S.I. No. 6/2018 - European Union (Payment Services) Regulations 2018


Notice of the making of this Statutory Instrument was published in

“Iris Oifigiúil” of 12th January, 2018.

I, PASCHAL DONOHOE, Minister for Finance, in exercise of the powers conferred on me by section 3 of the European Communities Act 1972 (No. 27 of 1972) and for the purpose of giving effect to Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 20151 hereby make the following Regulations:

PART 1

Preliminary

Citation and commencement

1. (1) These Regulations may be cited as the European Union (Payment Services) Regulations 2018.

(2) Subject to paragraph (3), these Regulations come into operation on 13 January 2018.

(3) Regulations 89(2)(c), 90(4)(d) and (5)(a), 91(3)(c) and (4)(a) and 120 come into operation 18 months from the date the regulatory technical standards referred to in Article 98 of the Payment Services Directive enter into force.

Interpretation

2. (1) In these Regulations, unless the context otherwise requires-—

“Act of 1942” means the Central Bank Act 1942 (No. 22 of 1942);

“applicant” means a person who applies for an authorisation under Regulation 7;

“Bank” means the Central Bank of Ireland;

“Commission Recommendation” means the Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises2 ;

“competent authority of another Member State” means a competent authority of another Member State designated for the purposes of the Payment Services Directive under the law of that Member State;

“court” means the High Court;

“credit institution” has the same meaning as it has in the European Union (Capital Requirements) Regulations 2014 ( S.I. No. 158 of 2014 );

“credit union” has the same meaning as it has in the Credit Union Act 1997 (No. 15 of 1997);

“Directive 2009/110/EC” means Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC3 ;

“Directive 2013/36/EU” means Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC4 ;

“Directive (EU) 2015/849” means Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC5 ;

“electronic money institution” has the same meaning as it has in the European Communities (Electronic Money) Regulations 2011 ( S.I. No. 183 of 2011 );

“Financial Services and Pensions Ombudsman” has the same meaning as it has in the Act of 1942;

“General Data Protection Regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC6 ;

“insurance undertaking” has the same meaning as it has in the European Union (Insurance and Reinsurance) Regulations 2015 ( S.I. No. 485 of 2015 );

“investment firm” has the same meaning as it has in the European Union (Markets in Financial Instruments) Regulations 2017 ( S.I. No. 375 of 2017 );

“market operator of a regulated market” has the same meaning as it has in the European Union (Markets in Financial Instruments) Regulations 2017;

“Member State” means Member State of the European Union and, where relevant, includes a contracting party to the Agreement on the European Economic Area signed at Oporto on 2 May 1992 (as adjusted by the Protocol signed at Brussels on 17 March 1993), as amended;

“payment account” means an account held in the name of one or more payment service users that is used for the execution of payment transactions, where the holder of the account is entitled to place, transfer or withdraw funds without any restrictions;

“Payment Services Directive” means Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC7 ;

“payment institution” means a payment institution authorised by the Bank under Regulation 18;

“payment services provider” means a person referred to in Regulation 6(1) ;

“Register” has the meaning assigned to it by Regulation 25;

“Regulation (EU) 2015/847” means Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/20068 ;

“Regulation (EU) No 575/2013” means Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/20129 ;

“Regulation (EU) No 1093/2010” means Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC10 ;

“Regulations of 2009” means the European Communities (Payment Services) Regulations 2009 ( S.I. No. 383 of 2009 );

“reinsurance undertaking” has the same meaning as it has in European Union (Insurance and Reinsurance) Regulations 2015;

“UCITS management company” means a management company within the meaning of the European Communities (Undertakings for Collective Investment in Transferable Securities) Regulations 2011 ( S.I. No. 352 of 2011 ).

(2) A word or expression that is used in these Regulations and is also used in the Payment Services Directive has, unless the contrary intention appears, the same meaning in these Regulations that it has in the Payment Services Directive.

Application of certain provisions of these Regulations

3.(1) Subject to the limitations with regard to the currency of a payment transaction specified in paragraphs (2), (3) and (4), Parts 3 and 4 apply—

(a) in respect of a payment service provided by a payment service provider—

(i) established in the State, or

(ii) providing that payment service to a payment service user in the State—

(I)in the exercise of the right of establishment, or

(II)through an agent established in the State, or

(b) in a case in which the provision concerned applies to or imposes an obligation on a payment service user, where that payment service user is resident in or established in the State.

(2) Parts 3 and 4 apply to payment transactions in the currency of a Member State where both the payer’s payment service provider and the payee’s payment service provider are, or the sole payment service provider in the payment transaction is, located in a Member State.

(3) Part 3, except Regulation 69(1) (b), Regulation 76(b) (v) and Regulation 80(a), and Part 4, except for Regulations 105 to 109, apply to payment transactions in a currency that is not the currency of a Member State where both the payer’s payment service provider and the payee’s payment service provider are, or the sole payment service provider in the payment transaction is, located within the Union, in respect to those parts of the payments transaction which are carried out in a Member State.

(4) Part 3, except for Regulation 69(1) (b), Regulation 76(b) (v), Regulation 76(e) (vii) and Regulation 80(a), and Part 4, except for Regulation 86(3) and (6), Regulations 100, 101, 105, 107(1) and (2), 112 and 115, apply to payment transactions in all currencies where only one of the payment service providers is located in a Member State, in respect to those parts of the payments transaction which are carried out in a Member State.

Payment transactions, etc., to which these Regulations do not apply

4.(1) These Regulations do not apply to-—

(a) payment transactions made exclusively in cash directly by a payer to a payee, without any intermediary intervention,

(b) payment transactions from a payer to a payee through a commercial agent authorised under an agreement to negotiate or conclude the sale or purchase of goods or services on behalf of the payer only or the payee only,

(c) professional physical transport of banknotes and coins, including their collection, processing and delivery,

(d) payment transactions consisting of non-professional cash collection and delivery within the framework of a non-profit or charitable activity,

(e) services where cash is provided by a payee to a payer as part of a payment transaction following an explicit request by the payment service user just before the execution of the payment transaction through a payment for the purchase of goods or services,

(f) cash-to-cash currency exchange operations where the funds are not held on a payment account,

(g) payment transactions based on any of the following classes of document drawn on a payment service provider with a view to placing funds at the disposal of a payee:

(i) paper cheques governed by the Geneva Convention of 19 March 1931 providing a uniform law for cheques;

(ii) paper cheques similar to those referred to in clause (i) and governed by the law of a Member State which is not a party to the Geneva Convention of 19 March 1931 providing a uniform law for cheques;

(iii) paper-based drafts in accordance with the Geneva Convention of 7 June 1930 providing a uniform law for bills of exchange and promissory notes;

(iv) paper-based drafts similar to those referred to in clause (iii) and governed by the law of a Member State which is not a party to the Geneva Convention of 7 June 1930 providing a uniform law for bills of exchange and promissory notes;

(v) paper-based vouchers;

(vi) paper-based traveller’s cheques;

(vii) paper-based postal money orders, as defined by the Universal Postal Union,

(h) without prejudice to Regulation 43, payment transactions carried out within a payment or securities settlement system between—

(i) on the one hand, settlement agents, central counterparties, clearing houses or central banks and other participants of the system, and

(ii) on the other hand, payment service providers,

(i) payment transactions related to securities asset servicing, including dividends, income or other distributions, or redemption or sale, carried out by persons referred to in subparagraph (h) or by investment firms, credit institutions, collective investment undertakings or asset management companies providing investment services and any other entities allowed to have the custody of financial instruments,

(j) services provided by technical service providers, which support the provision of payment services, without them entering at any time into possession of the funds to be transferred, including processing and storage of data, trust and privacy protection services, data and entity authentication, information technology and communication network provision, provision and maintenance of terminals and devices used for payment services, with the exclusion of payment initiation services and account information services,

(k) services based on specific payment instruments that can be used only in a limited way, that meet one of the following conditions:

(i) instruments allowing the holder to acquire goods or services only in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a professional issuer;

(ii) instruments which can be used only to acquire a very limited range of goods or services;

(iii) instruments valid only in a single Member State provided at the request of an undertaking or a public sector entity and regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers having a commercial agreement with the issuer,

(l) payment transactions by a provider of electronic communications networks or services provided in addition to electronic communications services for a subscriber to the network or service—

(i) for purchase of digital content and voice-based services, regardless of the device used for the purchase or consumption of the digital content and charged to the related bill, or

(ii) performed from or via an electronic device and charged to the related bill within the framework of a charitable activity or for the purchase of tickets,

provided that the value of any single payment transaction referred to in clauses (i) and (ii) does not exceed €50 and—

(I) the cumulative value of payment transactions for an individual subscriber does not exceed €300 per month, or

(II) where a subscriber pre-funds its account with the provider of the electronic communications network or service, the cumulative value of payment transactions does not exceed €300 per month,

(m) payment transactions carried out between payment service providers, their agents or their branches for their own account,

(n) payment transactions and related services between a parent undertaking and its subsidiary or between subsidiaries of the same parent undertaking, without any intermediary intervention by a payment service provider other than an undertaking belonging to the same group, and

(o) subject to paragraph (2), cash withdrawal services offered by means of an automated teller machine, where the provider—

(i) acts on behalf of one or more card issuers,

(ii) is not a party to a framework contract with a customer who withdraws money from a payment account, and

(iii) does not conduct other payment services referred to in the Schedule.

(2) A customer referred to in subparagraph (o) of paragraph (1) shall be provided with the information on any withdrawal charges referred to in Regulations 69, 72, 73 and 83—

(a) before making a withdrawal referred to in that subparagraph, and

(b) on receipt of the cash at the end of the transaction after withdrawal.

Relationship with Consumer Credit Act 1995

5. Nothing in these Regulations affects the operation of the Consumer Credit Act 1995 (No. 24 of 1995) or the European Communities (Consumer Credit Agreements) Regulations 2010 ( S.I. No. 281 of 2010 ).

PART 2

Payment Service Providers

Chapter 1

Right to Provide Payment Services

Payment service providers

6. (1) A person shall not provide a payment service in the State unless the person is—

(a) a credit institution within the meaning of point (1) of Article 4(1) of Regulation (EU) No 575/2013, including branches of that credit institution within the meaning of point (17) Article 4(1) of that Regulation where such branches are located in the Union, whether the head offices of those branches are located within the Union or, in accordance with Article 47 of Directive 2013/36/EU and the law of the State, outside the Union,

(b) an electronic money institution within the meaning of point (1) of Article 2 of Directive 2009/110/EC, including, in accordance with Article 8 of that Directive and with the law of the State, branches of that electronic money institution, where such branches are located within the Union and their head offices are located outside the Union, in as far as the payment services provided by those branches are linked to the issuance of electronic money,

(c) An Post in its capacity as a provider of banking and giro services, or the postal authority of another Member State in its capacity as the provider of a giro service,

(d) the Bank, the European Central Bank, or the central bank of another Member State, when not acting in its capacity as a monetary authority,

(e) a Member State, or a regional or local authority of a Member State, when not acting in its capacity as a public authority,

(f) a credit union,

(g) a payment institution authorised under Chapter 2 or by Regulation 140 whose authorisation has not been revoked,

(h) a person exempted by the Bank under Regulation 41 and entered by the Bank in the Register in accordance with Regulation 25(1) (b),

(i) a person exempted in accordance with Regulation 42 and entered by the Bank in the Register in accordance with Regulation 25(1) (b),

(j) a person permitted to provide payment services under Regulation 140, or

(k) a payment institution authorised as such in another Member State pursuant to the law of that Member State giving effect to the Payment Services Directive.

(2) A payment institution referred to in paragraph (1) (k) shall not provide, in the State, a payment service unless the Bank has been given notice in accordance with Regulation 37.

(3) A payment institution authorised under Regulation 18 to provide a payment service shall not provide, in the State or in another Member State, a payment service that is not covered by its authorisation.

(4) A payment institution authorised by the law of another Member State to provide a payment service shall not provide, in the State, a payment service that is not covered by its authorisation.

(5) A person referred to in paragraph (1) (h) shall not provide a payment service other than those services referred to in paragraphs 1 to 6 of the Schedule.

(6) A person referred to in paragraph (1) (i) shall not provide a payment service other than those services referred to in paragraph 8 of the Schedule.

(7) A person referred to in paragraph (1) (j) shall not provide a payment service save to the extent and for the duration that it is permitted under Regulation 140 to provide.

Chapter 2

Payment Institutions

Applications for authorisation

7. (1) An application for authorisation as a payment institution may be made to the Bank where the State is the Member State in which the registered office of the applicant is situated.

