1.For authorisation as a payment institution, an application shall be submitted to the competent authorities of the home Member State, together with the following:
(a)a programme of operations setting out in particular the type of payment services envisaged;
(b)a business plan including a forecast budget calculation for the first 3 financial years which demonstrates that the applicant is able to employ the appropriate and proportionate systems, resources and procedures to operate soundly;
(c)evidence that the payment institution holds initial capital as provided for in Article 7;
(d)for the payment institutions referred to in Article 10(1), a description of the measures taken for safeguarding payment service users’ funds in accordance with Article 10;
(e)a description of the applicant’s governance arrangements and internal control mechanisms, including administrative, risk management and accounting procedures, which demonstrates that those governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate;
(f)a description of the procedure in place to monitor, handle and follow up a security incident and security related customer complaints, including an incidents reporting mechanism which takes account of the notification obligations of the payment institution laid down in Article 96;
(g)a description of the process in place to file, monitor, track and restrict access to sensitive payment data;
(h)a description of business continuity arrangements including a clear identification of the critical operations, effective contingency plans and a procedure to regularly test and review the adequacy and efficiency of such plans;
(i)a description of the principles and definitions applied for the collection of statistical data on performance, transactions and fraud;
(j)a security policy document, including a detailed risk assessment in relation to its payment services and a description of security control and mitigation measures taken to adequately protect payment service users against the risks identified, including fraud and illegal use of sensitive and personal data;
(k)for payment institutions subject to the obligations in relation to money laundering and terrorist financing under Directive (EU) 2015/849 of the European Parliament and of the Council(1) and Regulation (EU) 2015/847 of the European Parliament and of the Council(2), a description of the internal control mechanisms which the applicant has established in order to comply with those obligations;
(l)a description of the applicant’s structural organisation, including, where applicable, a description of the intended use of agents and branches and of the off-site and on-site checks that the applicant undertakes to perform on them at least annually, as well as a description of outsourcing arrangements, and of its participation in a national or international payment system;
(m)the identity of persons holding in the applicant, directly or indirectly, qualifying holdings within the meaning of point (36) of Article 4(1) of Regulation (EU) No 575/2013, the size of their holdings and evidence of their suitability taking into account the need to ensure the sound and prudent management of a payment institution;
(n)the identity of directors and persons responsible for the management of the payment institution and, where relevant, persons responsible for the management of the payment services activities of the payment institution, as well as evidence that they are of good repute and possess appropriate knowledge and experience to perform payment services as determined by the home Member State of the payment institution;
(o)where applicable, the identity of statutory auditors and audit firms as defined in Directive 2006/43/EC of the European Parliament and of the Council(3);
(p)the applicant’s legal status and articles of association;
(q)the address of the applicant’s head office.
For the purposes of points (d), (e) (f) and (l) of the first subparagraph, the applicant shall provide a description of its audit arrangements and the organisational arrangements it has set up with a view to taking all reasonable steps to protect the interests of its users and to ensure continuity and reliability in the performance of payment services.
The security control and mitigation measures referred to in point (j) of the first subparagraph shall indicate how they ensure a high level of technical security and data protection, including for the software and IT systems used by the applicant or the undertakings to which it outsources the whole or part of its operations. Those measures shall also include the security measures laid down in Article 95(1). Those measures shall take into account EBA’s guidelines on security measures as referred to in Article 95(3) when in place.
2.Member States shall require undertakings that apply for authorisation to provide payment services as referred to in point (7) of Annex I, as a condition of their authorisation, to hold a professional indemnity insurance, covering the territories in which they offer services, or some other comparable guarantee against liability to ensure that they can cover their liabilities as specified in Articles 73, 89, 90 and 92.
3.Member States shall require undertakings that apply for registration to provide payment services as referred to in point (8) of Annex I, as a condition of their registration, to hold a professional indemnity insurance covering the territories in which they offer services, or some other comparable guarantee against their liability vis-à-vis the account servicing payment service provider or the payment service user resulting from non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information.
4.By 13 January 2017, EBA shall, after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines, addressed to the competent authorities, in accordance with Article 16 of Regulation (EU) No 1093/2010 on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee referred to in paragraphs 2 and 3.
In developing the guidelines referred to in the first subparagraph, EBA shall take account of the following:
(a)the risk profile of the undertaking;
(b)whether the undertaking provides other payment services as referred to in Annex I or is engaged in other business;
(c)the size of the activity:
for undertakings that apply for authorisation to provide payment services as referred to in point (7) of Annex I, the value of the transactions initiated;
for undertakings that apply for registration to provide payment services as referred to in point (8) of Annex I, the number of clients that make use of the account information services;
(d)the specific characteristics of comparable guarantees and the criteria for their implementation.
EBA shall review those guidelines on a regular basis.
5.By 13 July 2017, EBA shall, after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 concerning the information to be provided to the competent authorities in the application for the authorisation of payment institutions, including the requirements laid down in points (a), (b), (c), (e) and (g) to (j) of the first subparagraph of paragraph 1 of this Article.
EBA shall review those guidelines on a regular basis and in any event at least every 3 years.
6.Taking into account, where appropriate, experience acquired in the application of the guidelines referred to in paragraph 5, EBA may develop draft regulatory technical standards specifying the information to be provided to the competent authorities in the application for the authorisation of payment institutions, including the requirements laid down in points (a), (b), (c), (e) and (g) to (j) of paragraph 1.
Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.
