What's in store for PSD3?
Review of the PSD2/R, what should be in it?
What is the perspective of corporate treasurers vis-à-vis the PSD3/R? The current review of the Directive aims to address changing payment users’ needs, leverage technological innovation, foster market integration and competition, and enhance consumer protection. Treasurers welcome all the objectives of the review of the Payment Services Directive (PSD2). However, treasurers want to highlight priorities of EU business end-users of payments. It is essential to identify potential issues directly impacting corporate treasury centers, when they conduct their operations.
Top priorities and key focuses
None of the points for attention or clarification listed seem to us to be exaggerated or unjustified. That's why we believe they are all reasonable and, above all, "achievable". We will describe them further before listing them below. We could list the following points: (1) harmonizing treatment of corporate payment and collection factories by EU corporate treasury centers (PSR, Art 2.2m); (2) enabling access of non-banks to central payment transfer systems thereby fostering an innovative payments ecosystem (PSD3, Art. 46); (3) extension of mandatory IBAN-name checks to all credit transfers (PSR, Art. 50); (4) improving legal clarity on authentication of corporate-initiated refund payments (PSR, Art. 89); and eventually enhancement of Strong Customer Authentication via a ‘Corporate Seal’ (PSR, Art. 89).
Harmonized treatment and interpretation of the definition of “payment factories”
The treasurers expressed the view that the interpretations made by the various NCA’s, or national supervisors were not consistent. This problem stems from a logical clarification that needs to be made to the text to better define what a "payment factory" is, and the fact that it should not be considered a financial institution. Treasurers have asked via EACT and their FRAG group to review the text and to regulate to avoid misinterpretations or divergences of interpretation. The current exemption for corporate payment factories has been subject to varying implementation across Europe. A clarification in the current review of the EU payment regulation could certainly help removing confusion and risks. In our opinion, a payment factory, i.e., a central payment factory is aimed at paying and collecting on behalf of affiliates (belonging to a same group – i.e., fully controlled under IFRS), whatever the types of payments outside or inside the group, external and intragroup payments. Today, in some countries the Supervisors interpret it as a financial institution, with all related obligations if it includes external payments. We all know that a payment factory makes sense if it pays and also collects the external payments to suppliers and from clients. These suggested changes would ensure that the EU’s treatment of payment factories is aligned with that of other jurisdictions, such as Switzerland, where centralized payment operations by these entities are fully exempted from PSP-authorization requirements. This would promote the competitiveness of the EU payments environment and avoid potential relocations of EU-based corporate payment factories to neighboring jurisdictions. Centralized payment management within a corporate group makes payment operation management more cost-efficient and reduces risk. Payment transactions between a parent undertaking and its subsidiary or between subsidiaries of the same parent undertaking which are provided by a payment service provider belonging to the same group and reception of funds and collection of payment instructions on behalf of a group by a parent company or a subsidiary should be excluded from the scope of this Regulation.
These suggestions are in the spirit of the Commission’s proposal but attempt to align the legal text to the realities of EU business practices.
Enable access of non-banks to central payment transfer systems
Treasurers strongly support the Commission proposal to allow non-bank PSPs to access central payment transfer systems by amending the Settlement Finality Directive (SFD). The current exclusive access of banks to payment transfer systems creates a competitive disadvantage for non-bank PSPs who are required to go through a bank PSP when settling transfers. This situation indirectly creates additional costs (by reducing competition – which is not the objective of EU) for corporates and consumers. The ‘Same Activity, Same Risk, Same Regulation’ principle, non-bank and bank PSPs should comply with the same regulatory requirements.
Extend mandatory IBAN-name check to all payment transfers
As corporate end-users of payments, treasurers welcome the Commission’s focus on tackling payment fraud, one of the most worrying topics for EU business today. I fully endorse the proposed extension of fraud prevention tools such as the IBAN-name check to all credit transfers. Treasurers call for these checks to be mandatory and free of charge to ensure maximum protection. For corporate end-users, a harmonized level of protection across standard and instant credit transfers offers a higher level of security against fraud and ‘social engineering’ cases. In the context of a tool like IBAN name-check, we recognize that there could be stronger ways to identify counterparties than their names (by the way, same arguments were discussed in the Instant Payment Regulation negotiations). Indeed, when it comes to a credit transfer between two legal entities, a unique entity identifier can be used as a complementary tool for the correct identification of the payee. Amongst the unique entity identifiers, EACT expressed its support exploring the inclusion of the global Legal Entity Identifier (LEI), a national tax identification number or local business registration number. The LEI can equally form an additional layer of protection in Corporate Seals. Since many corporates already use their LEI for other reporting or have such tax or business identification codes in their systems, an option to check the IBAN against a unique entity identifier (an entity’s LEI or the mentioned codes) has the potential to form a reliable, digital age-proof, and tested global solution.
Legal clarity on authentication of corporate-initiated refund payments
Treasurers firmly support the intention to ensure that authentication measures for corporate-initiated refund payments are sufficiently strong and effective. However, the PSD2 framework currently requires such refunds to be authenticated by corporates, which do not always have the tools to do so. Particularly, the context of refund payments, the responsibility for Strong Customer Authentication (SCA) falls upon the merchants’ PSPs, but these entities lack the protocols and interfaces to authenticate these transactions.
Enhance Strong Customer Authentication via a ‘Corporate Seal’
I also support measures contributing to better fraud prevention, AML/CFT, and sanctions compliance. This can be done through further enhancing SCA and facilitating the uptake of the Corporate Seal (issued by a recognized Trust Service Provider (TSP)) in conjunction with two-factor authentication (2FA). The Corporate Seal is both a contract concluded between the bank and the corporate as mutually trustworthy parties as well as a cryptographically high-level-secured-IT-connection between a corporate and a bank to perform payment instructions and for example receive bank statements in return. The implementation of a Corporate Seal obliges the corporate to comply with SCA and to check the identity and legitimation of the authorized signatory in the same way banks perform KYC onboarding checks.
The Corporate Seal greatly improves efficiency, trust, and international ability.
Final comments and recommendations
We therefore feel that the excellent work of EACT is once again to be commended. Indeed, the association has expressed its position and the essential points to be considered. Initial discussions with the Commission and MEP's show that the treasurers' demands are reasonable and logical. We can therefore remain optimistic and believe that the new PSD3 will correct and complete PSD2 to enable it to go further and continue its framing of the payments environment and to frame the ecosystem to enable it to be more competitive, more efficient and to reduce costs. Let's be confident: with the next Commission, we'll undoubtedly have a PSD version 3.0 that's even more elaborate and efficient.
François Masquelier, Chair of ATEL
This article was prepared by François Masquelier in his personal capacity. The opinions expressed are the author’s own and do not necessarily reflect the view of the European Association of Corporate Treasurers (EACT).