The Payment Services Regulations 2017

PART 1 U.K.Introductory provisions

Citation, commencement and extentU.K.

1.—(1) These Regulations may be cited as the Payment Services Regulations 2017.

(2) The following provisions come into force on 13th August 2017—

(a)this regulation and regulations 2 (interpretation), 106 (functions of the FCA), 112(6) (policy on imposition of penalties), 118 (costs of supervision), 120 (guidance), 121 (FCA's exemption from liability in damages) and 147 (duty to co-operate and exchange of information);

(b)regulation 122 and the following provisions of Schedule 6 (application and modification of legislation)—

(i)paragraph 1 (disciplinary powers) in so far as that paragraph applies sections 69 and 70 of the 2000 Act;

(ii)paragraph 3 (FCA rules) for the purpose of enabling the FCA to make rules;

(iii)paragraph 5 (control over payment institutions) in so far as that paragraph applies the provisions of sections 179 and 191E of the 2000 Act which confer functions on the FCA;

(iv)paragraph 12 (application of the Financial Services and Markets Act 2000 (Service of Notices) Regulations 2001 M1);

(c)regulation 156 in so far as it gives effect to the following provisions of Schedule 8 (amendments to legislation)—

(i)paragraph 2(6) (amendment of section 379A of the 2000 Act);

(ii)paragraph 3(b) (amendment of Schedule 15 to the Enterprise Act 2002 M2);

(iii)paragraph 5 (amendment of the Electronic Money Regulations 2011 M3) for the purpose of enabling the FCA to impose requirements, give directions and make rules;

(d)for the purpose of enabling the FCA to impose requirements and give directions—

(i)regulation 5(3) and (5) (applications for authorisation as a payment institution);

(ii)regulation 6(7)(e) and (f) (professional indemnity insurance for authorised payment institutions);

(iii)regulation 11(1) and (3) (cancellation of registration);

(iv)regulation 13(1), (2), (3) and (5) (application for registration);

(v)regulation 15 (small payment institutions: supplementary provision) in so far as it applies regulation 11(1) and (3);

(vi)regulation 17(1)(b) and (3) (application for registration as an account information service provider);

(vii)regulation 18(4)(b) (professional indemnity insurance for registered account information service providers);

(viii)regulation 19 (registered account information service providers: supplementary provision) in so far as it applies regulation 11(1) and (3);

(ix)regulation 20(3) (duty to notify changes);

(x)regulation 27(1) (notice of intention);

(xi)regulation 30(4), (5) and (7) (supervision of firms exercising passport rights);

(xii)regulation 34(3) and (4) (application for registration of agent);

(xiii)regulation 37(2) (duty to notify change in circumstances);

(xiv)regulation 38(4) (notification of use of limited network exclusion);

(xv)regulation 39(3) to (5) (notification of use of electronic communications exclusion);

(xvi)regulation 71(8)(c) (denial of access to an account information service provider);

(xvii)regulation 98(3) (management of operational and security risks);

(xviii)regulation 99(2) (incident reporting);

(xix)regulation 105(4)(b) (refusal of access to bank account);

(xx)regulation 109(1) to (3) and (5) (reporting requirements);

(xxi)regulation 119 to the extent that it gives effect to paragraph 5(1), (3) and (4) of Schedule 5 (credit agreements).

(3) The following provisions come into force on 13th October 2017—

(a)Part 2, for the purposes of enabling—

(i)the making and determination of applications for authorisation or registration (including the imposition of requirements in relation to authorisations and registrations); and

(ii)the giving of notices under regulation 3(2) (exemption for municipal banks);

(b)for the purposes of enabling the giving of notifications and the making of applications to the FCA and enabling the FCA to take action in response to such notifications and applications, regulations 25 (outsourcing), 34 (use of agents) and 39 (notification of use of electronic communications exclusion);

(c)In Schedule 6 (application and modification of legislation), paragraphs 2 (the Upper Tribunal), 5 (control over payment institutions) in so far as not already in force, 8 (restriction on disclosure of information), 10 (warning notices and decision notices) and 13 (application of the Financial Services and Markets Act 2000 (Disclosure of Confidential Information) Regulations 2001);

(d)regulations 142 to 146 (misleading the FCA);

(e)regulation 150 (transitional and saving provisions), for the purposes of enabling the provision of information or giving of notification under regulation 150(3), and enabling the FCA to take action in response to such information or notification;

(f)regulation 156 in so far as it gives effect to—

(i)paragraph 5 of Schedule 8 (amendment of the Electronic Money Regulations 2011), for the purpose of enabling the giving of notifications, the making or determining of applications and the taking of action in response to such applications and notifications under the Electronic Money Regulations 2011;

(ii)paragraph 6 of Schedule 8 (amendment of the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 M4), for the purpose of the FCA's determination of applications for authorisation or registration under Part 2 of these Regulations (including the imposition of requirements in relation to authorisations and registrations).

(4) Regulations 27 (notice of intention) and 28 (decision following notice of intention) come into force on 13th December 2017 for the purposes of enabling the giving of notifications and enabling the FCA to take action in response to such notifications.

(5) Regulations 68(3)(c), 69(2)(a) and (3)(d), 70(2)(a) and (3)(c), 77(4)(c) and (6) and 100 (secure communication and authentication) come into force eighteen months after the date on which the regulatory technical standards adopted under Article 98 of the payment services directive come into force.

(6) Except as provided in paragraphs (2) to (5), these Regulations come into force on 13th January 2018.

(7) Paragraph 6 of Schedule 8 (amendment of the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975) extends to England and Wales only.

InterpretationU.K.

2.—(1) In these Regulations—

“the 2000 Act” means the Financial Services and Markets Act 2000;

“account information service” means an online service to provide consolidated information on one or more payment accounts held by the payment service user with another payment service provider or with more than one payment service provider, and includes such a service whether information is provided—

“account information service provider” means a payment service provider which provides account information services;

“account servicing payment service provider” means a payment service provider providing and maintaining a payment account for a payer;

“acquiring of payment transactions” means a payment service provided by a payment service provider contracting with a payee to accept and process payment transactions which result in a transfer of funds to the payee;

“agent” means a person who acts on behalf of an [F1authorised payment institution, a small payment institution or a registered account information service provider] in the provision of payment services;

“authentication” means a procedure which allows a payment service provider to verify the identity of a payment service user or the validity of the use of a specific payment instrument, including the use of the user's personalised security credentials;

“authorised payment institution” means—

“the FCA” means the Financial Conduct Authority;

“branch” means a place of business, other than the head office, of—

which forms a legally dependent part of such a payment service provider and which carries out directly all or some of the services inherent in the business of such a payment service provider; and, for the purposes of these Regulations, all places of business set up in the same EEA State other than the United Kingdom by an authorised payment institution are to be regarded as a single branch;

“business day” means any day on which the relevant payment service provider is open for business as required for the execution of a payment transaction;

“the capital requirements directive” means Directive 2013/36/EU of the European Parliament and of the Council of 26th June 2013 relating to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC M5;

“the capital requirements regulation” means Regulation (EU) 575/2013 of the European Parliament and of the Council of 26th June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 M6;

“charity”, in Parts 6 (information requirements for payment services) and 7 (rights and obligations in relation to the provision of payment services), means a body whose annual income is less than £1 million and is—

“co-badged”, in relation to a payment instrument, refers to an instrument on which is included two or more payment brands, or two or more payment applications of the same payment brand;

“the Commissioners” means the Commissioners for Her Majesty's Revenue and Customs;

“consumer” means an individual who, in contracts for payment services to which these Regulations apply, is acting for purposes other than a trade, business or profession;

“credit institution” has the meaning given in Article 4(1)(1) of the capital requirements regulation;

“credit transfer” means a payment service for crediting a payee's payment account with a payment transaction or a series of payment transactions from a payer's payment account by the payment service provider which holds the payer's payment account, based on an instruction given by the payer;

“designated system” has the meaning given in regulation 2(1) of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (interpretation) M10;

“digital content” means goods or services which are produced and supplied in digital form, the use or consumption of which is restricted to a technical device and which do not include in any way the use or consumption of physical goods or services;

“direct debit” means a payment service for debiting the payer's payment account where a payment transaction is initiated by the payee on the basis of consent given by the payer to the payee, to the payee's payment service provider or to the payer's own payment service provider;

“durable medium” means any instrument which enables the payment service user to store information addressed personally to them in a way accessible for future reference for a period of time adequate for the purposes of the information and which allows the unchanged reproduction of the information stored;

“the EEA” means the European Economic Area;

“EEA agent” means an agent through which an authorised payment institution, in the exercise of its passport rights, provides payment services in an EEA State other than the United Kingdom;

“EEA authorised payment institution” means a person authorised in an EEA State other than the United Kingdom to provide payment services in accordance with the payment services directive;

“EEA branch” means a branch established by an authorised payment institution, in the exercise of its passport rights, to carry out payment services in an EEA State other than the United Kingdom;

“EEA registered account information service provider” means a person that is registered as an account information service provider in an EEA State other than the United Kingdom under the payment services directive;

“electronic communications network” has the meaning given in Article 2(a) of Directive 2002/21/EC of the European Parliament and of the Council of 7th March 2002 on a common regulatory framework for electronic communications networks and services M11;

“electronic communications service” has the meaning given in Article 2(c) of Directive 2002/21/EC of the European Parliament and of the Council of 7th March 2002 on a common regulatory framework for electronic communications networks and services;

“electronic money” has the meaning given in Article 2(2) of the electronic money directive;

“the electronic money directive” means Directive 2009/110/EC of the European Parliament and of the Council of 16th September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC M12;

“electronic money institution” has the meaning given in Article 2(1) of the electronic money directive;

“European Banking Authority” means the European Banking Authority established by Regulation (EU) 1093/2010 of the European Parliament and of the Council of 24th November 2010 establishing a European Supervisory Authority (European Banking Authority) M13;

“excluded provider” means a provider of services falling within paragraphs 2(k)(i) to (iii), (l) or (o) of Schedule 1 (limited network, electronic communications and cash withdrawal exclusions);

“framework contract” means a contract for payment services which governs the future execution of individual and successive payment transactions and which may contain the obligation and conditions for setting up a payment account;

“funds” means banknotes and coins, scriptural money and electronic money;

“group” means a group of—

“home state competent authority” means the competent authority designated in accordance with Article 22 of the payment services directive as being responsible for the authorisation and prudential supervision of an EEA authorised payment institution which is exercising (or intends to exercise) its passport rights in the United Kingdom;

“host state competent authority” means the competent authority designated in accordance with Article 22 of the payment services directive in an EEA State in which an authorised payment institution exercises (or intends to exercise) its passport rights;

“interchange fee regulation” means Regulation (EU) 2015/751 of the European Parliament and of the Council of 29th April 2015 on interchange fees for card-based payment transactions M16;

“issuing of payment instruments” means a payment service by a payment service provider contracting with a payer to provide a payment instrument to initiate payment orders and to process the payer's payment transactions;

“means of distance communication” means a method which, without the simultaneous physical presence of the payment service provider and the payment service user, may be used for the conclusion of a contract for payment services between those parties;

“micro-enterprise” means an enterprise which, at the time at which the contract for payment services is entered into, is an enterprise as defined in Article 1 and Article 2(1) and (3) of the Annex to Recommendation 2003/361/EC of 6th May 2003 concerning the definition of micro, small and medium-sized enterprises M17;

“the money laundering directive” means Directive 2015/849/EU of the European Parliament and of the Council of 20th May 2015 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC M18;

“money remittance” means a service for the transmission of money (or any representation of monetary value), without any payment accounts being created in the name of the payer or the payee, where—

“notice” means a notice in writing;

“own funds” means own funds as defined in Article 4(1)(118) of the capital requirements regulation, and “Common Equity Tier 1 capital”, “Tier 1 capital” and “Tier 2 capital” have the same meanings as in that regulation;

“parent undertaking” has the same meaning as in the Companies Acts, as defined by section 1162 of, and Schedule 7 to, the Companies Act 2006 (parent and subsidiary undertakings) M19;

“participant” has the meaning given in regulation 2(1) of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (interpretation) M20;

“passport right” means the entitlement of a person to establish or provide services in an EEA State other than that in which they are authorised to provide payment services—

“payee” means a person who is the intended recipient of funds which have been the subject of a payment transaction;

“payer” means—

“payment account” means an account held in the name of one or more payment service users which is used for the execution of payment transactions;

“payment brand” means any material or digital name, term, sign or symbol, or combination of them, capable of denoting under which payment card scheme card-based payment transactions are carried out;

“payment initiation service” means an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider;

“payment initiation service provider” means a payment service provider which provides payment initiation services;

“payment instrument” means any—

used by the payment service user in order to initiate a payment order;

“payment order” means any instruction by a payer or a payee to their respective payment service provider requesting the execution of a payment transaction;

“payment service” means any of the activities specified in Part 1 of Schedule 1 (payment services) when carried out as a regular occupation or business activity, other than any of the activities specified in Part 2 of that Schedule (activities which do not constitute payment services);

“payment services directive” means Directive 2015/2366/EU of the European Parliament and of the Council of 25th November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC M21;

“payment service provider” means any of the following when they carry out payment services—

and in Part 9 (the FCA) and Schedule 6 (application and modification of legislation), includes agents of payment service providers and excluded providers;

“payment service user” means a person when making use of a payment service in the capacity of payer, payee, or both;

“payment system” means a funds transfer system with formal and standardised arrangements and common rules for the processing, clearing and settlement of payment transactions;

“the Payment Systems Regulator” means the body established under section 40 of the Financial Services (Banking Reform) Act 2013 (the Payment Systems Regulator);

“payment transaction” means an act initiated by the payer or payee, or on behalf of the payer, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and payee;

“personalised security credentials” means personalised features provided by a payment service provider to a payment service user for the purposes of authentication;

“qualifying holding” has the meaning given in Article 4(1)(36) of the capital requirements regulation;

“reference exchange rate” means the exchange rate which is used as the basis to calculate any currency exchange and which is made available by the payment service provider or comes from a publicly available source;

“reference interest rate” means the interest rate which is used as the basis for calculating any interest to be applied and which comes from a publicly available source which can be verified by both parties to a contract for payment services;

“the register” means the register maintained by the FCA under regulation 4 (the register of certain payment service providers);

“registered account information service provider” means an account information service provider registered pursuant to regulation 18 and included by the FCA on the register pursuant to regulation 4(1)(c) (the register of certain payment service providers);

“regulated agreement” has the meaning given by section 189(1) of the Consumer Credit Act 1974 (definitions) M22;

“remote payment transaction” means a payment transaction initiated through the internet or otherwise initiated through a device that can be used for distance communication;

“sensitive payment data” means information, including personalised security credentials, which could be used to carry out fraud; but in relation to account information services and payment initiation services does not include the name of an account holder or an account number;

“single payment service contract” means a contract for a single payment transaction not covered by a framework contract;

“small payment institution” means—

“strong customer authentication” means authentication based on the use of two or more elements that are independent, in that the breach of one element does not compromise the reliability of any other element, and designed in such a way as to protect the confidentiality of the authentication data, with the elements falling into two or more of the following categories—

“subsidiary undertaking” has the same meaning as in the Companies Acts (see section 1162 of, and Schedule 7 to, the Companies Act 2006 (parent and subsidiary undertakings));

“transfer order” has the meaning given in regulation 2(1) of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (interpretation) M23;

“unique identifier” means a combination of letters, numbers or symbols specified to the payment service user by the payment service provider and to be provided by the payment service user in relation to a payment transaction in order to identify unambiguously one or both of—

“value date” means a reference time used by a payment service provider for the calculation of interest on the funds debited from or credited to a payment account.

(2) In these Regulations references to amounts in euros include references to equivalent amounts in pounds sterling.

(3) Unless otherwise defined, expressions used in these Regulations which are also used in the payment services directive have the same meaning as in that directive.

(4) Expressions used in a modification to a provision in primary or secondary legislation applied by these Regulations have the same meaning as in these Regulations.

Exemption for certain bodiesU.K.

3.—(1) Subject to paragraph (2) and regulation 4(1)(f), these Regulations do not apply to the following persons—

(a)credit unions;

(b)municipal banks; and

(c)the National Savings Bank.

(2) Where municipal banks provide or propose to provide payment services they must give notice to the FCA.

(3) In this regulation—

“credit union” means a credit union within the meaning of—

“municipal bank” means a company which, immediately before 1st December 2001, fell within the definition of a municipal bank in section 103 of the Banking Act 1987 (municipal banks) M26.

PART 2 U.K.Registration

The registerU.K.

The register of certain payment service providersU.K.

4.—(1) The FCA must maintain a register of—

(a)authorised payment institutions and their EEA branches;

(b)small payment institutions;

(c)registered account information service providers;

(d)persons providing a service falling within paragraph 2(k)(i) to (iii) or (l) of Schedule 1 who have notified the FCA under regulation 38 or 39 (notification of use of limited network or electronic communications exclusion);

(e)agents of authorised payment institutions, small payment institutions and registered account information service providers, registered under regulation 34 (use of agents); and

(f)the persons specified in regulation 3(1) (exemption for certain bodies) where they provide payment services.

(2) The FCA may include on the register any of the persons mentioned in paragraphs (d) to (i) of the definition of a payment service provider in regulation 2(1) (interpretation) where such persons provide payment services.

(3) Where a person mentioned in paragraph (h), (i) or (j) of the definition of a payment service provider in regulation 2(1)—

(a)is not included on the register; and

(b)provides, or proposes to provide, payment services,

the person must give notice to the FCA.

(4) The FCA may—

(a)keep the register in any form it thinks fit;

(b)include on it such information as the FCA considers appropriate, provided that the register identifies the payment services for which an institution is authorised or registered under this Part; and

(c)exploit commercially the information contained in the register, or any part of that information.

(5) The FCA must—

(a)publish the register online and make it available for public inspection;

(b)enter in the register any cancellation of an authorisation or registration;

(c)enter in the register a description of the service provided by a person included on the register by virtue of paragraph (1)(d);

(d)update the register without delay; and

(e)provide a certified copy of the register, or any part of it, to any person who asks for it—

(i)on payment of the fee (if any) fixed by the FCA; and

(ii)in a form (either written or electronic) in which it is legible to the person asking for it.

(6) The FCA must, without delay, notify the European Banking Authority of—

(a)the information entered in the register;

(b)any changes to the information in the register;

(c)the reasons for the cancellation of any authorisation or registration; and

(d)where a person is included on the register by virtue of paragraph (1)(d), the particular exclusion which applies to the services provided by the person.

Authorisation as a payment institutionU.K.

Application for authorisation as a payment institution or variation of an existing authorisationU.K.

5.—(1) An application for authorisation as a payment institution must contain or be accompanied by the information specified in Schedule 2 (information to be included in or with an application for authorisation).

(2) An application for the variation of an authorisation as a payment institution must—

(a)contain a statement of the proposed variation;

(b)contain a statement of the payment services which the applicant proposes to carry on if the authorisation is varied; and

(c)contain, or be accompanied by, such other information as the FCA may reasonably require.

(3) An application under paragraph (1) or (2) must be made in such manner as the FCA may direct.

(4) At any time after receiving an application and before determining it, the FCA may require the applicant to provide it with such further information as it reasonably considers necessary to enable it to determine the application.

(5) Different directions may be given, and different requirements imposed, in relation to different applications or categories of application.

Conditions for authorisation as a payment institutionU.K.

6.—(1) The FCA may refuse to grant all or part of an application for authorisation as a payment institution only if any of the conditions set out in paragraphs (2) to (9) is not met.

(2) The application must comply with the requirements of, and any requirements imposed under, regulations 5 (application for authorisation) and 20 (duty to notify changes).

(3) The applicant must immediately before the time of authorisation hold the amount of initial capital specified in Part 1 of Schedule 3 (capital requirements).

(4) The applicant must be a body corporate constituted under the law of a part of the United Kingdom having—

(a)its head office, and

(b)if it has a registered office, that office,

in the United Kingdom.

(5) The applicant carries on, or will carry on, at least part of its payment service business in the United Kingdom.

(6) The applicant must satisfy the FCA that, taking into account the need to ensure the sound and prudent conduct of the affairs of the institution, it has—

(a)robust governance arrangements for its payment service business, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility;

(b)effective procedures to identify, manage, monitor and report any risks to which it might be exposed;

(c)adequate internal control mechanisms, including sound administrative, risk management and accounting procedures,

which are comprehensive and proportionate to the nature, scale and complexity of the payment services to be provided by the institution.

(7) The applicant must satisfy the FCA that—

(a)any persons having a qualifying holding in it are fit and proper persons having regard to the need to ensure the sound and prudent conduct of the affairs of an authorised payment institution;

(b)the directors and persons responsible for the management of the institution and, where relevant, the persons responsible for the management of payment services, are of good repute and possess appropriate knowledge and experience to provide payment services;

(c)it has a business plan (including, for the first three years, a forecast budget calculation) under which appropriate and proportionate systems, resources and procedures will be employed by the institution to operate soundly;

(d)it has taken adequate measures for the purpose of safeguarding payment service users' funds in accordance with regulation 23 (safeguarding requirements);

(e)in the case of an applicant which proposes to carry on payment initiation services, it holds professional indemnity insurance or a comparable guarantee, which covers—

(i)the territories in which the applicant proposes to offer payment initiation services; and

(ii)the applicant's potential liability under regulations 76 (payment service provider's liability for unauthorised payment transactions) and 91 to 95 (non-execution or defective or late execution of transactions, liability for charges and interest and right of recourse), up to such amount as the FCA may direct; and

(f)in the case of an applicant which proposes to carry on account information services, it holds professional indemnity insurance or a comparable guarantee, which covers—

(i)the territories in which the applicant proposes to offer account information services; and

(ii)the applicant's potential liability to account servicing payment service providers and payment service users resulting from unauthorised or fraudulent access to, or use of, payment account information, up to such amount as the FCA may direct.

(8) The applicant must comply with a requirement of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 M27 to be included in a register maintained under those Regulations where such a requirement applies to the applicant.

(9) If the applicant has close links with another person (“CL”) the applicant must satisfy the FCA—

(a)that those links are not likely to prevent the FCA's effective supervision of the applicant; and

(b)if it appears to the FCA that CL is subject to the laws, regulations or administrative provisions of a territory which is not an EEA State (“the foreign provisions”), that neither the foreign provisions, nor any deficiency in their enforcement, would prevent the FCA's effective supervision of the applicant.

(10) For the purposes of paragraph (9), an applicant has close links with CL if--

(a)CL is a parent undertaking of the applicant;

(b)CL is a subsidiary undertaking of the applicant;

(c)CL is a parent undertaking of a subsidiary undertaking of the applicant;

(d)CL is a subsidiary undertaking of a parent undertaking of the applicant;

(e)CL owns or controls 20% or more of the voting rights or capital of the applicant; or

(f)the applicant owns or controls 20% or more of the voting rights or capital of CL.