7.The information referred to in paragraph 4 shall be notified to competent authorities in accordance with paragraph 1.
1.Any natural or legal person who has taken a decision to acquire or to further increase, directly or indirectly, a qualifying holding within the meaning of point (36) of Article 4(1)of Regulation (EU) No 575/2013 in a payment institution, as a result of which the proportion of the capital or of the voting rights held would reach or exceed 20 %, 30 % or 50 %, or so that the payment institution would become its subsidiary, shall inform the competent authorities of that payment institution in writing of their intention in advance. The same applies to any natural or legal person who has taken a decision to dispose, directly or indirectly, of a qualifying holding, or to reduce its qualifying holding so that the proportion of the capital or of the voting rights held would fall below 20 %, 30 % or 50 %, or so that the payment institution would cease to be its subsidiary.
2.The proposed acquirer of a qualifying holding shall supply to the competent authority information indicating the size of the intended holding and relevant information referred to in Article 23(4) of Directive 2013/36/EU.
3.Member States shall require that where the influence exercised by a proposed acquirer, as referred to in paragraph 2 is likely to operate to the detriment of the prudent and sound management of the payment institution, the competent authorities shall express their opposition or take other appropriate measures to bring that situation to an end. Such measures may include injunctions, penalties against directors or the persons responsible for the management, or the suspension of the exercise of the voting rights attached to the shares held by the shareholders or members of the payment institution in question.
Similar measures shall apply to natural or legal persons who fail to comply with the obligation to provide prior information, as laid down in this Article.
4.If a holding is acquired despite the opposition of the competent authorities, Member States shall, regardless of any other penalty to be adopted, provide for the exercise of the corresponding voting rights to be suspended, the nullity of votes cast or the possibility of annulling those votes.
Member States shall require payment institutions to hold, at the time of authorisation, initial capital, comprised of one or more of the items referred to in Article 26(1)(a) to (e) of Regulation (EU) No 575/2013 as follows:
where the payment institution provides only the payment service as referred to in point (6) of Annex I, its capital shall at no time be less than EUR 20 000;
where the payment institution provides the payment service as referred to in point (7) of Annex I, its capital shall at no time be less than EUR 50 000;
where the payment institution provides any of the payment services as referred to in points (1) to (5) of Annex I, its capital shall at no time be less than EUR 125 000.
1.The payment institution’s own funds, shall not fall below the amount of initial capital as referred to in Article 7 or the amount of own funds as calculated in accordance with Article 9 of this Directive, whichever is the higher.
2.Member States shall take the necessary measures to prevent the multiple use of elements eligible for own funds where the payment institution belongs to the same group as another payment institution, credit institution, investment firm, asset management company or insurance undertaking. This paragraph shall also apply where a payment institution has a hybrid character and carries out activities other than providing payment services.
3.If the conditions laid down in Article 7 of Regulation (EU) No 575/2013 are met, Member States or their competent authorities may choose not to apply Article 9 of this Directive to payment institutions which are included in the consolidated supervision of the parent credit institution pursuant to Directive 2013/36/EU.
1.Notwithstanding the initial capital requirements set out in Article 7, Member States shall require payment institutions, except those offering only services as referred to in point (7) or (8), or both, of Annex I, to hold, at all times, own funds calculated in accordance with one of the following three methods, as determined by the competent authorities in accordance with national legislation:
Method A
The payment institution’s own funds shall amount to at least 10 % of its fixed overheads of the preceding year. The competent authorities may adjust that requirement in the event of a material change in a payment institution’s business since the preceding year. Where a payment institution has not completed a full year’s business at the date of the calculation, the requirement shall be that its own funds amount to at least 10 % of the corresponding fixed overheads as projected in its business plan, unless an adjustment to that plan is required by the competent authorities.
Method B
The payment institution’s own funds shall amount to at least the sum of the following elements multiplied by the scaling factor k defined in paragraph 2, where payment volume (PV) represents one twelfth of the total amount of payment transactions executed by the payment institution in the preceding year:
4,0 % of the slice of PV up to EUR 5 million;
plus
2,5 % of the slice of PV above EUR 5 million up to EUR 10 million;
plus
1 % of the slice of PV above EUR 10 million up to EUR 100 million;
plus
0,5 % of the slice of PV above EUR 100 million up to EUR 250 million;
plus
0,25 % of the slice of PV above EUR 250 million.
Method C
The payment institution’s own funds shall amount to at least the relevant indicator defined in point (a), multiplied by the multiplication factor defined in point (b) and by the scaling factor k defined in paragraph 2.
The relevant indicator is the sum of the following:
interest income;
interest expenses;
commissions and fees received; and
other operating income.
Each element shall be included in the sum with its positive or negative sign. Income from extraordinary or irregular items shall not be used in the calculation of the relevant indicator. Expenditure on the outsourcing of services rendered by third parties may reduce the relevant indicator if the expenditure is incurred from an undertaking subject to supervision under this Directive. The relevant indicator is calculated on the basis of the 12-monthly observation at the end of the previous financial year. The relevant indicator shall be calculated over the previous financial year. Nevertheless own funds calculated according to Method C shall not fall below 80 % of the average of the previous 3 financial years for the relevant indicator. When audited figures are not available, business estimates may be used.
