Summary: In this article Kai Zhang, in our Financial Regulation team, discusses the potential implications of a no-deal Brexit on the UK payment services and electronic money sector, focusing on three areas of potential concern: business continuity; safeguarding; and local authorisation.
Introduction
To state the obvious, there is considerable uncertainty surrounding Brexit. However, one thing seems to be relatively clear: in the event of a “no deal” Brexit, the impact on the UK financial services industry would be significant (at least for the short term). There has been a fair amount of literature with respect to the implications for financial institutions in general, but less so on the payment and electronic money sector which is regulated in the UK separately from other financial services.
This article discusses some of the regulatory issues peculiar to the payment services and electronic money sector in a “no deal” scenario, focusing on three areas of potential concern: business continuity; safeguarding; and local authorisation. Where appropriate, references are made to the draft Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018 (the “Draft Brexit Regulation”) published by HM Treasury on 5 September 2018. For convenience, this article refers to payment services providers and e-money issuers collectively as “PSPs”.
Business continuity
Imagine a UK PSP that currently operates in multiple EU member states on a cross-border basis. That is, it provides its services from the UK to customers in other EU member states without a physical presence in those other EU member states; this is known as the “service passport”. The UK PSP may have two types of relationships with its customers: one-off and/or on-going.
An one-off relationship is where the UK PSP provides services to a customer for one time only (e.g. a single money transfer for a French customer). Such one-off customers might be more easily managed, in comparison with on-going customers, because it could simply stop e.g. taking on new French customers upon the exit day. There should be no lasting regulatory implications (commercial/business considerations are of course a separate matter).
An on-going relationship is where the PSP provides services to a customer on an on-going basis, e.g. a French merchant being provided with merchant acquiring services. For such on-going customers, the loss of its service passport (assuming it would be subject to local authorisation requirements post-Brexit) might become more complex. For example, under a merchant acquiring arrangement, there is typically a time delay between a payment transaction having been successfully processed/cleared (i.e. the relevant good is handed over by the merchant to the buyer) and the actual settlement of that transaction (i.e. moving the settlement funds from the buyer to the merchant that has sold the good).
If say the transactions are processed/cleared prior to the exit day but the actual settlement will only occur after the exit day, then problems arise because the UK PSP may no longer be able to settle with e.g. the French merchant without a French authorisation. If this relates to processing/settlement of credit card transactions, then the rules of the relevant card scheme (e.g. VISA and/or MasterCard) may also need to be considered.
Further imagine a UK PSP that issues electronic money to customers in multiple EU member states on the basis of its service passport. The UK PSP may cease issuing new electronic money to e.g. French consumers from the exit day onwards so there should not be an issue with respect to the French authorisation requirements for issuing electronic money. However, the UK PSP may not be able to provide payment processing services with respect to the existing electronic money already issued to those French consumers (e.g. value already loaded onto a prepaid card). It may have to redeem such electronic money in issuance.
Where the funds received in exchange for electronic money are held in a segregated safeguarding account (see further discussion below), it may be relatively straightforward to carry out such redemptions. However, if the funds are safeguarded via insurance or the funds are partially segregated and partially insured, that may create issues e.g. with respect to terminating the insurance coverage early. Added to the complexity is the UK PSP may have invested the safeguarded funds in other assets (PSPs are allowed to do so provided the assets are sufficiently secure and liquid). While the assets may be liquid, it may nonetheless take time and costs to unwind such investments particularly if the redemption is of a large scale and has to be made urgently.
Safeguarding
Under the payment services and electronic money regulation, PSPs must safeguard customer funds (which cover, for payment services, funds received from customers that are to be held overnight and, for e-money, funds received from customers in exchange for e-money) by placing the funds in a segregated bank account with an EU credit institution and/or having the funds insured or guaranteed by an EU insurer/credit institution.
The Draft Brexit Regulation will allow safeguarding arrangements to be made with any credit institution or insurer in the world (not just EU ones). Therefore, from a UK perspective, there would be no issues in this respect for UK PSPs that currently e.g. have a safeguarding account with an EU or UK credit institution.
However, it is not clear at this stage what the EU’s position is on this point following a no-deal Brexit. If say a UK PSP has a French subsidiary which has obtained the French payment authorisation (i.e. there would be no passporting issue following Brexit) but the French subsidiary complies with the safeguarding requirements by having a segregated bank account with a UK bank, then that UK bank would no longer be an EU credit institution following a no-deal Brexit and the UK PSP’s French subsidiary might have to find another credit institution in France or other EU member states. This would take time and may also have cost implications (in terms of both negotiating the new safeguarding arrangements and terminating the existing arrangements early).