Imposition of requirementsU.K.

7.—(1) The FCA may include in an authorisation such requirements as it considers appropriate.

(2) A requirement may, in particular, be imposed so as to require the person concerned to—

(a)take a specified action;

(b)refrain from taking a specified action.

(3) A requirement may be imposed by reference to the person's relationship with its group or other members of its group.

(4) Where—

(a)an applicant for authorisation as a payment institution intends to carry on business activities other than the provision of payment services; and

(b)the FCA considers that the carrying on of such other business activities will impair, or is likely to impair—

(i)the financial soundness of the applicant, or

(ii)the FCA's effective supervision of the applicant,

the FCA may require the applicant to establish a separate body corporate to carry on the payment service business.

(5) A requirement expires at the end of such period as the FCA may specify in the authorisation.

(6) Paragraph (5) does not affect the FCA's powers under regulation 8 or 12 (variation of authorisation).

Variation etc. at request of authorised payment institutionU.K.

8.  The FCA may, on the application of an authorised payment institution, vary that person's authorisation by—

(a)adding a payment service to those for which it has granted authorisation;

(b)removing a payment service from those for which it has granted authorisation;

(c)imposing a requirement such as may, under regulation 7 (imposition of requirements), be included in an authorisation;

(d)cancelling a requirement included in the authorisation or previously imposed under paragraph (c); or

(e)varying such a requirement,

provided that the FCA is satisfied that the conditions set out in regulation 6(4) to (9) (conditions for authorisation) and, if applicable, the requirement in regulation 22(1) (capital requirements) to maintain own funds, are being or are likely to be met.

Determination of application for authorisation or variation of authorisationU.K.

9.—(1) The FCA must determine an application for authorisation or the variation of an authorisation before the end of the period of three months beginning with the date on which it received the completed application.

(2) The FCA may determine an incomplete application if it considers it appropriate to do so, and it must in any event determine any such application within 12 months beginning with the date on which it received the application.

(3) The applicant may withdraw its application, by giving the FCA notice, at any time before the FCA determines it.

(4) The FCA may grant authorisation to carry out the payment services to which the application relates or such of them as may be specified in the grant of the authorisation.

(5) If the FCA decides to grant an application for authorisation, or for the variation of an authorisation, it must give the applicant notice of its decision specifying—

(a)the payment services for which authorisation has been granted; or

(b)the variation granted,

described in such manner as the FCA considers appropriate.

(6) The notice must state the date on which the authorisation or variation takes effect.

(7) If the FCA proposes to refuse an application or to impose a requirement it must give the applicant a warning notice.

(8) The FCA must, having considered any representations made in response to the warning notice—

(a)if it decides to refuse the application or to impose a requirement, give the applicant a decision notice; or

(b)if it grants the application without imposing a requirement, give the applicant notice of its decision, stating the date on which the authorisation or variation takes effect.

(9) If the FCA decides to refuse the application or to impose a requirement the applicant may refer the matter to the Upper Tribunal.

(10) If the FCA decides to authorise the applicant, or vary its authorisation, it must update the register as soon as practicable.

Cancellation of authorisationU.K.

10.—(1) The FCA may cancel a person's authorisation and enter such cancellation in the register where—

(a)the person does not provide payment services within 12 months beginning with the date on which the authorisation took effect;

(b)the person requests, or consents to, the cancellation of the authorisation;

(c)the person ceases to engage in business activity for more than six months;

(d)the person has obtained authorisation through false statements or any other irregular means;

(e)the person no longer meets, or is unlikely to continue to meet, any of the conditions set out in regulation 6(4) to (9) (conditions for authorisation) or, if applicable, the requirement in regulation 22(1) (capital requirements) to maintain own funds, or does not inform the FCA of a major change in circumstances which is relevant to its meeting those conditions or that requirement, as required by regulation 37 (duty to notify change in circumstance);

(f)the person has provided payment services other than in accordance with the authorisation granted to it;

(g)the person would constitute a threat to the stability of, or trust in, a payment system by continuing its payment services business;

(h)the cancellation is desirable in order to protect the interests of consumers; or

(i)the person's provision of payment services is otherwise unlawful, including where such provision of services is unlawful because the person's registration in a register maintained under regulation 54 or 55 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (duty and power to maintain registers) has been cancelled under regulation 60 of those Regulations (cancellation and suspension of registration).

(2) Where the FCA proposes to cancel a person's authorisation, other than at the person's request, it must give the person a warning notice.

(3) The FCA must, having considered any representations made in response to the warning notice—

(a)if it decides to cancel the authorisation, give the person a decision notice; or

(b)if it decides not to cancel the authorisation, give the person notice of its decision.

(4) If the FCA decides to cancel the authorisation, other than at the person's request, the person may refer the matter to the Upper Tribunal.

(5) Where the period for a reference to the Upper Tribunal has expired without a reference being made, the FCA must as soon as practicable update the register accordingly.

Request for cancellation of authorisationU.K.

11.—(1) A request for cancellation of a person's authorisation under regulation 10(1)(b) (cancellation of authorisation) must be made in such manner as the FCA may direct.

(2) At any time after receiving a request and before determining it, the FCA may require the person making the request to provide it with such further information as it reasonably considers necessary to enable it to determine the request.

(3) Different directions may be given and different requirements imposed, in relation to different requests or categories of request.

Variation of authorisation on FCA's own initiativeU.K.

12.—(1) The FCA may vary a person's authorisation in any of the ways mentioned in regulation 8 if it appears to the FCA that—

(a)the person no longer meets, or is unlikely to continue to meet, any of the conditions set out in regulation 6(4) to (9) (conditions for authorisation) or, if applicable, the requirement in regulation 22(1) (capital requirements) to maintain own funds, or does not inform the FCA of a major change in circumstances which is relevant to its meeting those conditions or that requirement, as required by regulation 37 (duty to notify change in circumstance);

(b)the person has provided a particular payment service or payment services other than in accordance with the authorisation granted to it;

(c)the person would constitute a threat to the stability of, or trust in, a payment system by continuing to provide a particular payment service or payment services;

(d)the variation is desirable in order to protect the interests of consumers; or

(e)the person's provision of a particular payment service or payment services is otherwise unlawful, including where such provision of services is unlawful because the person's registration in a register maintained under regulation 54 or 55 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (duty and power to maintain registers) has been cancelled under regulation 60 of those Regulations (cancellation and suspension of registration).

(2) A variation under this regulation takes effect—

(a)immediately, if the notice given under paragraph (6) states that that is the case;

(b)on such date as may be specified in the notice; or

(c)if no date is specified in the notice, when the matter to which the notice relates is no longer open to review.

(3) A variation may be expressed to take effect immediately or on a specified date only if the FCA, having regard to the ground on which it is exercising the power under paragraph (1), reasonably considers that it is necessary for the variation to take effect immediately or, as the case may be, on that date.

(4) The FCA must as soon as practicable after the variation takes effect update the register accordingly.

(5) A person who is aggrieved by the variation of their authorisation under this regulation may refer the matter to the Upper Tribunal.

(6) Where the FCA proposes to vary a person's authorisation under this regulation, it must give the person notice.

(7) The notice must—

(a)give details of the variation;

(b)state the FCA's reasons for the variation and for its determination as to when the variation takes effect;

(c)inform the person that they may make representations to the FCA within such period as may be specified in the notice (whether or not the person has referred the matter to the Upper Tribunal);

(d)inform the person of the date on which the variation takes effect; and

(e)inform the person of their right to refer the matter to the Upper Tribunal and the procedure for such a reference.

(8) The FCA may extend the period allowed under the notice for making representations.

(9) If, having considered any representations made by the person, the FCA decides—

(a)to vary the authorisation in the way proposed, or

(b)if the authorisation has been varied, not to rescind the variation,

it must give the person notice.

(10) If, having considered any representations made by the person, the FCA decides—

(a)not to vary the authorisation in the way proposed,

(b)to vary the authorisation in a different way, or

(c)to rescind a variation which has taken effect,

it must give the person notice.

(11) A notice given under paragraph (9) must inform the person of their right to refer the matter to the Upper Tribunal and the procedure for such a reference.

(12) A notice under paragraph (10)(b) must comply with paragraph (7).

(13) For the purposes of paragraph (2)(c), paragraphs (a) to (d) of section 391(8) of the 2000 Act (publication) apply to determine whether a matter is open to review.

Registration as a small payment institutionU.K.

Application for registration as a small payment institution or variation of an existing registrationU.K.

13.—(1) An application for registration as a small payment institution must contain, or be accompanied by, such information as the FCA may reasonably require.

(2) An application for the variation of a registration as a small payment institution must—

(a)contain a statement of the proposed variation;

(b)contain a statement of the payment services which the applicant proposes to carry on if the registration is varied; and

(c)contain, or be accompanied by, such other information as the FCA may reasonably require.

(3) An application under paragraph (1) or (2) must be made in such manner as the FCA may direct.

(4) At any time after receiving an application and before determining it, the FCA may require the applicant to provide it with such further information as it reasonably considers necessary to enable it to determine the application.

(5) Different directions may be given, and different requirements imposed, in relation to different applications or categories of application.

Conditions for registration as a small payment institutionU.K.

14.—(1) The FCA may refuse to register an applicant as a small payment institution only if any of the conditions set out in paragraphs (2) to (11) is not met.

(2) The application must comply with the requirements of, and any requirements imposed under, regulations 13 and 20.

(3) The monthly average over the period of 12 months preceding the application of the total amount of payment transactions executed by the applicant, including any of its agents in the United Kingdom, must not exceed 3 million euros.

(4) The business to which the application relates must not include the provision of account information services or payment initiation services.

(5) None of the individuals responsible for the management or operation of the business has been convicted of—

(a)an offence under Part 7 of the Proceeds of Crime Act 2002 (money laundering) M28 or under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017;

(b)an offence under section 15 (fund-raising), 16 (use and possession), 17 (funding arrangements), 18 (money laundering) or 63 (terrorist finance: jurisdiction) of the Terrorism Act 2000 M29;

(c)an offence under the 2000 Act;

(d)an offence under regulation 3, 4 or 6 of the Al-Qaida and Taliban (Asset-Freezing) Regulations 2010 M30, or regulation 10 of the ISIL (Da'esh) and Al-Qaida (Asset-Freezing) Regulations 2011 (contravention and circumvention of prohibitions) M31;

(e)an offence under section 11, 12, 13, 14, 15 or 18 of the Terrorist Asset-Freezing etc Act 2010 (offences relating to the freezing of funds etc. of designated persons) M32;

(f)an offence under these Regulations or the Electronic Money Regulations 2011 M33; or

(g)any other financial crimes.

(6) Where the applicant is a partnership, an unincorporated association or a body corporate, the applicant must satisfy the FCA that any persons having a qualifying holding in it are fit and proper persons having regard to the need to ensure the sound and prudent conduct of the affairs of a small payment institution.

(7) The applicant must satisfy the FCA that—

(a)where the applicant is a body corporate, the directors;

(b)the persons responsible for the management of the institution; and

(c)where relevant, the persons responsible for the management of payment services,

are of good repute and possess appropriate knowledge and experience to provide payment services.

(8) If the applicant is a body corporate which has close links with another person (“CL”) the applicant must satisfy the FCA—

(a)that those links are not likely to prevent the FCA's effective supervision of the applicant; and

(b)if it appears to the FCA that CL is subject to the laws, regulations or administrative provisions of a territory which is not an EEA State (“the foreign provisions”), that neither the foreign provisions, nor any deficiency in their enforcement, would prevent the FCA's effective supervision of the applicant.

(9) Regulation 6(10) (conditions for authorisation: definition of close links) applies for the purposes of paragraph (8) of this regulation as it applies for the purposes of regulation 6(9).

(10) The applicant's head office, registered office or place of residence, as the case may be, must be in the United Kingdom.

(11) The applicant must comply with a requirement of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to be included in a register maintained under those Regulations where such a requirement applies to the applicant.

(12) For the purposes of paragraph (3) where the applicant has yet to commence the provision of payment services, or has been providing payment services for less than 12 months, the monthly average may be based on the projected total amount of payment transactions over a 12 month period.

(13) In paragraph (5) “financial crime” includes any offence involving fraud or dishonesty and, for this purpose, “offence” includes any act or omission which would be an offence if it had taken place in the United Kingdom.

Supplementary provisionsU.K.

15.  Regulations 7 to 12 apply to registration as a small payment institution as they apply to authorisation as a payment institution as if—

(a)references to authorisation were references to registration;

(b)in regulation 7 (imposition of requirements), paragraph (4) were omitted;

(c)in regulation 8 (variation at request of authorised payment institution)—

(i)for “an authorised payment institution” there were substituted “ small payment institution ”; and

(ii)for “provided that” to the end there were substituted—

“provided that the FCA is satisfied that the conditions set out in regulation 14(4) to (11) are being or are likely to be met and that the monthly average over any period of 12 months of the total amount of payment transactions executed by the institution, including any of its agents in the United Kingdom, continues not to exceed 3 million euros (“the financial limit”).”;

(d)in regulation 10(1) (cancellation of authorisation) for sub-paragraph (e) there were substituted—

“(e)the person does not meet, or is unlikely to meet, any of the conditions set out in regulation 14(4) to (11) (conditions for registration as small payment institution) or the financial limit referred to in regulation 8 or does not inform the FCA of a major change in circumstances which is relevant to its meeting those conditions or that requirement, as required by regulation 37 (duty to notify change in circumstance);”; and

(e)in regulation 12(1) (variation of authorisation on FCA's own initiative) for sub-paragraph (a) there were substituted—

“(a)the person does not meet, or is unlikely to meet, any of the conditions set out in regulation 14(4) to (11) or the financial limit referred to in regulation 8;”.

Application for authorisation or registration if requirements cease to be metU.K.

16.  If a small payment institution no longer meets a condition in regulation 14(3), (5) or (10) (conditions for registration as small payment institution) or intends to provide services other than those permitted by regulation 32 (additional activities), the institution concerned must, within 30 days of becoming aware of the change in circumstances, apply for authorisation as a payment institution under regulation 5 or registration as an account information service provider under regulation 17, as appropriate, if it intends to continue providing payment services in the United Kingdom.

Registration as an account information service providerU.K.

Application for registration as an account information service provider or variation of an existing registrationU.K.

17.—(1) An application for registration as an account information service provider or for the variation of a registration as an account information service provider must—

(a)contain or be accompanied by the information specified in paragraphs 1, 2, 5 to 8, 10, 12, 14 and 16 to 19 of Schedule 2 (information to be provided in or with an application for authorisation); and

(b)be made in such manner as the FCA may direct.

(2) At any time after receiving an application and before determining it, the FCA may require the applicant to provide it with such further information as it reasonably considers necessary to enable it to determine the application.

(3) Different directions may be given, and different requirements imposed, in relation to different applications or categories of application.

Conditions for registration as an account information service providerU.K.

18.—(1) The FCA may refuse to register an applicant as an account information service provider if—

(a)any of the conditions set out in paragraphs (2) to (4) is not met; or

(b)any of the grounds in regulation 10(1) (as applied by regulation 19) would be met if the applicant were registered.

(2) The application must comply with the requirements of, and any requirements imposed under, regulations 17 (application for registration as an account information service provider) and 20 (duty to notify changes).

(3) The business to which the application relates must not include the provision of any payment service other than account information services.

(4) The applicant must hold professional indemnity insurance or a comparable guarantee, which covers—

(a)the territories in which the applicant proposes to offer account information services; and

(b)the applicant's potential liability to account servicing payment service providers and payment service users resulting from unauthorised or fraudulent access to, or use of, payment account information, up to such amount as the FCA may direct.

Supplementary provisionsU.K.

19.  Regulations 7 to 12 apply to registration as an account information service provider as they apply to authorisation as a payment institution, but as if—

(a)references to authorisation were references to registration;

(b)in regulation 7 (imposition of requirements), paragraph (4) were omitted;

(c)in regulation 8 (variation at request of authorised payment institution)—

(i)for “an authorised payment institution” there were substituted “ registered account information service provider ”;

(ii)paragraphs (a) and (b) were omitted; and

(iii)for “provided that” to the end there were substituted “ provided that the conditions set out in regulation 18(3) and (4) are being or are likely to be met. ”;

(d)in regulation 10(1) (cancellation of authorisation) for sub-paragraph (e) there were substituted—

“(e)the person does not meet, or is unlikely to meet, the conditions set out in regulation 18(3) and (4);”; and

(e)in regulation 12(1) (variation of authorisation on FCA's own initiative) for sub-paragraph (a) there were substituted—

“(a)the person does not meet, or is unlikely to meet, the conditions set out in regulation 18(3) and (4);”.

Common provisionsU.K.

Duty to notify changesU.K.

20.—(1) If at any time after an applicant has provided the FCA with any information under regulation 5(1), (2), or (4) (application for authorisation or variation of authorisation), 13(1), (2) or (4) (application for registration as a small payment institution or variation of registration) or 17(1) or (2) (application for registration as an account information service provider or variation of registration) and before the FCA has determined the application—

(a)there is, or is likely to be, a material change affecting any matter contained in that information; or

(b)it becomes apparent to the applicant that the information is incomplete or contains a material inaccuracy,

the applicant must provide the FCA with details of the change, the complete information or a correction of the inaccuracy (as the case may be) without undue delay, or, in the case of a material change which has not yet taken place, the applicant must provide details of the likely change as soon as the applicant is aware of such change.

(2) The obligation in paragraph (1) also applies to material changes or significant inaccuracies affecting any matter contained in any supplementary information provided pursuant to that paragraph.

(3) Any information to be provided to the FCA under this regulation must be in such form or verified in such manner as it may direct.

Authorised payment institutions, small payment institutions and registered account information service providers acting without permissionU.K.

21.  If an authorised payment institution, a small payment institution or a registered account information service provider carries on a payment service in the United Kingdom, or purports to do so, other than in accordance with an authorisation or registration granted to it by the FCA, it is to be taken to have contravened a requirement imposed on it under these Regulations.

PART 3 U.K.Authorised Payment Institutions

Capital requirementsU.K.

22.—(1) An authorised payment institution must maintain at all times own funds equal to or in excess of the greater of—

(a)the amount of initial capital specified in Part 1 of Schedule 3 (capital requirements), or

(b)in the case of an authorised payment institution which does not fall within paragraph (2), the amount of own funds calculated in accordance with Part 2 of Schedule 3.

(2) An authorised payment institution falls within this paragraph if—

(a)it does not offer payment services specified in paragraph 1(a) to (f) of Schedule 1 (payment services other than payment initiation services or account information services); or

(b)(i)it is included in the consolidated supervision of a parent credit institution pursuant to the capital requirements directive; and

(ii)all of the conditions specified in Article 7(1) of the capital requirements regulation are met in respect of it.

(3) The own funds maintained must meet the following requirements—

(a)the amount of Tier 2 capital must be equal to or less than one third of the amount of Tier 1 capital;

(b)at least 75% of the amount of Tier 1 capital must be in the form of Common Equity Tier 1 capital.

(4) An authorised payment institution must not include in its own funds calculation any item—

(a)used in an equivalent calculation by an authorised payment institution, credit institution, investment firm, asset management company or insurance undertaking in the same group; or

(b)in the case of an authorised payment institution which carries out activities other than providing payment services, is used in carrying out those activities.

Safeguarding requirementsU.K.

23.—(1) For the purposes of this regulation “relevant funds” comprise the following—

(a)sums received from, or for the benefit of, a payment service user for the execution of a payment transaction; and

(b)sums received from a payment service provider for the execution of a payment transaction on behalf of a payment service user.

(2) Where—

(a)only a portion of the sums referred to in paragraph (1)(a) or (b) is to be used for the execution of a payment transaction (with the remainder being used for non-payment services); and

(b)the precise portion attributable to the execution of the payment transaction is variable or unknown in advance,

the relevant funds are such amount as may be reasonably estimated, on the basis of historical data and to the satisfaction of the FCA, to be representative of the portion attributable to the execution of the payment transaction.

(3) An authorised payment institution must safeguard relevant funds in accordance with either—

(a)paragraphs (5) to (11); or

(b)paragraphs (12) and (13).

(4) An authorised payment institution may safeguard certain relevant funds in accordance with paragraphs (5) to (11) and the remaining relevant funds in accordance with paragraphs (12) and (13).

(5) An authorised payment institution must keep relevant funds segregated from any other funds that it holds.

(6) Where the authorised payment institution continues to hold the relevant funds at the end of the business day following the day on which they were received it must—

(a)place them in a separate account that it holds with an authorised credit institution or the Bank of England; or

(b)invest the relevant funds in such secure, liquid assets as the FCA may approve (“relevant assets”) and place those assets in a separate account with an authorised custodian.

(7) An account in which relevant funds or relevant assets are placed under paragraph (6) must—

(a)be designated in such a way as to show that it is an account which is held for the purpose of safeguarding relevant funds or relevant assets in accordance with this regulation; and

(b)be used only for holding those funds or assets [F2, or for holding those funds or assets together with proceeds of an insurance policy or guarantee held in accordance with paragraph (12)(b)].

(8) No person other than the authorised payment institution may have any interest in or right over the relevant funds or relevant assets placed in an account in accordance with paragraph (6)(a) or (b) except as provided by this regulation.

(9) Notwithstanding paragraphs (5), (6), (7)(b) and (8), where an authorised payment institution is a participant in a designated system and the institution holds an account at the Bank of England for the purposes of completing the settlement of transfer orders that have been entered into the designated system on behalf of payment service users—

(a)funds held in the account pending settlement in accordance with the rules or default arrangements of the designated system, in respect of transfer orders that have been entered into the designated system on behalf of payment service users, may continue to be held in the account with relevant funds;

(b)the account, or a specified amount of funds in the account, may be subject to an interest or right in favour of the Bank of England in order to ensure the availability of funds to complete the settlement of transfer orders in accordance with the rules or default arrangements of the designated system;

(c)subject to paragraph (10), funds received into the account by the authorised payment institution upon settlement are to be considered as having been appropriately safeguarded in accordance with this regulation from the time of receipt in the designated system until the time of receipt into the account.

(10) The FCA may direct that paragraph (9)(c) does not apply in relation to a designated system if, in the FCA's view, the rules and default arrangements of that system do not adequately insulate the funds of payment service users from the claims of other creditors of authorised payment institutions which are participants in the system.