The multiplication factor shall be:
10 % of the slice of the relevant indicator up to EUR 2,5 million;
8 % of the slice of the relevant indicator from EUR 2,5 million up to EUR 5 million;
6 % of the slice of the relevant indicator from EUR 5 million up to EUR 25 million;
3 % of the slice of the relevant indicator from EUR 25 million up to 50 million;
1,5 % above EUR 50 million.
2.The scaling factor k to be used in Methods B and C shall be:
(a)0,5 where the payment institution provides only the payment service as referred to in point (6) of Annex I;
(b)1 where the payment institution provides any of the payment services as referred to in any of points (1) to (5) of Annex I.
3.The competent authorities may, based on an evaluation of the risk-management processes, risk loss data base and internal control mechanisms of the payment institution, require the payment institution to hold an amount of own funds which is up to 20 % higher than the amount which would result from the application of the method chosen in accordance with paragraph 1, or permit the payment institution to hold an amount of own funds which is up to 20 % lower than the amount which would result from the application of the method chosen in accordance with paragraph 1.
1.The Member States or competent authorities shall require a payment institution which provides payment services as referred to in points (1) to (6) of Annex I to safeguard all funds which have been received from the payment service users or through another payment service provider for the execution of payment transactions, in either of the following ways:
(a)funds shall not be commingled at any time with the funds of any natural or legal person other than payment service users on whose behalf the funds are held and, where they are still held by the payment institution and not yet delivered to the payee or transferred to another payment service provider by the end of the business day following the day when the funds have been received, they shall be deposited in a separate account in a credit institution or invested in secure, liquid low-risk assets as defined by the competent authorities of the home Member State; and they shall be insulated in accordance with national law in the interest of the payment service users against the claims of other creditors of the payment institution, in particular in the event of insolvency;
(b)funds shall be covered by an insurance policy or some other comparable guarantee from an insurance company or a credit institution, which does not belong to the same group as the payment institution itself, for an amount equivalent to that which would have been segregated in the absence of the insurance policy or other comparable guarantee, payable in the event that the payment institution is unable to meet its financial obligations.
2.Where a payment institution is required to safeguard funds under paragraph 1 and a portion of those funds is to be used for future payment transactions with the remaining amount to be used for non-payment services, that portion of the funds to be used for future payment transactions shall also be subject to the requirements of paragraph 1. Where that portion is variable or not known in advance, Member States shall allow payment institutions to apply this paragraph on the basis of a representative portion assumed to be used for payment services provided such a representative portion can be reasonably estimated on the basis of historical data to the satisfaction of the competent authorities.
1.Member States shall require undertakings other than those referred to in points (a), (b), (c), (e) and (f) of Article 1(1) and other than natural or legal persons benefiting from an exemption pursuant to Article 32 or 33, who intend to provide payment services, to obtain authorisation as a payment institution before commencing the provision of payment services. An authorisation shall only be granted to a legal person established in a Member State.
2.Competent authorities shall grant an authorisation if the information and evidence accompanying the application complies with all of the requirements laid down in Article 5 and if the competent authorities’ overall assessment, having scrutinised the application, is favourable. Before granting an authorisation, the competent authorities may, where relevant, consult the national central bank or other relevant public authorities.
3.A payment institution which, under the national law of its home Member State is required to have a registered office, shall have its head office in the same Member State as its registered office and shall carry out at least part of its payment service business there.
4.The competent authorities shall grant an authorisation only if, taking into account the need to ensure the sound and prudent management of a payment institution, the payment institution has robust governance arrangements for its payment services business, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective procedures to identify, manage, monitor and report the risks to which it is or might be exposed, and adequate internal control mechanisms, including sound administrative and accounting procedures; those arrangements, procedures and mechanisms shall be comprehensive and proportionate to the nature, scale and complexity of the payment services provided by the payment institution.
5.Where a payment institution provides any of the payment services as referred to in points (1) to (7) of Annex I and, at the same time, is engaged in other business activities, the competent authorities may require the establishment of a separate entity for the payment services business, where the non-payment services activities of the payment institution impair or are likely to impair either the financial soundness of the payment institution or the ability of the competent authorities to monitor the payment institution’s compliance with all obligations laid down by this Directive.
6.The competent authorities shall refuse to grant an authorisation if, taking into account the need to ensure the sound and prudent management of a payment institution, they are not satisfied as to the suitability of the shareholders or members that have qualifying holdings.
7.Where close links as defined in point (38) of Article 4(1) of Regulation (EU) No 575/2013 exist between the payment institution and other natural or legal persons, the competent authorities shall grant an authorisation only if those links do not prevent the effective exercise of their supervisory functions.
8.The competent authorities shall grant an authorisation only if the laws, regulations or administrative provisions of a third country governing one or more natural or legal persons with which the payment institution has close links, or difficulties involved in the enforcement of those laws, regulations or administrative provisions, do not prevent the effective exercise of their supervisory functions.
9.An authorisation shall be valid in all Member States and shall allow the payment institution concerned to provide the payment services that are covered by the authorisation throughout the Union, pursuant to the freedom to provide services or the freedom of establishment.
Within 3 months of receipt of an application or, if the application is incomplete, of all of the information required for the decision, the competent authorities shall inform the applicant whether the authorisation is granted or refused. The competent authority shall give reasons where it refuses an authorisation.
