% of the turnover -when this amount exceeds EUR 5 million and the turnover is available and determinable.

This consultation is open for comments until 24 March and all interested stakeholders are invited to participate by sending feedback:

  • if you have certified electronic email (PEC), in electronic form at [email protected]; or
  • in paper form, to Servizio Rapporti Istituzionali di Vigilanza, Divisione Analisi delle Irregolarità, via Nazionale 187, 00184, Rome. In this case, an electronic copy must be sent at the same time to the e-mail address [email protected].

Due to the significant amendments in the consultation process, we recommend that all intermediaries conduct an in-depth analysis of this document in order to submit any comments and/or assess the need for changes or refinements to their organisational structure in the area of transparency rules.

The new Regulation in brief

Insofar as it is of interest, the amendments submitted for consultation aim to:

  1. extending to breaches of the rights and obligations of the parties, the criteria of relevance currently provided for by the same Regulation with regard to breaches relating to the transparency of contractual terms and conditions and the fairness of relations with customers (referred to in article 144(8) of the Legislative Decree no. 385 of 1 September 1993, the “Italian Banking Act”);
  2. define specific materiality criteria for breaches of the obligations concerning “strong' customer authentication” (SCA), as referred to in article 10-bis of the Legislative Decree 11/2010, and common and secure open communication standards.

With particular regard to action sub (i) relating to the rights and obligations of the parties, the solution proposed by the Authority provides that regulatory power in relation to sanctions for breaches of transparency rules and the rights and obligations of the parties may be exercised taking into account the criteria of materiality set out in Annex B of the "Regulation" under consultation.

In particular, pursuant to the provisions of the aforementioned Annex B, the relevance of the breaches, for the purposes of initiating the penalty procedure, may be inferred:

a) their ability to give rise to significant legal or reputational risks;

b) their widespread or systematic nature in relation to the geographical distribution or operations of the intermediary or payment service provider;

c) failure to comply with warnings or instructions from the Supervisory Authority;

d) the inadequacy of the organisational and control measures adopted by the intermediary to ensure compliance with the regulations on the transparency of banking and financial transactions and services and the correctness of customer relations, and the rights and obligations of the parties in the provision of payment services.

In regard, to the matter of strong customer authentication (SCA) and security measures, as set out in article 10-bis of the Legislative Decree no. 11/20110, as well as common and secure open communication standards, some of the materiality criteria mentioned in point i) above are partly extended to the related infringements, and a further criterion is introduced whereby the materiality of the infringements may be inferred "from the suitability of the conduct to affect market efficiency, competitive equality or the security of the payment system" (see Annex C of the "Regulation" under consultation).

In our opinion, further and significant intervention is aimed at clarifying that, in specific regard to the provision of payment services, the enforcement power of the Bank of Italy may also be exercised with regard to EU payment service providers operating under the regime of freedom of establishment in Italy, this is; – subject to any further clarification that may be provided during such consultation – as payment service providers operating in Italy through branches and agents, whereby the engagement of an agent is considered an establishment of the appointing entity.

If you would like to receive our regular Payments alerts in your inbox, click here.

If you would like to read Bird & Bird’s previous alerts, please check out our Payments webpage here.

Latest insights

More Insights
Egg Timer

One step closer to the final approval of the eIDAS regulation reform

Mar 01 2024

Read More

Women in Tech powered by Bird & Bird: At the forefront of innovation - Key takeaways from Nima Tisdall, Nordic Makers

Mar 01 2024

Read More
surveillance cameras

Low-value data breach claims: death by 1000 cuts

Mar 01 2024

Read More