(11) The authorised payment institution must keep a record of—

(a)any relevant funds segregated in accordance with paragraph (5);

(b)any relevant funds placed in an account in accordance with paragraph (6)(a);

(c)any relevant assets placed in an account in accordance with paragraph (6)(b);

(d)any funds held in an account as permitted by paragraph (9)(a);

(e)any funds expected to be received into an account as described in paragraph (9)(c) in respect of transfer orders that have been entered into the designated system;

(f)any funds received into an account as described in paragraph (9)(c).

(12) The authorised payment institution must ensure that—

(a)any relevant funds are covered by—

(i)an insurance policy with an authorised insurer;

(ii)a comparable guarantee given by an authorised insurer; or

(iii)a comparable guarantee given by an authorised credit institution; and

(b)the proceeds of any such insurance policy or guarantee are payable upon an insolvency event into a separate account held by the authorised payment institution which must—

(i)be designated in such a way as to show that it is an account which is held for the purpose of safeguarding relevant funds in accordance with this regulation; and

(ii)be used only for holding such proceeds [F3, or for holding those proceeds together with funds or assets held in accordance with paragraph (7)].

(13) No person other than the authorised payment institution may have any interest in or right over the proceeds placed in an account in accordance with paragraph (12)(b) except as provided by this regulation.

(14) Subject to paragraph (15), where there is an insolvency event—

(a)the claims of payment service users are to be paid from the asset pool in priority to all other creditors; and

(b)until all the claims of payment service users have been paid, no right of set-off or security right may be exercised in respect of the asset pool except to the extent that the right of set-off relates to fees and expenses in relation to operating an account held in accordance with paragraph (6)(a) or (b), (9) or (12)(b).

(15) The claims referred to in paragraph (14)(a) shall not be subject to the priority of expenses of an insolvency proceeding except in respect of the costs of distributing the asset pool.

(16) Paragraphs (14) and (15) apply to any relevant funds which a small payment institution voluntarily safeguards in accordance with either paragraphs (5) to (11) or paragraphs (12) and (13).

(17) An authorised payment institution (and any small payment institution which voluntarily safeguards relevant funds) must maintain organisational arrangements sufficient to minimise the risk of the loss or diminution of relevant funds or relevant assets through fraud, misuse, negligence or poor administration.

(18) In this regulation—

“asset pool” means—

“authorised insurer” means a person authorised for the purposes of the 2000 Act to effect and carry out a contract of general insurance as principal or otherwise authorised in accordance with Article 14 of Directive 2009/138/EC of the European Parliament and of the Council of 25th November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) M34 to carry out non-life insurance activities as referred to in Article 2(2) of that Directive, other than a person in the same group as the authorised payment institution;

“authorised credit institution” means a person authorised for the purposes of the 2000 Act to accept deposits or otherwise authorised as a credit institution in accordance with Article 8 of the capital requirements directive other than a person in the same group as the authorised payment institution;

“authorised custodian” means a person authorised for the purposes of the 2000 Act to safeguard and administer investments or authorised as an investment firm under Article 5 of Directive 2014/65/EU of 15th May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU M35 which holds those investments under regulatory standards at least equivalent to those set out under Article 16 of that Directive;

“default arrangements” has the meaning given in regulation 2(1) of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 M36 (interpretation);

“insolvency event” means any of the following procedures in relation to an authorised payment institution or small payment institution—

“insolvency proceeding” means—

“rules” has the meaning given in regulation 2(1) of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (interpretation);

“security right” means—

“settlement” and “system” have the same meanings as in the Financial Markets and Insolvency (Settlement Finality) Regulations 1999.

Accounting and statutory auditU.K.

24.—(1) Where an authorised payment institution carries on activities other than the provision of payment services, it must provide to the FCA separate accounting information in respect of its provision of payment services.

(2) Such accounting information must be subject, where relevant, to an auditor's report prepared by the institution's statutory auditors or an audit firm (within the meaning of Directive 2006/43/EC of the European Parliament and of the Council of 17th May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC M37).

(3) A statutory auditor or audit firm (“the auditor”) must, in any of the circumstances referred to in paragraph (4), communicate to the FCA information on, or its opinion on, matters—

(a)of which it has become aware in its capacity as auditor of an authorised payment institution or of a person with close links to an authorised payment institution; and

(b)which relate to payment services provided by that institution.

(4) The circumstances are that—

(a)the auditor reasonably believes that—

(i)there is or has been, or may be or may have been, a contravention of any requirement imposed on the authorised payment institution by or under these Regulations; and

(ii)the contravention may be of material significance to the FCA in determining whether to exercise, in relation to that institution, any functions conferred on the FCA by these Regulations;

(b)the auditor reasonably believes that the information on, or his opinion on, those matters may be of material significance to the FCA in determining whether the institution meets or will continue to meet the conditions set out in regulation 6(4) to (9) (conditions for authorisation) and, if applicable, the requirement in regulation 22(1) (capital requirements) to maintain own funds;

(c)the auditor reasonably believes that the institution is not, may not be or may cease to be, a going concern;

(d)the auditor is precluded from stating in his report that the annual accounts have been properly prepared in accordance with the Companies Act 2006;

(e)the auditor is precluded from stating in his report, where applicable, that the annual accounts give a true and fair view of the matters referred to in section 495 of the Companies Act 2006 (auditor's report on company's annual accounts) M38 including as it is applied and modified by regulation 39 of the Limited Liability Partnerships (Accounts and Audit) (Application of Companies Act 2006) Regulations 2008 (“the LLP Regulations”) (auditor's report) M39; or

(f)the auditor is required to state in his report in relation to the person concerned any of the facts referred to in subsection (2), (3) or (5) of section 498 of the Companies Act 2006 (duties of auditor) or, in the case of limited liability partnerships, subsection (2), (3) or (4) of section 498 as applied and modified by regulation 40 of the LLP Regulations (duties and rights of auditors).

(5) In this regulation a person has close links with an authorised payment institution (“A”) if that person is—

(a)a parent undertaking of A;

(b)a subsidiary undertaking of A;

(c)a parent undertaking of a subsidiary undertaking of A; or

(d)a subsidiary undertaking of a parent undertaking of A.

OutsourcingU.K.

25.—(1) An authorised payment institution must notify the FCA of its intention to enter into a contract with another person under which that other person will carry out any operational function relating to its provision of payment services (“outsourcing”).

(2) Where an authorised payment institution intends to outsource any important operational function, including the provision of an information technology system, all of the following conditions must be met—

(a)the outsourcing is not undertaken in such a way as to impair—

(i)the quality of the authorised payment institution's internal control; or

(ii)the ability of the FCA to monitor and retrace the authorised payment institution's compliance with these Regulations;

(b)the outsourcing does not result in any delegation by the senior management of the authorised payment institution of responsibility for complying with the requirements imposed by or under these Regulations;

(c)the relationship and obligations of the authorised payment institution towards its payment service users under these Regulations is not substantially altered;

(d)compliance with the conditions which the authorised payment institution must observe in order to be authorised and remain so is not adversely affected; and

(e)none of the conditions of the payment institution's authorisation requires removal or variation.

(3) For the purposes of paragraph (2), an operational function is important if a defect or failure in its performance would materially impair—

(a)compliance by the authorised payment institution with these Regulations and any requirements of its authorisation;

(b)the financial performance of the authorised payment institution; or

(c)the soundness or continuity of the authorised payment institution's payment services.

(4) An authorised payment institution must notify the FCA without undue delay of any change in outsourced functions or the persons to which functions are outsourced.

Exercise of passport rightsU.K.

Application of regulations 27 to 30 to account information service providersU.K.

26.  Regulations 27 to 30 apply in relation to a registered account information service provider as if the provider were an authorised payment institution, and apply in relation to an EEA registered account information service provider as if the provider were an EEA authorised payment institution.

Notice of intentionU.K.

27.—(1) Where an authorised payment institution intends to exercise its passport rights for the first time in an EEA State it must give the FCA, in such manner as the FCA may direct, notice of its intention to do so (“a notice of intention”) which—

(a)states the name and address of the authorised payment institution, and any authorisation or reference number;

(b)identifies the EEA States in which it intends to operate;

(c)identifies the payment services which it seeks to carry on in those States;

(d)if the authorised payment institution intends to use an agent to provide the services in any of those States, includes the information referred to in regulation 34(3)(a) (use of agents);

(e)if the authorised payment institution intends to use an EEA branch to provide the services in any of those States, includes—

(i)the information referred to in paragraphs 2 and 5 of Schedule 2 (information to be included in or with an application for authorisation) in relation to the services to be provided through each EEA branch;

(ii)the names of those responsible for the management of each proposed EEA branch; and

(iii)details of the organisational structure of each proposed EEA branch; and

(f)if the authorised payment institution intends to enter into a contract with a person in another EEA State under which that person will carry out any operational function relating to its provision of payment services in that EEA State, includes notification of that intention.

(2) If any of the information provided by an authorised payment institution in a notice of intention changes, including by the addition of a further branch, the authorised payment institution must give the FCA notice of such changes in a further notice of intention.

(3) The FCA must, within one month beginning with the date on which it receives a complete notice of intention, inform the host state competent authority of the information contained in the notice of intention.

Decision following notice of intentionU.K.

28.—(1) If the FCA, taking into account any information received from the host state competent authority, proposes to determine that an authorised payment institution is not permitted to exercise passport rights in an EEA State as notified in a notice of intention, the FCA must give the relevant authorised payment institution a warning notice.

(2) The FCA must, within the period of three months beginning with the date on which it receives a notice of intention and having considered any representations made in response to the warning notice—

(a)if it decides—

(i)that the authorised payment institution is not permitted to exercise passport rights in the EEA State, not to register an EEA branch, or to cancel the registration an EEA branch, give the authorised payment institution a decision notice; or

(ii)that the authorised payment institution is permitted to exercise passport rights in the EEA State, to register an EEA branch, or not to cancel the registration of an EEA branch, give the authorised payment institution notice of its decision; and

(b)notify the host state competent authority of its decision, providing reasons for that decision if the FCA does not agree with the assessment of the host state competent authority.

(3) If the FCA decides that the authorised payment institution is not permitted to exercise passport rights in the EEA State, not to register an EEA branch, or to cancel the registration of an EEA branch, the authorised payment institution may refer the matter to the Upper Tribunal.

(4) If the FCA decides to register an EEA branch, it must update the register as soon as practicable.

(5) If the FCA decides to cancel the registration of an EEA branch, the FCA must, where the period for a reference to the Upper Tribunal has expired without a reference being made, as soon as practicable update the register accordingly.

(6) The authorised payment institution may commence activities as notified in its notice of intention only after the FCA has notified the institution of its decision under paragraph (2)(a)(ii) and, in the case of services to be provided through an EEA branch, after entry of the branch on the register.

(7) After registration, the authorised payment institution must notify the FCA of the date on which it starts to provide payment services in the other EEA State through the EEA branch, and the FCA must notify such date to the host state competent authority.

Notice of intention from an EEA authorised payment institutionU.K.

29.—(1) If a home state competent authority sends information to the FCA about an EEA authorised payment institution which intends to provide payment services in the United Kingdom, the FCA must, before the end of the period of one month beginning on the day which the FCA receives all the required information—

(a)assess the information; and

(b)provide relevant information to the home state competent authority in connection with the intended provision of payment services in the United Kingdom, including in particular any reasonable grounds for concern with regard to money laundering or terrorist financing within the meaning of the money laundering directive in connection with the intended appointment of an agent or establishment of a branch in the United Kingdom.

(2) The EEA authorised payment institution may provide payment services in the United Kingdom in accordance with the information it has provided to the home state competent authority upon entry of the branch or agent in the register maintained by the home state competent authority.

Supervision of firms exercising passport rightsU.K.

30.—(1) Without prejudice to the generality of regulation 147 (duty to co-operate and exchange of information), the FCA must co-operate with the host state competent authority or home state competent authority, as the case may be, in relation to the exercise of passport rights by any authorised payment institution or EEA authorised payment institution.

(2) The FCA must, in particular—

(a)notify the host state competent authority whenever it intends to carry out an on-site inspection in the host state competent authority's territory; and

(b)provide the host state competent authority or home state competent authority, as the case may be—

(i)on request, with all relevant information; and

(ii)on its own initiative, with all essential information, including on compliance with the conditions at regulation 6(4) and (5) (conditions for authorisation),

relating to the exercise of passport rights by an authorised payment institution or EEA authorised payment institution, including where there is an infringement or suspected infringement of these Regulations or of the provisions of the payment services directive by an agent or branch.

(3) Where the FCA and the home state competent authority agree, the FCA may carry out on-site inspections on behalf of the home state competent authority in respect of payment services provided by an EEA authorised payment institution exercising its passport rights.

(4) The FCA may direct that an EEA authorised payment institution exercising its passport rights to provide payment services in the United Kingdom through a branch or an agent in the United Kingdom must report to the FCA on such activities, for information and statistical purposes and, where the EEA authorised payment institution has exercised its right of establishment in the United Kingdom, to monitor compliance with Parts 6 (information requirements for payment services) and 7 (rights and obligations in relation to the provision of payment services) of these Regulations.

(5) Reports required under paragraph (4) must be given at such times and in such form, and verified in such manner, as the FCA may direct.

(6) An agent in the United Kingdom appointed by an EEA authorised payment institution or a branch of an EEA authorised payment institution in the United Kingdom must maintain the confidentiality of any confidential information provided to the FCA under paragraph (4).

(7) The FCA may direct that an EEA authorised payment institution exercising its passport rights to provide payment services in the United Kingdom through an agent under the right of establishment must appoint a central contact point in the United Kingdom in order to ensure adequate communication and information reporting on compliance with Parts 6 and 7 and to facilitate supervision by the FCA and the home state competent authority.

(8) If a host state competent authority informs the FCA that an authorised payment institution providing services through an EEA branch or an EEA agent does not comply with a provision of the payment services directive, the FCA must—

(a)exercise its powers as appropriate without undue delay, to ensure that the authorised payment institution complies with the relevant provisions; and

(b)inform the host state competent authority and the competent authority of any other relevant EEA State of the measures taken without delay.

(9) Where immediate action is necessary to address a serious risk to the collective interests of payment service users in the United Kingdom, the FCA may, in addition to providing information under paragraph (2), take precautionary measures in relation to an EEA authorised payment institution pending action by the home state competent authority.

(10) Any measures taken under paragraph (9) must be temporary and must end when the risk identified has been addressed.

(11) If the FCA decides to take measures under paragraph (9), it must inform the home state competent authority, the competent authority of any other relevant EEA State, and the European Banking Authority of the measures to be taken and the reason that immediate action is necessary—

(a)in advance of taking the measures, if that is compatible with the need for immediate action; and

(b)in any event without undue delay.

(12) In paragraphs (8)(b) and (11) “competent authority of any other relevant EEA State” means a competent authority designated in accordance with Article 22 of the payment services directive in an EEA State which the FCA considers to have an interest in the measures taken, or to be taken, by the FCA.

PART 4 U.K.Provisions Applicable to Authorised Payment Institutions and Small Payment Institutions

Record keepingU.K.

31.—(1) An authorised payment institution or small payment institution must maintain relevant records and keep them for at least five years from the date on which the record was created.

(2) For the purposes of paragraph (1), records are relevant where they relate to compliance with obligations imposed by or under Parts 2 to 5 and, in particular, would enable the FCA to supervise effectively such compliance.

Additional activitiesU.K.

32.—(1) Authorised payment institutions and small payment institutions may, in addition to providing payment services, engage in the following activities—

(a)the provision of operational and closely related ancillary services, including—

(i)ensuring the execution of payment transactions;

(ii)foreign exchange services;

(iii)safe-keeping activities; and

(iv)the storage and processing of data;

(b)the operation of payment systems; and

(c)business activities other than the provision of payment services, subject to any relevant provision of EU or national law.

(2) Authorised payment institutions and small payment institutions may grant credit in relation to the provision of the payment services specified in paragraph 1(d) or (e) of Schedule 1 (execution of payment transactions where funds are covered by a credit line, issuing payment instruments or acquiring payment transactions) only if—

(a)such credit is ancillary and granted exclusively in connection with the execution of a payment transaction;

(b)such credit is not granted from the funds received or held for the purposes of executing payment transactions;

(c)in cases where such credit is granted by an authorised payment institution exercising its passport rights, there is an obligation upon the payment service user to repay the credit within a period not exceeding 12 months; and

(d)in relation to an authorised payment institution, in the opinion of the FCA the institution's own funds are, and continue to be, adequate in the light of the overall amount of credit granted.

Payment accounts and sums received for the execution of payment transactionsU.K.

33.  Any payment account held by an authorised payment institution or a small payment institution must be used only in relation to payment transactions.

Use of agentsU.K.

34.—(1) Authorised payment institutions [F4, small payment institutions and registered account information service providers] may not provide payment services in the United Kingdom through an agent unless the agent is included on the register.

(2) Authorised payment institutions [F5and registered account information service providers] may not provide payment services in exercise of their passport rights through an EEA agent unless the agent is included in the register.

(3) An application for an agent to be included on the register must—

(a)contain, or be accompanied by, the following information—

(i)the name and address of the agent;

(ii)where relevant, a description of the internal control mechanisms that will be used by the agent to comply with the provisions of the money laundering directive (or, in the United Kingdom, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 M40);

(iii)the identity of the directors and persons responsible for the management of the agent and, if the agent is not a payment service provider, evidence that they are fit and proper persons;

(iv)the payment services for which the agent is appointed;

(v)the unique identification code or number of the agent, if any; and

(vi)such other information as the FCA may reasonably require; and

(b)be made in such manner as the FCA may direct.

(4) Different directions may be given, and different requirements imposed, in relation to different applications or categories of application.

(5) At any time after receiving an application and before determining it, the FCA may require the applicant to provide it with such further information as it reasonably considers necessary to enable it to determine the application.

(6) Where the application relates to the provision of payment services in exercise of passport rights through an EEA agent, the FCA must, within one month beginning with the date on which it received the completed application, inform the host state competent authority of the information provided under paragraph (3) or (5).

(7) The FCA may refuse to include the agent on the register only if—

(a)it has not received the information referred to in paragraph (3)(a), or is not satisfied that such information is correct;

(b)it is not satisfied that the directors and persons responsible for the management of the agent are fit and proper persons;

(c)it has reasonable grounds to suspect that, in connection with the provision of services through the agent—

(i)money laundering or terrorist financing within the meaning of the money laundering directive (or, in the United Kingdom, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017) is taking place, has taken place, or has been attempted; or

(ii)the risk of such activities taking place would be increased.

(8) If the FCA proposes to refuse to include the agent on the register, it must give the authorised payment institution [F6, the small payment institution or the registered account information service provider], as the case may be, a warning notice.

(9) The FCA must, having considered any representations made in response to the warning notice—

(a)if it decides not to include the agent on the register, give the applicant a decision notice; or

(b)if it decides to include the agent on the register, give the applicant notice of its decision, stating the date on which the registration takes effect.

(10) Where the application relates to the provision of payment services in exercise of passport rights through an EEA agent, the FCA must—

(a)take into account any information received from the host state competent authority in making its decision; and

(b)notify the host state competent authority of its decision, providing reasons for that decision if the FCA does not agree with the assessment of the host state competent authority.

(11) The FCA must give any notice required by paragraph (9) or (10)—

(a)where the application relates to the provision of payment services in the United Kingdom, within a period of two months beginning on the date on which the FCA received the completed application;

(b)where the application relates to the provision of payment services in the exercise of passport rights through an EEA agent, within a period of three months beginning on the date on which the FCA received the completed application.

(12) If the FCA decides not to include the agent on the register the applicant may refer the matter to the Upper Tribunal.

(13) If the FCA decides to include the agent on the register, it must update the register as soon as practicable.

(14) An authorised payment institution [F7or registered account information service provider] must notify the FCA of the date on which it starts to provide payment services in another EEA State through a registered EEA agent, and the FCA must notify such date to the host state competent authority.

(15) An application under paragraph (3) may be combined with an application under regulation 5 [F8, 13 or 17], in which case the application must be determined in the manner set out in regulation 9 (determination of application for authorisation) (if relevant, as applied by regulation 15 [F9or 19] (supplementary provisions relating to applications for registration as a small payment institution [F10or account information service provider]).

(16) An authorised payment institution [F11, a small payment institution or a registered account information service provider] must ensure that agents acting on its behalf inform payment service users of the agency arrangement.

(17) An authorised payment institution [F12, a small payment institution or a registered account information service provider] must notify the FCA without undue delay if there is any change in the information provided under paragraph (3) or (5).

Removal of agent from registerU.K.

35.—(1) The FCA may remove an agent of an authorised payment institution [F13, small payment institution or registered account information service provider] from the register where—

(a)the authorised payment institution [F13, small payment institution or registered account information service provider] requests, or consents to, the agent's removal from the register;

(b)the authorised payment institution [F13, small payment institution or registered account information service provider] has obtained registration through false statements or any other irregular means;

(c)regulation 34(7)(b) or (c) (use of agents) applies;

(d)the removal is desirable in order to protect the interests of consumers; or

(e)the agent's provision of payment services is otherwise unlawful.

(2) Where the FCA proposes to remove an agent from the register, other than at the request of the authorised payment institution [F13, small payment institution or registered account information service provider], it must give the authorised payment institution [F13, small payment institution or registered account information service provider] a warning notice.

(3) The FCA must, having considered any representations made in response to the warning notice—

(a)if it decides to remove the agent, give the authorised payment institution [F13, small payment institution or registered account information service provider] a decision notice; or

(b)if it decides not to remove the agent, give the authorised payment institution [F13, small payment institution or registered account information service provider] notice of its decision.

(4) If the FCA decides to remove the agent, other than at the request of the authorised payment institution [F13, small payment institution or registered account information service provider], the [F14authorised payment institution, small payment institution or registered account information service provider] may refer the matter to the Upper Tribunal.

(5) Where the period for a reference to the Upper Tribunal has expired without a reference being made, the FCA must as soon as practicable update the register accordingly.

RelianceU.K.

36.—(1) Where an authorised payment institution [F15, a small payment institution or a registered account information service provider] relies on a third party for the performance of operational functions it must take all reasonable steps to ensure that these Regulations are complied with.

(2) Without prejudice to paragraph (1), an authorised payment institution [F15, a small payment institution or a registered account information service provider] is responsible, to the same extent as if it had expressly permitted it, for anything done or omitted by any of its employees, any agent or branch providing payment services on its behalf, or any entity to which activities are outsourced.

Duty to notify change in circumstanceU.K.