1.The competent authorities may withdraw an authorisation issued to a payment institution only if the institution:
(a)does not make use of the authorisation within 12 months, expressly renounces the authorisation or has ceased to engage in business for more than 6 months, if the Member State concerned has made no provision for the authorisation to lapse in such cases;
(b)has obtained the authorisation through false statements or any other irregular means;
(c)no longer meets the conditions for granting the authorisation or fails to inform the competent authority on major developments in this respect;
(d)would constitute a threat to the stability of or the trust in the payment system by continuing its payment services business; or
(e)falls within one of the other cases where national law provides for withdrawal of an authorisation.
2.The competent authority shall give reasons for any withdrawal of an authorisation and shall inform those concerned accordingly.
3.The competent authority shall make public the withdrawal of an authorisation, including in the registers referred to in Articles 14 and 15.
1.Member States shall establish a public register in which the following are entered:
(a)authorised payment institutions and their agents;
(b)natural and legal persons benefiting from an exemption pursuant to Article 32 or 33, and their agents; and
(c)the institutions referred to in Article 2(5) that are entitled under national law to provide payment services.
Branches of payment institutions shall be entered in the register of the home Member State if those branches provide services in a Member State other than their home Member State.
2.The public register shall identify the payment services for which the payment institution is authorised or for which the natural or legal person has been registered. Authorised payment institutions shall be listed in the register separately from natural and legal persons benefiting from an exemption pursuant to Article 32 or 33. The register shall be publicly available for consultation, accessible online, and updated without delay.
3.Competent authorities shall enter in the public register any withdrawal of authorisation and any withdrawal of an exemption pursuant to Article 32 or 33.
4.Competent authorities shall notify EBA of the reasons for the withdrawal of any authorisation and of any exemption pursuant to Article 32 or 33
1.EBA shall develop, operate and maintain an electronic, central register that contains the information as notified by the competent authorities in accordance with paragraph 2. EBA shall be responsible for the accurate presentation of that information.
EBA shall make the register publicly available on its website, and shall allow for easy access to and easy search for the information listed, free of charge.
2.Competent authorities shall, without delay, notify EBA of the information entered in their public registers as referred to in Article 14 in a language customary in the field of finance.
3.Competent authorities shall be responsible for the accuracy of the information specified in paragraph 2 and for keeping that information up-to-date.
4.EBA shall develop draft regulatory technical standards setting technical requirements on development, operation and maintenance of the electronic central register and on access to the information contained therein. The technical requirements shall ensure that modification of the information is only possible by the competent authority and EBA.
EBA shall submit those draft regulatory technical standards to the Commission by 13 January 2018.
Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.
5.EBA shall develop draft implementing technical standards on the details and structure of the information to be notified pursuant to paragraph 1, including the common format and model in which this information is to be provided.
EBA shall submit those draft implementing technical standards to the Commission by 13 July 2017.
Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1093/2010.
Where any change affects the accuracy of information and evidence provided in accordance with Article 5, the payment institution shall, without undue delay, inform the competent authorities of its home Member State accordingly.
1.Directives 86/635/EEC and 2013/34/EU, and Regulation (EC) No 1606/2002 of the European Parliament and of the Council(4), shall apply to payment institutions mutatis mutandis.
2.Unless exempted under Directive 2013/34/EU and, where applicable, Directive 86/635/EEC, the annual accounts and consolidated accounts of payment institutions shall be audited by statutory auditors or audit firms within the meaning of Directive 2006/43/EC.
3.For supervisory purposes, Member States shall require that payment institutions provide separate accounting information for payment services and activities referred to in Article 18(1), which shall be subject to an auditor’s report. That report shall be prepared, where applicable, by the statutory auditors or an audit firm.
4.The obligations established in Article 63 of Directive 2013/36/EU shall apply mutatis mutandis to the statutory auditors or audit firms of payment institutions in respect of payment services activities.
1.Apart from the provision of payment services, payment institutions shall be entitled to engage in the following activities:
(a)the provision of operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data;
(b)the operation of payment systems, without prejudice to Article 35;
(c)business activities other than the provision of payment services, having regard to applicable Union and national law.
2.Where payment institutions engage in the provision of one or more payment services, they may hold only payment accounts which are used exclusively for payment transactions.
3.Any funds received by payment institutions from payment service users with a view to the provision of payment services shall not constitute a deposit or other repayable funds within the meaning of Article 9 of Directive 2013/36/EU, or electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC.
4.Payment institutions may grant credit relating to payment services as referred to in point (4) or (5) of Annex I only if all of the following conditions are met:
(a)the credit shall be ancillary and granted exclusively in connection with the execution of a payment transaction;
(b)notwithstanding national rules on providing credit by credit cards, the credit granted in connection with a payment and executed in accordance with Article 11(9) and Article 28 shall be repaid within a short period which shall in no case exceed 12 months;
(c)such credit shall not be granted from the funds received or held for the purpose of executing a payment transaction;
(d)the own funds of the payment institution shall at all times and to the satisfaction of the supervisory authorities be appropriate in view of the overall amount of credit granted.
5.Payment institutions shall not conduct the business of taking deposits or other repayable funds within the meaning of Article 9 of Directive 2013/36/EU.
6.This Directive shall be without prejudice to Directive 2008/48/EC, other relevant Union law or national measures regarding conditions for granting credit to consumers not harmonised by this Directive that comply with Union law.
1.Where a payment institution intends to provide payment services through an agent it shall communicate the following information to the competent authorities in its home Member State:
(a)the name and address of the agent;
(b)a description of the internal control mechanisms that will be used by the agent in order to comply with the obligations in relation to money laundering and terrorist financing under Directive (EU) 2015/849, to be updated without delay in the event of material changes to the particulars communicated at the initial notification;
(c)the identity of directors and persons responsible for the management of the agent to be used in the provision of payment services and, for agents other than payment service providers, evidence that they are fit and proper persons;
(d)the payment services of the payment institution for which the agent is mandated; and
(e)where applicable, the unique identification code or number of the agent.
