Payment services and the internal market: the new legal framework



The Euro and Payment Services

The introduction of the euro on 1 January 1999 was intended to bring a number of benefits both to businesses and consumers. In particular, cross-border transactions within the eurozone would be free of exchange risk. Foreign exchange costs and the expense involved in hedging exchange rate exposures would thereby be eliminated.

The European Commission thus anticipated the creation of a single market in payment services, which would both facilitate the movement of funds and, at the same time, lead to a reduction in transfer costs as a result of competitive pressures. Once the single currency had come into being, the integration of non-cash payment systems across Europe would be a logical sequel. Viewed in the light of broader Community objectives, low-cost and efficient cross-border payment systems would encourage intra-Community trade in goods and services.

In practice, and despite a number of legislative initiatives on the part of the European Commission and the European Central Bank, the desired single market in payments has not materialised. This may in part be attributed to the fact that payment systems in each Member State are organised according to national rules and practices, and the necessary degree of harmonisation has therefore been absent. The lack of direct competition between systems also results in significant disparities in costs borne by consumers across different Member States.

The New Legal Framework

Considerations of this kind led the European Commission to publish a Proposal for a Directive on Payment Services in the Internal Market (generally referred to as the "New Legal Framework"). The Proposal seeks to create the legislative framework required for a Single European Payments Area (SEPA). SEPA involves a number of objectives, including (i) the dismantling of any distinctions between cross-border and purely domestic payments within the euro area, (ii) the ability to make cashless payments from a single account across the entire euro area and (iii) the harmonisation of the legal framework for payments and industry practices. In general terms, however, it does not apply to payments in cash or paper-based media such as cheques.

The European Payments Council ("EPC", the banking industry body responsible for the creation of SEPA) has committed itself to the availability of SEPA payment products - credit transfers, direct debits and credit cards - by 2008. The activities of the EPC - including its related work on SEPA Credit Transfer and Direct Debit Schemes - serve to demonstrate that the creation of SEPA is essentially the responsibility of the financial markets. Nevertheless, the EPC itself has emphasised that the timely creation of the required legal framework is a key factor in the completion of SEPA.

Against this background, this Briefing outlines the core provisions of the Proposal and its implications for those involved in the provision or use of payment services.

Structure of the Proposal

The Proposal rests on three essential "pillars", as follows:

a) The Depth of the Market. The Proposal seeks to provide a level-playing field for the various types of institution involved in the payments market. This process is designed to stimulate the entry of new participants and to reap the benefits derived from greater competition and reduced costs.

b) Transparency. The Proposal also seeks to enhance consumer choice and protection by requiring transparency of costs and charges.

c) Legal Certainty and the Liability Regime. Uniform and clear rules setting out the respective rights and obligations of users and providers will stimulate the use of cross-border payment systems. This "pillar" includes rules relating to the liability of the respective parties and procedures for the resolution of disputes.

Each of these core elements of the Proposal are considered below.

Depth of the Market

Payment Institutions

The Proposal notes that authorised credit institutions, electronic money institutions and post offices already provide payment services.

The Proposal would also require Member States to authorise an entirely new category of entity - to be known as a "payment institution". The authorisation is to be granted against submission of a business plan and details of the controllers of the business.

An authorised payment institution can provide payment services and various other ancillary services (including foreign exchange and access to payment systems for clearing and settlement purposes). It would not, of course, be able to accept deposits or engage in other forms of regulated activity.


Payment institutions will not be subjected to any specific minimum capital requirements but will be obliged to segregate funds received from a user of its payment services. The latter rule is obviously intended for the protection of users but the details will have to be worked out at a national level. There remains a question mark over the creation of this new category of institution in the manner contemplated by the Proposal. Some market participants find it curious that payment institutions can become involved in a systemically important financial sector without any capital or similar prudential requirements. The new entrants to the market may enjoy a competitive advantage as a result.


Once authorised, a payment institution can be "passported" into other Member States, subject to various notification formalities. The system is thus very similar to that which applies to banks and investment firms under the Banking Consolidation Directive and the Investment Services Directive. A payment institution is subject to authorisation in its "home" Member State; it requires no further authorisation in other "host" Member States in which it establishes branches or provides services.


Although the Proposal is in part designed to support the creation of a single payments area for the euro, the Proposal applies to transactions in any currency. This may help to ensure that the Community can develop a genuine single market in payment services, although this factor clearly adds to the technical burdens involved in the initial creation of SEPA - especially where thinly-traded currencies are involved.