37.—(1) Where it becomes apparent to an authorised payment institution [F16, a small payment institution or a registered account information service provider] that there is, or is likely to be, a significant change in circumstances which is relevant to—

(a)in the case of an authorised payment institution—

(i)its fulfilment of any of the conditions set out in regulation 6(4) to (9) (conditions for authorisation) and, if applicable, the requirement in regulation 22(1) (capital requirements) to maintain own funds;

(ii)the payment services which it seeks to carry on in exercise of its passport rights;

(b)in the case of a small payment institution, its fulfilment of any of the conditions set out in regulation 14(5) to (11) (conditions for registration as a small payment institution) and compliance with the financial limit referred to in regulation 8 (as modified by regulation 15) (variation of registration at request of small payment institution); F17...

[F18(ba)in the case of a registered account information service provider, its fulfilment of any of the conditions set out in regulation 18(3) and (4) (conditions for registration); and]

(c)in the case of the use of an agent to provide payment services, the matters referred to in regulation 34(7)(b) and (c) (use of agents),

it must provide the FCA with details of the change without undue delay, or, in the case of a substantial change in circumstances which has not yet taken place, details of the likely change a reasonable period before it takes place.

(2) Any information to be provided to the FCA under this regulation must be in such form or verified in such manner as it may direct.

PART 5 U.K.Requirements for providers of certain services which are not payment services

Notification of use of limited network exclusionU.K.

38.—(1) If a person (“service provider”) provides services of the type falling within paragraph 2(k)(i) to (iii) of Schedule 1 (limited network exclusion) and the total value of the payment transactions executed through such services provided by the service provider in any period of 12 months exceeds 1 million euros, the service provider must notify the FCA.

(2) The period of 12 months referred to in paragraph (1) does not include any period in respect of which a notification has already been made under paragraph (1).

(3) A notification under paragraph (1) must—

(a)include a description of the services offered; and

(b)specify the exclusion by virtue of which the services are not payment services.

(4) Notifications and information provided to the FCA under this regulation must be given—

(a)within such time as the FCA may direct after the end of the period of 12 months referred to in paragraph (1); and

(b)in such form or verified in such manner as the FCA may direct,

and different directions may be given in relation to different notifications or information or categories of notification or information.

(5) When the FCA receives a notification under this regulation, the FCA must assess whether the notified services fall within paragraph 2(k)(i) to (iii) of Schedule 1.

(6) If the FCA considers that any part of the notified services does not fall within paragraph 2(k)(i) to (iii) of Schedule 1—

(a)the FCA must notify the service provider, and

(b)the service provider may refer the matter to the Upper Tribunal.

Notification of use of electronic communications exclusionU.K.

39.—(1) If a person (“service provider”) provides, or intends to provide, a service for payment transactions falling within paragraph 2(l) of Schedule 1 (electronic communications exclusion), the service provider must—

(a)notify the FCA, and

(b)include with such notification a description of the service.

(2) The service provider must provide a notification under paragraph (1)—

(a)if the service provider starts to provide the service before 13th January 2018, on or before that date, or

(b)otherwise, before the service provider starts to provide the service.

(3) The service provider must also provide to the FCA, at such times as the FCA may direct, an annual audit opinion testifying that the transactions for which the service is provided comply with the limits mentioned in paragraph 2(l) of Schedule 1.

(4) Information provided to the FCA under this regulation must be in such form or verified in such manner as the FCA may direct.

(5) Different directions may be given under paragraph (3) and (4) in relation to different service providers or different categories of service provider.

PART 6 U.K.Information Requirements for Payment Services

ApplicationU.K.

Application of Part 6U.K.

40.—(1) This Part applies to payment services where—

(a)the services are provided from an establishment maintained by a payment service provider or its agent in the United Kingdom; and

(b)the services are provided in one of the following circumstances—

(i)the payment service providers of both the payer and the payee are located within the EEA and the service relates to a transaction in the currency of an EEA State;

(ii)the payment service providers of both the payer and the payee are located within the EEA and the service relates to a transaction in a currency other than the currency of an EEA State; or

(iii)the payment service provider of either the payer or the payee, but not both, is located within the EEA.

(2) In the circumstances mentioned at paragraph (1)(b)(ii)—

(a)this Part applies only in respect of those parts of a transaction which are carried out in the EEA; and

(b)regulations 43(2)(b) and 52(a) and paragraph 2(e) of Schedule 4 (maximum execution time) do not apply.

(3) In the circumstances mentioned at paragraph (1)(b)(iii)—

(a)this Part applies only in respect of those parts of a transaction which are carried out in the EEA; and

(b)regulations 43(2)(b) and 52(a) and paragraphs 2(e) and 5(g) of Schedule 4 (maximum execution time and conditions for refund of direct debits) do not apply.

(4) This Part does not apply to registered account information service providers or EEA registered account information service providers, except for regulations 59 (burden of proof on payment service provider) and 60 (information requirements for account information service providers).

(5) Regulations 43 to 47 apply to payment services provided under a single payment service contract.

(6) Regulations 48 to 54 apply to payment services provided under a framework contract.

(7) If the payment service user is not a consumer, a micro-enterprise or a charity, the parties to a contract for payment services may agree that any or all of the provisions of this Part do not apply.

(8) Paragraph (1) applies to cash withdrawal services falling within paragraph 2(o) of Schedule 1 as if—

(a)references to payment services were references to cash withdrawal services falling within paragraph 2(o) of Schedule 1;

(b)references to payment service providers were references to providers of cash withdrawal services falling within paragraph 2(o) of Schedule 1; and

(c)references to this Part were references to regulation 61 (information on ATM withdrawal charges).

Application of this Part in the case of consumer credit agreementsU.K.

41.—(1) This regulation applies where a payment service is provided in relation to payment transactions that consist of the placing, transferring or withdrawal of funds covered by a credit line provided under a regulated agreement.

(2) Regulations 50 (changes in contractual information) and 51 (termination of framework contract) do not apply.

(3) Where a payment service provider is required to provide the same information to a payment service user by a provision in this Part and by a provision in the Consumer Credit Act 1974 M41 or subordinate legislation made under that Act (“a CCA provision”), information which has been provided in compliance with the CCA provision, and which was provided in a manner which complies with the requirements of the provision in this Part, need not be provided again in order to comply with the provision in this Part.

Disapplication of certain regulations in the case of low-value payment instrumentsU.K.

42.—(1) This regulation applies in respect of payment instruments which, under the framework contract governing their use—

(a)can be used only to execute individual payment transactions of 30 euros or less, or in relation to payment transactions executed wholly within the United Kingdom, 60 euros or less;

(b)have a spending limit of 150 euros or, where payment transactions must be executed wholly within the United Kingdom, 300 euros; or

(c)store funds that do not exceed 500 euros at any time.

(2) Where this regulation applies—

(a)regulations 48 and 52 do not apply and the payment service provider is only required to provide the payer with information about the main characteristics of the payment service, including—

(i)the way in which the payment instrument can be used;

(ii)the liability of the payer, as set out in regulation 77 (payer or payee's liability for unauthorised payment transactions);

(iii)charges levied;

(iv)any other material information the payer might need to take an informed decision; and

(v)an indication of where the information specified in Schedule 4 (prior general information for framework contracts) is made available in an easily accessible manner;

(b)the parties may agree that regulations 53 and 54 do not apply and instead—

(i)the payment service provider must provide or make available a reference enabling the payment service user to identify the payment transaction, the amount of the payment transaction and any charges payable in respect of the payment transaction;

(ii)in the case of several payment transactions of the same kind made to the same payee, the payment service provider must provide or make available to the payment service user information about the total amount of the payment transactions and any charges for those payment transactions; or

(iii)where the payment instrument is used anonymously or the payment service provider is not otherwise technically able to provide or make available the information specified in paragraph (i) or (ii), the payment service provider must enable the payer to verify the amount of funds stored; and

(c)the parties may agree that regulation 55(1) does not apply to information provided or made available in accordance with regulation 50.

Single payment service contractsU.K.

Information required prior to the conclusion of a single payment service contractU.K.

43.—(1) A payment service provider must provide or make available to the payment service user the information specified in paragraph (2) in relation to the service, whether by supplying a copy of the draft single payment service contract or supplying a copy of the draft payment order or otherwise, either—

(a)before the payment service user is bound by the single payment service contract; or

(b)immediately after the execution of the payment transaction, where the contract is concluded at the payment service user's request using a means of distance communication which does not enable provision of such information in accordance with sub-paragraph (a).

(2) The information referred to in paragraph (1) is—

(a)the information or unique identifier that has to be provided by the payment service user in order for a payment order to be properly initiated or executed;

(b)the maximum time in which the payment service will be executed;

(c)the charges payable by the payment service user to the user's payment service provider and, where applicable, a breakdown of such charges;

(d)where applicable, the actual or reference exchange rate to be applied to the payment transaction; and

(e)such of the information specified in Schedule 4 (prior general information for framework contracts) as is relevant to the single payment service contract in question.

(3) Where a payment order is to be initiated through a payment initiation service provider, the payment initiation service provider must also provide or make available to the payer, before the payment is initiated, clear and comprehensive information as follows—

(a)the name of the payment initiation service provider;

(b)the address of the head office of the payment initiation service provider;

(c)where applicable, the address of the head office of the agent or branch through which the payment initiation service provider provides services in the United Kingdom;

(d)other contact details relevant for communication with the payment initiation service provider, including an electronic mail address; and

(e)the contact details of the FCA.

Information required after the initiation of a payment orderU.K.

44.—(1) Where a payment order is initiated through a payment initiation service provider, immediately after the initiation of the payment order the payment initiation service provider must provide or make available to the payer and, where applicable, to the payee—

(a)confirmation of the successful initiation of the payment order with the payer's account servicing payment service provider;

(b)a reference enabling the payer and the payee, to identify the payment transaction and, where appropriate, the payee to identify the payer, and any information transferred with the payment order;

(c)the amount of the payment transaction;

(d)where applicable, the amount of any charges payable to the payment initiation service provider in relation to the payment transaction, and where applicable a breakdown of the amounts of such charges.

(2) Where a payment order is initiated through a payment initiation service provider, the payment initiation service provider must provide or make available to the payer's account servicing payment service provider the reference for the payment transaction.

Information required after receipt of the payment orderU.K.

45.—(1) The payer's payment service provider must, immediately after receipt of the payment order, provide or make available to the payer the information specified in paragraph (2) in relation to the service to be provided by the payer's payment service provider.

(2) The information referred to in paragraph (1) is—

(a)a reference enabling the payer to identify the payment transaction and, where appropriate, information relating to the payee;

(b)the amount of the payment transaction in the currency used in the payment order;

(c)the amount of any charges for the payment transaction payable by the payer and, where applicable, a breakdown of the amounts of such charges;

(d)where an exchange rate is used in the payment transaction and the actual rate used in the payment transaction differs from the rate provided in accordance with regulation 43(2)(d), the actual rate used or a reference to it, and the amount of the payment transaction after that currency conversion; and

(e)the date on which the payment service provider received the payment order.

Information for the payee after executionU.K.

46.—(1) The payee's payment service provider must, immediately after the execution of the payment transaction, provide or make available to the payee the information specified in paragraph (2) in relation to the service provided by the payee's payment service provider.

(2) The information referred to in paragraph (1) is—

(a)a reference enabling the payee to identify the payment transaction and, where appropriate, the payer and any information transferred with the payment transaction;

(b)the amount of the payment transaction in the currency in which the funds are at the payee's disposal;

(c)the amount of any charges for the payment transaction payable by the payee and, where applicable, a breakdown of the amount of such charges;

(d)where applicable, the exchange rate used in the payment transaction by the payee's payment service provider, and the amount of the payment transaction before that currency conversion; and

(e)the credit value date.

Avoidance of duplication of informationU.K.

47.  Where a payment order for a single payment transaction is transmitted by way of a payment instrument issued under a framework contract, the payment service provider in respect of that single payment transaction need not provide or make available under regulations 43 to 46 information which has been provided or made available, or will be provided or made available, under regulations 48 to 53 by another payment service provider in respect of the framework contract.

Framework contractsU.K.

Prior general information for framework contractsU.K.

48.—(1) A payment service provider must provide to the payment service user the information specified in Schedule 4 (prior general information for framework contracts), either—

(a)in good time before the payment service user is bound by the framework contract; or

(b)where the contract is concluded at the payment service user's request using a means of distance communication which does not enable provision of such information in accordance with sub-paragraph (a), immediately after the conclusion of the contract.

(2) The payment service provider may discharge the duty under paragraph (1) by providing a copy of the draft framework contract provided that such contract includes the information specified in Schedule 4 (prior general information for framework contracts).

Information during period of contractU.K.

49.  If the payment service user so requests at any time during the contractual relationship, the payment service provider must provide the information specified in Schedule 4 (prior general information for framework contracts) and the terms of the framework contract.

Changes in contractual informationU.K.

50.—(1) Subject to paragraph (4), any proposed changes to—

(a)the existing terms of the framework contract; or

(b)the information specified in Schedule 4 (prior general information for framework contracts),

must be provided by the payment service provider to the payment service user no later than two months before the date on which they are to take effect.

(2) The framework contract may provide for any such proposed changes to be made unilaterally by the payment service provider where the payment service user does not, before the proposed date of entry into force of the changes, notify the payment service provider to the contrary.

(3) Where paragraph (2) applies, the payment service provider must inform the payment service user that

(a)the payment service user will be deemed to have accepted the changes in the circumstances referred to in that paragraph; and

(b)the payment service user has the right to terminate the framework contract without charge at any time before the proposed date of their entry into force.

(4) Changes in the interest or exchange rates may be applied immediately and without notice where—

(a)such a right is agreed under the framework contract and any such changes in interest or exchange rates are based on the reference interest or exchange rates information which has been provided to the payment service user in accordance with this Part; or

(b)the changes are more favourable to the payment service user.

(5) The payment service provider must inform the payment service user of any change to the interest rate as soon as possible unless the parties have agreed on a specific frequency or manner in which the information is to be provided or made available.

(6) Any change in the interest or exchange rate used in payment transactions must be implemented and calculated in a neutral manner that does not discriminate against payment service users.

Termination of framework contractU.K.

51.—(1) The payment service user may terminate the framework contract at any time unless the parties have agreed on a period of notice not exceeding one month.

(2) Any charges for the termination of the contract must reasonably correspond to the actual costs to the payment service provider of termination.

(3) The payment service provider may not charge the payment service user for the termination of a framework contract after the expiry of 6 months of the contract.

(4) The payment service provider may terminate a framework contract concluded for an indefinite period by giving at least two months' notice, if the contract so provides.

(5) Notice of termination given in accordance with paragraph (4) must be provided in the same way as information is required by regulation 55(1) (communication of information) to be provided or made available.

(6) Where charges for the payment service are levied on a regular basis, such charges must be apportioned up until the time of the termination of the contract and any charges paid in advance must be reimbursed proportionally.

(7) This regulation does not affect any right of a party to the framework contract to treat it, in accordance with the general law of contract, as unenforceable, void or discharged.

Information prior to execution of individual payment transactionU.K.

52.  Where an individual payment transaction under a framework contract is initiated by the payer, at the payer's request the payer's payment service provider must inform the payer of—

(a)the maximum execution time;

(b)the charges payable by the payer in respect of the payment transaction; and

(c)where applicable, a breakdown of the amounts of such charges.

Information for the payer on individual payment transactionsU.K.

53.—(1) The payer's payment service provider under a framework contract must provide to the payer the information specified in paragraph (2) in respect of each payment transaction on paper or on another durable medium at least once per month free of charge.

(2) The information is—

(a)a reference enabling the payer to identify the payment transaction and, where appropriate, information relating to the payee;

(b)the amount of the payment transaction in the currency in which the payer's payment account is debited or in the currency used for the payment order;

(c)the amount of any charges for the payment transaction and, where applicable, a breakdown of the amounts of such charges, or the interest payable by the payer;

(d)where applicable, the exchange rate used in the payment transaction by the payer's payment service provider and the amount of the payment transaction after that currency conversion; and

(e)the debit value date or the date of receipt of the payment order.

(3) A framework contract may include a condition that the payer may require the information specified in paragraph (2) be provided or made available periodically at least once a month, free of charge and in an agreed manner which enables the payer to store and reproduce the information unchanged.

(4) Paragraph (1) does not require a payment service provider to provide information where—

(a)the information has been, or is to be, provided or made available as required by the payer under a condition of the type referred to in paragraph (3); or

(b)more than one month has passed since information was last provided, but there are no payment transactions in respect of which the payment service provider has not previously provided or made available information in accordance with paragraph (1) or as required by the payer under a condition of the type referred to in paragraph (3).

Information for the payee on individual payment transactionsU.K.

54.—(1) The payee's payment service provider under a framework contract must provide to the payee the information specified in paragraph (2) in respect of each payment transaction on paper or on another durable medium at least once per month free of charge.

(2) The information is—

(a)a reference enabling the payee to identify the payment transaction and the payer, and any information transferred with the payment transaction;

(b)the amount of the payment transaction in the currency in which the payee's payment account is credited;

(c)the amount of any charges for the payment transaction and, where applicable, a breakdown of the amounts of such charges, or the interest payable by the payee;

(d)where applicable, the exchange rate used in the payment transaction by the payee's payment service provider, and the amount of the payment transaction before that currency conversion; and

(e)the credit value date.

(3) A framework contract may include a condition that the information specified in paragraph (2) is to be provided or made available periodically at least once a month and in an agreed manner which enables the payee to store and reproduce the information unchanged.

(4) Paragraph (1) does not require a payment service provider to provide information where—

(a)the information has been, or is to be, provided or made available in accordance with a condition of the type referred to in paragraph (3); or

(b)more than one month has passed since information was last provided, but there are no payment transactions in respect of which the payment service provider has not previously provided or made available information in accordance with paragraph (1) or in accordance with a condition of the type referred to in paragraph (3).

Common provisionsU.K.

Communication of informationU.K.

55.—(1) Subject to regulation 42(2)(c) (disapplication of certain regulations in the case of low-value payment transactions), any information provided or made available in accordance with this Part must be provided or made available—

(a)in the case of single payment service contracts, in an easily accessible manner;

(b)subject to paragraph (2), on paper or on another durable medium;

(c)in easily understandable language and in a clear and comprehensible form; and

(d)in English or in the language agreed by the parties.

(2) Paragraph (1)(b)—

(a)in the case of single payment service contracts, only applies where the payment service user so requests; and

(b)in the case of framework contracts, is subject to any agreement in accordance with regulation 53(3) or 54(3) (information for the payer or payee on individual payment transactions) as to the manner in which information is to be provided or made available.

Charges for informationU.K.

56.—(1) A payment service provider may not charge for providing or making available information which is required to be provided or made available by this Part.

(2) The payment service provider and the payment service user may agree on charges for any information which is provided at the request of the payment service user where such information is—

(a)additional to the information required to be provided or made available by this Part;

(b)provided more frequently than is specified in this Part; or

(c)transmitted by means of communication other than those specified in the framework contract.

(3) Any charges imposed under paragraph (2) must reasonably correspond to the payment service provider's actual costs.

Currency and currency conversionU.K.

57.—(1) Payment transactions must be executed in the currency agreed between the parties.

(2) Where a currency conversion service is offered before the initiation of the payment transaction—

(a)at an automatic teller machine or the point of sale; or

(b)by the payee,

the party offering the currency conversion service to the payer must disclose to the payer all charges as well as the exchange rate to be used for converting the payment transaction.

Information on additional charges or reductionsU.K.

58.—(1) The payee must inform the payer of any charge requested or reduction offered by the payee for the use of a particular payment instrument before the initiation of the payment transaction.

(2) The payment service provider, or any relevant other party involved in the transaction, must inform the payment service user of any charge requested by the payment service provider or other party, as the case may be, for the use of a particular payment instrument before the initiation of the payment transaction.

(3) A payer or payment service user is not obliged to pay a charge of the type referred to in paragraph (1) or (2) if the payer or payment service user was not informed of the full amount of the charge in accordance with the relevant paragraph.

Burden of proof on payment service providerU.K.

59.  Where a payment service provider is alleged to have failed to provide information in accordance with this Part, it is for the payment service provider to prove that it provided the information in accordance with this Part.

Other information requirementsU.K.

Information requirements for account information service providersU.K.

60.—(1) A registered account information service provider or EEA registered account information service provider must provide to the payment service user—

(a)such information specified in Schedule 4 (prior general information for framework contracts) as is relevant to the service provided;

(b)all charges payable by the payment service user to the account information service provider and, where applicable, a breakdown of those charges.

Information on ATM withdrawal chargesU.K.

61.  A provider of cash withdrawal services falling within paragraph 2(o) of Schedule 1 must ensure that a customer using such services is provided with information on withdrawal charges falling within regulations 43 (information required prior to the conclusion of a single payment service contract), 45 (information required after receipt of the payment order), 46 (information for the payee after execution) and 57 (currency and currency conversion), before the withdrawal and on receipt of the cash.

Provision of information leafletU.K.

62.—(1) A payment service provider must make available free of charge in an easily accessible manner the document produced by the European Commission under Article 106 of the payment services directive—

(a)in electronic form on its website (if any);

(b)in paper form at any branches and through any agent it uses or any entity to which activities are outsourced.

(2) The FCA must make the document available in an easily accessible manner on its website.

(3) Payment service providers and the FCA must also make the information contained in the document available by alternative means or in alternative formats so as to be accessible to persons with disabilities.

PART 7 U.K.Rights and Obligations in Relation to the Provision of Payment Services

ApplicationU.K.

Application of Part 7U.K.

63.—(1) This Part applies to payment services where—

(a)the services are provided from an establishment maintained by a payment service provider or its agent in the United Kingdom; and

(b)the services are provided in one of the following circumstances—

(i)the payment service providers of both the payer and the payee are located within the EEA and the service relates to a transaction in the currency of an EEA State;

(ii)the payment service providers of both the payer and the payee are located within the EEA and the service relates to a transaction in a currency other than the currency of an EEA State; or

(iii)the payment service provider of either the payer or the payee, but not both, is located within the EEA.

(2) In the circumstances mentioned at paragraph (1)(b)(ii)—

(a)this Part applies only in respect of those parts of a transaction which are carried out in the EEA; and

(b)regulations 84 to 88 (amounts transferred and received and execution time) do not apply.

(3) In the circumstances mentioned at paragraph (1)(b)(iii)—

(a)this Part applies only in respect of those parts of a transaction which are carried out in the EEA; and

(b)regulations 66(2) (responsibility for charges), 79 (refunds for direct debits), 80 (requests for direct debit refunds), 84 (amounts transferred and received), 86(1) to (3) (execution time for transactions to a payment account), 91 (defective execution of payer-initiated transactions), 92 (defective execution of payee-initiated transactions), 94 (liability for charges and interest) and 95 (right of recourse) do not apply.