(2) An application for authorisation as a payment institution made to the Bank shall be in the form directed by the Bank and shall contain or be accompanied by—

(a) a programme of operations, setting out in particular the type of payment services envisaged,

(b) a business plan including a forecast budget calculation for the first 3 financial years that demonstrates that the applicant is able to employ the appropriate and proportionate systems, resources and procedures to operate soundly,

(c) evidence that the applicant holds initial capital in accordance with Regulation 8,

(d) in the case of an applicant to which Regulation 17(2) applies, a description of the measures taken, in accordance with Regulation 17, to safeguard payment service users’ funds,

(e) a description of the applicant’s governance arrangements and internal control mechanisms (including its administrative, risk-management and accounting procedures) that demonstrates that those governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate,

(f) a description of the procedure in place to monitor, handle and follow up a security incident and security related customer complaints, including an incidents reporting mechanism which takes account of the notification obligations of a payment institution under Regulation 119,

(g) a description of the process in place to file, monitor, track and restrict access to sensitive payment data,

(h) a description of business continuity arrangements including a clear identification of the critical operations, effective contingency plans and a procedure to regularly test and review the adequacy and efficiency of such plans,

(i) a description of the principles and definitions applied for the collection of statistical data on performance, transactions and fraud,

(j) a security policy document, including a detailed risk assessment in relation to the applicant’s payment services and a description of security control and mitigation measures taken to adequately protect payment service users against the risks identified, including fraud and illegal use of sensitive and personal data,

(k) for applicants subject to the obligations in relation to money laundering and terrorist financing under Directive (EU) 2015/849 and Regulation (EU) 2015/847, a description of the internal control mechanisms which the applicant has established in order to comply with those obligations,

(l) a description of the applicant’s structural organisation, including, where applicable, a description of the intended use of agents and branches and of the off-site and on-site checks that the applicant undertakes to perform on them at least annually, as well as a description of outsourcing arrangements, and of its participation in a national or international payment system,

(m) the identity of persons holding in the applicant, directly or indirectly, qualifying holdings within the meaning of point (36) of Article 4(1) of Regulation (EU) No 575/2013, the size of their holdings and evidence of their suitability taking into account the need to ensure the sound and prudent management of a payment institution,

(n) the identity of directors and persons responsible for the management of the applicant and, where relevant, persons responsible for the management of the payment services activities of the applicant, as well as evidence that they are of good repute and possess appropriate knowledge and experience to perform payment services, as determined by the State,

(o) where applicable, the identity of statutory auditors and audit firms as defined in the European Union (Statutory Audits) (Directive 2006/43/EC, as amended by Directive 2014/56/EU, and Regulation (EU) No 537/2014) Regulations 2016 ( S.I. No. 312 of 2016 ),

(p) the applicant’s legal status and articles of association, and

(q) the address of the applicant’s head office.

(3) For the purposes of subparagraphs (d), (e), (f) and (l) of paragraph (2), the applicant shall provide a description of its audit arrangements and the organisational arrangements it has set up with a view to taking all reasonable steps to protect the interests of its users and to ensure continuity and reliability in the performance of payment services.

(4) The security control and mitigation measures referred to in subparagraph (j) of paragraph (2) shall indicate how those measures ensure a high level of technical security and data protection, including for the software and information technology systems used by the applicant or the undertakings to which it outsources the whole or part of its operations.

(5) The measures referred to in paragraph (4) shall also include the security measures referred to in Regulation 118(1) and (2) and shall take into account the European Banking Authority’s guidelines on security measures where such guidelines have been issued under Article 95(3) of the Payment Services Directive.

(6) An applicant that applies for authorisation to provide the payment services referred to in paragraph 7 of the Schedule, shall as a condition of its authorisation, hold a professional indemnity insurance policy, covering the territories in which it offers services, or some other comparable guarantee against liability to ensure that it can cover its liabilities as specified in Regulations 97, 112, 113 and 115.

(7) An applicant that applies for authorisation or registration for the purposes of providing the payment services referred to in paragraph 8 of the Schedule, shall as a condition of its authorisation or registration, as the case may be, hold a professional indemnity insurance policy covering the territories in which it offers services, or some other comparable guarantee against its liability vis--vis an account servicing payment service provider or a payment service user resulting from non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information.

(8) The Bank may request from an applicant, by notice in writing, any further information that it requires for the purposes of considering an application.

(9) For the purposes of Regulation 23, an application shall be deemed to be incomplete until such time as the applicant concerned has provided the information requested by the Bank under paragraph (8).

Initial capital

8. (1) The Bank shall not authorise an applicant as a payment institution unless the applicant holds initial capital of at least—

(a) where the applicant proposes to provide only the payment service referred to in paragraph 6 of the Schedule, €20,000,

(b) where the applicant proposes to provide the payment service referred to in paragraph 7 of the Schedule, €50,000, and

(c) where the applicant proposes to provide a payment service referred to in any one or more of paragraphs 1 to 5 of the Schedule, €125,000.

(2) For the purposes of calculating an applicant’s initial capital, only the items referred to in Article 26(1) (a) to (e) of Regulation (EU) No 575/2013 shall be taken into account.

Own funds

9. (1) Subject to paragraph (4), a payment institution’s own funds shall not fall below—

(a) the higher of—

(i) the amount of initial capital required under Regulation 8, and

(ii) the own funds requirement of that payment institution calculated in accordance with a direction issued by the Bank under Regulation 11, or

(b) where paragraph (2) or (3) applies, the amount of initial capital required under Regulation 8.

(2) This paragraph applies where the Bank is satisfied that a payment institution—

(a) meets the conditions specified in Article 7 of Regulation (EU) No 575/2013, and

(b) is included in the consolidated supervision of the parent credit institution in accordance with Directive 2013/36/EU.

(3) This paragraph applies where a payment institution offers—

(a) only the services referred to in paragraph 7 of the Schedule, or

(b) only the services referred to in paragraphs 7 and 8 of the Schedule.

(4) Where a payment institution offers only the payment service referred to in paragraph 8 of the Schedule, paragraph (1) shall not apply to the payment institution.

Basis for calculation of own funds

10.In calculating own funds—

(a) where a payment institution belongs to the same group as another payment institution, credit institution, investment firm, asset management company or insurance undertaking, the payment institution shall not take into account elements that also form part of a calculation of own funds for another member of the group, and

(b) where a payment institution carries out activities other than providing payment services, the payment institution shall not, in calculating own funds, take into account elements that are properly attributable to any of those other activities.

Calculation of own funds — directions

11. (1) The Bank shall, save where paragraph (2), (3) or (4) of Regulation 9 applies, direct a payment institution to calculate the amount of that institution’s own funds requirement in accordance with Regulation 12, 13 or 14.

(2) A payment institution shall be deemed to have been directed by the Bank to calculate its own funds requirement—

(a) in accordance with Regulation 12, where the payment’s institution’s authorisation specifies that the payment institution is to calculate its own funds requirement in accordance with Regulation 12 or “Method A”,

(b) in accordance with Regulation 13, where the payment’s institution’s authorisation specifies that the payment institution is to calculate its own funds requirement in accordance with Regulation 13 or “Method B”, and

(c) in accordance with Regulation 14, where the payment’s institution’s authorisation specifies that the payment institution is to calculate its own funds requirement in accordance with Regulation 14 or “Method C”.

Method A

12. Where a payment institution is directed by the Bank to calculate its own funds requirement in accordance with this Regulation, that payment institution’s own funds requirement shall be calculated as follows:

OFR = 0.1 * FO

where—

OFR is the own funds requirement,

FO is—

(a) where the payment institution has completed a full year’s business at the date of the calculation, the amount of the fixed overheads of the payment institution for the previous year, subject to any adjustment applied by the Bank where there has been a material change in the business of the payment institution since the preceding year, or

(b) where the payment institution has not completed a full year’s business at the date of the calculation, the amount of the fixed overheads of the payment institution as projected in the business plan of the payment institution, subject to any adjustment to that business plan required by the Bank in accordance with Regulation 22.

Method B

13. (1) Where a payment institution is directed by the Bank to calculate its own funds requirement in accordance with this Regulation, that payment institution’s own funds requirement shall be calculated as follows:

OFR = K*SE

where—

OFR is the own funds requirement,

K is the scaling factor described in Regulation 15,

SE is—

(a) in a case in which the payment volume is less than or equal to €5,000,000, 4 per cent of the amount of the payment volume,

(b) in a case in which the payment volume is greater than €5,000,000 and less than or equal to €10,000,000, €200,000 plus 2.5 per cent of the amount by which the payment volume exceeds €5,000,000,

(c) in a case in which the payment volume is greater than €10,000,000 and less than or equal to €100,000,000, €325,000 plus one per cent of the amount by which the payment volume exceeds €10,000,000,

(d) in a case in which the payment volume is greater than €100,000,000 and less than or equal to €250,000,000, €1,225,000 plus 0.5 per cent of the amount by which the payment volume exceeds €100,000,000, and

(e) in a case in which the payment volume is greater than €250,000,000, €1,975,000 plus 0.25 per cent of the amount by which the payment volume exceeds €250,000,000.

(2) In this Regulation “payment volume” means one twelfth of the total amount of payment transactions executed by the payment institution concerned in the preceding year.

Method C

14. (1) Where a payment institution is directed by the Bank to calculate its own funds requirement in accordance with this Regulation, that payment institution’s own funds requirement shall be calculated as follows:

OFR = K*RI*MF

where—

OFR is the own funds requirement,

K is the scaling factor described in Regulation 15,

RI is the relevant indicator calculated in accordance with paragraph (2),

MF is the multiplication factor calculated in accordance with paragraph (3).

(2)(a) The relevant indicator is the sum of the following in respect of the payment institution concerned:

(i) interest income;

(ii) interest expenses;

(iii) commissions and fees received;

(iv) other operating income.

(b) In calculating the relevant indicator—

(i) an amount paid to the payment institution concerned shall be given a positive value,

(ii) an amount paid by the payment institution concerned shall be given a negative value,

(iii) income from extraordinary or irregular items shall not be used, and

(iv) business estimates for the amounts referred to in subparagraph (a) may be used to calculate the relevant indicator where audited figures are not available.

(c) Expenditure on the outsourcing of services rendered by third parties may be used to reduce the relevant indicator if the expenditure is incurred from an undertaking subject to supervision under these Regulations or the law of another Member State giving effect to the Payment Services Directive.

(d) The relevant indicator is calculated over the previous financial year on the basis of the 12-monthly observation at the end of the previous financial year.

(3) The amount of the multiplication factor is as follows:

(a) in a case in which the relevant indicator is less than or equal to €2,500,000, 10 per cent of the amount of the relevant indicator;

(b) in a case in which the relevant indicator is greater than €2,500,000 and less than or equal to €5,000,000, €250,000 plus 8 per cent of the amount by which the relevant indicator exceeds €2,500,000;

(c) in a case in which the relevant indicator is greater than €5,000,000 and less than or equal to €25,000,000, €450,000 plus 6 per cent of the amount by which the relevant indicator exceeds €5,000,000;

(d) in a case in which the relevant indicator is greater than €25,000,000 and less than or equal to €50,000,000, €1,650,000 plus 3 per cent of the amount by which the relevant indicator exceeds €25,000,000;

(e) in a case in which the relevant indicator is greater than €50,000,000, €2,400,000 plus 1.5 per cent of the amount by which the relevant indicator exceeds €50,000,000.

(4) Where the own funds requirement of a payment institution calculated in accordance with paragraph (1) for the previous financial year is less than 80 per cent of the average of the own funds requirements calculated in accordance with paragraph (1) for the previous 3 financial years, the own funds requirement of that financial institution is the amount of that average.

Scaling factor

15. The scaling factor for the purposes of Regulations 13 and 14 is—

(a) 0.5,where the payment institution provides only the payment service referred to in paragraph 6 of the Schedule, and

(b) 1,where the payment institution provides any of the payment services referred to in paragraphs 1 to 5 of the Schedule.

Adjustment to own funds requirement

16. The Bank may, based on an evaluation of the risk-management processes, risk loss data base and internal control mechanisms of a payment institution—

(a) require the payment institution to hold an amount of own funds which is up to 20 per cent higher than the amount calculated in accordance with a direction issued to the payment institution under Regulation 11, or

(b) permit the payment institution to hold an amount of own funds which is up to 20 per cent lower than the amount calculated in accordance with a direction issued to the payment institution under Regulation 11.

Safeguarding requirements

17. (1) In this Regulation “user’s funds” means the funds that have been received by a payment institution from a payment service user or through another payment service provider for the execution of a payment transaction.

(2) A payment institution that provides payment services referred to in paragraphs 1 to 6 of the Schedule shall safeguard user’s funds in either of the following ways:

(a) user’s funds—

(i) shall not be mixed at any time with the funds of any person other than the payment service user on whose behalf the funds are held, and

(ii) where the funds are still held by the payment institution and not yet delivered to the payee or transferred to another payment service provider by the end of the business day after the day of receipt, shall be deposited in a separate account in a credit institution or invested in assets designated or approved by the Bank for the purpose of these Regulations as secure, liquid and low-risk assets;

(b) user’s funds shall be covered by an insurance policy or some other comparable guarantee issued by an insurance company or a credit institution, that does not belong to the same group as the payment institution, payable in the event that the payment institution is unable to meet its financial obligations, for an amount equal to that which would have been segregated if the method set out in subparagraph (a) had been used.

(3) No liquidator, receiver, administrator, examiner or creditor of a payment institution, nor the Official Assignee in Bankruptcy, has any recourse or right against user’s funds safeguarded in accordance with paragraph (2)(a) until all proper claims of payment service users or of their heirs, successors or assigns against user’s funds relating to the payment transaction concerned have been satisfied in full.

(4) Where a payment institution that is required to safeguard user’s funds in accordance with paragraph (2) receives funds from a payment service user and a part of those funds is to be used for future payment transactions and the remainder for non-payment services, the payment institution shall protect the part of the funds to be used for future payment transactions in accordance with paragraph (2).

(5) Where the part of the funds to be used for future payment transactions referred to in paragraph (4) is variable or not known in advance, the payment institution may safeguard a representative part likely to be used for payment services if such a representative part can be reasonably estimated on the basis of historical data to the satisfaction of the Bank.