2.Within 2 months of receipt of the information referred to in paragraph 1, the competent authority of the home Member State shall communicate to the payment institution whether the agent has been entered in the register provided for in Article 14. Upon entry in the register, the agent may commence providing payment services.
3.Before listing the agent in the register, the competent authorities shall, if they consider that the information provided to them is incorrect, take further action to verify the information.
4.If, after taking action to verify the information, the competent authorities are not satisfied that the information provided to them pursuant to paragraph 1 is correct, they shall refuse to list the agent in the register provided for in Article 14 and shall inform the payment institution without undue delay.
5.If the payment institution wishes to provide payment services in another Member State by engaging an agent or establishing a branch it shall follow the procedures set out in Article 28.
6.Where a payment institution intends to outsource operational functions of payment services, it shall inform the competent authorities of its home Member State accordingly.
Outsourcing of important operational functions, including IT systems, shall not be undertaken in such way as to impair materially the quality of the payment institution’s internal control and the ability of the competent authorities to monitor and retrace the payment institution’s compliance with all of the obligations laid down in this Directive.
For the purposes of the second subparagraph, an operational function shall be regarded as important if a defect or failure in its performance would materially impair the continuing compliance of a payment institution with the requirements of its authorisation requested pursuant to this Title, its other obligations under this Directive, its financial performance, or the soundness or the continuity of its payment services. Member States shall ensure that when payment institutions outsource important operational functions, the payment institutions meet the following conditions:
(a)the outsourcing shall not result in the delegation by senior management of its responsibility;
(b)the relationship and obligations of the payment institution towards its payment service users under this Directive shall not be altered;
(c)the conditions with which the payment institution is to comply in order to be authorised and remain so in accordance with this Title shall not be undermined;
(d)none of the other conditions subject to which the payment institution’s authorisation was granted shall be removed or modified.
7.Payment institutions shall ensure that agents or branches acting on their behalf inform payment service users of this fact.
8.Payment institutions shall communicate to the competent authorities of their home Member State without undue delay any change regarding the use of entities to which activities are outsourced and, in accordance with the procedure provided for in paragraphs 2, 3 and 4, agents, including additional agents.
1.Member States shall ensure that, where payment institutions rely on third parties for the performance of operational functions, those payment institutions take reasonable steps to ensure that the requirements of this Directive are complied with.
2.Member States shall require that payment institutions remain fully liable for any acts of their employees, or any agent, branch or entity to which activities are outsourced.
Member States shall require payment institutions to keep all appropriate records for the purpose of this Title for at least 5 years, without prejudice to Directive (EU) 2015/849 or other relevant Union law.
1.Member States shall designate as the competent authorities responsible for the authorisation and prudential supervision of payment institutions which are to carry out the duties provided for under this Title either public authorities, or bodies recognised by national law or by public authorities expressly empowered for that purpose by national law, including national central banks.
The competent authorities shall guarantee independence from economic bodies and avoid conflicts of interest. Without prejudice to the first subparagraph, payment institutions, credit institutions, electronic money institutions, or post office giro institutions shall not be designated as competent authorities.
The Member States shall inform the Commission accordingly.
2.Member States shall ensure that the competent authorities designated under paragraph 1 possess all powers necessary for the performance of their duties.
3.Member States on whose territories there is more than one competent authority for matters covered by this Title shall ensure that those authorities cooperate closely so that they can discharge their respective duties effectively. The same applies where the authorities competent for matters covered by this Title are not the competent authorities responsible for the supervision of credit institutions.
4.The tasks of the competent authorities designated under paragraph 1 shall be the responsibility of the competent authorities of the home Member State.
5.Paragraph 1 shall not imply that the competent authorities are required to supervise business activities of the payment institutions other than the provision of payment services and the activities referred to in point (a) of Article 18(1).
1.Member States shall ensure that the controls exercised by the competent authorities for checking continued compliance with this Title are proportionate, adequate and responsive to the risks to which payment institutions are exposed.
In order to check compliance with this Title, the competent authorities shall, in particular, be entitled to take the following steps:
(a)to require the payment institution to provide any information needed to monitor compliance specifying the purpose of the request, as appropriate, and the time limit by which the information is to be provided;
(b)to carry out on-site inspections at the payment institution, at any agent or branch providing payment services under the responsibility of the payment institution, or at any entity to which activities are outsourced;
(c)to issue recommendations, guidelines and, if applicable, binding administrative provisions;
(d)to suspend or to withdraw an authorisation pursuant to Article 13.
2.Without prejudice to the procedures for the withdrawal of authorisations and the provisions of criminal law, the Member States shall provide that their respective competent authorities, may, as against payment institutions or those who effectively control the business of payment institutions which breach laws, regulations or administrative provisions concerning the supervision or pursuit of their payment service business, adopt or impose in respect of them penalties or measures aimed specifically at ending observed breaches or the causes of such breaches.
3.Notwithstanding the requirements of Article 7, Article 8(1) and (2) and Article 9, Member States shall ensure that the competent authorities are entitled to take steps described under paragraph 1 of this Article to ensure sufficient capital for payment services, in particular where the non-payment services activities of the payment institution impair or are likely to impair the financial soundness of the payment institution.