The Structure

Transparency rules are designed to ensure that the cost and other terms of the transaction are made clear to the user of the service, thus enabling him to choose between competing providers.

For these purposes, Proposal differentiates between (i) "one-off" transactions and (ii) transactions executed pursuant to a framework contract (that is, a contract which commits the payment service provider to execute successive future transactions).

In each case, however, the transparency rules do not apply to transactions in excess of e50,000 on the basis that payments above that level are often processed separately and through different networks.

"One-off" Transactions

The Proposal would create certain transparency requirements for "one-off" payment transactions.

Payment service providers - including banks, electronic money institutions, post offices and authorised payment institutions - will be required to provide to users a set of service conditions. These must include (among other things): (i) a description of the rights and liabilities of the parties (including execution time and liability for execution of the payment transaction); (ii) details of the charges payable by the user; and (iii) the rate of exchange, where applicable.

After accepting the order, the provider must send to the user a transaction reference and a statement of fees and charges. Essentially similar details must be provided to the payee after the transaction has been effected.

Framework Contracts

Where the contract between the payment service provider and the user contemplates the execution of future and successive contracts, the provider must supply written terms and conditions in plain language. The terms and conditions must include: (i) description of the obligations of the respective parties, including the procedures for transactions and the maximum execution time; (ii) technical requirements with respect to the user's communication equipment; (iii) any applicable ceilings for payment transactions; and (iv) a description of applicable exchange rates and interest and other charges.

The burden of these requirements is reduced where no single payment can exceed €50, but the payment service provider must still issue a contract which briefly describes the service, the manner of use and the applicable charges.

Upon completion of a transfer pursuant to a framework agreement, the payment service provider must give written details of the transaction to both payer and payee. The information to be provided in this case corresponds to the confirmations to be sent in the case of a "one-off" transaction (above). The parties can, however, agree that the required information is to be provided at specified intervals, rather than on a "per transaction" basis.

In order to encourage competition by means of customer mobility, framework contracts must be subject to a maximum termination period of one month, and termination fees are restricted.

Legal Certainty and the Liability Regime

Rights and Obligations of the Parties

Title IV of the Proposal sets out the (harmonised) rights and obligations of parties to a payment transaction. Once again, these rules do not apply to transactions in excess of €50,000, which are considered to be subject to separate processing arrangements.

The key provisions for the payment service provider are as follows:

a) a payment service provider may only execute a transaction with the explicit approval of the user. Consent may be communicated through the use of a debit card or by means of a direct debit delivered through the payee; and

b) a framework contract may permit the payment service provider to block transactions if the spending pattern creates a suspicion of fraudulent use, although any such block may only be effected if the provider has attempted to contact the holder in an effort to verify its suspicions;

c) the payment service provider must ensure that the security features applicable to a card are accessible to no-one other than the holder;

d) the provider must not send unsolicited cards unless this is to cater for expiry or changes in security features;

e) the provider must ensure that communication facilities are at all times available to enable the holder to notify the provider of any loss or unauthorised use. The provider must also provide evidence to enable the user to prove that he has made such notification (eg through a call reference or acknowledgement sent by mail).

The main obligations to be imposed on the user are:

a) to use the card in accordance with the terms of issue; and

b) to notify the provider of any loss, theft, misappropriation or unauthorised use of the card promptly upon becoming aware of it.

Disputed Transactions

Inevitably, disputed transactions are a major cause of concern for payment service providers. The Proposal sets out a legal framework for the resolution of such disputes.

Once a user has denied that he authorised a particular payment transaction, then the burden is on the provider to show that the transaction was authenticated, accurately recorded, entered in the accounts and not affected by a technical breakdown or other deficiency.

Whilst the Proposal does not explicitly so provide, it appears that a payment is to be treated as unauthorised if the provider is unable to meet this minimum evidential threshold. The point could potentially cause difficulty in the event of systems failure or malfunction.

If, however, the payment service provider can supply this evidence, then the burden of proof shifts back to the user. He must provide factual information which demonstrates that he could not have authorised the payment transaction and that he did not act fraudulently or with gross negligence in failing to notify the provider of theft or misuse. If the user can provide factual evidence of this kind, then this creates a presumption that the transaction was unauthorised. In practice, it will be difficult for the provider to rebut this presumption, because the mere fact that the use of the card was recorded on the provider's system will not of itself be sufficient evidence for that purpose.