Granting of authorisation

18. (1) The Bank shall grant an authorisation to an applicant where—

(a) the information and evidence accompanying the application for authorisation complies with all of the requirements specified in Regulation 7,

(b) the Bank’s overall assessment, having scrutinised the application for authorisation, is favourable,

(c) taking into account the need to ensure the sound and prudent management of a payment institution, the applicant has robust governance arrangements for its payment services business, which include—

(i) a clear organisational structure with well-defined, transparent and consistent lines of responsibility,

(ii) effective procedures to identify, manage, monitor and report the risks to which it is or might be exposed, and

(iii) adequate internal control mechanisms, including sound administrative and accounting procedures,

(d) taking into account the need to ensure the sound and prudent management of a payment institution, the Bank is satisfied as to the suitability of the shareholders or members that have qualifying holdings in the applicant,

(e) if close links, as defined in point (38) of Article 4(1) of Regulation (EU) No 575/2013, exist between the applicant and other persons, those links do not prevent the effective exercise of the Bank’s supervisory functions,

(f) if the applicant has close links, as defined in point (38) of Article 4(1) of Regulation (EU) No 575/2013, with persons in a third country, the laws, regulations or administrative provisions of the third country governing those persons or difficulties involved in the enforcement of those laws, regulations or administrative provisions, do not prevent the effective exercise of the Bank’s supervisory functions, and

(g) the applicant is a legal person established in the State.

(2) Before granting an authorisation, the Bank may consult with relevant public authorities.

(3) If the Bank proposes to refuse to grant an authorisation, it shall give the applicant concerned written notice of its intention to refuse, setting out a statement of the reasons for the proposed refusal and specifying a period (not less than 21 calendar days) within which the applicant may make written submissions in relation to the proposed refusal.

(4) The Bank shall take into account any submissions made by an applicant under paragraph (3) when making its decision on an application for authorisation.

(5) The arrangements, procedures and mechanisms referred to in paragraph (1) (c) shall be comprehensive and proportionate to the nature, scale and complexity of the payment services proposed to be provided by the applicant.

(6) An authorisation granted under this Regulation shall be valid in all Member States and shall permit the payment institution concerned to carry on business in all Member States, by way of establishment and by way of the provision of services.

Conditions

19. (1) Where the Bank grants an authorisation in accordance with Regulation 18, the authorisation may be granted subject to a specified condition or requirement.

(2) If the Bank proposes to grant an authorisation subject to a specified condition or requirement, it shall give the applicant concerned written notice of its intention to do so, setting out a statement of the reasons for the proposed condition or requirement and specifying a period (not less than 21 calendar days) within which the applicant may make written submissions in relation to the proposed condition or requirement.

(3) The Bank shall take into account any submissions made by an applicant under paragraph (2) when making its decision in relation to the imposition of a specified condition or requirement.

Separate entity

20. Where a payment institution provides any of the payment services referred to in paragraphs 1 to 7 of the Schedule and, at the same time, is engaged in other business activities, the Bank may require the establishment of a separate entity for the payment services business, where the non-payment services activities of the payment institution impair or are likely to impair either the financial soundness of the payment institution or the ability of the Bank to monitor the payment institution’s compliance with these Regulations.

Head office

21. Where a payment institution has its registered office in the State, it shall have its head office in the State and shall carry out at least part of its payment service business in the State.

Adjustments to business plan

22. (1) The Bank may require an applicant to make a specified adjustment to a business plan submitted with its application.

(2) Where the Bank requires an adjustment to a business plan, a reference in these Regulations to a business plan shall be construed as a reference to the plan as adjusted.

Communication of decision

23. (1) Within 3 months—

(i) of the receipt of an application for authorisation, or

(ii) where the application is incomplete, of all of the information required for the Bank to make a decision on the application,

the Bank shall inform the applicant whether the authorisation has been granted or refused.

(2) The Bank shall give reasons to an applicant where it refuses to grant an authorisation.

Withdrawal of authorisation

24. (1) The Bank may only withdraw an authorisation issued to a payment institution where the institution—

(a) does not make use of the authorisation within 12 months,

(b) expressly renounces the authorisation,

(c) has ceased to engage in business for more than 6 months,

(d) has obtained the authorisation through false statements or any other irregular means,

(e) no longer meets the conditions for the granting of the authorisation or fails to inform the Bank of major developments in this respect,

(f) would constitute a threat to the stability of, or the trust in, the payment system by continuing its payment services business, or

(g) may have its authorisation withdrawn in accordance with another law of the State.

(2) Before withdrawing an authorisation, the Bank shall—

(a) give written notice of the proposed withdrawal to the payment institution concerned—

(i) setting out a summary of the relevant evidence,

(ii) setting out the reasons for the proposed withdrawal, and

(iii) specifying a reasonable period (not less than 21 calendar days from the date of the notice) within which the institution may make written representations concerning the proposed withdrawal, and

(b) consider any representations made by the payment institution within the period specified in the notice referred to in subparagraph (a) .

(3) Where the Bank decides to withdraw an authorisation, it shall notify the payment institution concerned in writing of the withdrawal, setting out the reasons for the withdrawal.

(4) The Bank shall give public notice of the withdrawal of an authorisation and shall also notify the European Banking Authority.

(5) Withdrawal of an authorisation under this Regulation takes effect on and from the date of the notice of withdrawal or, if a later date is specified in the notice, on and from that date, irrespective of whether an appeal against the withdrawal is made under Part VIIA of the Act of 1942.

Register

25. (1) The Bank shall maintain a public register (in these Regulations referred to as the “Register”) of—

(a) payment institutions and their agents,

(b) persons benefitting from an exemption pursuant to Regulation 41 or 42 and their agents,

(c) credit unions, and

(d) descriptions of activities notified under Regulation 45(6) or Regulation 46(6) and the names of the service providers concerned.

(2) Where a branch of a payment institution for which the State is the home Member State provides services in another Member State, the Bank shall list the branch in the Register.

(3) The Register shall specify the payment services for which a payment institution is authorised or in respect of which a person referred to in paragraph (1) (b) has been registered.

(4) Authorised payment institutions shall be listed separately in the Register to persons benefitting from an exemption pursuant to Regulation 41 or 42.

(5) The Bank shall ensure that the Register is publicly available for consultation, accessible online, and up-to-date.

(6) The Bank shall enter in the Register any withdrawal of an authorisation and any withdrawal of an exemption pursuant to Regulation 41 or 42.

(7) The Bank shall notify the European Banking Authority of the reasons for the withdrawal of—

(a) any authorisation, and

(b) any exemption pursuant to Regulation 41 or 42.

European Banking Authority Register

26. (1) Where information is entered in the Register, the Bank shall, without delay and in a language customary in the field of finance, send a notification to the European Banking Authority informing it of the information so entered.

(2) The Bank shall ensure that the information provided to the European Banking Authority under paragraph (1) is accurate and up-to-date.

Maintenance of authorisation

27. Where—

(a) any change affects the accuracy of information or evidence provided by a payment institution under Regulation 7, and

(b) the State is the home Member State of the payment institution,

the payment institution shall, without undue delay, inform the Bank accordingly.

Accounting and statutory audit

28.(1) The European Union (Credit Institutions: Financial Statements) Regulations 2015 ( S.I. No. 266 of 2015 ) and Regulation (EC) No 1606/2002 of the European Parliament and of the Council of 19 July 200211 shall apply to a payment institution, subject to the modification that a reference in the European Union (Credit Institutions: Financial Statements) Regulations 2015 to a credit institution shall be construed as a reference to a payment institution.

(2) Part 6 of the Companies Act 2014 (No. 38 of 2014) shall apply mutatis mutandis to a payment institution to which that Act does not otherwise apply.

(3) Unless exempted under the Companies Act 2014 (including as applied in accordance with paragraph (2)) and, where applicable, the European Union (Credit Institutions: Financial Statements) Regulations 2015, the annual accounts and consolidated accounts of a payment institution shall be audited by a statutory auditor or audit firm within the meaning of the European Union (Statutory Audits) (Directive 2006/43/EC, as amended by Directive 2014/56/EU, and Regulation (EU) No 537/2014) Regulations 2016 ( S.I. No. 312 of 2016 ).

(4) For supervisory purposes, a payment institution shall provide separate accounting information for payment services and activities referred to in Regulation 29(1), which shall be subject to an auditor’s report prepared, where applicable, by the statutory auditors or an audit firm.

(5) Regulation 52 of the European Union (Capital Requirements) Regulations 2014 shall apply to the statutory auditor or audit firm of a payment institution in respect of payment services activities, subject to the modification that a reference in those Regulations to a credit institution shall be construed as a reference to a payment institution.

Activities

29.(1) In addition to the provision of payment services, a payment institution may engage in the following activities:

(a) the provision of operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data;

(b) without prejudice to Regulation 43, the operation of payment systems;

(c) business activities other than the provision of payment services, subject to any law of the State or of the Union applicable to such activities.

(2) Where a payment institution engages in the provision of one or more payment services, it may hold only payment accounts which are used exclusively for payment transactions.

(3) Funds received by a payment institution from a payment service user with a view to the provision of payment services shall not constitute—

(a) a deposit or other repayable funds, within the meaning of Article 9 of Directive 2013/36/EU, or

(b) electronic money, within the meaning of the European Communities (Electronic Money) Regulations 2011.

(4) A payment institution may only grant credit relating to payment services referred to in paragraph 4 or 5 of the Schedule where all of the following conditions are met:

(a) the credit is ancillary and granted exclusively in connection with the execution of a payment transaction;

(b) notwithstanding any law in relation to the provision of credit by means of a credit card, credit granted in connection with a payment and executed in accordance with Regulations 18(6) and 37 is repaid within a short period which shall in no case exceed 12 months;

(c) the credit is not granted from the funds received or held for the purpose of executing a payment transaction;

(d) the own funds of the payment institution are, at all times and to the satisfaction of the Bank, appropriate in view of the overall amount of credit granted.

(5) A payment institution shall not conduct the business of taking deposits or other repayable funds, within the meaning of Article 9 of Directive 2013/36/EU.

(6) Nothing in these Regulations affects the operation of Union law or the law of the State regarding conditions for granting credit to consumers, where that law of the State is not harmonised by the Payment Services Directive and complies with Union law.

Use of agents, branches or entities to which activities are outsourced

30.(1) Where a payment institution whose home Member State is the State intends to provide payment services through an agent it shall communicate the following information to the Bank:

(a) the name and address of the agent;

(b) a description of the internal control mechanisms that will be used by the agent in order to comply with the obligations in relation to money laundering and terrorist financing under the law of the State giving effect to Directive (EU) 2015/849, to be updated without delay in the event of material changes to the particulars communicated at the initial notification;

(c) the identity of directors and persons responsible for the management of the agent to be used in the provision of payment services and, for agents other than payment service providers, evidence that they are fit and proper persons;

(d) the payment services of the payment institution for which the agent is mandated;

(e) where applicable, the unique identification code or number of the agent.

(2) Within 2 months of receipt of the information referred to in paragraph (1), the Bank shall inform the payment institution whether the details of the agent concerned have been entered in the Register.

(3) An agent shall not commence provision of payment services prior to the entry of its details in the Register.

(4) Before listing an agent in the Register, the Bank shall, if it considers that the information provided to it pursuant to paragraph (1) is incorrect, take further action to verify the information.

(5) Where, after taking action to verify the information, the Bank is not satisfied that the information provided to it pursuant to paragraph (1) is correct, it shall not list the agent in the Register and shall inform the payment institution accordingly without undue delay.

(6) Where a payment institution proposes to provide payment services in another Member State by engaging an agent or establishing a branch, it shall follow the procedures set out in Regulation 37.

(7) Where a payment institution whose home Member State is the State proposes to outsource an operational function relating to payment services, it shall inform the Bank accordingly not less than 30 days prior to the date on which it proposes to commence such outsourcing.

(8) Outsourcing of important operational functions, including information technology systems, shall not be undertaken in a manner that materially impairs the quality of the payment institution’s internal control and the ability of the Bank to monitor and review the payment institution’s compliance with these Regulations.

(9) For the purposes of paragraph (8), an operational function shall be regarded as important if a defect or failure in its performance would materially impair the continuing compliance of a payment institution with the requirements of its authorisation under this Part, its other obligations under these Regulations, its financial performance, or the soundness or the continuity of its payment services.

(10) A payment institution may only outsource an important operational function where it meets the following requirements:

(a) the outsourcing will not result in the delegation by senior management of its responsibility;

(b) the relationship and obligations of the payment institution towards its payment service users under these Regulations will not be altered;

(c) the conditions with which the payment institution is to comply in order to be authorised and remain so in accordance with this Part will not be breached;

(d) none of the other conditions subject to which the payment institution’s authorisation was granted will be removed or modified.

(11) A payment institution shall ensure that agents or branches acting on its behalf inform payment service users of this fact.

(12) A payment institution whose home Member State is the State shall communicate to the Bank without undue delay any change regarding the use of—

(a) entities to which activities are outsourced, and

(b) in accordance with the procedure provided for in paragraphs (2), (3), (4) and (5), agents, including additional agents.

Liability

31.(1) Where a payment institution relies on a third party for the performance of operational functions, the payment institution shall take reasonable steps to ensure that the third party complies with the requirements of these Regulations in so far as those requirements apply to the third party.

(2) A payment institution remains fully liable for any acts of its employees, and any agent, branch or entity to which activities are outsourced.

Record-keeping

32.(1) A payment institution shall keep all appropriate records for the purpose of this Part for at least 5 years.

(2) Paragraph (1) does not affect the operation of the law of the State giving effect to Directive (EU) 2015/849 or other relevant European law.

Competent authority

33.(1) The Bank is the competent authority in the State for the purposes of the Payment Services Directive.

(2) Paragraph (1) shall not be construed as implying that the Bank is required to supervise any business activity of a payment institution other than the provision of payment services and the activities referred to in Regulation 29(1) .