Local authorisation
Following a no-deal Brexit, the passport rights for UK PSPs under the Payment Services Directive (EU) 2015/2366 (“PSD2”) would fall away. However, this does not mean that a PSP would automatically need to apply for local authorisation to continue its business.
PSD2 provides that it applies to regulated payment services provided “in the Union”. There are differences in the local implementation/interpretation as regards what “in the Union” means, particularly in respect of services provided purely on a cross border basis.
In the UK, the FCA would not generally expect a PSP to be within the scope of the UK payment regulations if all that PSP does is to provide internet-based and other services to UK customers from its location outside of the UK (PERG 15.6 Q46). In other words, that PSP is not considered to be providing service “in the UK”. Note that this guidance is currently directed at non-EU PSPs providing cross-border services to the UK and it appears to be based on an analogy with an EU PSP providing cross-border services to the UK which is largely outside the UK supervisory competence under PSD2 (i.e. the regulation of such an EU PSP including in relation to conduct of business requirements is reserved for its home state regulator). So it remains to be seen if the FCA would make any changes to this guidance.
On the assumption that this guidance remains unchanged, then an EU PSP that is currently providing only cross-border services to UK customers may not require any UK authorisation to continue its business following Brexit, provided there are no other elements (than the fact that its customers are in the UK) that could cause its activities to be regarded as being conducted “in the UK” (e.g. use of a UK settlement account).
However, this is the UK’s interpretation of this requirement. Some EU member states (e.g. France) generally consider that regulated payment services are provided “in” their territory as long as the customers are local and thus the local authorisation requirements would apply. In other EU member states (e.g. Germany), whether or not a cross border PSP is considered to be conducting business “in” their territory may depend on what type of local customers the PSP deals with: if it deals with local consumers, then it may be considered to be “in” country; if it deals with large corporates, it may not be considered to be “in” country. So, for UK PSPs currently operating in other EU member states on their service passport, it is important to obtain local advice on whether or not it would indeed be subject to the local regulation following a no-deal Brexit.
In relation to branch passport where a UK PSP has a branch in another EU member state, then the UK PSP would likely need to apply for local authorisation in order to continue its business following a no-deal Brexit. It is important to note that one of the authorisation conditions under PSD2 is that the applicant must be established in the relevant EU member state. The UK’s implementation requires an applicant to be a body corporate constituted and having its registered office in the UK. The position is expected to be the same across the EU. This means that UK PSPs that are currently operating in other EU member states via branches would need to convert at least one branch into a subsidiary in order to apply for the relevant local authorisation (and subsequently may passport using that authorised subsidiary throughout the EU). Other restructuring may also be needed (e.g. to turn the other branches into branches of the EU authorised subsidiary in order to place them within the subsidiary’s passport rights).
It is also important to note that the guidelines for authorisation under PSD2 published by the European Banking Authority (“EBA Guidelines”) require a significant amount of detailed information on the applicant. During the UK implementation of PSD2, the FCA required existing PSPs to obtain re-authorisation under PSD2 and provide the relevant information under the EBA Guidelines that were not initially provided to the FCA in their original authorisation application. The FCA generally took a pragmatic approach in terms of the level of detail in the additional information that needed to be submitted for re-authorisation purposes. Therefore, while UK PSPs should already be familiar with the types of information that needs to be submitted under the EBA Guidelines, other EU member state regulators may have a different approach with respect to the level of detail that must be included in an application. So it may be challenging for a UK PSP (particularly large groups) to prepare for the local authorisation between now and the exit day (if such preparation has not already begun).
On a separate note, for EU PSPs currently providing services to UK customers regardless of whether this is based on their “service passport” (also see above on the “in the UK” point) or “branch passport”, the Draft Brexit Regulation will create a temporary permission regime for such EU PSPs to continue their business for up to three years after the exit day (provided they notify the FCA of their intention to rely on the regime). This essentially provides such EU PSPs with time to prepare their UK authorisation application. However, it is not clear at this time whether the EU would offer similar accommodations to UK PSPs currently passporting in/to the EU.
Concluding remarks
It is worth noting that a UK PSP may be affected by Brexit even though it does not itself provides services in/to other EU member states. For example, in the context of merchant acquiring, there are typically multiple PSPs in the processing/settlement chain. If there are one or more EU PSPs involved in the chain and such EU PSPs are affected, there may be a domino effect running down to the UK PSP.