1.Member States shall ensure that all persons who work or who have worked for the competent authorities, as well as experts acting on behalf of the competent authorities, are bound by the obligation of professional secrecy, without prejudice to cases covered by criminal law.
2.In the exchange of information in accordance with Article 26, professional secrecy shall be strictly applied to ensure the protection of individual and business rights.
3.Member States may apply this Article taking into account, mutatis mutandis, Articles 53 to 61 of Directive 2013/36/EU.
1.Member States shall ensure that decisions taken by the competent authorities in respect of a payment institution pursuant to the laws, regulations and administrative provisions adopted in accordance with this Directive may be contested before the courts.
2.Paragraph 1 shall apply also in respect of failure to act.
1.The competent authorities of the different Member States shall cooperate with each other and, where appropriate, with the ECB and the national central banks of the Member States, EBA and other relevant competent authorities designated under Union or national law applicable to payment service providers.
2.Member States shall, in addition, allow exchange of information between their competent authorities and the following:
(a)the competent authorities of other Member States responsible for the authorisation and supervision of payment institutions;
(b)the ECB and the national central banks of Member States, in their capacity as monetary and oversight authorities, and, where appropriate, other public authorities responsible for overseeing payment and settlement systems;
(c)other relevant authorities designated under this Directive, Directive (EU) 2015/849 and other Union law applicable to payment service providers, such as laws applicable to money laundering and terrorist financing;
(d)EBA, in its capacity of contributing to the consistent and coherent functioning of supervising mechanisms as referred to in point (a) of Article 1(5) of Regulation (EU) No 1093/2010.
1.Where a competent authority of a Member State considers that, in a particular matter, cross-border cooperation with competent authorities of another Member State referred to in Article 26, 28, 29, 30 or 31 of this Directive does not comply with the relevant conditions set out in those provisions, it may refer the matter to EBA and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010.
2.Where EBA has been requested to assist pursuant to paragraph 1 of this Article, it shall take a decision under Article 19(3) of Regulation (EU) No 1093/2010 without undue delay. EBA may also assist the competent authorities in reaching an agreement on its own initiative in accordance with the second subparagraph of Article 19(1) of that Regulation. In either case, the competent authorities involved shall defer their decisions pending resolution under Article 19 of that Regulation.
1.Any authorised payment institution wishing to provide payment services for the first time in a Member State other than its home Member State, in the exercise of the right of establishment or the freedom to provide services, shall communicate the following information to the competent authorities in its home Member State:
(a)the name, the address and, where applicable, the authorisation number of the payment institution;
(b)the Member State(s) in which it intends to operate;
(c)the payment service(s) to be provided;
(d)where the payment institution intends to make use of an agent, the information referred to in Article 19(1);
(e)where the payment institution intends to make use of a branch, the information referred to in points (b) and (e) of Article 5(1) with regard to the payment service business in the host Member State, a description of the organisational structure of the branch and the identity of those responsible for the management of the branch.
Where the payment institution intends to outsource operational functions of payment services to other entities in the host Member State, it shall inform the competent authorities of its home Member State accordingly.
2.Within 1 month of receipt of all of the information referred to in paragraph 1 the competent authorities of the home Member State shall send it to the competent authorities of the host Member State.
Within 1 month of receipt of the information from the competent authorities of the home Member State, the competent authorities of the host Member State shall assess that information and provide the competent authorities of the home Member State with relevant information in connection with the intended provision of payment services by the relevant payment institution in the exercise of the freedom of establishment or the freedom to provide services. The competent authorities of the host Member State shall inform the competent authorities of the home Member State in particular of any reasonable grounds for concern in connection with the intended engagement of an agent or establishment of a branch with regard to money laundering or terrorist financing within the meaning of Directive (EU) 2015/849.
Where the competent authorities of the home Member State do not agree with the assessment of the competent authorities of the host Member State, they shall provide the latter with the reasons for their decision.
If the assessment of the competent authorities of the home Member State in particular in light of the information received from the competent authorities of the host Member State, is not favourable, the competent authority of the home Member State shall refuse to register the agent or branch or shall withdraw the registration if already made.
3.Within 3 months of receipt of the information referred to in paragraph 1 the competent authorities of the home Member State shall communicate their decision to the competent authorities of the host Member State and to the payment institution.
Upon entry in the register referred to in Article 14, the agent or branch may commence its activities in the relevant host Member State.
The payment institution shall notify to the competent authorities of the home Member State the date from which it commences its activities through the agent or branch in the relevant host Member State. The competent authorities of the home Member State shall inform the competent authorities of the host Member State accordingly.
4.The payment institution shall communicate to the competent authorities of the home Member State without undue delay any relevant change regarding the information communicated in accordance with paragraph 1, including additional agents, branches or entities to which activities are outsourced in the host Member States in which it operates The procedure provided for under paragraphs 2 and 3 shall apply.
5.EBA shall develop draft regulatory technical standards specifying the framework for cooperation, and for the exchange of information, between competent authorities of the home and of the host Member State in accordance with this Article. Those draft regulatory technical standards shall specify the method, means and details of cooperation in the notification of payment institutions operating on a cross-border basis and, in particular, the scope and treatment of information to be submitted, including common terminology and standard notification templates to ensure a consistent and efficient notification process.
EBA shall submit those draft regulatory technical standards to the Commission by 13 January 2018.
Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.
1.In order to carry out the controls and take the necessary steps provided for in this Title and in the provisions of national law transposing Titles III and IV, in accordance with Article 100(4), in respect of the agent or branch of a payment institution located in the territory of another Member State, the competent authorities of the home Member State shall cooperate with the competent authorities of the host Member State.
By way of cooperation in accordance with the first subparagraph, the competent authorities of the home Member State shall notify the competent authorities of the host Member State where they intend to carry out an on-site inspection in the territory of the latter.
However, the competent authorities of the home Member State may delegate to the competent authorities of the host Member State the task of carrying out on-site inspections of the institution concerned.
2.The competent authorities of the host Member States may require that payment institutions having agents or branches within their territories shall report to them periodically on the activities carried out in their territories.
Such reports shall be required for information or statistical purposes and, as far as the agents and branches conduct the payment service business under the right of establishment, to monitor compliance with the provisions of national law transposing Titles III and IV. Such agents and branches shall be subject to professional secrecy requirements at least equivalent to those referred to in Article 24.
3.The competent authorities shall provide each other with all essential and/or relevant information, in particular in the case of infringements or suspected infringements by an agent or a branch, and where such infringements occurred in the context of the exercise of the freedom to provide services. In that regard, the competent authorities shall communicate, upon request, all relevant information and, on their own initiative, all essential information, including on the compliance of the payment institution with the conditions under Article 11(3).
4.Member States may require payment institutions operating on their territory through agents under the right of establishment, the head office of which is situated in another Member State, to appoint a central contact point in their territory to ensure adequate communication and information reporting on compliance with Titles III and IV, without prejudice to any provisions on anti-money laundering and countering terrorist financing provisions and to facilitate supervision by competent authorities of home Member State and host Member States, including by providing competent authorities with documents and information on request.
5.EBA shall develop draft regulatory technical standards specifying the criteria to be applied when determining, in accordance with the principle of proportionality, the circumstances when the appointment of a central contact point is appropriate, and the functions of those contact points, pursuant to paragraph 4.
Those draft regulatory technical standards shall, in particular, take account of:
(a)the total volume and value of transactions carried out by the payment institution in host Member States;
(b)the type of payment services provided; and
(c)the total number of agents established in the host Member State.
EBA shall submit those draft regulatory technical standards to the Commission by 13 January 2017.
6.EBA shall develop draft regulatory technical standards specifying the framework for cooperation, and for the exchange of information, between the competent authorities of the home Member State and of the host Member State in accordance with this Title and to monitor compliance with the provisions of national law transposing Titles III and IV. The draft regulatory technical standards shall specify the method, means and details of cooperation in the supervision of payment institutions operating on a cross-border basis and, in particular, the scope and treatment of information to be exchanged, to ensure consistent and efficient supervision of payment institutions exercising cross-border provision of payment services.
Those draft regulatory technical standards shall also specify the means and details of any reporting requested by host Member States from payment institutions on the payment business activities carried out in their territories in accordance with paragraph 2, including the frequency of such reporting.
EBA shall submit those draft regulatory technical standards to the Commission by 13 January 2018.
7.Power is delegated to the Commission to adopt the regulatory technical standards referred to in paragraphs 5 and 6 in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.
1.Without prejudice to the responsibility of the competent authorities of the home Member State, where the competent authority of the host Member State ascertains that a payment institution having agents or branches in its territory does not comply with this Title or with national law transposing Title III or IV, it shall inform the competent authority of the home Member State without delay.
The competent authority of the home Member State, after having evaluated the information received pursuant to the first subparagraph, shall, without undue delay, take all appropriate measures to ensure that the payment institution concerned puts an end to its irregular situation. The competent authority of the home Member State shall communicate those measures without delay to the competent authority of the host Member State and to the competent authorities of any other Member State concerned.
2.In emergency situations, where immediate action is necessary to address a serious threat to the collective interests of the payment service users in the host Member State, the competent authorities of the host Member State may, in parallel to the cross-border cooperation between competent authorities and pending measures by the competent authorities of the home Member State as set out in Article 29, take precautionary measures.
3.Any precautionary measures under paragraph 2 shall be appropriate and proportionate to their purpose to protect against a serious threat to the collective interests of the payment service users in the host Member State. They shall not result in a preference for payment service users of the payment institution in the host Member State over payment service users of the payment institution in other Member States.
Precautionary measures shall be temporary and shall be terminated when the serious threats identified are addressed, including with the assistance of or in cooperation with the home Member State’s competent authorities or with EBA as provided for in Article 27(1).
4.Where compatible with the emergency situation, the competent authorities of the host Member State shall inform the competent authorities of the home Member State and those of any other Member State concerned, the Commission and EBA in advance and in any case without undue delay, of the precautionary measures taken under paragraph 2 and of their justification.
1.Any measure taken by the competent authorities pursuant to Article 23, 28, 29 or 30 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment shall be properly justified and communicated to the payment institution concerned.
2.Articles 28, 29 and 30 shall be without prejudice to the obligation of competent authorities under Directive (EU) 2015/849 and Regulation (EU) 2015/847, in particular under Article 48(1) of Directive (EU) 2015/849 and Article 22(1) of Regulation (EU) 2015/847, to supervise or monitor the compliance with the requirements laid down in those instruments.