Supervision

34.(1) Without prejudice to the Bank’s powers under the Central Bank (Supervision and Enforcement) Act 2013 (No. 26 of 2013), the Bank may, for the purposes of confirming compliance with this Part, take the following steps:

(a) require a payment institution to provide any information needed to monitor compliance, specifying the purpose of the request, as appropriate, and the time limit by which the information is to be provided;

(b) carry out on-site inspections at the payment institution, at any agent or branch providing payment services under the responsibility of the payment institution, or at any entity to which activities are outsourced;

(c) issue recommendations and guidelines;

(d) withdraw an authorisation pursuant to Regulation 24.

(2) The Bank may use the powers referred to in paragraph (1) to ensure that a payment institution has sufficient capital for payment services, in particular where the non-payment services activities of the payment institution impair or are likely to impair the financial soundness of the payment institution.

Appealable decisions

35.The following decisions of the Bank are appealable decisions for the purposes of Part VIIA of the Act of 1942:

(a) a decision of the Bank in relation to the granting of an authorisation under Regulation 18;

(b) a decision under Regulation 24 to withdraw such an authorisation;

(c) a decision under Regulation 41(4) to require a person exempted under Regulation 41(1) to engage only in a specified activity;

(d) a decision under Regulation 56 to impose a condition or requirement or to vary a condition or requirement;

(e) a decision under Regulation 57 to oppose a proposed acquisition;

(f) a decision under Regulation 123 to give a direction to a person.

Settlement of disagreements between competent authorities of different Member States

36.(1) Where the Bank considers that, in a particular matter, cross-border cooperation with competent authorities of another Member State referred to in Regulations 37, 38, 39 or 40 does not comply with the relevant conditions set out in those provisions, it may refer the matter to the European Banking Authority and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010.

(2) Where the European Banking Authority has been requested to assist in accordance with Article 19 of Regulation (EU) No 1093/2010 or the European Banking Authority, on its own initiative, is assisting the Bank and competent authorities of other Member States in reaching an agreement in accordance with the second subparagraph of Article 19(1) of that Regulation, the Bank shall defer its decision on the matter concerned pending resolution under Article 19 of that Regulation.

Application to exercise the right of establishment and freedom to provide services

37.(1) A payment institution authorised under Regulation 18 which proposes to provide payment services for the first time in another Member State, in the exercise of the right of establishment or the freedom to provide services, shall communicate the following information to the Bank not less than 3 months prior to the date on which it proposes to commence provision of those payment services:

(a) the name, address and, where applicable, authorisation number of the payment institution;

(b) the Member State or Member States, as the case may be, in which it intends to operate;

(c) the payment services to be provided;

(d) where the payment institution intends to make use of an agent, the information referred to in Regulation 30(1) ;

(e) where the payment institution intends to make use of a branch, the information referred to in Regulation 7(2)(b) and (e) with regard to the payment service business in the host Member State, a description of the organisational structure of the branch and the identity of those responsible for the management of the branch;

(f) where the payment institution proposes to outsource operational functions of payment services to other entities in the host Member State, that it proposes to do so.

(2) Where a payment institution becomes aware of any relevant change regarding the information communicated in accordance with paragraph (1), including as regards additional agents, branches or entities to which activities are outsourced in the host Member States in which it operates, it shall communicate any such change to the Bank without undue delay.

(3) Within 1 month of receipt of all of the information referred to in paragraph (1), or change regarding such information received in accordance with paragraph (2), as the case may be, the Bank shall send the information to the competent authority of the host Member State.

(4) Where the Bank receives information from a competent authority of another Member State in accordance with the law of that Member State equivalent to paragraph (3), the Bank shall, within 1 month of receipt of the information assess that information and provide that competent authority with relevant information in connection with the proposed provision of payment services by the payment institution, authorised by that competent authority, in the exercise of the freedom of establishment or the freedom to provide services.

(5) The Bank shall, when providing relevant information in accordance with paragraph (4), inform the competent authority concerned in particular of any reasonable grounds for concern in connection with the intended engagement of an agent or establishment of a branch with regard to money laundering or terrorist financing within the meaning of Directive (EU) 2015/849.

(6) Where the Bank does not agree with an assessment provided by the competent authority of a host Member State, provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), it shall provide that competent authority with the reasons for the Bank’s disagreement with that assessment.

(7) If the assessment of the Bank, in particular in light of the information received from the competent authority of the host Member State provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), is not favourable, the Bank shall refuse to register the agent or branch or shall withdraw the registration if already made.

(8) If the assessment of the Bank, in particular in light of the information received from the competent authority of the host Member State provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), is favourable, the Bank shall enter the agent or branch in the Register.

(9) Within 3 months of receipt of the information referred to in paragraph (1) or, where a change to that information has been provided in accordance with paragraph (2), receipt of the most recently received of such information, the Bank shall communicate its decision to the competent authority of the host Member State and to the payment institution.

(10) Upon entry in the Register, the agent or branch, as the case may be, of the payment institution concerned may commence its activities in the host Member State.

(11) The payment institution concerned shall notify the Bank of the date from which it commences its activities through the agent or branch, as the case may be, in the relevant host Member State.

(12) The Bank shall inform the competent authority of the host Member State concerned of the information provided by the payment institution concerned in accordance with paragraph (11).

Supervision of payment institutions exercising the right of establishment and freedom to provide services

38. (1) In order to carry out the controls and take the necessary steps provided for in this Part and in Parts 3 and 4 in respect of the agent or branch of a payment institution, where that agent or branch is located in the territory of another Member State, the Bank shall cooperate with the competent authorities of the host Member State of that agent or branch.

(2) The Bank shall notify the competent authority of the host Member State concerned where the Bank intends to carry out an on-site inspection in that Member State.

(3) The Bank may delegate to the competent authority of the host Member State concerned the task of carrying out on-site inspections of the agent or branch concerned.

(4) The Bank may require a payment institution authorised in another Member State having an agent or branch in the State to report to the Bank periodically on the activities carried out in the State.

(5) A report referred to in paragraph (4) shall be required for information or statistical purposes and, as far as the agent or branch concerned conducts the payment service business under the right of establishment, to monitor compliance with Parts 3 and 4.

(6) The Bank shall provide the competent authority of a host Member State of the agent or branch of a payment institution authorised under Regulation 18 with all essential and relevant information, in particular in the case of infringements or suspected infringements of these Regulations by an agent or a branch, and where such infringements occurred in the context of the exercise of the freedom to provide services.

(7) The Bank shall, for the purposes of compliance with paragraph (6), communicate, upon request, all relevant information and, on its own initiative, all essential information, including on the compliance of the payment institution with Regulation 21.

(8) The Bank may require a payment institution operating in the State through an agent under the right of establishment, the head office of which is situated in another Member State, to appoint a central contact point in the State to—

(a) ensure adequate communication and information reporting on compliance with Parts 3 and 4, without prejudice to any obligations under anti-money laundering law or counter terrorist financing law, and

(b) facilitate supervision by the competent authority of the home Member State and any other host Member States of the payment institution concerned, including by providing such competent authorities with documents and information on request.

Measures in case of non-compliance, including precautionary measures

39. (1) Where the Bank ascertains that a payment institution authorised in another Member State having agents or branches in the State contravenes this Part or Part 3 or 4, it shall inform the competent authority of the home Member State of the payment institution concerned without delay.

(2) Where the Bank receives information from a competent authority in another Member State pursuant to the law of that Member State equivalent to paragraph (1), the Bank shall, after having evaluated the information received, without undue delay, take all appropriate measures, available to it under this or any other law of the State, to ensure that the payment institution concerned ceases its contravention.

(3) Where the Bank takes measures under paragraph (2), it shall communicate those measures without delay to the competent authority of the host Member State of the payment institution concerned and to the competent authorities of any other Member State concerned.

(4) In an emergency situation, where immediate action is necessary to address a serious threat to the collective interests of the payment service users in the State, where the State is the host Member State, the Bank may, in parallel with the cross-border cooperation between competent authorities and pending measures by the competent authorities of the home Member State of the payment institution concerned, as provided by Regulation 38, take such precautionary measures, available to it under this or any other law of the State, as it considers appropriate in the circumstances.

(5) A precautionary measure taken under paragraph (4) shall—

(a) be appropriate and proportionate to its purpose to protect against a serious threat to the collective interests of the payment service users in the State,

(b) not result in a preference for payment service users of the payment institution concerned in the State over payment service users of the payment institution in other Member States,

(c) be temporary, and

(d) be terminated when the serious threats identified are addressed, including with the assistance of or in cooperation with the home Member State’s competent authority or with the European Banking Authority in accordance with Regulation 36(1) .

(6) Where compatible with the emergency situation referred to in paragraph (4), the Bank shall inform—

(a) the competent authorities of the home Member State of the payment institution concerned and those of any other Member State concerned,

(b) the Commission, and

(c) the European Banking Authority,

in advance and in any case without undue delay, of the precautionary measures taken under paragraph (4) and of their justification.

Reasons and communication

40. (1) The Bank shall only take a decision pursuant to Regulation 34, 37, 38 or 39 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment where that decision is justified in the circumstances relating to the decision.

(2) Where the Bank takes a decision pursuant to Regulation 34, 37, 38 or 39 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment, it shall communicate the reasons for its decision to the payment institution concerned.

(3) Regulations 37, 38 and 39 shall be without prejudice to the obligation under the law of the State giving effect to Directive (EU) 2015/849 and Regulation (EU) 2015/847 of the competent authorities designated in the State for the purposes of Directive (EU) 2015/849 and Regulation (EU) 2015/847, in particular under the law of the State giving effect to Article 48(1) of Directive (EU) 2015/849 and Article 22(1) of Regulation (EU) 2015/847, to supervise or monitor the compliance with the requirements laid down in those enactments.

Conditions (small payment institutions)

41.(1) The Bank may exempt a person providing payment services referred to in paragraphs 1 to 6 of the Schedule from the application of all or part of the procedure and conditions set out in Regulations 7 to 40, with the exception of Regulations 25, 26, 33 and 35, where the following conditions are satisfied:

(a) the monthly average of the preceding 12 months’ total value of payment transactions executed by the person concerned, including any agent for which it assumes full responsibility, does not exceed €3,000,000;

(b) none of the natural persons responsible for the management or operation of the business has been convicted of offences relating to money laundering or terrorist financing or other financial crimes;

(c) (i)where the person is a legal person, it has its head office in the State, or

(ii) where the person is a natural person, he or she has his or her place of residence in the State.

(2) The requirement in paragraph (1) (a) shall be assessed on the projected total amount of payment transactions in the business plan of the person concerned, unless an adjustment to that plan is required by the Bank.

(3) A person exempted under paragraph (1) shall be treated as a payment institution, save that Regulations 18(6), 37, 38 and 39 shall not apply to the person.

(4) The Bank may direct that a person exempted under paragraph (1) may engage only in a specific activity referred to in Regulation 29(1) .

(5) A person exempted under paragraph (1) shall notify the Bank of any change which results in the person no longer satisfying a condition specified in that paragraph.

(6) Where a person exempted under paragraph (1) —

(a) ceases to satisfy a condition specified in that paragraph or,

(b) where a direction has been issued under paragraph (4), engages in an activity other than that to which the direction relates,

the person concerned shall apply for an authorisation under Regulation 18 within 30 days from the date the condition concerned is no longer satisfied or the activity concerned is commenced, as the case may be.

(7) Subject to paragraph (10), where a person referred to in paragraph (6) applies for authorisation in accordance with that paragraph within the period referred to in that paragraph, it may continue providing payment services until the Bank notifies the person of the Bank’s decision on the application for authorisation.

(8) Subject to paragraph (11), where a person referred to in paragraph (6) does not apply for authorisation in accordance with that paragraph within the period referred to in that paragraph, it shall cease to provide payment services at the end of that period.

(9) Paragraphs (1) to (8) shall not affect the operation of the law of the State giving effect to Directive (EU) 2015/849 or any other anti-money-laundering law of the State.

(10) Paragraph (7) shall not apply where the application for authorisation in accordance with paragraph (6) is consequent upon the condition referred to in paragraph (1) (b) no longer being satisfied.

(11) Where the application for authorisation in accordance with paragraph (6) is consequent upon the condition referred to in paragraph (1) (b) no longer being satisfied, the person referred to in paragraph (6) shall cease to provide payment services from the date on which that condition is no longer satisfied.

Account information service providers

42.(1) A person providing only the payment service referred to in paragraph 8 of the Schedule shall be—

(a) exempt from the application of the procedure and conditions set out in Regulations 7 to 32, with the exception of subparagraphs (a), (b), (e) to (h), (j), (l), (n), (p) and (q) of Regulation 7(2), Regulation 7(6), Regulation 25, Regulation 26, and

(b) subject to Regulations 33 to 40, with the exception of Regulation 34(2).

(2) A person referred to in paragraph (1) of this Regulation shall be treated as a payment institution, save that Parts 3 and 4 shall not apply to them, with the exception of Regulations 65, 69 and 76, where applicable, and of Regulations 91, 93 and 118 to 120.

Chapter 3

Common Provisions

Access to payment systems

43. (1) The rules on access of an authorised or registered payment service provider that is a legal person to a payment system shall—

(a) be objective, non-discriminatory and proportionate, and

(b) not inhibit access more than is necessary—

(i) to safeguard against specific risks, such as settlement risk, operational risk and business risk, and

(ii) to protect the financial and operational stability of the payment system.

(2) A payment system shall not impose on a payment service provider, a payment service user or other payment systems any of the following requirements:

(a) restrictive rules on effective participation in other payment systems;

(b) rules which discriminate between authorised payment service providers or between registered payment service providers in relation to the rights, obligations and entitlements of participants;

(c) restrictions on the basis of institutional status.

(3) Paragraphs (1) and (2) shall not apply to:

(a) a payment system designated under the European Communities (Settlement Finality) Regulations 2010 ( S.I. No. 624 of 2010 ), or

(b) a payment system composed exclusively of payment service providers belonging to a group.

