Proposed Perimeter Guidance changes under PSD2
Published on 7th Nov 2018
In amongst the FCA's CP18/25 on the SCA-RTS are a trio of small but important changes to the FCA's perimeter guidance (PERG) relating to AISPs and PISPs working with third parties, e-commerce platforms and closed loop gift cards. The FCA has taken the opportunity to make clear its views on these three areas of notoriously tricky perimeter issues. We look at these changes here. See our separate article on CP18/25 here.
Agents of AISPs and PISPs
In the absence of authorisation or registration, an agent of an AISP and PISP is not permitted to offer any additional or standalone account information or payment initiation services outside of its principal’s permitted activities. Further, the FCA recognises that in the provision of AIS, there may be more than one business involved in the collation and processing of the customers’ data. Consequently, it may not always be clear to the customer with whom he or she is contracting and, importantly, against which party a right of recourse arises if things go wrong.
The FCA is providing additional clarification in the form of a new Q25A in PERG Chapter 15.3 and a revised Q28 in PERG Chapter 15.5 setting out (i) what an agent is not permitted to do and (ii) in the context of AIS, in the absence of formal authorisation or registration, when an agent would be acting within the permitted parameters of the PSRs 2017.
Not only is this helpful for customers from a liability and transparency perspective, it also provides guidance to a number of businesses who may have inadvertently found themselves falling foul of PSRs by wrongly assuming that as agent, they were able to provide services on a standalone basis and perhaps not appreciating that their agency arrangements were limited to that of their principals.
AISPs and fraud reporting requirements
In a clear departure from the EBA’s view and whilst AISPs have not been subjected to the full fraud reporting requirements, the FCA will require AISPs to comply with a limited data set of fraud reporting. AISPs should therefore familiarise themselves with Table 2 in Annex 1 of CP18/25, which sets out the FCA’s requirements. AISPs will need to ensure that systems and process are in place in readiness for August 2019 (the first reporting date) pursuant to the EBA Fraud Reporting Guidelines.
New Q33A in PERG Chapter 15.5 poses the question: We are an e-commerce platform that collects payments from buyers of goods and services and then remits the funds to the merchants who sell goods and services through us – do the regulations apply to us? To this, the FCA now plans to add the following clarification: "An example of an e-commerce platform that is likely to need to be authorised or registered by the FCA is one that provides escrow services as a regular occupation of business activity. Escrow services generally involve a payment service consistent of the transfer of funds from a payer to a payee, with the platform holding the funds pending the payee's fulfilment of certain conditions or confirmation by the payer". It goes on to make clear that this is the FCA's view even if the escrow service is provided as part of a package with other services and that escrow service providers will not typically satisfy the commercial agent exemption (as they don't have authority to negotiate or conclude the relevant contract).
This clarification is helpful in providing greater certainty as to the regulatory position even if it does mean that some e-commerce platforms that thought they were out of scope may need to re-assess this.
Closed loop gift cards
Finally, the FCA provides welcome clarity for closed loop gift card providers who were unsure whether they fell under the limited network exemption of PSD2 or whether PSD2 applied at all. The FCA has now categorically confirmed that gift cards which may only be redeemed against goods and services from an issuing retailer were, “never deemed to amount to payment instruments under PSD2 on the basis that such basic gift cards (where the issuing retailer is the only beneficiary), do not (i) initiate payment orders and (ii) payment for the goods and services is made by the customer to the retailer in advance, when the card is purchased from the retailer”. So as to avoid any further confusion, the FCA further proposes dropping the use of the expression “closed loop”. The updated Q40 in PERG Chapter 15 reflects the FCA’s updated view.
Osborne Clarke comment
It is anticipated that the FCA will issue final guidance and rules on CP18/25 before the end of the year. Those that could be affected by these proposals should take steps now to ensure they remain compliant with PSD2 as the changes roll in.