(4) This Part does not apply to registered account information service providers or EEA registered account information service providers, except for regulations 70 (access to payment accounts for account information services), 71(7) to (10) (denial of access to payment accounts), 72(3) (payment service user's obligation to keep personalised security credentials safe) and 98 to 100 (risk management, incident reporting, authentication and dispute resolution).

(5) Where the payment service user is not a consumer, a micro-enterprise or a charity, the payment service user and the payment service provider may agree that—

(a)any or all of regulations 66(1) (charges), 67(3) and (4) (withdrawal of consent), 75 (evidence on authentication and execution), 77 (payer or payee's liability for unauthorised transactions), 79 (refunds for direct debits), 80 (requests for direct debit refunds), 83 (revocation of a payment order), 91 (defective execution of payer-initiated transactions), 92 (defective execution of payee-initiated transactions) and 94 (liability for charges and interest) do not apply;

(b)a different time period applies for the purposes of regulation 74(1) (notification of unauthorised or incorrectly executed payment transactions).

Application of this Part in the case of consumer credit agreementsU.K.

64.—(1) This regulation applies where a payment service is provided in relation to payment transactions that consist of the placing, transferring or withdrawal of funds covered by a credit line provided under a regulated agreement.

(2) Regulation 71(2) to (5) (limits on the use of payment instruments) do not apply where section 98A(4) of the Consumer Credit Act 1974 (termination etc of open-end consumer credit agreements) M42 applies.

(3) Regulations 76(1) to (4) and 77(1) to (5) (rectification of and liability for unauthorised transactions), and regulation 74 (notification and rectification of unauthorised or incorrectly executed payment transactions) as it applies in relation to regulation 76, do not apply.

(4) Regulations 76(5) and 77(6) apply as if—

(a)in regulation 76(5), the references to an unauthorised payment transaction were to a payment transaction initiated by use of a credit facility in the circumstances described in section 83(1) of the Consumer Credit Act 1974 (liability for misuse of credit facilities);

(b)the references to complying with regulation 76(1) were to compensating the payer for loss arising as described in section 83(1) of the Consumer Credit Act 1974.

Disapplication of certain regulations in the case of low value payment instrumentsU.K.

65.—(1) This regulation applies in respect of payment instruments which, under the framework contract governing their use—

(a)can be used only to execute individual payment transactions of 30 euros or less, or in relation to payment transactions executed wholly within the United Kingdom, 60 euros or less;

(b)have a spending limit of 150 euros, or where payment transactions must be executed wholly within the United Kingdom, 300 euros; or

(c)store funds that do not exceed 500 euros at any time.

(2) Where this regulation applies the parties may agree that—

(a)regulations 72(1)(b) (obligation to notify loss or misuse of instrument), 73(1)(c), (d) and (e) (means of notifying loss) and 77(4) (payer not liable for certain losses) do not apply where the payment instrument does not allow for the stopping or prevention of its use;

(b)regulations 75 (evidence on authentication and execution), 76 (payment service provider's liability for unauthorised transactions) and 77(1) and (2) (payer's liability for unauthorised transactions) do not apply where the payment instrument is used anonymously or the payment service provider is not in a position, for other reasons concerning the payment instrument, to prove that a payment transaction was authorised;

(c)despite regulation 82(1) (refusal of payment orders), the payment service provider is not required to notify the payment service user of the refusal of a payment order if the non-execution is apparent from the context;

(d)the payer may not revoke the payment order under regulation 83 after transmitting the payment order or giving their consent to execute the payment transaction to the payee;

(e)execution periods other than those provided by regulations 86 (payment transactions to payment account) and 87 (absence of payment account) apply.

(3) Subject to paragraph (2)(b), regulations 76 (payment service provider's liability for unauthorised transactions) and 77(1) and (2) (payer's liability for unauthorised transactions) apply to electronic money unless the payer's payment service provider does not have the ability under the contract to—

(a)freeze the payment account on which the electronic money is stored; or

(b)stop the use of the payment instrument.

ChargesU.K.

ChargesU.K.

66.—(1) The payment service provider may only charge the payment service user for the fulfilment of any of its obligations under this Part—

(a)in accordance with regulation 82(3) (refusal of payment orders), 83(6) (revocation of a payment order) or 90(2)(b) (incorrect unique identifiers);

(b)where agreed between the parties; and

(c)where such charges reasonably correspond to the payment service provider's actual costs.

(2) Where both the payer's and the payee's payment service providers, or the only payment service provider, in respect of a payment transaction are within the EEA, the respective payment service providers must ensure that—

(a)the payee pays any charges levied by the payee's payment service provider; and

(b)the payer pays any charges levied by the payer's payment service provider.

(3) The payee's payment service provider may not prevent the payee from—

(a)requesting payment of a charge by the payer for the use of a particular payment instrument;

(b)offering a reduction to the payer for the use of a particular payment instrument; or

(c)otherwise steering the payer towards the use of a particular payment instrument.

Authorisation of payment transactionsU.K.

Consent and withdrawal of consentU.K.

67.—(1) A payment transaction is to be regarded as having been authorised by the payer for the purposes of this Part only if the payer has given its consent to—

(a)the execution of the payment transaction; or

(b)the execution of a series of payment transactions of which that payment transaction forms part.

(2) Such consent—

(a)may be given before or, if agreed between the payer and its payment service provider, after the execution of the payment transaction;

(b)must be given in the form, and in accordance with the procedure, agreed between the payer and its payment service provider; and

(c)may be given via the payee or a payment initiation service provider.

(3) The payer may withdraw its consent to a payment transaction at any time before the point at which the payment order can no longer be revoked under regulation 83 (revocation of a payment order).

(4) Subject to regulation 83(3) to (5), the payer may withdraw its consent to the execution of a series of payment transactions at any time with the effect that any future payment transactions are not regarded as authorised for the purposes of this Part.

Confirmation of availability of funds for card-based payment transactionsU.K.

68.—(1) This regulation does not apply to payment transactions initiated through card-based payment instruments on which electronic money is stored.

(2) Where the conditions in paragraph (3) are met, a payment service provider which issues card-based payment instruments may request that an account servicing payment service provider confirm whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer.

(3) The conditions are that—

(a)the payer has given explicit consent to the payment service provider to request the confirmation;

(b)the payer has initiated a payment transaction for the amount in question using a card-based payment instrument issued by the payment service provider making the request;

(c)the payment service provider making the request complies, for each request, with the authentication and secure communication requirements set out in the regulatory technical standards adopted under Article 98 of the payment services directive in its communications with the account servicing payment service provider.

(4) If the conditions in paragraph (5) are met, an account servicing payment service provider which receives a request under paragraph (2) must provide the requested confirmation, in the form of a ‘yes’ or ‘no’ answer, to the requesting payment service provider immediately.

(5) The conditions are that—

(a)the payment account is accessible online when the account servicing payment service provider receives the request; and

(b)before the account servicing payment service provider receives the first request under paragraph (2) from the requesting payment service provider in relation to the payer's payment account, the payer has given the account servicing payment service provider explicit consent to provide confirmation in response to such requests by that payment service provider.

(6) If the payer so requests, the account servicing payment service provider must also inform the payer of the payment service provider which made the request under paragraph (2) and the answer provided under paragraph (4).

(7) An account servicing payment service provider must not—

(a)include with a confirmation provided under paragraph (4) a statement of the account balance; or

(b)block funds on a payer's payment account as a result of a request under paragraph (2).

(8) The payment service provider which makes a request under paragraph (2) must not—

(a)store any confirmation received under paragraph (4); or

(b)use the confirmation received for a purpose other than the execution of the card-based payment transaction for which the request was made.

Access to payment accounts for payment initiation servicesU.K.

69.—(1) This regulation applies only in relation to a payment account which is accessible online.

(2) Where a payer gives explicit consent in accordance with regulation 67 (consent and withdrawal of consent) for a payment to be executed through a payment initiation service provider, the payer's account servicing payment service provider must—

(a)communicate securely with the payment initiation service provider in accordance with the regulatory technical standards adopted under Article 98 of the payment services directive;

(b)immediately after receipt of the payment order from the payment initiation service provider, provide or make available to the payment initiation service provider all information on the initiation of the payment transaction and all information accessible to the account servicing payment service provider regarding the execution of the payment transaction;

(c)treat the payment order in the same way as a payment order received directly from the payer, in particular in terms of timing, priority or charges, unless the account servicing payment service provider has objective reasons for treating the payment order differently;

(d)not require the payment initiation service provider to enter into a contract before complying with the preceding sub-paragraphs.

(3) A payment initiation service provider must—

(a)not hold a payer's funds in connection with the provision of the payment initiation service at any time;

(b)ensure that a payer's personalised security credentials are—

(i)not accessible to other parties, with the exception of the issuer of the credentials; and

(ii)transmitted through safe and efficient channels;

(c)ensure that any other information about a payer is not provided to any person except a payee, and is provided to the payee only with the payer's explicit consent;

(d)each time it initiates a payment order, identify itself to the account servicing payment service provider and communicate with the account servicing payment service provider, the payer and the payee in a secure way in accordance with the regulatory technical standards adopted under Article 98 of the payment services directive;

(e)not store sensitive payment data of the payment service user;

(f)not request any information from a payer except information required to provide the payment initiation service;

(g)not use, access or store any information for any purpose except for the provision of a payment initiation service explicitly requested by a payer;

(h)not change the amount, the payee or any other feature of a transaction notified to it by the payer.

Access to payment accounts for account information servicesU.K.

70.—(1) This regulation applies only in relation to a payment account which is accessible online.

(2) Where a payment service user uses an account information service, the payment service user's account servicing payment service provider must—

(a)communicate securely with the account information service provider in accordance with the regulatory technical standards adopted under Article 98 of the payment services directive;

(b)treat a data request from the account information service provider in the same way as a data request received directly from the payer, unless the account servicing payment service provider has objective reasons for treating the request differently;

(c)not require the account information service provider to enter into a contract before complying with the preceding sub-paragraphs.

(3) An account information service provider must—

(a)not provide account information services without the payment service user's explicit consent;

(b)ensure that the payment service user's personalised security credentials are—

(i)not accessible to other parties, with the exception of the issuer of the credentials; and

(ii)transmitted through safe and efficient channels;

(c)for each communication session, identify itself to the account servicing payment service provider and communicate securely with the account servicing payment service provider and the payment service user in accordance with the regulatory technical standards adopted under Article 98 of the payment services directive;

(d)not access any information other than information from designated payment accounts and associated payment transactions;

(e)not request sensitive payment data linked to the payment accounts accessed;

(f)not use, access or store any information for any purpose except for the provision of the account information service explicitly requested by the payment service user.

Limits on the use of payment instruments and access to payment accountsU.K.

71.—(1) Where a specific payment instrument is used for the purpose of giving consent to the execution of a payment transaction, the payer and its payment service provider may agree on spending limits for any payment transactions executed through that payment instrument.

(2) A framework contract may provide for the payment service provider to have the right to stop the use of a payment instrument on reasonable grounds relating to—

(a)the security of the payment instrument;

(b)the suspected unauthorised or fraudulent use of the payment instrument; or

(c)in the case of a payment instrument with a credit line, a significantly increased risk that the payer may be unable to fulfil its liability to pay.

(3) The payment service provider must, in the manner agreed between the payment service provider and the payer and before carrying out any measures to stop the use of the payment instrument—

(a)inform the payer that it intends to stop the use of the payment instrument; and

(b)give its reasons for doing so.

(4) Where the payment service provider is unable to inform the payer in accordance with paragraph (3) before carrying out any measures to stop the use of the payment instrument, it must do so immediately after.

(5) Paragraphs (3) and (4) do not apply where provision of the information in accordance with paragraph (3) would compromise reasonable security measures or is otherwise unlawful.

(6) The payment service provider must allow the use of the payment instrument or replace it with a new payment instrument as soon as practicable after the reasons for stopping its use cease to exist.

(7) An account servicing payment service provider may deny an account information service provider or a payment initiation service provider access to a payment account for reasonably justified and duly evidenced reasons relating to unauthorised or fraudulent access to the payment account by that account information service provider or payment initiation service provider, including the unauthorised or fraudulent initiation of a payment transaction.

(8) If an account servicing payment service provider denies access to a payment account under paragraph (7)—

(a)the account servicing payment service provider must notify the payment service user of the denial of access and the reason for the denial of access, in the form agreed with the payment service user;

(b)the notification under sub-paragraph (a) must be provided before the denial of access if possible, or otherwise immediately after the denial of access;

(c)the account servicing payment service provider must immediately report the incident to the FCA in such form as the FCA may direct, and such report must include the details of the case and the reasons for taking action;

(d)the account servicing payment service provider must restore access to the account once the reasons for denying access no longer justify such denial of access.

(9) Paragraph (8)(a) and (b) do not apply if notifying the payment service user—

(a)would compromise reasonably justified security reasons; or

(b)is unlawful.

(10) When the FCA receives a report under paragraph (8)(c), it must assess the case and take such measures as it considers appropriate.

Obligations of the payment service user in relation to payment instruments and personalised security credentialsU.K.

72.—(1) A payment service user to whom a payment instrument has been issued must—

(a)use the payment instrument in accordance with the terms and conditions governing its issue and use; and

(b)notify the payment service provider in the agreed manner and without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument.

(2) Paragraph (1)(a) applies only in relation to terms and conditions that are objective, non-discriminatory and proportionate.

(3) The payment service user must take all reasonable steps to keep safe personalised security credentials relating to a payment instrument or an account information service.

Obligations of the payment service provider in relation to payment instrumentsU.K.

73.—(1) A payment service provider issuing a payment instrument must—

(a)ensure that the personalised security credentials are not accessible to persons other than the payment service user to whom the payment instrument has been issued;

(b)not send an unsolicited payment instrument, except where a payment instrument already issued to a payment service user is to be replaced;

(c)ensure that appropriate means are available at all times to enable the payment service user to notify the payment service provider in accordance with regulation 72(1)(b) (notification of loss or unauthorised use of payment instrument) or to request that, in accordance with regulation 71(6), the use of the payment instrument is no longer stopped;

(d)on request, provide the payment service user at any time during a period of 18 months after the alleged date of notification under regulation 72(1)(b) with the means to prove that such notification to the payment service provider was made;

(e)provide the payment service user with an option to make a notification under regulation 72(1)(b) free of charge, and ensure that any costs charged are directly attributed to the replacement of the payment instrument;

(f)prevent any use of the payment instrument once notification has been made under regulation 72(1)(b).

(2) The payment service provider bears the risk of sending to the payment service user a payment instrument or any personalised security credentials relating to it.

Notification and rectification of unauthorised or incorrectly executed payment transactionsU.K.

74.—(1) A payment service user is entitled to redress under regulation 76, 91, 92, 93 or 94 (liability for unauthorised transactions, non-execution or defective or late execution of transactions, or charges and interest), only if it notifies the payment service provider without undue delay, and in any event no later than 13 months after the debit date, on becoming aware of any unauthorised or incorrectly executed payment transaction.

(2) Where the payment service provider has failed to provide or make available information concerning the payment transaction in accordance with Part 6 of these Regulations (information requirements for payment services), the payment service user is entitled to redress under the regulations referred to in paragraph (1) notwithstanding that the payment service user has failed to notify the payment service provider as mentioned in that paragraph.

Evidence on authentication and execution of payment transactionsU.K.

75.—(1) Where a payment service user—

(a)denies having authorised an executed payment transaction; or

(b)claims that a payment transaction has not been correctly executed,

it is for the payment service provider to prove that the payment transaction was authenticated, accurately recorded, entered in the payment service provider's accounts and not affected by a technical breakdown or some other deficiency in the service provided by the payment service provider.

(2) If a payment transaction was initiated through a payment initiation service provider, it is for the payment initiation service provider to prove that, within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment initiation service.

(3) Where a payment service user denies having authorised an executed payment transaction, the use of a payment instrument recorded by the payment service provider, including a payment initiation service provider where appropriate, is not in itself necessarily sufficient to prove either that—

(a)the payment transaction was authorised by the payer; or

(b)the payer acted fraudulently or failed with intent or gross negligence to comply with regulation 72 (user's obligations in relation to payment instruments and personalised security credentials).

(4) If a payment service provider, including a payment initiation service provider where appropriate, claims that a payer acted fraudulently or failed with intent or gross negligence to comply with regulation 72, the payment service provider must provide supporting evidence to the payer.

Payment service provider's liability for unauthorised payment transactionsU.K.

76.—(1) Subject to regulations 74 and 75, where an executed payment transaction was not authorised in accordance with regulation 67 (consent and withdrawal of consent), the payment service provider must—

(a)refund the amount of the unauthorised payment transaction to the payer; and

(b)where applicable, restore the debited payment account to the state it would have been in had the unauthorised payment transaction not taken place.

(2) The payment service provider must provide a refund under paragraph (1)(a) as soon as practicable, and in any event no later than the end of the business day following the day on which it becomes aware of the unauthorised transaction.

(3) Paragraph (2) does not apply where the payment service provider has reasonable grounds to suspect fraudulent behaviour by the payment service user and notifies a person mentioned in section 333A(2) of the Proceeds of Crime Act 2002 (tipping off: regulated sector) M43 of those grounds in writing.

(4) When crediting a payment account under paragraph (1)(b), a payment service provider must ensure that the credit value date is no later than the date on which the amount of the unauthorised payment transaction was debited.

(5) Where an unauthorised payment transaction was initiated through a payment initiation service provider—

(a)the account servicing payment service provider must comply with paragraph (1);

(b)if the payment initiation service provider is liable for the unauthorised payment transaction (in relation to which see regulation 75(2)) the payment initiation service provider must, on the request of the account servicing payment service provider, compensate the account servicing payment service provider immediately for the losses incurred or sums paid as a result of complying with paragraph (1), including the amount of the unauthorised transaction.

Payer or payee's liability for unauthorised payment transactionsU.K.

77.—(1) Subject to paragraphs (2), (3) and (4), a payment service provider which is liable under regulation 76(1) may require that the payer is liable up to a maximum of £35 for any losses incurred in respect of unauthorised payment transactions arising from the use of a lost or stolen payment instrument, or from the misappropriation of a payment instrument.

(2) Paragraph (1) does not apply if—

(a)the loss, theft or misappropriation of the payment instrument was not detectable by the payer prior to the payment, except where the payer acted fraudulently; or

(b)the loss was caused by acts or omissions of an employee, agent or branch of a payment service provider or of an entity which carried out activities on behalf of the payment service provider.

(3) The payer is liable for all losses incurred in respect of an unauthorised payment transaction where the payer—

(a)has acted fraudulently; or

(b)has with intent or gross negligence failed to comply with regulation 72 (obligations of the payment service user in relation to payment instruments and personalised security credentials).

(4) Except where the payer has acted fraudulently, the payer is not liable for any losses incurred in respect of an unauthorised payment transaction—

(a)arising after notification under regulation 72(1)(b);

(b)where the payment service provider has failed at any time to provide, in accordance with regulation 73(1)(c) (obligations of the payment service provider in relation to payment instruments), appropriate means for notification;

(c)where regulation 100 (authentication) requires the application of strong customer authentication, but the payer's payment service provider does not require strong customer authentication; or

(d)where the payment instrument has been used in connection with a distance contract (other than an excepted contract).

(5) In paragraph (4)(d)—

“distance contract” means a distance contract as defined by regulation 5 of the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (other definitions) M44;

“excepted contract” means a contract that—

(6) Where regulation 100 requires the application of strong customer authentication, but the payee or the payee's payment service provider does not accept strong customer authentication, the payee or the payee's payment service provider, or both (as the case may be), must compensate the payer's payment service provider for the losses incurred or sums paid as a result of complying with regulation 76(1).

Payment transactions where the transaction amount is not known in advanceU.K.

78.  Where a card-based payment transaction is initiated by or through the payee and the amount of the transaction is not known when the payer authorises the transaction—

(a)the payer's payment service provider may not block funds on the payer's payment account unless the payer has authorised the exact amount of the funds to be blocked; and

(b)the payer's payment service provider must release the blocked funds without undue delay after becoming aware of the amount of the payment transaction, and in any event immediately after receipt of the payment order.

Refunds for payment transactions initiated by or through a payeeU.K.

79.—(1) Where the conditions in paragraph (2) and the requirement in regulation 80(1) are satisfied, the payer is entitled to a refund from its payment service provider of the full amount of any authorised payment transaction initiated by or through the payee.

(2) The conditions are that—

(a)the authorisation did not specify the exact amount of the payment transaction when the authorisation was given in accordance with regulation 67 (consent and withdrawal of consent); and

(b)the amount of the payment transaction exceeded the amount that the payer could reasonably have expected taking into account the payer's previous spending pattern, the conditions of the framework contract and the circumstances of the case.

(3) The payer is entitled to an unconditional refund from its payment service provider of the full amount of any direct debit transactions of the type referred to in Article 1 of Regulation (EU) 260/2012 of the European Parliament and of the Council of 14th March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 M45.

(4) When crediting a payment account under paragraph (1), a payment service provider must ensure that the credit value date is no later than the date on which the amount of the unauthorised payment transaction was debited.

(5) For the purposes of paragraph (2)(b), the payer cannot rely on currency exchange fluctuations where the reference exchange rate provided under regulation 43(2)(d) or paragraph 3(b) of Schedule 4 was applied.

(6) The payer and payment service provider may agree in the framework contract that the right to a refund does not apply where—

(a)the payer has given consent directly to the payment service provider for the payment transaction to be executed; and

(b)if applicable, information on the payment transaction was provided or made available in an agreed manner to the payer for at least four weeks before the due date by the payment service provider or by the payee.

Requests for refunds for payment transactions initiated by or through a payeeU.K.

80.—(1) The payer must request a refund under regulation 79 from its payment service provider within 8 weeks from the date on which the funds were debited.

(2) The payment service provider may require the payer to provide such information as is reasonably necessary to prove that the conditions in regulation 79(2) are satisfied.

(3) The payment service provider must either—

(a)refund the full amount of the payment transaction; or

(b)provide justification for refusing to refund the payment transaction, indicating the bodies to which the payer may refer the matter if the payer does not accept the justification provided.

(4) Any refund or justification for refusing a refund must be provided within 10 business days of receiving a request for a refund or, where applicable, within 10 business days of receiving any further information requested under paragraph (2).

(5) If the payment service provider requires further information under paragraph (2), it may not refuse the refund until it has received further information from the payer.

Execution of payment transactionsU.K.

Receipt of payment ordersU.K.

81.—(1) A payer's payment service provider must not debit the payment account before receipt of a payment order.

(2) Subject to paragraphs (3) to (6), for the purposes of these Regulations the time of receipt of a payment order is the time at which the payment order is received by the payer's payment service provider.

(3) If the time of receipt of a payment order does not fall on a business day for the payer's payment service provider, the payment order is deemed to have been received on the first business day thereafter.