(4) Where a participant (in this paragraph referred to as the “first-mentioned participant”) in a payment system designated under the European Communities (Settlement Finality) Regulations 2010 allows an authorised or registered payment service provider that is not a participant in the system to pass transfer orders through the system, the first-mentioned participant shall, when requested, give the same opportunity in an objective, proportionate and non-discriminatory manner to other authorised or registered payment service providers.

(5) Where a participant refuses a request referred to in paragraph (4), it shall provide the requesting payment service provider with the reasons for any rejection.

(6) Where the Bank considers that a rule of a payment system contravenes paragraph (1) or (2), the Bank may direct the operator of the payment system by notice in writing to make a specified modification to the rules of the payment system within a specified period.

(7) Where the operator of a payment system to which a direction is given under paragraph (6) does not comply with the direction within the period specified in the notice, the Bank may apply to the court for an order directing the operator of the payment system to comply with the direction.

(8) A payment service provider may apply to the court for a declaration that a rule of a payment system contravenes paragraph (1) or (2).

Access to accounts maintained with a credit institution

44. (1) A credit institution shall permit a payment institution to have access to the credit institution’s payment accounts services on an objective, non-discriminatory and proportionate basis.

(2) The access referred to in paragraph (1) shall be sufficiently extensive as to allow payment institutions to provide payment services in an unhindered and efficient manner.

(3) Where a credit institution rejects a request for access to its payment accounts services from a payment institution, the credit institution shall provide the Bank without delay with duly motivated reasons for the rejection.

Notification of use of limited network exclusion

45. (1) Where a service provider—

(a) provides services of a type referred to in either or both of subparagraphs (i) and (ii) of paragraph (k) of Regulation 4, and

(b) the total value of payment transactions executed in providing those services over the preceding 12 months exceeds €1,000,000,

the service provider shall send a notification to the Bank.

(2) A notification under paragraph (1) shall—

(a) contain a description of the services provided by the service provider,

(b) specify which of the conditions referred to in subparagraphs (i) and (ii) of paragraph (k) of Regulation 4 is considered by the service provider to be satisfied,

(c) be sent within such period of time, as the Bank may direct, after the end of the period of 12 months referred to in paragraph (1), and

(d) be in such form or verified in such manner as the Bank may direct.

(3) The period of 12 months referred to in paragraph (1) does not include any period in respect of which a notification has already been made under paragraph (1) .

(4) Upon receipt of a notification under paragraph (1), the Bank shall decide in a duly motivated manner, on the basis of the contents of the notification and the conditions referred to in paragraph (k) of Regulation 4, whether or not those conditions are satisfied, and inform the service provider concerned accordingly.

(5) The Bank shall inform the European Banking Authority of the services notified under paragraph (1), specifying the exclusion applicable.

(6) The Bank shall enter a description of any services notified under paragraph (1) and the name of the service provider concerned in the Register.

Notification of use of electronic communications exclusion

46. (1) Where a service provider provides a payment transaction service referred to in paragraph (l) of Regulation 4, the service provider shall send a notification to the Bank.

(2) A notification under paragraph (1) shall—

(a) contain a description of the services being provided by the service provider,

(b) specify to which of the transaction types referred to in subparagraphs (i) and (ii) of paragraph (l) of Regulation 4 the services being provided relate.

(3) Where a service provider has, in a financial year of the service provider, provided services in respect of which a notification has been sent under paragraph (1), the service provider shall, within such period after the end of that financial year as the Bank may direct, provide an audit opinion in respect of that financial year to the effect that the transactions in respect of which the services were provided comply with the limits set out in paragraph (l) of Regulation 4.

(4) Information provided to the Bank under this Regulation shall be in such form or verified in such manner as the Bank may direct.

(5) The Bank shall inform the European Banking Authority of the services notified under paragraph (1), specifying the exclusion applicable.

(6) The Bank shall enter a description of any services notified under paragraph (1) and the name of the service provider concerned in the Register.

Chapter 4

Control of Shareholding

Control of shareholding — Interpretation

47. In this Chapter—

“prescribed percentage” means 20%, 30% or 50%;

“proposed acquirer” means a person who proposes to acquire or increase a qualifying holding in a payment institution, and includes a group of persons acting in concert to acquire or increase such a holding;

“proposed acquisition” means—

(a) the proposed acquisition of a qualifying holding in a payment institution, or

(b) a proposed increase in a qualifying holding in such an institution that results in the size of the holding reaching or exceeding a prescribed percentage;

“qualifying holding”, in relation to a payment institution, means a direct or indirect holding—

(a) that represents 10% or more of the capital of, or the voting rights in, the payment institution, or

(b) that makes it possible to exercise a significant influence over the management of the payment institution.

Restrictions on acquiring and disposing of qualifying holdings in payment institutions

48. (1) A proposed acquirer shall not, directly or indirectly, acquire a qualifying holding in a payment institution without having previously notified the Bank in writing of the intended size of the holding.

(2) A proposed acquirer who has a qualifying holding in a payment institution shall not, directly or indirectly, increase the size of the holding without having previously notified the Bank in writing of the intended size of the holding if, as a result of the increase—

(a) the percentage of the capital of, or the voting rights in, the payment institution that the proposed acquirer holds would reach or exceed a prescribed percentage, or

(b) in the case of a proposed acquirer that is a company or other body corporate, the payment institution would become the proposed acquirer’s subsidiary.

(3) A person shall not, directly or indirectly, dispose of a qualifying holding in a payment institution without having previously notified the Bank in writing of the intended size of the holding.

(4) A person shall not, directly or indirectly, dispose of part of a qualifying holding in a payment institution without having previously notified the Bank in writing of the intended size of the holding if, as a result of the disposal—

(a) the percentage of the capital of, or the voting rights in, the payment institution that the person holds would fall to or below a prescribed percentage, or

(b) in the case of a person that is a company or other body corporate, the payment institution would cease to be the person’s subsidiary.

(5) A notification under this Regulation shall be made by completing and submitting to the Bank—

(a) the form of notification specified by the Bank for the purpose of this provision and made available on the official website of the Bank, and

(b) such documentation in relation to the proposed acquisition or disposal, as the case may be, as is specified in that form as being required to be submitted to the Bank with the form.

Application to court where no notification given

49. (1) A person who concludes an acquisition to which Regulation 48 applies without having notified the Bank in accordance with that Regulation may make an application to the court under this Regulation and the court may, if it is satisfied that the failure was inadvertent and that it is in the interests of justice to do so, make an order—

(a) requiring the person to provide the Bank with the information required under Regulation 50, and

(b) requiring the Bank to carry out an assessment in accordance with Regulations 51, 52 and 53.

(2) An application under paragraph (1) shall be on notice to the Bank and the Bank shall be entitled to appear, be heard and adduce evidence at the hearing of the application.

(3) Notice of an application under paragraph (1) shall be served on the Bank at least 14 days before the date of hearing of the application.

(4) An affidavit giving the names and addresses of, and the places and dates of service on, all persons who have been served with the notice of application, grounding affidavit and exhibits (if any) shall be filed by the applicant at least 4 days before the application is heard.

(5) Where any person who ought under this Regulation to have been served has not been so served, the affidavit shall state that fact and the reason for it.

(6) Where the Bank carries out an assessment on foot of an order under paragraph (1) and it is satisfied that no grounds exist to oppose the application in accordance with Regulation 57 it may—

(a) lift a suspension of voting rights under Regulation 61, and

(b) retrospectively validate the exercise of voting rights during such a suspension.

Payment institution to provide information in relation to certain acquisitions and disposals

50. (1) If a payment institution becomes aware of the acquisition of a qualifying holding in it, or an increase in the size of such a holding that results in the holding reaching or exceeding a prescribed percentage, the institution shall inform the Bank in writing of the acquisition or increase without delay.

(2) If a payment institution becomes aware of a disposal of, or a reduction in the size of, a holding in it that results in the holding ceasing to be a qualifying holding or falling to or below a prescribed percentage, the institution shall inform the Bank in writing of the disposal or reduction without delay.

Period for assessment of proposed acquisition

51. (1) Within 2 working days after receiving a completed notification under Regulation 48 or in accordance with an order made under Regulation 49(1) (a), as the case may be, from a proposed acquirer, the Bank shall acknowledge receipt of the notification in writing.

(2) For the purposes of paragraph (1), a notification is completed if it gives all the information (whether in the notification itself or as an attachment) required by Regulation 48 to be provided for the assessment of the proposed acquisition concerned.

(3) Within 60 working days after the date of the written acknowledgement referred to in paragraph (1), the Bank shall carry out the assessment of the proposed acquisition concerned in accordance with Regulation 52.

(4) In its acknowledgement of receipt of a notification referred to in paragraph (1), the Bank shall inform the proposed acquirer concerned of the date on which the assessment period will end.

(5) During the assessment period in relation to a proposed acquisition, but no later than the 50th working day of that period, the Bank may request any further information necessary to complete the assessment of the acquisition.

(6) If the Bank makes a request under paragraph (5), it shall acknowledge the receipt of any information received in response to the request.

(7) A request made under paragraph (5) shall be made in writing and shall specify or describe the additional information needed.

(8) Subject to paragraph (10), if the Bank makes a request under paragraph (5) the assessment period is to be taken to be interrupted for the shorter of—

(a) the period between the date of the request and the date of the receipt of a response from the proposed acquirer concerned, and

(b) 20 working days.

(9) The Bank may request still further information for completion or clarification of information already supplied but such a request does not interrupt the assessment period.

(10) The Bank may, by notice in writing to a proposed acquirer, extend the interruption referred to in paragraph (8) in relation to a proposed acquisition to 30 working days if the proposed acquirer concerned—

(a) is situated or regulated in a country that is not a Member State, or

(b) is not subject to supervision under a law of a Member State that transposes Directive 2009/65/EC of the European Parliament and of the Council of 13 July 200912 , Directive 2009/138/EC of the European Parliament and of the Council of 25 November 200913 , or Directive 2014/65/EU of the European Parliament and of the Council of 15 May 201414 .

Assessment of proposed acquisitions

52. (1) The objective of the assessment of a proposed acquisition is to ensure the sound and prudent management of the payment institution concerned.

(2) In assessing a proposed acquisition, the Bank shall—

(a) have regard to the likely influence of the proposed acquirer concerned on the payment institution concerned, and

(b) appraise the suitability of the proposed acquirer and the financial soundness of the proposed acquisition concerned against all of the following criteria:

(i) the reputation of the proposed acquirer;

(ii) the reputation and experience of the individuals who will direct the business of the payment institution as a result of the proposed acquisition;

(iii) the financial soundness of the proposed acquirer, in particular in relation to the type of business pursued and envisaged in the payment institution;

(iv) whether the payment institution will be able to comply and continue to comply with the prudential requirements of existing legislation;

(v) whether the group of which it will become a part has a structure that makes it possible to exercise effective supervision, effectively exchange information among the competent authorities and determine the allocation of responsibilities among the competent authorities;

(vi) whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, money laundering or terrorist financing (within the meaning of Article 1 of Directive (EU) 2015/849) is being or has been committed or attempted, or that the proposed acquisition could increase the risk of money laundering or terrorist financing.

(3) The Bank shall not examine a proposed acquisition in terms of the economic needs of the market.

(4) Where 2 or more proposals to acquire or increase qualifying holdings in the same payment institution have been notified to the Bank, the Bank shall treat the proposed acquirers concerned in a non-discriminatory manner.

Bank to cooperate with competent authorities of other Member States in certain cases

53. (1) In carrying out its assessment of a proposed acquisition, the Bank may work in full consultation with the relevant competent authorities of other Member States if the proposed acquirer concerned is—

(a) an insurance undertaking, reinsurance undertaking, electronic money institution, credit institution, investment firm or UCITS management company, or the market operator of a regulated market, authorised by a competent authority of another Member State,

(b) the parent undertaking of such an undertaking, institution, firm, company or market operator, or

(c) a person that controls such an undertaking, institution, firm, company or market operator.

(2) In a case to which paragraph (1) applies, the Bank shall, without undue delay, provide any other competent authority concerned with any information that is essential or relevant for the assessment of a proposed acquisition.

(3) The Bank shall communicate to each other competent authority referred to in paragraph (2) all relevant information upon request and all essential information on its own initiative.

(4) A decision by the Bank, in the case of a proposed acquisition in a payment institution authorised by the Bank, shall indicate any views or reservations expressed by the competent authority responsible for the proposed acquirer concerned.

Notice of Bank’s decision

54. (1) If, on completing the assessment of a proposed acquisition, the Bank decides—

(a) to oppose it, or

(b) not to oppose it,

the Bank shall, within 2 business days, but before the end of the assessment period, so inform the proposed acquirer concerned in writing and give reasons for that decision.

(2) Subject to any other law, the Bank shall publish an appropriate statement of the reasons for its decision if the proposed acquirer concerned so requests.

(3) The Bank may in its discretion publish a statement referred to in paragraph (2) where a proposed acquirer has not so requested.

(4) If the Bank does not give notice in writing within the assessment period in relation to the proposed acquisition that it opposes or does not oppose the acquisition, the acquisition is deemed, for the purposes of any other law that requires the acquisition to be approved by the Bank, to have been so approved at the end of the assessment period.

Bank may fix period for completion of acquisition

55. The Bank may, where the Bank does not oppose a proposed acquisition or a proposed acquisition is deemed to be approved, fix a maximum period within which the proposed acquisition shall be completed, and may extend any period so fixed.