1.Member States may exempt or allow their competent authorities to exempt, natural or legal persons providing payment services as referred to in points (1) to (6) of Annex I from the application of all or part of the procedure and conditions set out in Sections 1, 2 and 3, with the exception of Articles 14, 15, 22, 24, 25 and 26, where:
(a)the monthly average of the preceding 12 months’ total value of payment transactions executed by the person concerned, including any agent for which it assumes full responsibility, does not exceed a limit set by the Member State but that, in any event, amounts to no more than EUR 3 million. That requirement shall be assessed on the projected total amount of payment transactions in its business plan, unless an adjustment to that plan is required by the competent authorities; and
(b)none of the natural persons responsible for the management or operation of the business has been convicted of offences relating to money laundering or terrorist financing or other financial crimes.
2.Any natural or legal person registered in accordance with paragraph 1 shall be required to have its head office or place of residence in the Member State in which it actually carries out its business.
3.The persons referred to in paragraph 1 of this Article shall be treated as payment institutions, save that Article 11(9) and Articles 28, 29 and 30 shall not apply to them.
4.Member States may also provide that any natural or legal person registered in accordance with paragraph 1 of this Article may engage only in certain activities listed in Article 18.
5.The persons referred to in paragraph 1 of this Article shall notify the competent authorities of any change in their situation which is relevant to the conditions specified in that paragraph. Member States shall take the necessary steps to ensure that where the conditions set out in paragraph 1, 2 or 4 of this Article are no longer met, the persons concerned shall seek authorisation within 30 calendar days in accordance with Article 11.
6.Paragraphs 1 to 5 of this Article shall not apply in respect of Directive (EU) 2015/849 or of national anti-money-laundering law.
1.Natural or legal persons providing only the payment service as referred to in point (8) of Annex I shall be exempt from the application of the procedure and conditions set out in Sections 1 and 2, with the exception of points (a), (b), (e) to (h), (j), (l), (n), (p) and (q) of Article 5(1), Article 5(3) and Articles 14 and 15. Section 3 shall apply, with the exception of Article 23(3).
2.The persons referred to in paragraph 1 of this Article shall be treated as payment institutions, save that Titles III and IV shall not apply to them, with the exception of Articles 41, 45 and 52 where applicable, and of Articles 67, 69 and 95 to 98.
If a Member State applies an exemption pursuant to Article 32, it shall, by 13 January 2018, notify the Commission of its decision accordingly and it shall notify the Commission forthwith of any subsequent change. In addition, the Member State shall inform the Commission of the number of natural and legal persons concerned and, on an annual basis, of the total value of payment transactions executed as of 31 December of each calendar year, as referred to in point (a) of Article 32(1).
1.Member States shall ensure that the rules on access of authorised or registered payment service providers that are legal persons to payment systems are objective, non-discriminatory and proportionate and that they do not inhibit access more than is necessary to safeguard against specific risks such as settlement risk, operational risk and business risk and to protect the financial and operational stability of the payment system.
Payment systems shall not impose on payment service providers, on payment service users or on other payment systems any of the following requirements:
(a)restrictive rule on effective participation in other payment systems;
(b)rule which discriminates between authorised payment service providers or between registered payment service providers in relation to the rights, obligations and entitlements of participants;
(c)restriction on the basis of institutional status.
2.Paragraph 1 shall not apply to:
(a)payment systems designated under Directive 98/26/EC;
(b)payment systems composed exclusively of payment service providers belonging to a group.
For the purposes of point (a) of the first subparagraph, Member States shall ensure that where a participant in a designated system allows an authorised or registered payment service provider that is not a participant in the system to pass transfer orders through the system that participant shall, when requested, give the same opportunity in an objective, proportionate and non-discriminatory manner to other authorised or registered payment service providers in line with paragraph 1.
The participant shall provide the requesting payment service provider with full reasons for any rejection.
Member States shall ensure that payment institutions have access to credit institutions’ payment accounts services on an objective, non-discriminatory and proportionate basis. Such access shall be sufficiently extensive as to allow payment institutions to provide payment services in an unhindered and efficient manner.
The credit institution shall provide the competent authority with duly motivated reasons for any rejection.
1.Member States shall prohibit natural or legal persons that are neither payment service providers nor explicitly excluded from the scope of this Directive from providing payment services.
2.Member States shall require that service providers carrying out either of the activities referred to in points (i) and (ii) of point (k) of Article 3 or carrying out both activities, for which the total value of payment transactions executed over the preceding 12 months exceeds the amount of EUR 1 million, send a notification to competent authorities containing a description of the services offered, specifying under which exclusion referred to in point (k)(i) and (ii) of Article 3 the activity is considered to be carried out.
On the basis of that notification, the competent authority shall take a duly motivated decision on the basis of criteria referred to in point (k) of Article 3 where the activity does not qualify as a limited network, and inform the service provider accordingly.
3.Member States shall require that service providers carrying out an activity referred to in point (l) of Article 3 send a notification to competent authorities and provide competent authorities an annual audit opinion, testifying that the activity complies with the limits set out in point (l) of Article 3.
4.Notwithstanding paragraph 1, competent authorities shall inform EBA of the services notified pursuant to paragraphs 2 and 3, stating under which exclusion the activity is carried out.
5.The description of the activity notified under paragraphs 2 and 3 of this Article shall be made publicly available in the registers provided for in Articles 14 and 15.
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1).
Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87).
Regulation (EC) No 1606/2002 of the European Parliament and of the Council of 19 July 2002 on the application of international accounting standards (OJ L 243, 11.9.2002, p. 1).