(4) The payment service provider may set a time towards the end of a business day after which any payment order received will be deemed to have been received on the following business day.

(5) Where the payment service user initiating a payment order agrees with its payment service provider that execution of the payment order is to take place—

(a)on a specific day;

(b)on the last day of a certain period; or

(c)on the day on which the payer has put funds at the disposal of its payment service provider,

the time of receipt is deemed to be the day so agreed.

(6) If the day agreed under paragraph (5) is not a business day for the payer's payment service provider, the payment order is deemed to have been received on the first business day thereafter.

Refusal of payment ordersU.K.

82.—(1) Subject to paragraph (4), where a payment service provider refuses to execute a payment order or to initiate a payment transaction, it must notify the payment service user of—

(a)the refusal;

(b)if possible, the reasons for such refusal; and

(c)where it is possible to provide reasons for the refusal and those reasons relate to factual matters, the procedure for rectifying any factual errors that led to the refusal.

(2) Any notification under paragraph (1) must be given or made available in an agreed manner and at the earliest opportunity, and in any event within the periods specified in regulation 86.

(3) The framework contract may provide for the payment service provider to charge the payment service user for such refusal where the refusal is reasonably justified.

(4) The payment service provider is not required to notify the payment service user under paragraph (1) where such notification would be otherwise unlawful.

(5) Where all the conditions set out in the payer's framework contract with the account servicing payment service provider have been satisfied, the account servicing payment service provider may not refuse to execute an authorised payment order irrespective of whether the payment order is initiated by the payer, through a payment initiation service provider, or by or through a payee, unless such execution is otherwise unlawful.

(6) For the purposes of regulations 86, 91 and 92 (payment transactions to a payment account and non-execution or defective or late execution of a payment transaction) a payment order of which execution has been refused is deemed not to have been received.

Revocation of a payment orderU.K.

83.—(1) Subject to paragraphs (2) to (5), a payment service user may not revoke a payment order after it has been received by the payer's payment service provider.

(2) In the case of a payment transaction initiated by a payment initiation service provider, or by or through the payee, the payer may not revoke the payment order after giving consent to the payment initiation service provider to initiate the payment transaction or giving consent to execute the payment transaction to the payee.

(3) In the case of a direct debit, the payer may not revoke the payment order after the end of the business day preceding the day agreed for debiting the funds.

(4) Where a day is agreed under regulation 81(5) (receipt of payment orders), the payment service user may not revoke a payment order after the end of the business day preceding the agreed day.

(5) At any time after the time limits for revocation set out in paragraphs (1) to (4), the payment order may only be revoked if the revocation is—

(a)agreed between the payment service user and the relevant payment service provider or providers; and

(b)in the case of a payment transaction initiated by or through the payee, including in the case of a direct debit, also agreed with the payee.

(6) A framework contract may provide for the relevant payment service provider to charge for revocation under this regulation.

Amounts transferred and amounts receivedU.K.

84.—(1) Subject to paragraph (2), the payment service providers of the payer and payee must ensure that the full amount of the payment transaction is transferred and that no charges are deducted from the amount transferred.

(2) The payee and its payment service provider may agree for the relevant payment service provider to deduct its charges from the amount transferred before crediting it to the payee provided that the full amount of the payment transaction and the amount of the charges are clearly stated in the information provided to the payee.

(3) If charges other than those provided for by paragraph (2) are deducted from the amount transferred—

(a)in the case of a payment transaction initiated by the payer, the payer's payment service provider must ensure that the payee receives the full amount of the payment transaction;

(b)in the case of a payment transaction initiated by the payee, the payee's payment service provider must ensure that the payee receives the full amount of the payment transaction.

Execution time and value dateU.K.

Application of regulations 86 to 88U.K.

85.—(1) Regulations 86 to 88 apply to any payment transaction—

(a)in euro;

(b)executed wholly within the United Kingdom in sterling; or

(c)involving only one currency conversion between the euro and sterling, provided that—

(i)the currency conversion is carried out in the United Kingdom; and

(ii)in the case of cross-border payment transactions, the cross-border transfer takes place in euro.

(2) In respect of any other payment transaction, the payment service user may agree with the payment service provider that regulations 86 to 88 (except regulation 86(3)) do not apply.

Payment transactions to a payment accountU.K.

86.—(1) Subject to paragraphs (2) and (3), the payer's payment service provider must ensure that the amount of the payment transaction is credited to the payee's payment service provider's account by the end of the business day following the time of receipt of the payment order.

(2) Where a payment transaction is initiated by way of a paper payment order the reference in paragraph (1) to the end of the business day following the time of receipt of the payment order is to be treated as a reference to the end of the second business day following the time of receipt of the payment order.

(3) Where a payment transaction—

(a)does not fall within paragraphs (a) to (c) of regulation 85(1); but

(b)is to be executed wholly within the EEA,

the payer's payment service provider must ensure that the amount of the payment transaction is credited to the payee's payment service provider's account by the end of the fourth business day following the time of receipt of the payment order.

(4) The payee's payment service provider must value date and credit the amount of the payment transaction to the payee's payment account following its receipt of the funds.

(5) The payee's payment service provider must transmit a payment order initiated by or through the payee to the payer's payment service provider within the time limits agreed between the payee and its payment service provider, enabling settlement in respect of a direct debit to occur on the agreed due date.

Absence of payee's payment account with the payment service providerU.K.

87.—(1) Paragraph (2) applies where a payment service provider accepts funds on behalf of a payee who does not have a payment account with that payment service provider.

(2) The payment service provider must make the funds available to the payee immediately after the funds have been credited to that payment service provider's account.

Cash placed on a payment accountU.K.

88.  Where a payment service user places cash on its payment account with a payment service provider in the same currency as that payment account, the payment service provider must—

(a)if the user is a consumer, micro-enterprise or charity, ensure that the amount is made available and value dated immediately after the receipt of the funds;

(b)in any other case, ensure that the amount is made available and value dated no later than the end of the next business day after the receipt of the funds.

Value date and availability of fundsU.K.

89.—(1) The credit value date for the payee's payment account must be no later than the business day on which the amount of the payment transaction is credited to the account of the payee's payment service provider.

(2) Paragraph (3) applies where—

(a)the transaction does not involve a currency conversion [F19by the payee’s payment service provider];

(b)the transaction involves [F20a currency conversion by the payee’s payment service provider] between the euro and pounds sterling or another Member State currency, between pounds sterling and another Member State currency, or between two other Member State currencies; or

(c)the transaction involves only one payment service provider.

(3) The payee's payment service provider must ensure that the amount of the payment transaction is at the payee's disposal immediately after that amount has been credited to that payment service provider's account.

(4) The debit value date for the payer's payment account must be no earlier than the time at which the amount of the payment transaction is debited to that payment account.

LiabilityU.K.

Incorrect unique identifiersU.K.

90.—(1) Where a payment order is executed in accordance with the unique identifier, the payment order is deemed to have been correctly executed by each payment service provider involved in executing the payment order with respect to the payee specified by the unique identifier.

(2) Where the unique identifier provided by the payment service user is incorrect, the payment service provider is not liable under regulation 91 or 92 for non-execution or defective execution of the payment transaction, but the payment service provider—

(a)must make reasonable efforts to recover the funds involved in the payment transaction; and

(b)may, if agreed in the framework contract, charge the payment service user for any such recovery.

(3) The payee's payment service provider must co-operate with the payer's payment service provider in its efforts to recover the funds, in particular by providing to the payer's payment service provider all relevant information for the collection of funds.

(4) If the payer's payment service provider is unable to recover the funds it must, on receipt of a written request, provide to the payer all available relevant information in order for the payer to claim repayment of the funds.

(5) Where the payment service user provides information additional to that specified in regulation 43(2)(a) (information required prior to the conclusion of a single payment service contract) or paragraph 2(b) of Schedule 4 (prior general information for framework contracts), the payment service provider is liable only for the execution of payment transactions in accordance with the unique identifier provided by the payment service user.

Non-execution or defective or late execution of payment transactions initiated by the payerU.K.

91.—(1) This regulation applies where a payment order is initiated directly by the payer.

(2) The payer's payment service provider is liable to the payer for the correct execution of the payment transaction unless it can prove to the payer and, where relevant, to the payee's payment service provider, that the payee's payment service provider received the amount of the payment transaction in accordance with regulation 86(1) to (3) (payment transactions to a payment account).

(3) Where the payer's payment service provider is liable under paragraph (2), it must without undue delay refund to the payer the amount of the non-executed or defective payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.

(4) The credit value date for a credit under paragraph (3) must be no later than the date on which the amount was debited.

(5) If the payer's payment service provider proves that the payee's payment service provider received the amount of the payment transaction in accordance with regulation 86, the payee's payment service provider is liable to the payee for the correct execution of the payment transaction and must—

(a)immediately make available the amount of the payment transaction to the payee; and

(b)where applicable, credit the corresponding amount to the payee's payment account.

(6) The credit value date for a credit under paragraph (5)(b) must be no later than the date on which the amount would have been value dated if the transaction had been executed correctly.

(7) Where a payment transaction is executed late, the payee's payment service provider must, on receipt of a request from the payer's payment service provider on behalf of the payer, ensure that the credit value date for the payee's payment account is no later than the date the amount would have been value dated if the transaction had been executed correctly.

(8) Regardless of liability under this regulation, the payer's payment service provider must, on request by the payer, immediately and without charge—

(a)make efforts to trace any non-executed or defectively executed payment transaction; and

(b)notify the payer of the outcome.

Non-execution or defective or late execution of payment transactions initiated by the payeeU.K.

92.—(1) This regulation applies where a payment order is initiated by the payee.

(2) The payee's payment service provider is liable to the payee for the correct transmission of the payment order to the payer's payment service provider in accordance with regulation 86(5) (payment transactions to a payment account).

(3) Where the payee's payment service provider is liable under paragraph (2), it must immediately re-transmit the payment order in question to the payer's payment service provider.

(4) The payee's payment service provider must also ensure that the transaction is handled in accordance with regulation 89 (value date and availability of funds), such that the amount of the transaction—

(a)is at the payee's disposal immediately after it is credited to the payee's payment service provider's account; and

(b)is value dated on the payee's payment account no later than the date the amount would have been value dated if the transaction had been executed correctly.

(5) The payee's payment service provider must, on request by the payee and free of charge, make immediate efforts to trace the payment transaction and notify the payee of the outcome.

(6) Subject to paragraph (8), if the payee's payment service provider proves to the payee and, where relevant, to the payer's payment service provider, that it is not liable under paragraph (2) in respect of a non-executed or defectively executed payment transaction, the payer's payment service provider is liable to the payer and must, as appropriate and immediately—

(a)refund to the payer the amount of the payment transaction; and

(b)restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.

(7) The credit value date for a credit under paragraph (6)(b) must be no later than the date on which the amount was debited.

(8) If the payer's payment service provider proves that the payee's service provider has received the amount of the payment transaction, paragraph (6) does not apply and the payee's payment service provider must value date the amount on the payee's payment account no later than the date the amount would have been value dated if the transaction had been executed correctly.

Non-execution or defective or late execution of payment transactions initiated through a payment initiation serviceU.K.

93.—(1) This regulation applies where a payment order is initiated by the payer through a payment initiation service.

(2) The account servicing payment service provider must refund to the payer the amount of the non-executed or defective payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.

(3) Paragraph (4) applies if the payment initiation service provider does not prove to the account servicing payment service provider that—

(a)the payment order was received by the payer's account servicing payment service provider in accordance with regulation 81 (receipt of payment orders); and

(b)within the payment initiation service provider's sphere of influence the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the non-execution, defective or late execution of the transaction.

(4) On request from the account servicing payment service provider, the payment initiation service provider must immediately compensate the account servicing payment service provider for the losses incurred or sums paid as a result of the refund to the payer.

Liability of payment service provider for charges and interestU.K.

94.  A payment service provider is liable to its payment service user for—

(a)any charges for which the payment service user is responsible; and

(b)any interest which the payment service user must pay,

as a consequence of the non-execution or defective or late execution of the payment transaction.

Right of recourseU.K.

95.  Where the liability of a payment service provider (“the first provider”) under regulation 76, 91, 92 or 93 (payment service providers' liability for unauthorised or defective payment transactions) is attributable to another payment service provider or an intermediary, including where there is a failure to use strong customer authentication as required by regulation 100 (authentication), the other payment service provider or intermediary must compensate the first provider for any losses incurred or sums paid pursuant to those regulations.

Force majeureU.K.

96.—(1) A person is not liable for any contravention of a requirement imposed on it by or under this Part where the contravention is due to abnormal and unforeseeable circumstances beyond the person's control, the consequences of which would have been unavoidable despite all efforts to the contrary.

(2) A payment service provider is not liable for any contravention of a requirement imposed on it by or under this Part where the contravention is due to the obligations of the payment service provider under other provisions of EU or national law.

MiscellaneousU.K.

Consent for use of personal dataU.K.

97.  A payment service provider must not access, process or retain any personal data for the provision of payment services by it, unless it has the explicit consent of the payment service user to do so.

Management of operational and security risksU.K.

98.—(1) Each payment service provider must establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services it provides. As part of that framework, the payment service provider must establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.

(2) Each payment service provider must provide to the FCA an updated and comprehensive assessment of the operational and security risks relating to the payment services it provides and on the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.

(3) Such assessment must—

(a)be provided on an annual basis, or at such shorter intervals as the FCA may direct; and

(b)be provided in such form and manner, and contain such information, as the FCA may direct.

Incident reportingU.K.

99.—(1) If a payment service provider becomes aware of a major operational or security incident, the payment service provider must, without undue delay, notify the FCA.

(2) A notification under paragraph (1) must be in such form and manner, and contain such information, as the FCA may direct.

(3) If the incident has or may have an impact on the financial interests of its payment service users, the payment service provider must, without undue delay, inform its payment service users of the incident and of all measures that they can take to mitigate the adverse effects of the incident.

(4) Upon receipt of the notification referred to in paragraph (1), the FCA must—

(a)without undue delay, provide the relevant details of the incident to the European Banking Authority and to the European Central Bank;

(b)notify any other relevant authorities in the United Kingdom; and

(c)co-operate with the European Banking Authority and the European Central Bank in assessing the relevance of the incident to authorities outside of the United Kingdom.

(5) If the FCA receives notification of an incident from the European Banking Authority or the European Central Bank it must take any appropriate measures to protect the immediate safety of the financial system.

Dispute resolutionU.K.

101.—(1) This regulation applies in relation to complaints from payment service users who are not eligible within the meaning of section 226(6) of the 2000 Act (the ombudsman scheme – compulsory jurisdiction).

(2) A payment service provider must put in place and apply adequate and effective complaint resolution procedures for the settlement of complaints from payment service users about the rights and obligations arising under Parts 6 and 7.

(3) Those procedures must—

(a)be applied in every EEA State where the payment service provider offers the payment services; and

(b)be available in an official language of each such EEA State, or in another language if agreed between the payment service provider and the payment service user.

(4) When a payment service provider receives a complaint from a payment service user, the payment service provider must make every possible effort to address all points raised in a reply to the complaint on paper or, if agreed between payment service provider and payment service user, in another durable medium.

(5) Subject to paragraph (6), the reply must be provided to the complainant within an adequate timeframe and at the latest 15 business days after the day on which the payment service provider received the complaint.

(6) In exceptional situations, if a full reply cannot be given in accordance with paragraph (4) for reasons beyond the control of the payment service provider, the payment service provider must send a holding reply, clearly indicating the reasons for the delay in providing a full reply to the complaint and specifying the deadline by which the payment service user will receive a full reply.

(7) The deadline specified under paragraph (6) must not be later than 35 business days after the day on which the payment service provider received the complaint.

(8) The payment service provider must inform the payment service user about the details of one or more providers of dispute resolution services able to deal with disputes concerning the rights and obligations arising under this Part and Part 6 (information requirements for payment services), if the payment service provider uses such services.

(9) The payment service provider must also make available in a clear, comprehensive and easily accessible way—

(a)the information referred to in paragraph (7); and

(b)details of how to access further information about any provider of dispute resolution services referred to in paragraph (8) and the conditions for using such services.

(10) The information to be made available under paragraph (8) must be made available—

(a)on the website of the payment service provider (if any);

(b)at branches of the payment service provider (if any); and

(c)in the general terms and conditions of the contract between the payment service provider and the payment service user.

PART 8 U.K.Access to payment systems and bank accounts

Application of regulation 103U.K.

102.—(1) Regulation 103 does not apply to the following kinds of payment systems—

(a)a designated system;

(b)a payment system consisting solely of payment service providers belonging to the same group.

Prohibition on restrictive rules on access to payment systemsU.K.

103.—(1) Rules or conditions governing access to, or participation in, a payment system by authorised or registered payment service providers must—

(a)be objective, proportionate and non-discriminatory; and

(b)not prevent, restrict or inhibit access or participation more than is necessary to—

(i)safeguard against specific risks such as settlement risk, operational risk or business risk; or

(ii)protect the financial and operational stability of the payment system.

(2) Paragraph (1) applies only to such payment service providers as are legal persons.

(3) Rules or conditions governing access to, or participation in, a payment system must not, in respect of payment service providers, payment service users or other payment systems—

(a)restrict effective participation in other payment systems;

(b)discriminate (whether directly or indirectly) between

(i)different authorised payment service providers; or

(ii)different registered payment service providers;

in relation to the rights, obligations or entitlements of participants in the payment system; or

(c)impose any restrictions on the basis of institutional status.

Indirect access to designated systemsU.K.

104.—(1) This regulation applies where a participant in a designated system allows an authorised or registered payment service provider that is not a participant in the system to pass transfer orders through the system.

(2) The participant—

(a)must treat a request by another authorised or registered payment service provider to pass transfer orders through the system in an objective, proportionate and non-discriminatory manner; and

(b)must not—

(i)prevent, restrict or inhibit access to or participation in the system more than is necessary to safeguard against specific risks such as settlement risk, operational risk or business risk, or to protect the financial and operational stability of the participant or the payment system;

(ii)discriminate (whether directly or indirectly) between different authorised payment service providers or different registered payment service providers in relation to the rights, obligations or entitlements of such providers in relation to access to or participation in the system; or

(iii)impose any restrictions on the basis of institutional status.

(3) If the participant refuses such a request, it must provide full reasons for the refusal to the payment service provider which made the request.

Access to bank accountsU.K.

105.—(1) A credit institution must—

(a)grant payment service providers of the types referred to in paragraphs (a) to (f) of the definition of “payment service provider” in regulation 2(1), and applicants for authorisation or registration as such payment service providers, access to payment accounts services on an objective, non-discriminatory and proportionate basis;

(b)when a payment service provider of a type mentioned in sub-paragraph (a) enquires about such access, include in the response to the enquiry the criteria that the credit institution applies when considering requests for such access; and

(c)maintain arrangements to ensure that those criteria are applied in a manner which ensures compliance with sub-paragraph (a).

(2) Access to payment accounts services granted to a payment service provider pursuant to paragraph (1) must be sufficiently extensive to allow the payment service provider to provide payment services in an unhindered and efficient manner.

(3) If a credit institution refuses a request for access to such services from a payment service provider of the types mentioned in paragraph (1)(a), or withdraws access to such services for such a payment service provider, it must notify the FCA.

(4) A notification under paragraph (3) must—

(a)contain duly motivated reasons for the refusal or the withdrawal of access; and

(b)contain such information, and be provided in such form and manner and within such period following the refusal or withdrawal of access, as the FCA may direct.

(5) The FCA must provide the reasons received under paragraph (4) to the Payment Systems Regulator, unless the Payment Systems Regulator informs the FCA that it does not wish to receive them.

PART 9 U.K.The Financial Conduct Authority

Functions of the FCAU.K.

106.—(1) The FCA is designated as the competent authority for the purposes of the payment services directive, except as set out in paragraph (2), and has the functions and powers conferred on it by these Regulations.

(2) The FCA is not designated as the competent authority for the purposes of the following provisions of the payment services directive—

(a)the condition in Article 3(o) (transposed in regulation 61) (information on ATM withdrawal charges);

(b)Article 35 (transposed in regulations 102 to 104) (access to payment systems);

(c)in Article 62, paragraph 4 and the second sentence of paragraph 3 (restrictions on payee charging for use of certain payment instruments).

(3) In determining the general policy and principles by reference to which it performs particular functions under these Regulations, and to the extent appropriate taking into account the FCA's designation under paragraph (1), the FCA must have regard to—

(a)the need to use its resources in the most efficient and economic way;

(b)the principle that a burden or restriction which is imposed on a person, or on the carrying on of an activity, should be proportionate to the benefits, considered in general terms, which are expected to result from the imposition of that burden or restriction;

(c)the desirability of sustainable growth in the economy of the United Kingdom in the medium or long term;

(d)the general principle that consumers should take responsibility for their own decisions;

(e)the responsibilities of those who manage the affairs of persons subject to requirements imposed by or under these Regulations, including those affecting consumers, in relation to compliance with those requirements;

(f)the desirability where appropriate of the FCA exercising its functions in a way that recognises differences in the nature of, and objectives of, businesses carried on by different persons subject to requirements imposed by or under these Regulations;

(g)the desirability in appropriate cases of the FCA publishing information in relation to persons on whom requirements are imposed by or under these Regulations;

(h)the principle that the FCA should exercise its functions as transparently as possible.

Application of this Part to requirements of directly applicable EU regulations and FCA rulesU.K.

107.  For the purposes of this Part, including the legislation applied by regulation 122 and Schedule 6, but with the exception of regulation 119 and Schedule 5 (credit agreements)—

(a)the requirements imposed on payment service providers by Articles 8(2), 9(2) and 12 of the interchange fee regulation are to be treated as if they were included in Part 5 of these Regulations (requirements for providers of certain services which are not payment services);

(b)the requirements imposed on payment service providers by Articles 8(5) and (6), 9(1), 10(1) and (5) and 11 of the interchange fee regulation are to be treated as if they were included in Part 6 of these Regulations (information requirements for payment services); and

(c)requirements imposed on payment service providers by or under directly applicable EU regulations adopted under the payment services directive, or by rules made by the FCA pursuant to paragraph 3 of [F22Schedule 6], are to be treated as if they were imposed by or under Part 7 of these Regulations (rights and obligations in relation to the provision of payment services).

Supervision and enforcementU.K.

Monitoring and enforcementU.K.

108.—(1) The FCA must maintain arrangements designed to enable it to determine whether—

(a)persons on whom requirements are imposed by or under Parts 2 to 7 or regulation 105 (access to bank accounts) are complying with them;

(b)there has been any contravention of regulation 138(1) (prohibition on provision of payment services by persons other than payment service providers), 139(1) (false claims to be a payment service provider or exempt) or 142(1)(a) or (2) (misleading a regulator).