Bank may impose conditions

56. Where the Bank has given notice in relation to a proposed acquisition that the Bank does not oppose the acquisition or a proposed acquisition is deemed to be approved, the Bank may impose a condition or a requirement, or both, being a condition or a requirement that the Bank considers necessary for the proper and orderly regulation and supervision of payment institutions, and may at any time revoke or vary any condition or requirement so imposed.

Bank may oppose certain acquisitions

57. The Bank may oppose a proposed acquisition only if—

(a) there are reasonable grounds for doing so on the basis of the criteria in paragraph (1) or (2) of Regulation 52, or

(b) the information provided by the proposed acquirer in its notification under Regulation 48 or in accordance with an order made under Regulation 49(1) (a), as the case may be, is incomplete, or the proposed acquirer has not provided information in response to a request under paragraph (5) or (9) of Regulation 51.

Circumstances in which proposed acquisition may be completed

58. (1) The proposed acquirer in relation to a proposed acquisition may complete the acquisition only if—

(a) the proposed acquirer has notified the Bank of the acquisition in accordance with Regulation 48 or in accordance with an order made under Regulation 49(1) (a), as the case may be,

(b) the Bank has acknowledged that notification in accordance with Regulation 51(1), and

(c) either—

(i) the assessment period in relation to the acquisition has ended and the Bank has not notified the proposed acquirer that it opposes the acquisition, or

(ii) the Bank has notified the proposed acquirer that it does not oppose the acquisition.

(2) If a proposed acquirer purports to complete a proposed acquisition in contravention of paragraph (1) —

(a) the purported acquisition is of no effect to pass title to any share or any other interest, and

(b) any exercise of powers based on the purported acquisition of the holding concerned is void.

Effect of section 450 of Companies Act 2014

59. If a transaction is both a proposed acquisition and a compromise or arrangement for the purposes of section 450 of the Companies Act 2014 , the court shall not make an order under that section in relation to the transaction until after the end of the assessment period in relation to the transaction.

Payment institutions to provide information about shareholdings, etc.

60. A payment institution shall, at least once a year in the manner and at the time specified by the Bank, notify the Bank of the names of shareholders or members who have qualifying holdings and the size of each such holding.

Power of court to make certain orders

61. (1) If the Bank reasonably believes that the control exercised by a person who has a qualifying holding in a payment institution is inconsistent with the prudent and sound management of the institution, it may apply to the court for an order under paragraph (4).

(2) On making an application under paragraph (1), the Bank shall serve a copy of the application on the person to whom the application relates.

(3) On being served in accordance with paragraph (2), the person concerned becomes the respondent to the application.

(4) On the hearing of an application under paragraph (1), the court may, on being satisfied that the Bank’s belief is substantiated, make all or any of the following orders:

(a) an order directing the respondent to dispose of the holding or a specified part of it;

(b) an order suspending the exercise of the voting rights attached to the relevant shares;

(c) an order invalidating votes already exercised by holders of those shares.

PART 3

Transparency of Conditions and Information Requirements for Payment Services

Chapter 1

General Rules

Scope

62. (1) Subject to paragraph (2), this Part applies to single payment transactions, framework contracts and payment transactions covered by them.

(2) The parties to a payment transaction or a framework contract may agree that this Part does not, or particular provisions of this Part do not, apply to the transaction or contract where the payment service user is not a consumer.

(3) This Part applies to a micro enterprise as it applies to a consumer.

(4) For the purposes of this Part, an undertaking shall be taken to be a micro enterprise—

(a) for the purposes of a payment transaction, where it satisfies the definition of a micro enterprise in the Commission Recommendation at the time of initiation of the transaction, and

(b) for the purposes of a framework contract, where it satisfies the definition of a micro enterprise in the Commission Recommendation at the time of entering into the framework contract.

(5) Nothing in these Regulations shall prevent a payment service provider proposing a new framework contract or amendments to an existing framework contract with a payment service user where that payment service user, having satisfied the definition of a micro enterprise in the Commission Recommendation at the time of entering into the existing framework contract, ceases to satisfy that definition prior to the expiry of that framework contract.

Operation of other legislative provisions

63. (1) Subject to paragraph (2), nothing in this Part affects the operation of any other law giving effect to an Act of the European Union that imposes additional requirements in relation to the giving of prior information.

(2) Where both this Part and the European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004 ( S.I. No. 853 of 2004 ) apply in relation to a payment transaction or framework contract, the requirements of Regulation 6 of those Regulations (to the extent that that Regulation requires the supply of the information specified in points (a) to (i), (p), (q) and (t) to (w) of Schedule 1 to those Regulations) are superseded by the requirements of—

(a) in a case to which Chapter 2 of this Part applies, Regulations 68 and 69, or

(b) in a case to which Chapter 3 of this Part applies, Regulations 75 and 76.

Charges for information

64. (1) A payment service provider shall not charge a payment service user for providing information under this Part.

(2) Where provided at a payment service user’s request, a payment service provider and a payment service user may agree on charges for—

(a) the provision of information additional to that to be provided under this Part,

(b) the provision of information on a more frequent basis than is provided under this Part, or

(c) the transmission of information by a means of communication other than that specified in the framework contract between the payment service user and the payment service provider.

(3) Where a payment service provider imposes charges in accordance with paragraph (2), those charges shall be reasonable and in line with the payment service provider’s actual costs.

Burden of proof on information requirements

65.Where in proceedings in relation to these Regulations a dispute arises as to whether or not the information requirements set out in this Part have been complied with, the burden of proof rests with the payment service provider.

Derogation from information requirements for low-value payment instruments and electronic money

66.(1) In this Regulation, “low-value payment instrument” means a payment instrument that, in accordance with the relevant framework contract—

(a) (i) is not prepaid,

(ii) relates to payment transactions not wholly within the State, and

(iii)(I) concerns only payment transactions none of which exceeds €30,

(II) has a spending limit of €150, or

(III) does not store more than €150 at any time,

(b) (i) is not prepaid,

(ii) relates to payment transactions wholly within the State, and

(iii) (I) concerns only payment transactions none of which exceeds €60,

(II)has a spending limit of €300, or

(III)does not store more than €300 at any time, or

(c) (i) is prepaid, and

(ii) (I) concerns only payment transactions none of which exceeds €500,

(II) has a spending limit of €500, or

(III) does not store more than €500 at any time.

(2) Where a payment instrument is a low-value payment instrument—

(a) notwithstanding Regulations 75, 76 and 80, the payment service provider need provide the payer only with information on the main characteristics of the payment service, including the way in which the payment instrument can be used, liability, charges levied and other material information needed to make an informed decision and an indication of where any other information specified in Regulation 76 are made available in an easily accessible manner,

(b) notwithstanding Regulation 78, the payment service provider and payer may agree that the payment service provider is not required to propose changes to the conditions of the framework contract in the manner provided for in Regulation 75(1) and (2), and

(c) notwithstanding Regulations 81 and 82, the payment service provider and payer may agree that after the execution of a payment transaction—

(i) the payment service provider need provide or make available only a reference enabling the payment service user to identify the payment transaction, the amount of the payment transaction and any charges (or, in the case of several payment transactions of the same kind to the same payee, information on the total amount and charges for those transactions), and

(ii) the payment service provider is not required to provide or make available information referred to in subparagraph (i) if the payment instrument is used anonymously or if the payment service provider is not otherwise technically able to provide it, but the payment service provider shall provide the payer with a way of verifying the amount of funds stored.

Chapter 2

Single Payment Transactions

Scope

67. (1) This Chapter applies to a single payment transaction not covered by a framework contract.

(2) Where a payment order for a single payment transaction is transmitted by means of a payment instrument covered by a framework contract, the payment service provider is not obliged to provide or make available information which has already been given or which will be given to the payment service user by another payment service provider under that framework contract.

Prior general information

68. (1) A payment service user shall not be bound by a single payment service contract or offer until such time as the payment service provider makes available to the payment service user, in an easily accessible manner, the information specified in Regulation 69 with regard to the payment service provider’s services.

(2) Where the payment service user concerned so requests, the payment service provider shall provide the information referred to in paragraph (1) on paper or on another durable medium.

(3) The information referred to in paragraph (1) shall be given to the payment service user concerned in—

(a) easily understandable words,

(b) a clear and comprehensible form, and

(c) an official language of the Member State where the payment service is offered or in any other language agreed between the parties.

(4) Where a single payment service contract has been concluded at the request of a payment service user using a means of distance communication which does not enable the payment service provider concerned to comply with paragraphs (1) to (3), the payment service provider shall fulfil its obligations under those paragraphs immediately after the execution of the payment transaction.

(5) Where a payment service provider supplies the payment service user concerned with a copy of the draft single payment service contract or the draft payment order which includes the information specified in Regulation 69, the payment service provider shall be deemed to have complied with paragraphs (1) to (3).

Information

69. (1) A payment service provider shall provide or make available to a payment service user the following information:

(a) a specification of the information or unique identifier to be provided by the payment service user in order for a payment order to be properly initiated or executed;

(b) the maximum execution time for a payment service to be provided;

(c) all charges payable by the payment service user to the payment service provider and, where applicable, a breakdown of those charges;

(d) where applicable, the actual or reference exchange rate to be applied to a payment transaction.

(2) A payment initiation service provider shall, in addition to the information referred to in paragraph (1), prior to initiation, provide the payer with, or make available to the payer, the following information in a clear and comprehensive manner:

(a) the name of the payment initiation service provider;

(b) the geographical address of its head office;

(c) where applicable, the geographical address of its agent or branch established in the Member State where the payment service is offered;

(d) any other contact details, including electronic mail address, relevant for communication with the payment initiation service provider;

(e) the contact details of the Bank.

(3) A payment service provider shall, where applicable, make available to a payment service user in an easily accessible manner any other relevant information specified in Regulation 76.

Information for the payer and payee after the initiation of a payment order

70. In addition to the information specified in Regulation 69, where a payment order is initiated through a payment initiation service provider, the payment initiation service provider shall, immediately after initiation, provide or make available all of the following information to the payer and, where applicable, the payee:

(a) confirmation of the successful initiation of the payment order with the payer’s account servicing payment service provider;

(b) a reference enabling the payer and the payee to identify the payment transaction and, where appropriate, the payee to identify the payer, and any information transferred with the payment transaction;

(c) the amount of the payment transaction;

(d) where applicable, the amount of any charges payable to the payment initiation service provider for the transaction and, where applicable, a breakdown of the amounts of such charges.

Information for payer’s account servicing payment service provider

71. Where a payment order is initiated through a payment initiation service provider, the payment initiation service provider shall make available to the payer’s account servicing payment service provider the reference of the payment transaction.

Information for the payer after receipt of the payment order

72. Immediately after receipt of a payment order, a payer’s payment service provider shall provide the payer with or make available to the payer, in the same manner as information is to be provided in accordance with Regulation 68(1) to (3), all of the following information with regard to the payment service provider’s services:

(a) a reference enabling the payer to identify the payment transaction and, where appropriate, information relating to the payee;

(b) the amount of the payment transaction in the currency used in the payment order;

(c) the amount of any charges for the payment transaction payable by the payer and, where applicable, a breakdown of the amounts of such charges;

(d) where applicable, the exchange rate used in the payment transaction by the payer’s payment service provider or a reference thereto, when different from the rate provided in accordance with Regulation 69(1) (d), and the amount of the payment transaction after that currency conversion;

(e) the date of receipt of the payment order.

Information for the payee after execution

73. Immediately after the execution of a payment transaction, a payee’s payment service provider shall provide the payee with, or make available to, the payee, in the same manner as information is to be provided in accordance with Regulation 68(1) to (3), all of the following information with regard to the payment service provider’s services:

(a) a reference enabling the payee to identify the payment transaction and, where appropriate, the payer and any information transferred with the payment transaction;

(b) the amount of the payment transaction in the currency in which the funds are at the payee’s disposal;

(c) the amount of any charges for the payment transaction payable by the payee and, where applicable, a breakdown of the amounts of such charges;

(d) where applicable, the exchange rate used in the payment transaction by the payee’s payment service provider and the amount of the payment transaction before that currency conversion;

(e) the credit value date.

Chapter 3

Framework Contracts

Scope

74. This Chapter applies to payment transactions covered by a framework contract.

Prior general information

75. (1) In good time before a payment service user is bound by a framework contract or offer, the payment service provider concerned shall provide the payment service user on paper or on another durable medium with the information specified in Regulation 76.

(2) The information referred to in paragraph (1) shall be given in—

(a) easily understandable words,

(b) a clear and comprehensible form, and

(c) an official language of the Member State where the payment service is offered or in any other language agreed between the parties.

(3) Where a framework contract has been concluded at the request of a payment service user using a means of distance communication which does not enable the payment service provider concerned to comply with paragraphs (1) and (2), the payment service provider shall fulfil its obligations under those paragraphs immediately after conclusion of the framework contract.

(4) Where a payment service provider supplies the payment service user concerned with a copy of a draft framework contract which includes the information specified in Regulation 76, the payment service provider shall be deemed to have complied with paragraphs (1) and (2).

