The EBA draft Regulatory Technical Standards (“RTS”) document provides for a more consistent approach to passporting across the EEA and is welcome.
The scope of the RTS is set out at paragraph 28(5) of the second Payment Services Directive 2015/2366 (“PSD2”). It sets the scope as that of developing or specifying:
1. The framework for cooperation, and
2. For the exchange of information between home and host competent authorities (“CAs”) in accordance with article 25.
The RTS is further required to develop or specify the method, means and details of cooperation in the notification; and in particular the scope and treatment of information to be submitted – including common terminology and standard templates to ensure a consistent and efficient process.
The scope excludes the question of whether a passporting activity undertaken by a payment institution amounts to a services passport when conducted in a host member state or whether the nature of the activity gives rise to an establishment, and therefore amounts to passporting under right of establishment provisions.
The RTS will therefore need to avoid incorporating interpretations of establishment into the notification processes, or into template pro forma. This is particularly the case in relation to the distribution of e-money, where some member states regard the selling of prepaid cards as giving rise to establishment, whilst others do not. It would be an oversimplification of the test of establishment set out in the Treaty of the European Union to provide for only a single outcome.
This is for example suggested in the language used at paragraph 8 of section 2.2 of the document, where distributors are described as being ‘established’, where they could also be distributing e-money under a freedom to offer services passport.
The scope of information shared and the scope of cooperation relates directly to the relative competence of the home and host regulators. In the absence of an establishment for example, a host regulator will not be concerned with prudential supervisory matters, but may have regard to conduct of business related issues. The scope of information sharing with regard to the outsourcing of services for example would be expected to be calibrated to the role of the host supervisor in each case. This is addressed in our comments on the Annexes to the document below.
Comments in relation to the consultation document:
Impact on existing services: brief reference is made at section 2.1 to existing payment institutions, and the obligation to notify the competent authority of changes to information submitted regarding passported services. This raises the question regarding the status of existing providers currently offering passported services within the EU, where information submitted under current protocols differs from that set out under the RTS. We would like to seek comfort that existing passported services can continue without renewed notification. Additional information can be of course be submitted when there is a change in circumstances, or where additional passporting notifications are made.
Comments in relation to the draft RTS:
Article 1 Definitions:
Distributor: it would be helpful to provide a definition of distributor. Possible wording could be:
“a natural or legal person selling and/or redeeming electronic money issued by an electronic money issuer under a commercial agreement. The activity of distribution does not give rise to a payment service”.
Passport notification: PSD2 provides for two types of passporting to be undertaken. These are based on the principle of mutual recognition set out in the Treaty of the European Union (“Treaty”). The first is freedom to offer services and the second is the right of establishment. We suggest that the process of passport notification be aligned with these two alternatives, with information requirements in relation to agents or distributors set out as appendices to these forms. This would recognise the fact that physical presence in the form of an agent or distributor does not always give rise to establishment, and would enable firms to choose the most appropriate means of passporting.
It would then also be possible to seek prudential supervisory information in the establishment notification irrespective of the nature of the physical presence, and to have a more concise format for the services passport notification.
Agent passport notification: as set out above, passport notification is better aligned with PSD2 and the Treaty. The form of physical presence can be accommodated within each set of notification templates, with the exception of branches which are by definition always establishments.
Sections 2-4 Branch, Agent and Services Passport Notification
We again suggest distinguishing services and establishment passport notifications, and providing, in an additional section or appendix, further information required for an agent or for a distributor where this relates to e-money institutions. Agent related data requests are better set out separately from those in relation to a distributor.
Templates: in summary therefore we propose:
1. Three forms:
(a) one for establishment notification,
(b) one for services notification, and
(c) a third for outsourcing notification (see Section 4 below)
2. Two appendices for each of the passporting forms, one for distributors and one for agents to completed.
Article 2(1)(a) on language states:
“(a) they shall be in writing in a language accepted by the competent authorities of the home Member State and in a language accepted by the competent authorities of the host Member State, or in any Union language accepted by both the competent authorities of the home and host Member States; “
The provision could give rise to a requirement to translate notifications into a large number of languages. It would be helpful if the notification should be accepted provided it is in an official language of the EU. This will reduce the complexity and the burden on passporting firms.
Article 2(1)(b) provides for communication by post:
It would be helpful if the default position was electronic communication, with post only available where this was not possible. It would increase the speed, the time available for regulators to consider applications, and in confirmations of actual receipt.
Our concern with the format is with the implied requirement to identify each distributor individually even if they are part of a group, franchise or other common network. This will give rise to disproportionate cost and effort for both issuers and CAs, particularly as these will change from time to time and notification of changes would be required.
Paragraph 10 of the Annex requires the identification number to conform with the member state numbering format in Annex I. This introduces a level of granularity that will give rise to disproportionate obligations in relation to the distribution of e-money.
The numbering conventions of most member states require the identification of each individual distributing entity. However, distribution agreements are often made with chains of stores. Sometimes these are part of a single group, but often they are franchisees or alliances.
Where distributors are subject to a common group or set of network obligations, it should suffice for the notification to be made at the group level. In other words, notification that members of a given group will be distributing the issuer’s products should suffice. Where individual contracts are made, or where distributors are not part of a network subject to common obligations, then individual notification would be appropriate.
Guidance to this effect would be helpful if the numbering convention set out at Annex I were to be followed. Otherwise an allowance for an issuer defined numbering system would also assist.