(2) The arrangements referred to in paragraph (1) may provide for functions to be performed on behalf of the FCA by any body or person who is, in its opinion, competent to perform them.

(3) The FCA must also maintain arrangements for enforcing the provisions of these Regulations.

(4) Paragraph (2) does not affect the FCA's duty under paragraph (1).

Reporting requirementsU.K.

109.—(1) A person must give the FCA such information as the FCA may direct in respect of its provision of payment services or its compliance with requirements imposed by or under Parts 2 to 7 or regulation 105 (access to bank accounts).

(2) Information required under this regulation must be given at such times and in such form, and verified in such manner, as the FCA may direct.

(3) A direction under paragraph (2) must specify the purpose for which the information is required, as appropriate, and the time within which the information is to be given.

(4) Each [F23payment service provider in the United Kingdom (but not an agent of such a payment service provider or an excluded provider)] must provide to the FCA statistical data on fraud relating to different means of payment.

(5) Such data must be provided at least once per year, and must be provided in such form as the FCA may direct.

(6) The FCA must provide such data in an aggregated form to the European Banking Authority and the European Central Bank.

Public censureU.K.

110.  If the FCA considers that a person has contravened a requirement imposed on them by or under these Regulations, the FCA may publish a statement to that effect.

Financial penaltiesU.K.

111.—(1) The FCA may impose a penalty of such amount as it considers appropriate on—

(a)a payment service provider who has contravened a requirement imposed on them by or under these Regulations; or

(b)a person who has contravened regulation 138(1) (prohibition on provision of payment services by persons other than payment service providers), 139(1) (false claims to be a payment service provider or exempt) or 142(1)(a) or (2) (misleading a regulator).

(2) The FCA may not in respect of any contravention both require a person to pay a penalty under this regulation and cancel their authorisation as a payment institution or their registration as a small payment institution or account information service provider (as the case may be).

(3) A penalty under this regulation is a debt due from that person to the FCA, and is recoverable accordingly.

Proposal to take disciplinary measuresU.K.

112.—(1) Where the FCA proposes to publish a statement under regulation 110 or to impose a penalty under regulation 111, it must give the person concerned a warning notice.

(2) The warning notice must set out the terms of the proposed statement or state the amount of the proposed penalty.

(3) If, having considered any representations made in response to the warning notice, the FCA decides to publish a statement under regulation 110 or to impose a penalty under regulation 111, it must without delay give the person concerned a decision notice.

(4) The decision notice must set out the terms of the statement or state the amount of the penalty.

(5) If the FCA decides to publish a statement under regulation 110 or impose a penalty on a person under regulation 111, the person concerned may refer the matter to the Upper Tribunal.

(6) Sections 210 (statements of policy) and 211 (statements of policy: procedure) of the 2000 Act apply in respect of the imposition of penalties under regulation 111 and the amount of such penalties as they apply in respect of the imposition of penalties under Part 14 of the 2000 Act (disciplinary measures) and the amount of penalties under that Part of that Act.

(7) After a statement under regulation 110 is published, the FCA must send a copy of it to the person concerned and to any person to whom a copy of the decision notice was given under section 393(4) of the 2000 Act (third party rights) (as applied by paragraph 10 of Schedule 6 to these Regulations).

InjunctionsU.K.

113.—(1) If, on the application of the FCA, the court is satisfied—

(a)that there is a reasonable likelihood that any person will contravene a requirement imposed by or under these Regulations; or

(b)that any person has contravened such a requirement and that there is a reasonable likelihood that the contravention will continue or be repeated,

the court may make an order restraining (or in Scotland an interdict prohibiting) the contravention.

(2) If, on the application of the FCA, the court is satisfied—

(a)that any person has contravened a requirement imposed by or under these Regulations; and

(b)that there are steps which could be taken for remedying the contravention,

the court may make an order requiring that person, and any other person who appears to have been knowingly concerned in the contravention, to take such steps as the court may direct to remedy it.

(3) If, on the application of the FCA, the court is satisfied that any person may have—

(a)contravened a requirement imposed by or under these Regulations; or

(b)been knowingly concerned in the contravention of such a requirement,

it may make an order restraining (or in Scotland an interdict prohibiting) them from disposing of, or otherwise dealing with, any assets of theirs which it is satisfied they are reasonably likely to dispose of or otherwise deal with.

(4) The jurisdiction conferred by this regulation is exercisable by the High Court and the Court of Session.

(5) In paragraph (2), references to remedying a contravention include references to mitigating its effect.

Power of FCA to require restitutionU.K.

114.—(1) The FCA may exercise the power in paragraph (2) if it is satisfied that a payment service provider (referred to in this regulation and regulation 115 as “the person concerned”) has contravened a requirement imposed by or under these Regulations, or been knowingly concerned in the contravention of such a requirement, and that—

(a)profits have accrued to the person concerned as a result of the contravention; or

(b)one or more persons have suffered loss or been otherwise adversely affected as a result of the contravention.

(2) The power referred to in paragraph (1) is a power to require the person concerned, in accordance with such arrangements as the FCA considers appropriate, to pay to the appropriate person or distribute among the appropriate persons such amount as appears to the FCA to be just having regard—

(a)in a case within sub-paragraph (a) of paragraph (1), to the profits appearing to the FCA to have accrued;

(b)in a case within sub-paragraph (b) of that paragraph, to the extent of the loss or other adverse effect;

(c)in a case within both of those paragraphs, to the profits appearing to the FCA to have accrued and to the extent of the loss or other adverse effect.

(3) In paragraph (2) “appropriate person” means a person appearing to the FCA to be someone—

(a)to whom the profits mentioned in paragraph (1)(a) are attributable; or

(b)who has suffered the loss or adverse effect mentioned in paragraph (1)(b).

Proposal to require restitutionU.K.

115.—(1) If the FCA proposes to exercise the power under regulation 114(2), it must give the person concerned a warning notice.

(2) The warning notice must state the amount which the FCA propose to require the person concerned to pay or distribute as mentioned in regulation 114(2).

(3) If, having considered any representations made in response to the warning notice, the FCA decides to exercise the power under regulation 114(2), it must without delay give the person concerned a decision notice.

(4) The decision notice must—

(a)state the amount that the person concerned is to pay or distribute;

(b)identify the person or persons to whom that amount is to be paid or among whom that amount is to be distributed; and

(c)state the arrangements in accordance with which the payment or distribution is to be made.

(5) If the FCA decides to exercise the power under regulation 114(2), the person concerned may refer the matter to the Upper Tribunal.

Restitution ordersU.K.

116.—(1) The court may, on the application of the FCA, make an order under paragraph (2) if it is satisfied that a person has contravened a requirement imposed by or under these Regulations, or been knowingly concerned in the contravention of such a requirement, and that—

(a)profits have accrued to them as a result of the contravention; or

(b)one or more persons have suffered loss or been otherwise adversely affected as a result of the contravention.

(2) The court may order the person concerned to pay to the FCA such sum as appears to the court to be just having regard—

(a)in a case within sub-paragraph (a) of paragraph (1), to the profits appearing to the court to have accrued;

(b)in a case within sub-paragraph (b) of that paragraph, to the extent of the loss or other adverse effect;

(c)in a case within both of those sub-paragraphs, to the profits appearing to the court to have accrued and to the extent of the loss or other adverse effect.

(3) Any amount paid to the FCA in pursuance of an order under paragraph (2) must be paid by it to such qualifying person or distributed by it among such qualifying persons as the court may direct.

(4) In paragraph (3), “qualifying person” means a person appearing to the court to be someone—

(a)to whom the profits mentioned in paragraph (1)(a) are attributable; or

(b)who has suffered the loss or adverse effect mentioned in paragraph (1)(b).

(5) On an application under paragraph (1) the court may require the person concerned to supply it with such accounts or other information as it may require for any one or more of the following purposes—

(a)establishing whether any and, if so, what profits have accrued to them as mentioned in sub-paragraph (a) of that paragraph;

(b)establishing whether any person or persons have suffered any loss or adverse effect as mentioned in sub-paragraph (b) of that paragraph; and

(c)determining how any amounts are to be paid or distributed under paragraph (3).

(6) The court may require any accounts or other information supplied under paragraph (5) to be verified in such manner as it may direct.

(7) The jurisdiction conferred by this regulation is exercisable by the High Court and the Court of Session.

(8) Nothing in this regulation affects the right of any person other than the FCA to bring proceedings in respect of the matters to which this regulation applies.

ComplaintsU.K.

117.—(1) The FCA must maintain arrangements designed to enable payment service users and other interested parties to submit complaints to it that a requirement imposed by or under Parts 2 to 7 of these Regulations has been breached by a payment service provider.

(2) Where it considers it appropriate, the FCA must include in any reply to a complaint under paragraph (1) details of the ombudsman scheme established under Part 16 of the 2000 Act (the ombudsman scheme).

MiscellaneousU.K.

Costs of supervisionU.K.

118.—(1) The functions of the FCA under these Regulations are to be treated for the purposes of paragraph 23 of Schedule 1ZA (fees) to the 2000 Act M46 as functions conferred on the FCA under that Act, with the following modifications—

(a)section 1B(5)(a) of the 2000 Act (FCA's general duties) M47 does not apply to the making of rules under paragraph 23 by virtue of this regulation;

(b)rules made under paragraph 23 by virtue of this regulation are not to be treated as regulating provisions for the purposes of section 140A(1) of the 2000 Act (competition scrutiny) M48;

(c)paragraph 23(7) does not apply.

(2) The FCA must in respect of each of its financial years pay to the Treasury any amounts received by it during the year by way of penalties imposed under regulation 111.

(3) The Treasury may give directions to the FCA as to how the FCA is to comply with its duty under paragraph (2).

(4) The directions may in particular—

(a)specify the time when any payment is required to be made to the Treasury, and

(b)require the FCA to provide the Treasury at specified times with information relating to penalties that the FCA has imposed under regulation 111.

(5) The Treasury must pay into the Consolidated Fund any sums received by them under this regulation.

Credit agreementsU.K.

119.  Schedule 5, which contains provisions concerning credit agreements, has effect.

GuidanceU.K.

120.—(1) The FCA may give guidance consisting of such information and advice as it considers appropriate with respect to—

(a)the operation of these Regulations;

(b)any matters relating to the functions of the FCA under these Regulations;

(c)any other matters about which it appears to the FCA to be desirable to give information or advice in connection with these Regulations.

(2) The FCA may—

(a)publish its guidance;

(b)offer copies of its published guidance for sale at a reasonable price;

(c)if it gives guidance in response to a request made by any person, make a reasonable charge for that guidance.

FCA's exemption from liability in damagesU.K.

121.  The functions of the FCA under these Regulations are to be treated for the purposes of paragraph 25 (exemption from liability in damages) of Part 4 of Schedule 1ZA to the 2000 Act M49 as functions conferred on the FCA under that Act.

Application and modification of primary and secondary legislationU.K.

122.  The provisions of primary and secondary legislation set out in Schedule 6 apply for the purposes of these Regulations with the modifications set out in that Schedule.

PART 10 U.K.The Payment Systems Regulator

Interpretation of Part 10U.K.

123.  In this Part—

“the 2013 Act” means the Financial Services (Banking Reform) Act 2013 M50;

“compliance failure” means a failure by a regulated person to comply with—

“directive requirement” means an obligation, prohibition or restriction imposed by regulation 61 (information on ATM withdrawal charges) or Part 8 (access to payment systems and bank accounts), with the exception of the obligation imposed on the FCA by regulation 105(5) (access to bank accounts);

“general direction” has the meaning given in regulation 125(5);

“general guidance” has the meaning given in regulation 134(2);

“regulated person” means a person on whom a directive requirement is imposed.

Functions of the Payment Systems RegulatorU.K.

124.—(1) The Payment Systems Regulator is designated as the competent authority for the purposes of the following provision of the payment services directive—

(a)the condition in Article 3(o) (transposed in regulation 61) (information on ATM withdrawal charges);

(b)Article 35 (transposed in regulations 102 to 104) (access to payment systems);

(c)Article 36 (transposed in regulation 105) (access to bank accounts), together with the FCA,

and has the functions and powers conferred on it by these Regulations.

(2) In determining the general policy and principles by reference to which it performs particular functions under these Regulations, and to the extent appropriate taking into account the Payment Systems Regulator's designation under paragraph (1), the Payment Systems Regulator must have regard to the matters to which the FCA is required to have regard by regulation 106(3), and for that purpose references to the FCA in regulation 106(3)(f) to (h) are to be read as references to the Payment Systems Regulator.

(3) The Payment Systems Regulator must maintain arrangements designed to enable it to determine whether regulated persons are complying with directive requirements, and for enforcing directive requirements.

DirectionsU.K.

125.—(1) The Payment Systems Regulator may give a direction in writing to any regulated person.

(2) A direction may be given for the purpose of—

(a)obtaining information about—

(i)compliance with a directive requirement; or

(ii)the application of a directive requirement to a person;

(b)remedying a failure to comply with a directive requirement; or

(c)preventing a failure to comply, or continued non-compliance, with a directive requirement.

(3) A direction may require or prohibit the taking of specified action.

(4) A direction may apply—

(a)in relation to all regulated persons or in relation to every regulated person of a specified description; or

(b)in relation to a specified regulated person or specified regulated persons.

(5) A direction that applies as mentioned in paragraph (4)(a) is referred to in this Part as a “general direction”.

(6) A direction requiring the provision of information must specify the purpose for which the information is required, as appropriate, and the time within which the information is to be given.

(7) The Payment Systems Regulator must publish any general direction.

Publication of compliance failures and penaltiesU.K.

126.  The Payment Systems Regulator may publish details of—

(a)a compliance failure by a regulated person; or

(b)a penalty imposed under regulation 127.

PenaltiesU.K.

127.—(1) The Payment Systems Regulator may require a regulated person to pay a penalty in respect of a compliance failure.

(2) A penalty—

(a)must be paid to the Payment Systems Regulator; and

(b)may be enforced by the Payment Systems Regulator as a debt.

(3) The Payment Systems Regulator must prepare a statement of the principles which it will apply in determining—

(a)whether to impose a penalty; and

(b)the amount of a penalty.

(4) The Payment Systems Regulator must—

(a)publish the statement on its website;

(b)send a copy to the Treasury;

(c)review the statement from time to time and revise it if necessary (and sub-paragraphs (a) and (b) apply to a revision); and

(d)in applying the statement to a compliance failure, apply the version in force when the compliance failure occurred.

Notice of publication of a compliance failure or of imposition of a penaltyU.K.

128.  Before publishing details of a compliance failure by a regulated person under regulation 126(a) or imposing a penalty on a regulated person under regulation 127, the Payment Systems Regulator must—

(a)give the person notice in writing of the proposed publication or penalty and reasons for the proposed publication or penalty;

(b)give the person at least 21 days to make representations;

(c)consider any representations made; and

(d)as soon as is reasonably practicable, give the person a notice in writing stating whether or not it intends to publish the details or impose the penalty.

InjunctionsU.K.

129.—(1) If, on the application of the Payment Systems Regulator, the court is satisfied—

(a)that there is a reasonable likelihood that there will be a compliance failure, or

(b)that there has been a compliance failure and there is a reasonable likelihood that it will continue or be repeated,

the court may make an order restraining the conduct constituting the failure.

(2) If, on the application of the Payment Systems Regulator, the court is satisfied—

(a)that there has been a compliance failure by a regulated person; and

(b)that there are steps which could be taken for remedying the failure,

the court may make an order requiring the regulated person, and anyone else who appears to have been knowingly concerned in the failure, to take such steps as the court may direct to remedy it.

(3) The jurisdiction conferred by this regulation is exercisable—

(a)in England and Wales and Northern Ireland, by the High Court; and

(b)in Scotland, by the Court of Session.

(4) In this regulation—

(a)references to an order restraining anything are, in Scotland, to be read as references to an interdict prohibiting that thing; and

(b)references to remedying a failure include mitigating its effect.

Appeals: generalU.K.

130.—(1) A person who is affected by a decision to give a direction under regulation 125 (directions) other than a general direction or a decision to publish details under regulation 126(a) (publication of compliance failures) may appeal against the decision to the Competition Appeal Tribunal in accordance with regulation 131.

(2) A person who is affected by a decision to impose a penalty under regulation 127 (penalties) may appeal against the decision to the Competition Appeal Tribunal in accordance with regulation 132.

Appeals against directions and publication of compliance failuresU.K.

131.—(1) This regulation applies where a person is appealing to the Competition Appeal Tribunal against a decision to give a direction under regulation 125 (directions) or to publish details under regulation 126(a) (publication of compliance failures).

(2) The means of making an appeal is by sending the Competition Appeal Tribunal a notice of appeal in accordance with Tribunal rules.

(3) The notice of appeal must be sent within the period specified, in relation to the decision appealed against, in those rules.

(4) In determining an appeal made in accordance with this regulation, the Competition Appeal Tribunal must apply the same principles as would be applied by a court on an application for judicial review.

(5) The Competition Appeal Tribunal must either—

(a)dismiss the appeal; or

(b)quash the whole or part of the decision to which the appeal relates.

(6) If the Competition Appeal Tribunal quashes the whole or part of a decision, it may refer the matter back to the Payment Systems Regulator with a direction to reconsider and make a new decision in accordance with its ruling.

(7) The Competition Appeal Tribunal may not direct the Payment Systems Regulator to take any action which it would not otherwise have the power to take in relation to the decision.

(8) In this regulation and regulation 132 “Tribunal rules” means rules under section 15 of the Enterprise Act 2002 M51.

Appeals in relation to penaltiesU.K.

132.—(1) This regulation applies where a person is appealing to the Competition Appeal Tribunal against a decision to impose a penalty under regulation 127 (penalty).

(2) The person may appeal against—

(a)the imposition of the penalty;

(b)the amount of the penalty; or

(c)any date by which the penalty, or any part of it, is required to be paid.

(3) The means of making an appeal is by sending the Competition Appeal Tribunal a notice of appeal in accordance with Tribunal rules.

(4) The notice of appeal must be sent within the period specified, in relation to the decision appealed against, in those rules.

(5) The Competition Appeal Tribunal may do any of the following—

(a)uphold the penalty;

(b)set aside the penalty;

(c)substitute for the penalty a penalty of an amount decided by the Competition Appeal Tribunal;

(d)vary any date by which the penalty, or any part of it, is required to be paid.

(6) If an appeal is made in accordance with this regulation, the penalty is not required to be paid until the appeal has been determined.

(7) Paragraphs (2), (5) and (6) do not restrict the power to make Tribunal rules; and those paragraphs are subject to Tribunal rules.

(8) Except as provided by this regulation, the validity of the penalty may not be questioned by any legal proceedings whatever.

(9) In the case of an appeal made in accordance with this regulation, a decision of the Competition Appeal Tribunal has the same effect as, and may be enforced in the same manner as, a decision of the Payment Systems Regulator.

ComplaintsU.K.

133.—(1) The Payment Systems Regulator must maintain arrangements designed to enable persons to submit complaints to it that a directive requirement has been breached.

(2) Where it considers it appropriate, the Payment Systems Regulator must include in any reply to a complaint under paragraph (1) details of the ombudsman scheme established under Part 16 of the 2000 Act (the ombudsman scheme).

GuidanceU.K.

134.—(1) The Payment Systems Regulator may give guidance consisting of such information and advice as it considers appropriate in relation to—

(a)the directive requirements;

(b)its functions under these Regulations;

(c)any related matters about which it appears to the Payment Systems Regulator to be desirable to give information or advice.

(2) In this Part “general guidance” means guidance given by the Payment Systems Regulator under this regulation which is—

(a)given to persons generally or to a class of persons;

(b)intended to have continuing effect; and

(c)given in writing or other legible form.

(3) The Payment Systems Regulator may publish its guidance.

Information and investigationU.K.

135.—(1) Sections 81 to 93 of the 2013 Act (information and investigation powers and disclosure of information) apply for the purposes of the Payment Systems Regulator's functions under these Regulations as if—

(a)references to Part 5 of the 2013 Act were references to these Regulations;

(b)references to a participant in a regulated payment system were references to a regulated person;

(c)references to a compliance failure were references to a compliance failure as defined in regulation 123 (interpretation of this Part);

(d)in section 81 (power to obtain information or documents)—

(i)subsection (1)(a) were omitted

(ii)in subsection (1)(b), “otherwise” were omitted; and

(iii)after subsection (3) there were inserted—

“(4) A notice under subsection (1) requiring information must specify the purpose for which the information is required and the time within which the information is to be provided.”.

(e)in section 82(1) (reports by skilled persons) the reference to participation in a payment system were a reference to compliance with the directive requirements;

(f)in section 83 (appointment of persons to conduct investigations), subsection (1) were omitted;

(g)in section 90 (enforcement of information and investigation powers)—

(i)in subsection (7)(a)(i) for “12 months (or 6 months, if the offence was committed before the commencement of section 154(1) of the Criminal Justice Act 2003)” there were substituted “ 3 months ”;

(ii)in subsection (7)(a)(iii) for “6 months” there were substituted “ 3 months ”; and

(iii)in subsection (8)(a) for “51 weeks (or 3 months, if the offence was committed before the commencement of section 280(2) of the Criminal Justice Act 2003)” there were substituted “ 3 months ”;

(h)in section 91 (restrictions on disclosure of confidential information), subsection (6) were omitted; and

(i)in section 93 (offences relating to disclosure of confidential information), in subsection (4)(a) for “51 weeks (or 3 months, if the offence was committed before the commencement of section 280(2) of the Criminal Justice Act 2003)” there were substituted “ 3 months ”.

(2) The Financial Services (Banking Reform) Act 2013 (Disclosure of Confidential Information) Regulations 2014 M52 (“the 2014 Regulations”) apply for the purposes of the Payment Systems Regulator's functions under these Regulations as if—

(a)the reference in regulation 5(3)(a) of the 2014 Regulations (disclosure for the purposes of certain other proceedings) to Part 5 of the 2013 Act were a reference to these Regulations; and

(b)the following entry were included in the table in the Schedule to the 2014 Regulations (persons and functions in respect of which disclosure is permitted)—

Application of other provisions of the 2013 ActU.K.

136.—(1) For the purposes of these Regulations section 40(3) and (4) of the 2013 Act (Financial Conduct Authority to ensure capability of Payment Systems Regulator) applies as if the reference in section 40(3) of that Act to the functions referred to in section 40(1) included a reference to the functions of the Payment Systems Regulator under these Regulations.