Information

76. A payment service provider shall provide the following information to a payment service user:

(a) on the payment service provider:

(i) the name of the payment service provider;

(ii) the geographical address of its head office;

(iii) where applicable, the geographical address of its agent or branch established in the Member State where the payment service is offered;

(iv) any other address, including electronic mail address, relevant for communication with the payment service provider;

(v) the particulars of the Bank and of the Register or of any other relevant public register of authorisation of the payment service provider and the registration number or equivalent means of identification in that register;

(b) on the use of the payment service:

(i) a description of the main characteristics of the payment service to be provided;

(ii) a specification of the information or unique identifier that has to be provided by the payment service user in order for a payment order to be properly initiated or executed;

(iii) the form of and procedure for giving consent to initiate a payment order or execute a payment transaction and withdrawal of such consent in accordance with Regulations 88 and 104;

(iv) a reference to the time of receipt of a payment order in accordance with Regulation 102 and the cut-off time, if any, established by the payment service provider;

(v) the maximum execution time for the payment services to be provided;

(vi) whether there is a possibility to agree on spending limits for the use of the payment instrument in accordance with Regulation 92(1) ;

(vii) in the case of co-badged, card-based payment instruments, the payment service user’s rights under Article 8 of Regulation (EU) 2015/751 of the European Parliament and of the Council of 29 April 201515 ;

(c) on charges, interest and exchange rates:

(i) all charges payable by the payment service user to the payment service provider including those connected to the manner in and frequency with which information under these Regulations is provided or made available and, where applicable, the breakdown of the amounts of such charges;

(ii) where applicable, the interest and exchange rates to be applied or, if reference interest and exchange rates are to be used, the method of calculating the actual interest, and the relevant date and index or base for determining such reference interest or exchange rate;

(iii) if agreed, the immediate application of changes in reference interest or exchange rate and information requirements relating to the changes in accordance with Regulation 78(5);

(d) on communication:

(i) where applicable, the means of communication, including the technical requirements for the payment service user’s equipment and software, agreed between the parties for the transmission of information or notifications under these Regulations;

(ii) the manner in, and frequency with which, information under these Regulations is to be provided or made available;

(iii) the language or languages in which the framework contract will be concluded and communication during this contractual relationship undertaken;

(iv) the payment service user’s right to receive the contractual terms of the framework contract and information in accordance with Regulation 77;

(e) on safeguards and corrective measures:

(i) where applicable, a description of the steps that the payment service user is to take in order to keep a payment instrument safe and how to notify the payment service provider for the purposes of Regulation 93(1) (b) ;

(ii) the secure procedure for notification of the payment service user by the payment service provider in the event of suspected or actual fraud or security threats;

(iii) if agreed, the conditions under which the payment service provider reserves the right to block a payment instrument in accordance with Regulation 92;

(iv) the liability of the payer in accordance with Regulation 98, including information on the relevant amount;

(v) how and within what period of time the payment service user is to notify the payment service provider of any unauthorised or incorrectly initiated or executed payment transaction in accordance with Regulation 95 as well as the payment service provider’s liability for unauthorised payment transactions in accordance with Regulation 97;

(vi) the liability of the payment service provider for the initiation or execution of payment transactions in accordance with Regulation 112;

(vii) the conditions for refund in accordance with Regulation 100 and 101;

(f) on changes to, and termination of, the framework contract:

(i) if agreed, that the payment service user will be deemed to have accepted changes in the conditions in accordance with Regulation 78, unless the payment service user notifies the payment service provider before the date of their proposed date of entry into force that the changes are not accepted;

(ii) the duration of the framework contract;

(iii) the right of the payment service user to terminate the framework contract and any agreements relating to termination in accordance with Regulation 78(4) and 79;

(g) on redress:

(i) any contractual clause on the law applicable to the framework contract or the competent courts;

(ii) the alternative dispute resolution procedures available to the payment service user in accordance with Regulations 124 and 125.

Accessibility of information and conditions of the framework contract

77. At any time during the contractual relationship the payment service user shall have a right to receive, on request, the contractual terms of the framework contract as well as the information specified in Regulation 76 on paper or on another durable medium.

Changes in conditions of the framework contract

78. (1) Any changes in a framework contract or in the information specified in Regulation 76 shall be proposed by a payment service provider in the same manner as information is to be provided in accordance with Regulation 75(1) and (2) and no later than 2 months before the proposed date of application of the changes.

(2) A payment service user can either accept or reject changes proposed in accordance with paragraph (1) before the date of their proposed entry into force.

(3) Where a framework contract provides for such deemed acceptance, the payment service provider concerned shall inform the payment service user concerned that the payment service user is deemed to have accepted changes proposed in accordance with paragraph (1) if the payment service user does not notify the payment service provider before the proposed date of their entry into force that those changes are not accepted.

(4) Where paragraph (3) applies, the payment service provider shall also inform the payment service user that, in the event that the payment service user rejects the changes concerned, the payment service user has the right to terminate the framework contract free of charge and with effect at any time before the date when the changes would have applied had the payment service user not rejected the changes.

(5) A payment service provider may apply a change in an interest or exchange rate immediately and without notice where—

(a) the framework contract concerned provides for the application of changes in an interest or exchange rate immediately and without notice, and

(b) the change in the interest or exchange rate is based on an agreed reference interest or exchange rate.

(6) Subject to paragraph (7), where a change in an interest rate is applied in accordance with paragraph (5), the payment service user concerned shall be informed of the change in the interest rate at the earliest opportunity in the same manner as information is to be provided in accordance with Regulation 75(1) and (2), unless the parties to the framework contract concerned have agreed on a specific frequency or manner in which the information is to be provided or made available.

(7) A change in an interest or exchange rate which is more favourable to the payment service user concerned may be applied by a payment service provider without giving notice to the payment service user.

(8) A change in an interest or exchange rate used in a payment transaction shall be implemented and calculated in a neutral manner that does not discriminate against payment service users.

Termination

79. (1) A payment service user may terminate a framework contract at any time, unless the parties have agreed on a period of notice.

(2) The period of notice referred to in paragraph (1) shall not exceed 1 month.

(3) Termination of a framework contract shall be free of charge for the payment service user except where the contract has been in force for less than 6 months.

(4) Charges, if any, for termination of a framework contract shall be appropriate and in line with costs.

(5) If agreed in a framework contract, a payment service provider may terminate a framework contract concluded for an indefinite period by giving not less than 2 months’ notice in the same manner as information is to be provided in accordance with Regulation 75(1) and (2).

(6) Where a framework contract is terminated, charges for payment services levied on a regular basis shall be—

(a) payable by the payment service user only proportionally up to the termination of the contract, and

(b) where such charges are paid in advance, reimbursed proportionally.

(7) Nothing in this Regulation affects the operation of any other law governing the rights of the parties to a framework contract to declare the contract unenforceable or void.

Information before execution of individual payment transactions

80. Where an individual payment transaction under a framework contract is initiated by the payer, the payment service provider concerned shall, at the payer’s request for the payment transaction, provide explicit information on all of the following:

(a) the maximum execution time;

(b) the charges payable by the payer;

(c) where applicable, a breakdown of the amounts of any charges.

Information for the payer on individual payment transactions

81. (1) After the amount of an individual payment transaction is debited from a payer’s account or, where the payer does not use a payment account, after receipt of the payment order, the payer’s payment service provider shall provide the payer, without undue delay and in the same manner as information is to be provided in accordance with Regulation 75(1) and (2), with all of the following information:

(a) a reference enabling the payer to identify each payment transaction and, where appropriate, information relating to the payee;

(b) the amount of the payment transaction in the currency in which the payer’s payment account is debited or in the currency used for the payment order;

(c) the amount of any charges for the payment transaction and, where applicable, a breakdown of the amounts of such charges, or the interest payable by the payer;

(d) where applicable, the exchange rate used in the payment transaction by the payer’s payment service provider, and the amount of the payment transaction after that currency conversion;

(e) the debit value date or the date of receipt of the payment order.

(2) A framework contract shall include a condition that the payer may require the information referred to in paragraph (1) to be provided or made available periodically, at least once a month, free of charge and in an agreed manner which allows the payer to store and reproduce information unchanged.

Information for the payee on individual payment transactions

82. (1) After the execution of an individual payment transaction, the payee’s payment service provider shall provide the payee without undue delay, in the same manner as information is to be provided in accordance with Regulation 75(1) and (2), with all of the following information:

(a) a reference enabling the payee to identify the payment transaction and the payer, and any information transferred with the payment transaction;

(b) the amount of the payment transaction in the currency in which the payee’s payment account is credited;

(c) the amount of any charges for the payment transaction and, where applicable, a breakdown of the amounts of such charges, or the interest payable by the payee;

(d) where applicable, the exchange rate used in the payment transaction by the payee’s payment service provider, and the amount of the payment transaction before that currency conversion;

(e) the credit value date.

(2) A framework contract may include a condition that the information referred to in paragraph (1) is to be provided or made available periodically, at least once a month, free of charge and in an agreed manner which allows the payee to store and reproduce information unchanged.

Chapter 4

Common Provisions

Currency and currency conversion

83. (1) Payments shall be made in the currency agreed between the parties to a payment transaction or a framework contract, as the case may be.

(2) Where—

(a) a currency conversion service is offered prior to the initiation of a payment transaction, and

(b) that currency conversion service is offered at an automated teller machine, at the point of sale or by a payee,

the party offering the currency conversion service to a payer shall disclose to the payer all charges as well as the exchange rate to be used for converting the payment transaction.

(3) Where the conditions specified in paragraph (2) apply, a payer accepting an offer to use the currency conversion service concerned shall be deemed to do so on the basis of the disclosed charges and exchange rate.

Information on additional charges or reductions

84. (1) Where, for the use of a given payment instrument, a payee requests a charge or offers a reduction, the payee shall inform the payer concerned prior to the initiation of the payment transaction.

(2) Where, for the use of a given payment instrument, a payment service provider or another party involved in the transaction requests a charge, that payment service provider or other party shall inform the payment service user concerned prior to the initiation of the payment transaction.

(3) A payer shall only be obliged to pay the charges referred to in paragraphs (1) and (2) if the full amount of the charges was made known prior to the initiation of the payment transaction concerned.

PART 4

Rights and Obligations in Relation to the Provision and use of Payment Services

Chapter 1

Common provisions

Scope

85.(1) Where a payment service user is not a consumer, the payment service user and the payment service provider concerned—

(a) may agree that Regulation 86(1) and (2), Regulation 88(5) and (6), and Regulations 96, 98, 100, 101, 104 and 112 do not apply in whole or in part, and

(b) may agree on time limits that are different from those laid down in Regulation 95.

(2) This Part applies to a micro enterprise as it applies to a consumer.

(3) For the purposes of this Part, an undertaking shall be taken to be a micro enterprise—

(a) for the purposes of a payment transaction, where it satisfies the definition of a micro enterprise in the Commission Recommendation at the time of initiation of the transaction, and

(b) for the purposes of a framework contract, where it satisfies the definition of a micro enterprise in the Commission Recommendation at the time of entering into the framework contract.

(4) Nothing in these Regulations shall prevent a payment service provider proposing a new framework contract or amendments to an existing framework contract with a payment service user where that payment service user, having satisfied the definition of a micro enterprise in the Commission Recommendation at the time of entering into the existing framework contract, ceases to satisfy that definition prior to the expiry of that framework contract.

Charges applicable

86. (1) A payment service provider shall not charge a payment service user for the costs the provider incurs in complying with its information obligations or corrective and preventive measures under this Part, save in accordance with Regulation 103(3), Regulation 104(6) or Regulation 111(5).

(2) Where charges are imposed in accordance with the provisions referred to in paragraph (1), they shall be agreed between the payment service user and the payment service provider and shall be appropriate and in line with the payment service provider’s actual costs.

(3) Where—

(a) a payment transaction is provided within the Union, and

(b) both the payer’s and the payee’s payment service providers are, or the sole payment service provider in the payment transaction is, located in the Union,

the payee shall pay the charges levied by his or her payment service provider and the payer shall pay the charges levied by his or her payment service provider.

(4) A payment service provider shall not prevent a payee from—

(a) requesting from a payer a charge,

(b) offering a payer a reduction, or

(c) otherwise encouraging a payer to use a particular payment instrument.

(5) Where a payee applies a charge in accordance with paragraph (4), the charge applied shall not exceed the direct costs borne by the payee for the use of the payment instrument concerned.

(6) A payee shall not request charges for—

(a) the use of a payment instrument for which interchange fees are regulated under Chapter II of Regulation (EU) 2015/751 of the European Parliament and of the Council of 29 April 201516 , or

(b) those payment services to which Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 201217 applies.

Derogation for low-value payment instruments and electronic money

87. (1) In this Regulation “low-value payment instrument” means a payment instrument that, in accordance with the relevant framework contract—

(a) (i)is not prepaid,

(ii) relates to payment transactions not wholly within the State, and

(iii) (I) concerns only payment transactions none of which exceeds €30,

(II) has a spending limit of €150, or

(III) does not store more than €150 at any time,

(b) (i) is not prepaid,

(ii) relates to payment transactions wholly within the State, and

(iii) (I) concerns only payment transactions none of which exceeds €60,

(II) has a spending limit of €300, or

(III) does not store more than €300 at any time, or

(c) (i) is prepaid, and

(ii) (I) concerns only payment transactions none of which exceeds €500,

(II) has a spending limit of €500, or

(III) does not store more than €500 at any time.

(2) Where a payment instrument is a low-value payment instrument, the payment service provider concerned may agree with the payment service user concerned—

(a) where the payment instrument cannot be blocked or its further use prevented, that Regulation 93(1) (b), Regulation 94(1) (c), (d) and (e), and Regulation 98(6) and (7) do not apply,

(b) where the payment instrument is used anonymously or the payment service provider is not in a position, for reasons intrinsic to the payment instrument other than those referred to in subparagraph (a), to prove that a payment transaction was authorised, that Regulations 96 and 97, and Regulation 98(1), (2), (3), (6) and (7) do not apply,

(c) by way of derogation from Regulation 103(1), where non-execution is apparent from the context, that the payment service provider is not required to notify the payment service user of the refusal of a payment order,

(d) by way of derogation from Regulation 104, that the payer concerned may not revoke the payment order concerned after transmitting the payment order or giving consent to execute the payment transaction to the payee concerned, and

(e) by way of derogation from Regulations 107 and 108, that other execution periods apply.