Otherwise, the notification burden would become onerous, and the requirement to keep the list up to date with day-to-day changes in group sales policy for example would give rise to disproportionate effort for both firms and CAs.
Flexibility in this regard would be helpful, as it would acknowledge the need, and provide for CAs to know the identity of distributors in their jurisdictions, whilst also managing the extent and frequency of information that is communicated.
Item 24 outsourced functions:
Article 28(1) PSD2 requires a firm to inform the home member state CA of the intention to outsource operational services to an entity in a host member state. There is then a requirement under Article 28(2) for the home member state CA to communicate this information to the host member state CA. There is however no additional elaboration on the information that needs to be communicated.
The scope of information communicated must also be consistent with the relative roles of home and host member state supervisors. If the outsourced services relate to the operation of the branch, then the information requested under paragraphs (c), (d) and (e) will be relevant to the host supervisor in its oversight of the branch.
If the outsourced services however relate to the operation of the payment institution itself, and not the branch, then such information is beyond the scope of the host member state as it relates to the prudential supervision of the payment institution. Compliance with internal controls of the payment institution would be the competence of the home MS CA. This is consistent with Article 19(6) of PSD2 which deals with notification obligations to the home member state CA, and then continues to elaborate the conditions for outsourcing.
Conversely, the obligation to communicate outsourcing of services to host member states is expressed concisely, and requires communication of the arrangement only, without elaborating further requirements. This is set out at Article 28(1), which is restricted to communication of the fact of outsourcing.
There are no provisions that suggest or delegate the supervision of outsourced service providers located in host member states to host member state CAs.
The requirements under paragraphs 24(c), (d) and (e) should therefore be made conditional on the outsourced services relating directly to the branch.
Furthermore, there may be a need to notify of outsourced services without any passporting taking place. It makes sense therefore that a outsourcing notification be set out in a separate template from that of passporting.
It would be helpful to set out the agent requirements separately from those of distributors. These can then both be appended to services and establishment notifications forms.
Paragraph 15(a)(vi) seeks the name, date and place of birth of the legal representative of a distributor. This is disproportionate, as distributors are not regulated themselves, and questions are more appropriately directed to the electronic money institution itself. The distributor simply acts as an outsourced sales provider for the e-money institution.
The obligation to comply with anti money laundering (“AML”) legislation is (with one exception) that of the electronic money institution and not that of the distributor. Furthermore, with the exception of distributors who are also agents of e-money institutions, or are regulated for AML themselves, distributors are not tasked by issuers with any AML obligations other than very basic unusual activity escalation or the imposition of limits on the number of products sold at any one time.
AML processes, whether customer due diligence (“CDD”), monitoring, record keeping and suspicious activity reporting are all undertaken by the issuer itself, which has access to the system, transactions platform and CDD processes.
There is therefore little benefit in communicating information on the internal control of a distributor set out at paragraph (20) such as its structure, number of employees, organizational charts or legal reporting lines.
This requirement also raises the question of whether notification would be required if changes to such information were to arise, and the obligation to inform the host CA of such changes. This is disproportionate to the activity of selling prepaid payment instruments. These provisions should not apply to distributors of e-money.
Notification of outsourcing:
As set out above, the obligation to provide the information set out at paragraphs 23(c), (d) and (e) go beyond the obligations to communicate the outsourcing of services to host member state CA. They relate to prudential supervisory obligations which are the competence of the home member state CA. PSD2 does not delegate these powers to host member state CAs.
In cases where agents or distributors are offering their services under an establishment passport AND the outsourced services relate directly to the activities of these entities, such additional information may be warranted. If however the outsourced services relate to the operation of the payment institution itself, such information falls outside the scope of PSD2 and the powers of the host member state CA.
We would prefer to see a framework that reflected PSD2 and the Treaty’s provisions for services and establishment passporting. This would comprise two templates. Each template can then have sections for notification of distributors and for notification of agents.
This would acknowledge the distinction between the two forms of passporting based in PSD2 and wider legislation, and would acknowledge that agents or distributors could conceivably be passported under either regime.
It would then make the information sharing between competent authorities more aligned to the relative roles of home and host supervisors under the two modes of passporting.
Our comments here are in relation to the outsourcing of operational functions provisions at paragraph 16. We regard the communication of prudential supervisory information to the host member state CA to be beyond the normal scope of information sharing between the home and host CAs.
In the case of passporting under a services passport, the information requested under paragraphs 16(c), (d) and (e) are beyond the competence of the host member state CA at all times, and should be deleted. This is part of the prudential supervisory competence of the home member state CA and not the host member state CA.
Our objections in relation to all three annexes are to the communication of this information as a matter of course, as it will then form part of the assessments by the host member state CA under Article 28(2), and will result in the host CA taking a view on a matter that is the domain of the home CA. It will also give rise to additional administrative burden for firms in setting out these issues, and delay while the host member state CA seeks to assess their adequacy.
It appears to us to be very onerous to require an additional form to be completed and sent to the host member state CA ahead of the commencement of the activity of each agent or distributor.
It would save much work for both the home and host CAs if the passporting notification template could provide an estimated date of commencement. Payment institutions could then only be required to complete a commencement form if the date is delayed by more than a given period of time; such as for example 6 months or so.
It would otherwise give rise to a significant burden for all participants, and generate an excessive amount of correspondence of uncertain value.