(2) For the purposes of these Regulations section 104 of the 2013 Act (consultation in relation to generally applicable requirements) applies as if—

(a)in subsection (1)—

(i)the reference in paragraph (a) to a general direction under section 54 of that Act were a reference to a general direction under regulation 125 (directions);

(ii)paragraph (b) were omitted;

(b)in subsection (3)(c), the reference to the Payment Systems Regulator's duties under section 49 were a reference to the Payment Systems Regulator's duties under regulation 124(2) and (3) (duties to maintain arrangements for monitoring and enforcement and to have regard to regulatory principles); and

(c)in subsection (10), the reference to regulated payment systems were a reference to regulated persons.

(3) For the purposes of these Regulations paragraphs 5, 7 and 9 to 14 of Schedule 4 to the 2013 Act (the Payment Systems Regulator) apply as if—

(a)references to the functions of the Payment Systems Regulator included references to the functions of the Payment Systems Regulator under the interchange fee regulation and these Regulations;

(b)in paragraph 5 of that Schedule (arrangements for discharging functions)—

(i)in sub-paragraph (3), the reference to general directions under section 54 of the 2013 Act included a reference to general directions under regulation 125;

(ii)in sub-paragraph (4), the reference to general guidance included a reference to general guidance under regulation 134 (guidance);

(c)in paragraph 9 (funding) of that Schedule, in sub-paragraph (1) the reference to participants in regulated payment systems included a reference to regulated persons;

(d)in paragraph 10 of that Schedule (penalty receipts)—

(i)references to penalties imposed under section 73 of the 2013 Act included references to penalties imposed under regulation 127 (penalties);

(ii)in sub-paragraph (4)—

(aa)in paragraph (a) the reference to the Payment Systems Regulator's powers under sections 72 to 75 of the 2013 Act included a reference to the Payment Systems Regulator's powers under regulations 126 to 129 (publication of compliance failures and penalties, penalties and injunctions);

(bb)in paragraphs (c) and (d) the reference to relevant offences included reference to offences under Part 5 of the 2013 Act as applied by regulation 135 and under these Regulations; and

(e)in paragraph 11 of that Schedule (penalty receipts)—

(i)in sub-paragraph (1), the reference to penalties imposed under section 73 of the 2013 Act included a reference to penalties imposed under regulation 127 (penalties); and

(ii)in sub-paragraphs (1) and (2), the references to participants in regulated payment systems included references to regulated persons.

PART 11 U.K.General

Contracting out of statutory requirementsU.K.

Prohibition on contracting out of statutory requirementU.K.

137.—(1) A payment service provider may not agree with a payment service user that it will not comply with any provision of these Regulations unless—

(a)such agreement is permitted by these Regulations, or

(b)such agreement provides for terms which are more favourable to the payment service user than the relevant provisions of these Regulations.

(2) A contractual term is void if and to the extent that—

(a)the term is agreed in contravention of paragraph (1), or

(b)the term relates to a transaction alleged to have been unauthorised or defectively executed, and purports to—

(i)impose liability to provide compensation on a different person from the person identified in these Regulations, or

(ii)allocate the burden of proof to a different person from the person identified in these Regulations.

Criminal OffencesU.K.

Prohibition on provision of payment services by persons other than payment service providersU.K.

138.—(1) A person may not provide a payment service in the United Kingdom, or purport to do so, unless the person is—

(a)an authorised payment institution;

(b)a small payment institution;

(c)a registered account information service provider;

(d)an EEA authorised payment institution or an EEA registered account information service provider exercising its passport rights;

(e)a credit institution authorised in the United Kingdom or exercising an EEA right in accordance with Part 2 of Schedule 3 to the 2000 Act (exercise of passport rights by EEA firms);

(f)an electronic money institution which for the purposes of the Electronic Money Regulations 2011 M55 is—

(i)registered in the United Kingdom as an authorised electronic money institution or a small electronic money institution; or

(ii)an EEA authorised electronic money institution exercising passport rights in the United Kingdom;

(g)the Post Office Limited;

(h)the Bank of England, the European Central Bank or a national central bank of an EEA State other than the United Kingdom,

(i)a government department or a local authority; or

(j)exempt under regulation 3 (exemption for certain bodies).

(2) A person who contravenes paragraph (1) is guilty of an offence and is liable—

(a)on summary conviction, to imprisonment for a term not exceeding three months or to a fine, which in Scotland or Northern Ireland may not exceed the statutory maximum, or both;

(b)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or both.

False claims to be a payment service provider or exemptU.K.

139.—(1) A person who does not fall within any of sub-paragraphs (a) to (f) of regulation 138(1) may not—

(a)describe themselves (in whatever terms) as a person falling within any of those sub-paragraphs; or

(b)behave, or otherwise hold themselves out, in a manner which indicates (or which is reasonably likely to be understood as indicating) that they are such a person.

(2) A person who contravenes paragraph (1) is guilty of an offence and is liable on summary conviction to imprisonment for a term not exceeding three months or to a fine, which in Scotland or Northern Ireland may not exceed level 5 on the standard scale, or both.

DefencesU.K.

140.  In proceedings for an offence under regulation 138 or 139 it is a defence for the accused to show that they took all reasonable precautions and exercised all due diligence to avoid committing the offence.

Contravention of regulations 57 and 58U.K.

141.—(1) A person (not being a payment service provider) who contravenes regulation 57(2) or 58(2) (information on charges and exchange rates) is guilty of an offence and liable on summary conviction to a fine, which in Scotland or Northern Ireland may not exceed level 5 on the standard scale.

(2) No offence is committed if the person took all reasonable steps and exercised all due diligence to ensure that the requirement imposed on the person by regulation 57(2) or 58(2), as the case may be, would be complied with.

Misleading the FCA or the Payment Systems RegulatorU.K.

142.—(1) A person may not, in purported compliance with any requirement imposed by or under these Regulations, knowingly or recklessly give information which is false or misleading in a material particular to—

(a)the FCA; or

(b)the Payment Systems Regulator.

(2) A person may not—

(a)provide any information to another person, knowing the information to be false or misleading in a material particular, or

(b)recklessly provide to another person any information which is false or misleading in a material particular,

knowing that the information is to be used for the purpose of providing information to the FCA in connection with its functions under these Regulations.

(3) A person may not—

(a)provide any information to another person, knowing the information to be false or misleading in a material particular, or

(b)recklessly provide to another person any information which is false or misleading in a material particular,

knowing that the information is to be used for the purpose of providing information to the Payment Systems Regulator in connection with its functions under these Regulations.

(4) A person who contravenes paragraph (1), (2) or (3) is guilty of an offence and is liable—

(a)on summary conviction, to a fine, which in Scotland or Northern Ireland may not exceed the statutory maximum;

(b)on conviction on indictment, to a fine.

Restriction on penaltiesU.K.

143.  A person who is convicted of an offence under these Regulations is not liable to a penalty under regulation 111 or 127 (financial penalties) in respect of the same contravention of a requirement imposed by or under these Regulations.

Liability of officers of bodies corporate etcU.K.

144.—(1) If an offence under these Regulations committed by a body corporate is shown—

(a)to have been committed with the consent or connivance of an officer, or

(b)to be attributable to any neglect on their part,

the officer as well as the body corporate is guilty of the offence and liable to be proceeded against and punished accordingly.

(2) If the affairs of a body corporate are managed by its members, paragraph (1) applies in relation to the acts and defaults of a member in connection with such member's functions of management as if the member were a director of the body.

(3) If an offence under these Regulations committed by a partnership is shown—

(a)to have been committed with the consent or connivance of a partner, or

(b)to be attributable to any neglect on their part,

the partner as well as the partnership is guilty of the offence and liable to be proceeded against and punished accordingly.

(4) If an offence under these Regulations committed by an unincorporated association (other than a partnership) is shown—

(a)to have been committed with the consent or connivance of an officer, or

(b)to be attributable to any neglect of such officer,

the officer as well as the association is guilty of the offence and liable to be proceeded against and punished accordingly.

(5) In this regulation—

• “officer”—

  (a)

  in relation to a body corporate, means a director, manager, secretary, chief executive, member of the committee of management, or a person purporting to act in such a capacity; and

  (b)

  in relation to an unincorporated association, means any officer of the association or any member of its governing body, or a person purporting to act in such capacity; and

• “partner” includes a person purporting to act as a partner.

Prosecution of offencesU.K.

145.—(1) Proceedings for an offence under these Regulations may be instituted only—

(a)in respect of an offence under regulation 138 (prohibition on provision of payment services by persons other than payment service providers), 139 (false claims to be a payment service provider or exempt), 141 (contravention of regulations 57 and 58), or 142(4) in so far as it relates to regulation 142(1)(a) or (2) (misleading the FCA), by the FCA;

(b)in respect of an offence under regulation 142(4) in so far as it relates to regulation 142(1)(b) or (3) (misleading the Payment Systems Regulator), by the Payment Systems Regulator; or

(c)by or with the consent of the Director of Public Prosecutions.

(2) Paragraph (1) does not apply to proceedings in Scotland.

Proceedings against unincorporated bodiesU.K.

146.—(1) Proceedings for an offence alleged to have been committed by a partnership or an unincorporated association must be brought in the name of the partnership or association (and not in that of its members).

(2) A fine imposed on the partnership or association on its conviction of an offence is to be paid out of the funds of the partnership or association.

(3) Rules of court relating to the service of documents are to have effect as if the partnership or association were a body corporate.

(4) In proceedings for an offence brought against the partnership or association—

(a)section 33 of the Criminal Justice Act 1925 (procedure on charge of offence against corporation) M56 and section 46 of and Schedule 3 to the Magistrates' Courts Act 1980 (corporations) M57 apply as they do in relation to a body corporate;

(b)section 70 of the Criminal Procedure (Scotland) Act 1995 (proceedings against organisations) M58 applies as it does in relation to a body corporate;

(c)section 18 of the Criminal Justice (Northern Ireland) Act 1945 (procedure on charge) M59 and Schedule 4 to the Magistrates' Courts (Northern Ireland) Order 1981 (corporations) M60 apply as they do in relation to a body corporate.

(5) Summary proceedings for an offence under these Regulations may be taken—

(a)against a body corporate or unincorporated association at any place at which it has a place of business;

(b)against an individual at any place where they are for the time being.

(6) Paragraph (5) does not affect any jurisdiction exercisable apart from this regulation.

MiscellaneousU.K.

Duty to co-operate and exchange of informationU.K.

147.—(1) The FCA, the Commissioners and the Payment Systems Regulator must take such steps as they consider appropriate to co-operate with each other and—

(a)the competent authorities designated under Article 22(1), or referred to in Article 100(1), of the payment services directive, of EEA States other than the United Kingdom;

(b)the European Central Bank, the Bank of England and the national central banks of EEA States other than the United Kingdom;

(c)any other relevant competent authorities designated under EU law or the law of the United Kingdom or any other EEA State which is applicable to payment service providers; and

(d)the European Banking Authority,

for the purposes of the exercise by those bodies of their functions under the payment services directive and other relevant EU or national legislation.

(2) Subject to the requirements of the Data Protection Act 1998 M61, section 348 of the 2000 Act (restrictions on disclosure of confidential information by FCA etc.) M62 (as applied with modifications by paragraph 8 of Schedule 6 to these Regulations), regulation 105 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 M63 (disclosure by the Commissioners) and any other applicable restrictions on the disclosure of information, the FCA, the Commissioners and the Payment Systems Regulator may provide information to each other and—

(a)the bodies mentioned in paragraph (1)(a), (c) and (d);

(b)the European Central Bank, the Bank of England and the national central banks of EEA States other than the United Kingdom when acting in their capacity as monetary and oversight authorities;

(c)where relevant, other public authorities responsible for the oversight of payment and settlement systems;

for the purposes of the exercise by those bodies of their functions under the payment services directive and other relevant EU or national legislation.

(3) Part 9 of the Enterprise Act 2002 M64 (information) does not prohibit disclosure of information under paragraph (2) but a person to whom that Part applies must have regard to the considerations mentioned in section 244 of that Act (specified information: considerations relevant to disclosure) before making any such disclosure.

(4) If the European Banking Authority is assisting the FCA, or a competent authority in another EEA State, in relation to a disagreement between those authorities pursuant to Article 19 of Regulation (EU) 1093/2010 of the European Parliament and of the Council of 24th November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC M65, the FCA must defer any decision in relation to the subject of the disagreement until the disagreement is resolved under that Article.

Actions for breach of requirementsU.K.

148.—(1) A contravention—

(a)which is to be taken to have occurred by virtue of regulation 21 (authorised payment institutions, small payment institutions and registered account information service providers acting without permission);

(b)of a requirement imposed by regulation 23 (safeguarding requirements); or

(c)of a requirement imposed by or under Part 6 (information requirements for payment services) or 7 (rights and obligations in relation to the provision of payment services),

is actionable at the suit of a private person who suffers loss as a result of the contravention, subject to the defences and other incidents applying to actions for breach of statutory duty.

(2) A person acting in a fiduciary or representative capacity may bring an action under paragraph (1) on behalf of a private person if any remedy—

(a)will be exclusively for the benefit of the private person; and

(b)cannot be obtained by way of an action brought otherwise than at the suit of the fiduciary or representative.

(3) In this regulation “private person” means—

(a)any individual, except where the individual suffers the loss in question in the course of providing payment services; and

(b)any person who is not an individual, except where that person suffers the loss in question in the course of carrying on business of any kind;

but does not include a government, a local authority (in the United Kingdom or elsewhere) or an international organisation.

(4) Where there has been a contravention of a requirement under regulation 76(5)(b) (payment service provider's liability for unauthorised payment transactions), 77(6) (payer or payee's liability for unauthorised payment transactions), 93(4) (non-execution or defective or late execution of payment transactions initiated through a payment initiation service) or 95 (right of recourse) for a payment service provider to compensate another payment service provider, the payment service provider to which compensation is required to be paid is to be treated for the purposes of this regulation as if it were a private person.

Transitional and saving provisionsU.K.

Saving of Payment Services Regulations 2009U.K.

149.  Notwithstanding the revocation of the Payment Services Regulations 2009 by regulation 157 (revocations), those Regulations continue to apply in relation to services provided before 13th January 2018.

Transitional and saving provisions: authorised payment institutionsU.K.

150.—(1) Where a person provides payment services before 13th January 2018 pursuant to an authorisation under the Payment Services Regulations 2009, or the national law in another EEA State transposing the first payment services directive, that person may continue to provide the services provided before that date until the end of 12th July 2018 without authorisation or registration under these Regulations or (in the case of an EEA authorised payment institution) the national law transposing the payment services directive.

(2) Where a person falls within paragraph (1) pursuant to an authorisation under the Payment Services Regulations 2009, until the end of 12th July 2018 or, if earlier, the date on which the person is authorised or registered under these Regulations—

(a)any requirement imposed under regulation 7 of the Payment Services Regulations 2009 (imposition of variations) applies in relation to services provided pursuant to this paragraph;

(b)regulations 10 (cancellation of authorisation), 11 (request for cancellation of authorisation) and 12 (variation of authorisation on FCA's own initiative) of these Regulations apply in relation to the person as if references to authorisation were references to entitlement to provide payment services pursuant to this paragraph; and

(c)the person may not apply for a variation under regulation 8 of these Regulations (variation etc. at request of authorised payment institution) before it complies with paragraph (3) of this regulation.

(3) Where a person falling within paragraph (1) has its head office and its registered office (if any) in the United Kingdom and intends to provide payment services on or after 13th July 2018 other than pursuant to regulation 152, the person must before 13th April 2018—

(a)provide to the FCA all information specified in Schedule 2 that the person has not previously provided to the FCA; or

(b)notify the FCA that it has previously provided all such information to the FCA.

(4) Where a person provides information or a notification in accordance with paragraph (3), the FCA must treat the information or notification as an application for authorisation made in accordance with regulation 5.

(5) In this regulation “first payment services directive” means Directive 2007/64/EC of the European Parliament and of the Council of 13th November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC M66.

Transitional and saving provisions: small payment institutionsU.K.

151.—(1) Where a person provides payment services before 13th January 2018 pursuant to a registration as a small payment institution under the Payment Services Regulations 2009—

(a)that person may continue to provide the services provided before that date until the end of 12th January 2019 without authorisation or registration under these Regulations;

(b)any requirement imposed under regulation 7 of the Payment Services Regulations 2009 (imposition of variations) (as applied by regulation 14 of those Regulations) applies in relation to services provided pursuant to this paragraph;

(c)regulations 10 (cancellation of registration), 11 (request for cancellation of authorisation) and 12 (variation of authorisation on FCA's own initiative) of these Regulations, as applied by regulation 15 (supplementary provisions in relation to small payment institutions), apply in relation to the person as if references to registration were references to entitlement to provide payment services pursuant to this paragraph; and

(d)the person may not apply for a variation under regulation 8 of these Regulations (variation etc. at request of authorised payment institution) (as applied by regulation 15) before it complies with paragraph (2) of this regulation.

(2) If a person falling within paragraph (1) intends to provide payment services on or after 13th January 2019 the person must apply for authorisation or registration under these Regulations before 13th October 2018.

(3) The FCA must exercise its powers under regulation 13(1) and (3) in order to require a person making an application under paragraph (2) to provide to the FCA any relevant information not previously provided by the applicant.

Transitional provisions: payments through network operatorsU.K.

152.—(1) Paragraphs (2) and (3) apply where, before 13th January 2018, a person provides payment services of the type described in paragraph 1(g) of Schedule 1 to the Payment Services Regulations 2009 which are also of the type described in paragraph 1(c) of Schedule 1 to these Regulations pursuant to an authorisation under the Payment Services Regulations 2009.

(2) For the purposes of those services, the person is to be treated as an authorised payment institution and the person's entitlement to provide those services is to be treated as an authorisation granted under these Regulations.

(3) Paragraph (2) does not apply on or after 13th January 2020 unless the person has provided evidence to the FCA that it holds such own funds as are required under these Regulations before that date.

(4) Paragraphs (5) and (6) apply where, before 13th January 2018, a person provides payment services of the type described in paragraph 1(g) of Schedule 1 to the Payment Services Regulations 2009 which are also of the type described in paragraph 1(c) of Schedule 1 to these Regulations, pursuant to an authorisation under national legislation in another EEA State transposing the first payment services directive.

(5) For the purposes of those services, the person is to be treated as an EEA authorised payment institution and the person's entitlement to provide those services is to be treated as an authorisation granted under such national legislation.

(6) Paragraph (5) does not apply on or after 13th January 2020 unless the person has provided evidence to its home state competent authority that it holds such own funds as are required under the payment services directive before that date.

(7) In this regulation “first payment services directive” has the meaning given in regulation 150(5).

Transitional and saving provisions: generalU.K.

153.—(1) The FCA must include in the register a person entitled to provide payment services by regulation 150, 151 or 152 or by this regulation.

(2) Where a person is entitled to provide payment services by regulation 150, 151 or 152 or by authorisation or registration granted pursuant to an application made under regulation 151(2) or treated as having been made under regulation 150(4)—

(a)any notification that person has given under regulation 21 (outsourcing) of the Payment Services Regulations 2009 is to be treated as a notification given under regulation 25 of these Regulations (outsourcing);

(b)any registration of an EEA branch of that person under regulation 24 of the Payment Services Regulations 2009 (registration of EEA branch) is to be treated as registration of an EEA branch under regulation 28 these Regulations (decision following notice of intention);

(c)any notification that the person has given under regulation 23 (notice of intention) of the Payment Services Regulations 2009 is to be treated as a notification under regulation 27 of these Regulations (notice of intention);

(d)any registration of an agent under regulation 29 (use of agents) of those Regulations is to be treated as registration of an agent under regulation 34 of these Regulations (use of agents).

(3) Where a person has made an application or request to the FCA under the Payment Services Regulations 2009 before 13th January 2018, and the FCA has not determined the application or request before that date, the application or request is to be treated as if it had been made under these Regulations on that date.

Transitional provisions: account information services and payment initiation servicesU.K.

154.—(1) Paragraph (2) applies to a person that—

(a)provided account information services or payment initiation services before 12th January 2016;

(b)continues to provide such services immediately before 13th January 2018; and

(c)but for paragraph (2), would require a new authorisation or registration, or a variation of an authorisation, in order to continue to provide such services on and after 13th January 2018;

(2) During the period described in paragraph (3)—

(a)the person may continue to provide the services without a new authorisation or registration, or a variation of an authorisation, in respect of the services, and

(b)services provided as permitted by sub-paragraph (a) are to be treated for the purposes of these Regulations and the Electronic Money Regulations 2011 as if they were not account information services or payment initiation services.

(3) The period starts on 13th January 2018 and ends at the end of—

(a)the last day of the period of 18 months starting on the date on which the regulatory technical standards adopted under Article 98 of the payment services directive come into force; or

(b)if earlier, the date on which—

(i)the FCA notifies the person of its decision in relation to an application for authorisation or registration, or for variation of an authorisation, in respect of the services, or

(ii)the person gives the FCA notice of the withdrawal of such application.

(4) Until an account servicing payment service provider complies with the regulatory technical standards adopted under Article 98 of the payment services directive in respect of an account, the account servicing payment service provider must not abuse its non-compliance to block or obstruct the use of payment initiation services or account information services in respect of that account.

GibraltarU.K.

Application to GibraltarU.K.

155.  Schedule 7, which contains provisions concerning the application of these Regulations to Gibraltar, has effect.

Amendments to legislationU.K.

Amendments to primary and secondary legislationU.K.

156.  Schedule 8, which contains amendments to primary and secondary legislation, has effect.

RevocationsU.K.

157.  An instrument appearing in the first column of the table in Schedule 9 is revoked to the extent set out in the corresponding entry in the second column of the table.

ReviewU.K.

ReviewU.K.

158.—(1) The Treasury must from time to time—

(a)carry out a review of the regulatory provision contained in these Regulations; and

(b)publish the report setting out the conclusions of the review.

(2) The first report under this regulation must be published on or before 13th January 2023.

(3) Subsequent reports must be published at intervals not exceeding five years.

(4) Section 30(3) of the Small Business, Enterprise and Employment Act 2015 M67 requires that a review carried out under this regulation must, so far as is reasonable, have regard to how the payment services directive is implemented in other countries which are subject to its obligations.

(5) Section 30(4) of that Act requires that a report published under this regulation must, in particular—

(a)set out the objectives intended to be achieved by the regulatory provision referred to in paragraph (1)(a);

(b)assess the extent to which those objectives are achieved;

(c)assess whether those objectives remain appropriate; and

(d)if those objectives remain appropriate, assess the extent to which they could be achieved in another way that imposes less onerous regulatory provision.

(6) In this regulation, “regulatory provision” has the same meaning as in sections 28 to 32 of the Small Business, Enterprise and Employment Act 2015 (see section 32 of that Act).