CB firmly believes that all payment card schemes must separate into distinct business units.
There is a need for clarification by defining exactly what is meant by :
- “financial information” in Recital (5)
- “business unit” in Recital (7). The term “separate entities” should be used throughout the Regulatory Technical Standards and avoid mentioning “business units” which implies that situations where the activities are carried out within the same legal entity could exist.
- is “senior management in Recital (8) a concept which applies to internal employees (for example a management committee of a company) or is it a constituency which represents shareholders or company officers such as CEOs and /or Directors ?
- in Recital (10) mention is made of “when a payment card scheme and the processing entity are part of the same legal entity or group …”. These two notions are very different, since one is based on legal criteria and the other on economic realities. Which criteria would apply … or is it either / or ?
- what is meant by “management body” in recital (13) ? Is it the Board of Directors or a Management Committee which is internal to the company ?
- what is the definition of “sensitive information” ?
- article 2 covers the requirement for independence, but doesn’t define “independence”. Does it mean that a processing entity must be neutral and accept any and all clients no matter which payment card scheme they use ? Or does it mean internal independence which would be established by the fact that strategic information would not be shared between the processing entities and the payment card schemes ?
The above examples illustrate the need for the list of definitions to be extended and for terms and definitions to be clearly stated."
CB would like to point out that since the processing activities which it uses today are already situated in separate legal entities, CB already applies the rules and principles described in this section.
Thus in conformance with Article 5 the requirements described correspond to those which are usually applied by the statutory auditors used by Cartes Bancaires.
As far as Article 6 is concerned, it is important to point out that the competent authority does not have the right to publish or communicate to third parties any information which it receives with respect to this Article. In other words, the employees of the competent authority must be subject to professional secrecy or sign confidentiality agreements with the payment card schemes and / or the processing entities which provide such information.
As explained above, there is a real need to clearly define what is meant by “processing entities participating in the payment card scheme”. The notion of “participating” is very vague. Is it envisaged that this could include “processing entities” that are “business units” of a competitor of the payment card scheme ?
A separation in terms of physical location as described in Article 8 seems to be somewhat outdated in an era where telecommunications would allow physically separated locations to use the same IT facilities and servers.
In Article 10 .4 b) it is unclear as to the role which a processor could play in practice to design the rules of a payment card scheme. The notion of “processing entities participating in” also needs to be clarified … what exactly does it mean ?
Article 11 should be clarified since the distinction between the performance of the processing entity and that of the payment card scheme can only exist in cases where the processing entity has activities which are other than those resulting from a single and unique payment card scheme.
Article 13 may be redundant compared with the requirements of Competition Law. The EBA should ensure that it doesn’t create a double control of the same actions and preoccupations.
In Article 14 the notion of “sensitive information” is inadequately defined and remains very vague, thus making the reading and interpretation of Articles 13 and 15 very difficult.
The management of conflicts of interest is often difficult to organise within different corporate or company bodies. Conformance programs and Charters can be developed but their control and application is generally complex.
In Article 16 the notion of “management bodies” has to be clarified, as does the notion of “conflict of interest”, based, for example through sworn statements from the managers or company officials regarding their independence with respect to processing entities and/or payment card schemes.
Improvements in the drafting and definitions would greatly help in the interpretation and implementation of the final RTS.