Unauthorised Transactions and the Liability Regime

In the event of an unauthorised transaction, the payment service provider must be required forthwith to make a full refund to the user or to re-credit his account (as the case may be). The right to any further compensation will be determined by reference to the law governing the contract concerned but, so far as English law is concerned, this will usually be limited to the refund of any interest or other charges and expenses incurred as a result of the unauthorised debit. In the context of an ordinary retail transaction, it is difficult to see what further losses the user might incur.

The Proposal also sets out the basis on which the user may be required to bear some of the losses himself. The net effect of the provisions is as follows:

a) if the user can demonstrate that payments were unauthorised in accordance with the rules outlined under "Disputed Transactions" (above) then the user bears any loss incurred before notification to the payment service provider, subject to a maximum of €150;

b) the user is not liable for any losses flowing from unauthorised use after he has notified the provider of the loss or theft;

c) the user is, however, liable for all losses resulting from his own fraud or gross negligence in failing to notify the provider of the theft or loss of the card;

d) if the provider has not arranged adequate means for the notification of loss at any time, then the provider must bear all losses unless it can show that the user acted fraudulently.

Member States can further reduce the limit of €150 if they wish, but this will only apply to providers which are authorised in that Member State.

Exceptions to Liability Regime

There are two exceptions to the liability and loss sharing regime which has just been described.

First of all, in broad terms, the liability regime described above does not apply to a business enterprise which employs 10 or more people and has a turnover and/or balance sheet exceeding €2,000,000. The element of consumer protection implied in the loss allocation arrangements thus applies only to individuals and small businesses.

The necessary inference is that service providers may agree different liability arrangements for larger, corporate customers, and that such customers may take their own precautions to guard against the risk of fraud.

Secondly, the payment service user will generally be liable for all losses flowing from the theft or misappropriation of e-money, since this is effectively equivalent to losing cash. The provider will only be liable in the unlikely event that it is possible to freeze further transactions.

The Liability Regime - Issues for Service Providers

It must be said that the relatively low levels of liability imposed upon the user, coupled with the burdens of proof placed on the service provider, may render it relatively easy for the unscrupulous user to deny responsibility for the transaction and thus to shift its costs onto the service provider. It may be anticipated that these particular provisions will be the subject of further discussion.

Execution and Fees

The Proposal sets out detailed rules applicable to the execution of payment transactions, the incidence of fees and other matters. These rules apply to any payment service provider established in a Member State and they must be applied even though the payee and his service provider are located outside the Community.

Very briefly:

a) if the service provider refuses to honour the instruction, it must promptly provide details of the reasons for refusal to the payer;

b) a payment order becomes irrevocable once accepted by the service provider. If the order is to be executed on a future date, then the provider's terms and conditions may stipulate a date on which it becomes irrevocable (which must be within the three business days prior to the intended payment date);

c) payment service providers must supply bona fide estimates of charges and deductions in certain cases.

Intra-Community Payments

Where the paying and the receiving service providers are both located in the Community and the amount of the transaction exceeds €50:

a) in the case of both credit transfers and direct debits, the payer's service provider must ensure that the payee's account is credited by close of business on the working day following acceptance of the payment instructions;

b) in the case of a credit transfer, a period of three working days may be agreed for transactions occurring before 1 January 2010, and different periods may be agreed for transactions involving a currency conversion;

c) Member States may prescribe shorter payment times for purely domestic transactions;

d) funds transferred to an account of a payee must be available for withdrawal as soon as they have been credited to that account;

e) once it has accepted the instruction, the payment service provider is strictly responsible for its non-execution or defective execution. However, the payment service provider is exempted from liability if non-payment is due to (i) the provision of an incorrect unique identifier or (ii) force majeure or the application of money laundering or similar legislation;

f) the level of damages payable by the service provider would depend on the losses suffered by the user, but will include any charges or interest costs incurred by him.


The Proposal requires the service provider to refund any amount drawn under a direct debit if the payer was acting in good faith and the drawing was excessive. The essential terms of this provision are similar to existing direct debit schemes but the Proposal envisages a refund period limited to four weeks.


It seems to be universally agreed that the SEPA project must rest on a sound legal framework, and the Proposal has thus been welcomed to that extent. Nevertheless, a number of criticisms have been levelled at the Proposal in its current form. In particular:

a) the creation of an entirely new type of institution entitled to enter the payments market is doubtful both in terms of prudential supervision and fair competition; and

b) the desire to enhance levels of consumer protection has resulted in disputes procedures and a liability regime which may be seen as very onerous from the perspective of the service provider.

Bird & Bird will issue further Briefings on this subject in order to keep clients up to date with developments.