The European Union’s Payment Service Directive 2, or PSD2, comes into force in January 2018 and will introduce new measures as well as clarify existing ones. As a result, online platforms and marketplaces will face a tighter regulatory framework as well as more consistent enforcement across the EU.
Jörg Howein (CPO, solarisBank) sat down with Frank Müller (Partner at Aderhold Law, Co-founder of PayTechLaw) for a fireside chat to discuss the implications of the PSD2 for Marketplaces.
To start off with PSD2: obviously there was a PSD1. How did we end up with a PSD2 coming into force in January 2018?
PSD1 goes way back to 2007. There was a clear need in the market to regulate this growing sector. Merchants were processing large volumes in the market that had reached a critical mass. Regulators apparently saw the need — with good reason — to create certain rules of the game and set a regulatory framework to make sure that payment transactions work, and to keep them running smoothly. There was a relatively high number of participants in the market who were not banks, yet processed significant volumes of payments — a situation prompting regulators to consider setting up a few rules to make sure everything runs smoothly. The changes are not so much regulatory in nature, rather they have to do with consumer rights and consumer protection.
One layer deeper: PSD2 regulates payments systems. From a business perspective, what are the business models that fall under large payment services?
The most important consideration is: How does money get from Point A to Point B? Usually through an intermediary or a marketplace. Here, the money remittance transaction is regulated. The regulator says: if two entities doing business — a customer and a retailer — use someone who is between them and collects the money and then forwards it, this is a money remittance transaction, and the guy in the middle needs to be monitored. This is a substantial amount of business that is being supervised. What is new is that account information services and payment initiation services have been added to PSD2.
So, the marketplace connects the customer and the seller. For example, I order my pizza, and at some point my €15 go to the marketplace, €13 are transferred to the pizza delivery service, and €2 are retained by the marketplace. Under the old PSD, was everything totally fine the way it was, or were there issues even then?
You’ve actually brought up a very interesting point. There was a big outcry following PSD2: “What will happen to the marketplaces?” It was always the case, even under PSD1, or under today’s ZAG [German Payment Services Oversight Act], which is currently in force. The mother of all money remittances is, if you will, the following: I order a pizza, the cash goes to the marketplace, the marketplace subtracts its own fees and remits the money.
So the marketplace moves the money through its own accounts?
Exactly, and then deducts service charges and any manner of fees, and then transfers the money to the pizza delivery service. This is currently, and basically always has been, illegal, because it is a money remittance transaction.
But there are currently exclusions to this, right?
Yes, there are exclusions where you could say that you are conducting a money remittance transaction, but under certain conditions — the “commercial agent exclusion.” If I fulfill the conditions described in this exclusion, then I am permitted even now to conduct the money remittance transaction without a license. This is therefore nothing new. It’s already forbidden, and there is already an exclusion, and nothing in PSD2 will change this.
What does change then with PSD2?
The framework has gotten tighter. PSD2 says, all of these marketplace configurations, they’ve assumed a volume that is significant, and the commercial agent exclusion was utilized very excessively. The rule vs. exclusion relationship has changed. And this is the point where regulators said, we are going to push through a regulation, we don’t want this anymore. The rule is, you are not allowed — and then, under really, really strict requirements, you may do it after all. That is the change.
What does that mean in practice for marketplaces under PSD2?
A: The commercial agent exclusion no longer allows platforms to act for both sides if they want to claim that they fulfill the conditions. [Commercial agents] may only be active for one side of the transaction. They must have a certain amount of discretion, also in concluding contracts, but for one party only. If this cannot be verified, then the merchant may neither transfer funds coming from users into its own accounts, nor may the merchant have control over these funds. Current marketplace models that have relied on the commercial agent exclusion will generally shut down [or be forced to find another solution].
So what do marketplaces actually have to do, procedurally, to claim the exception? What has changed?
You have to inform BaFin [Germany’s Federal Financial Supervisory Authority]. This means that now you can no longer fly under the radar, simply because you are so small, and then say: I claim the exclusion. Now, there is a formal notification procedure — not a licensing procedure. I have to say: Hello, BaFin, for these reasons I claim the commercial agent exclusion — so that they know that you are doing this. We can’t know whether they will go and look into something, but they know about it, at least. This is different than before, yet at the same time, BaFin is observing the market very, very closely. This means that it will be difficult to do this without a financial institute if you don’t have a license and are also not covered by this new commercial agent interpretation.
What are the options for marketplaces/platforms? Will they be subject to regulation? Become financial institutes themselves?
If it’s a pizza place, they want to sell pizzas, if they sell clothing, they want to sell clothing — they have absolutely no desire to be a bank. I don’t have to tell you what requirements you have to fulfill, the ridiculous effort behind it all, the staff required, the information requirements, organization. In order to become a financial institute, you have to set up a complete internal structure that fits the requirements. You need a front office, a back office, you need internal audits, you need a money-laundering officer, you need lawyers. This means that there may be some structures where we can reach agreement, but for many, the situation is actually such that it won’t work.
What can marketplaces do to ensure they are compliant with PSD2?
Anytime you don’t receive the funds yourself, you have to use someone who is allowed to. And above all, someone who can! That is something else to consider. You see, these marketplaces are not successful simply because they have an attractive website, with colorful pictures; rather, they’re running a really sophisticated technological operation. It takes a lot of technology to process this whole massive data mess. So, now you have to find someone who can integrate with the technology as quickly as possible. You need to find a provider that can match up with your technology as a marketplace.
If marketplaces don’t do this, if they don’t properly notify the authorities, if they don’t set up a compliant shop, if they don’t connect with the right provider, what happens then?
If you perform payment services without a corresponding license from BaFin, you are basically committing a criminal offense. There will be a fine, which could be hefty. And, above all, BaFin could say: What you’re doing is all well and good, but we don’t like it, and you have exactly two weeks — it usually turns out to be four — to adapt your operations, because otherwise we will pull the plug on you. Which is a super worst case — your entire internal procedures, your technical structures, the whole process — you won’t be able to implement those changes at all in that short a time.
This interview has been edited and condensed for clarity.
Check out part two of the fireside chat with Frank Müller and Jörg Howein here!