(3) Regulations 97 and 98 shall also apply to electronic money, as defined in point (2) of Article 2 of Directive 2009/110/EC, except where a payer’s payment service provider does not have the ability to freeze the payment account on which the electronic money is stored or block the payment instrument concerned.

Chapter 2

Authorisation of payment transactions

Consent and withdrawal of consent

88. (1) A payment transaction is authorised by a payer only where the payer has given consent to execute the payment transaction.

(2) A payment transaction may be authorised by a payer either—

(a) prior to, or

(b) where agreed between the payer and the payment service provider, after,

the execution of the payment transaction.

(3) Consent to execute a payment transaction or a series of payment transactions shall be given in the form agreed between the payer and the payment service provider concerned.

(4) Consent to execute a payment transaction may be given via a payee or a payment initiation service provider.

(5) Consent may be withdrawn by a payer until such time as the payment order concerned is irrevocable under Regulation 104.

(6) Consent to execute a series of payment transactions may be withdrawn by a payer, in which case a payment transaction scheduled to be executed after the date the consent is withdrawn shall be unauthorised.

(7) The procedure for giving consent shall be agreed between the payer and the payment service provider concerned.

Confirmation on the availability of funds

89. (1) An account servicing payment service provider shall, upon the request of a payment service provider issuing card-based payment instruments, immediately confirm whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer concerned, where all of the following conditions are met:

(a) the payment account of the payer is accessible online at the time of the request;

(b) the payer has given explicit consent to the account servicing payment service provider to respond to requests from a specific payment service provider to confirm that the amount corresponding to a particular card-based payment transaction is available on the payer’s payment account;

(c) the consent referred to in subparagraph (b) has been given before the first request for confirmation is made.

(2) A payment service provider issuing card-based payment instruments may request the confirmation referred to in paragraph (1) where all of the following conditions are met:

(a) the payer concerned has given explicit consent to the payment service provider to request the confirmation referred to in paragraph (1) ;

(b) the payer concerned has initiated the card-based payment transaction for the amount in question using a card-based payment instrument issued by the payment service provider;

(c) the payment service provider authenticates itself to the account servicing payment service provider concerned before each confirmation request, and securely communicates with the account servicing payment service provider in accordance with the regulatory technical standards specifying the requirements referred to in point (d) of Article 98(1) of the Payment Services Directive.

(3) The confirmation referred to in paragraph (1) shall consist of a simple ‘yes’ or ‘no’ answer only and not of a statement of the account balance.

(4) The payment service provider concerned shall not—

(a) store the confirmation referred to in paragraph (1), or

(b) use the confirmation referred to in paragraph (1) for purposes other than for the execution of the card-based payment transaction concerned.

(5) The confirmation referred to in paragraph (1) shall not be used by the account servicing payment service provider concerned as a reason for the blocking of funds on the payer’s payment account.

(6) A payer may request an account servicing payment service provider to communicate to the payer the identification of the payment service provider concerned and the confirmation provided in accordance with paragraph (1) .

(7) This Regulation does not apply to payment transactions initiated through card-based payment instruments on which electronic money, as defined in point (2) of Article 2 of Directive 2009/110/EC, is stored.

(8) This Regulation does not apply where the payment service provider is a credit union.

Rules on access to payment account in the case of payment initiation services

90. (1) A payer shall have the right to use a payment initiation service provider to obtain payment services as referred to in paragraph 7 of the Schedule.

(2) The right referred to in paragraph (1) shall not apply where the payment account concerned is not accessible online.

(3) Where a payer gives its explicit consent for a payment to be executed in accordance with Regulation 88, the account servicing payment service provider shall perform the actions specified in paragraph (5) in order to ensure the payer’s right to use the payment initiation service.

(4) A payment initiation service provider shall—

(a) not, at any time, hold a payer’s funds in connection with the provision of a payment initiation service,

(b) ensure that the personalised security credentials of a payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that they are transmitted by the payment initiation service provider by safe and efficient means,

(c) ensure that any other information about a payment service user, obtained when providing payment initiation services, is only provided to the payee concerned and only with the payment service user’s explicit consent,

(d) on each occasion that a payment is initiated, identify itself to the account servicing payment service provider of a payer and communicate with the account servicing payment service provider, the payer and the payee concerned in a secure way, in accordance with the regulatory technical standards specifying the requirements referred to in point (d) of Article 98(1) of the Payment Services Directive,

(e) not store sensitive payment data of a payment service user,

(f) not request from a payment service user any data other than those necessary to provide the payment initiation service concerned,

(g) not use, access or store any data for purposes other than for the provision of the payment initiation service concerned as explicitly requested by a payer, and

(h) not modify the amount, the payee or any other feature of a transaction.

(5) An account servicing payment service provider shall—

(a) communicate securely with a payment initiation service provider in accordance with the regulatory technical standards specifying the requirements referred to in point (d) of Article 98(1) of the Payment Services Directive,

(b) immediately after receipt of a payment order from a payment initiation service provider, provide or make available all information on the initiation of the payment transaction concerned and all information accessible to the account servicing payment service provider concerned regarding the execution of the payment transaction to the payment initiation service provider, and

(c) not discriminate between payment orders transmitted through the services of a payment initiation service provider, in particular as regards timing, priority or charges in respect of payment orders transmitted directly by the payer, unless there are objective reasons for such discrimination.

(6) The provision of a payment initiation service shall not be dependent on the existence of a contractual relationship between a payment initiation service provider and an account servicing payment service provider for that purpose.

(7) This Regulation does not apply where the payment service provider is a credit union.

Rules on access to and use of payment account information in the case of account information services

91. (1) A payment service user has the right to make use of services enabling access to account information referred to in paragraph 8 of the Schedule.

(2) The right referred to in paragraph (1) shall not apply where the payment account is not accessible online.

(3) An account information service provider shall—

(a) provide services only where a payment service user has given his or her explicit consent thereto,

(b) ensure that the personalised security credentials of a payment service user—

(i) are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties, and

(ii) are transmitted by the account information service provider by safe and efficient means,

(c) for each communication session, identify itself to the account servicing payment service provider of the payment service user concerned and securely communicate with the account servicing payment service provider and the payment service user, in accordance with the regulatory technical standards specifying the requirements referred to in point (d) of Article 98(1) of the Payment Services Directive,

(d) access information from payment accounts and associated payment transactions only in accordance with the explicit consent of the payment service user concerned,

(e) not request sensitive payment data linked to the payment accounts of a payment service user, and

(f) not use, access or store any data for purposes other than the performance of the account information service explicitly requested by a payment service user, in accordance with data protection rules.

(4) An account servicing payment service provider shall, in respect of payment accounts—

(a) communicate securely with an account information service provider in accordance with the regulatory technical standards specifying the requirements referred to in point (d) of Article 98(1) of the Payment Services Directive, and

(b) not discriminate against data requests transmitted through the services of an account information service provider, unless there are objective reasons for so doing.

(5) The provision of account information services shall not be dependent on the existence of a contractual relationship between an account information service provider and an account servicing payment service provider for that purpose.

(6) This Regulation does not apply where the payment service provider is a credit union.

Limits of the use of the payment instrument and of the access to payment accounts by payment service providers

92. (1) Where a specific payment instrument is used for the purposes of giving consent, the payer concerned and the payer’s payment service provider may agree on spending limits for payment transactions executed through that payment instrument.

(2) If agreed in a framework contract, the payment service provider concerned may reserve the right to block a payment instrument for objectively justified reasons relating to—

(a) the security of the payment instrument,

(b) the suspicion of unauthorised or fraudulent use of the payment instrument, or

(c) in the case of a payment instrument with a credit line, a significantly increased risk that the payer concerned may be unable to fulfil its liability to pay.

(3) Where a payment instrument is blocked in accordance with paragraph (2), the payment service provider concerned shall inform the payer concerned in an agreed manner of the blocking of the payment instrument and the reasons for it, where possible, before the payment instrument is blocked and at the latest immediately after it is blocked, unless providing such information would compromise objectively justified security measures or is unlawful.

(4) Where a payment instrument is blocked in accordance with paragraph (2), the payment service provider concerned shall unblock the payment instrument or replace the instrument with a new payment instrument as soon as the reasons for blocking no longer apply.

(5) An account servicing payment service provider may deny an account information service provider or a payment initiation service provider access to a payment account for objectively justified and duly evidenced reasons relating to unauthorised or fraudulent access to the payment account by that account information service provider or that payment initiation service provider, including the unauthorised or fraudulent initiation of a payment transaction.

(6) Where access to a payment account is denied by an account servicing payment service provider in accordance with paragraph (5), the account servicing payment service provider shall inform the payer concerned—

(a) that access to the payment account is denied, and

(b) the reasons why access has been denied,

in the form agreed.

(7) An account servicing payment service provider shall provide the information referred to in paragraph (6) to the payer concerned, where possible, before access is denied and at the latest immediately after access is denied, unless providing such information would compromise objectively justified security measures or is unlawful.

(8) Where access to a payment account is denied by an account servicing payment service provider in accordance with paragraph (5), the account servicing payment service provider shall allow access to the payment account as soon as the reasons for denying access no longer apply.

(9) Where access to a payment account is denied by an account servicing payment service provider in accordance with paragraph (5), the account servicing payment service provider shall immediately report this to the Bank, including the reasons for denying access and other relevant details.

(10) Where the Bank receives a report in accordance with paragraph (9), it shall assess the information received and shall, if necessary, take such measures, available to it under this or any other law of the State, as it considers appropriate in the circumstances.

Obligations of the payment service user in relation to payment instruments and personalised security credentials

93. (1) A payment service user entitled to use a payment instrument shall—

(a) use the payment instrument in accordance with the terms governing the issue and use of the payment instrument, which must be objective, non-discriminatory and proportionate, and

(b) notify the payment service provider concerned, or an entity specified by the latter for that purpose, without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument.

(2) For the purposes of paragraph (1) (a), the payment service user concerned shall, in particular, as soon as it is in receipt of a payment instrument, take all reasonable steps to keep its personalised security credentials safe.

Obligations of the payment service provider in relation to payment instruments

94. (1) A payment service provider issuing a payment instrument shall—

(a) ensure that the personalised security credentials of the payment instrument are not accessible to parties other than the payment service user that is entitled to use the payment instrument,

(b) refrain from sending an unsolicited payment instrument, except where a payment instrument already given to a payment service user is to be replaced,

(c) ensure that appropriate means are available at all times to enable the payment service user concerned to make a notification pursuant to Regulation 93(1) (b) or to request the unblocking of a payment instrument pursuant to Regulation 92(4),

(d) on request, provide the payment service user concerned with the means to prove, for 18 months after notification, that the payment service user made a notification referred to in subparagraph (c),

(e) provide the payment service user concerned with an option to make a notification pursuant to Regulation 93(1) (b) free of charge and charge, if at all, only replacement costs directly attributed to the payment instrument,

(f) prevent all use of the payment instrument concerned once notification pursuant to Regulation 93(1) (b) has been made.

(2) A payment service provider shall bear the risk of sending a payment instrument or any personalised security credentials relating to it to a payment service user.

(3) Paragraph (1) (a) is without prejudice to the obligations of the payment service user concerned under Regulation 93.

Notification and rectification of unauthorised or incorrectly executed payment transactions

95. (1) A payment service user is entitled to rectification of an unauthorised or incorrectly executed payment transaction from a payment service provider only where the payment service user notifies the payment service provider without undue delay on becoming aware of any such transaction giving rise to a claim, including a claim under Regulation 112, and no later than 13 months after the debit date.

(2) The time limit for notification under paragraph (1) does not apply where the payment service provider concerned has failed to provide or make available the information on the payment transaction in accordance with Part 3.

(3) Where a payment initiation service provider is involved in an unauthorised or incorrectly executed payment transaction, the payment service user concerned shall obtain rectification from the account servicing payment service provider concerned pursuant to paragraph (1), without prejudice to Regulation 97(2) and (3) and Regulation 112(1) to (8).

Evidence on authentication and execution of payment transactions

96. (1) Where a payment service user denies having authorised an executed payment transaction or claims that the payment transaction was not correctly executed, the burden shall be on the payment service provider concerned to prove that the payment transaction was authenticated, accurately recorded, entered in the accounts and not affected by a technical breakdown or some other deficiency of the service provided by the payment service provider.

(2) Where a payment transaction is initiated through a payment initiation service provider, the burden shall be on the payment initiation service provider to prove that within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge.

(3) Where a payment service user denies having authorised an executed payment transaction, the use of a payment instrument recorded by the payment service provider, including a payment initiation service provider as appropriate, shall in itself not necessarily be sufficient to prove either that the payment transaction was authorised by the payer or that the payer acted fraudulently or failed with intent or gross negligence to fulfil one or more of the obligations under Regulation 93.

(4) A payment service provider, including, where appropriate, a payment initiation service provider, shall provide supporting evidence to prove fraud or gross negligence on the part of a payment service user.

Payment service provider’s liability for unauthorised payment transactions

97.(1) Notwithstanding Regulation 95 and subject to paragraph (2), where a payment transaction is not authorised, the payer’s payment service provider shall—

(a) refund the payer the amount of the unauthorised payment transaction immediately, and in any event not later than the end of the business day immediately following the date that the payer’s payment service provider notes or is notified of the transaction, except where the payer’s payment service provider has reasonable grounds for suspecting fraud and communicates those grounds to the relevant national authority in writing,

(b) where applicable, restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place, and

(c) ensure that the credit value date for the payer’s payment account shall be no later than the date the amount was debited.

(2) Where a payment transaction is not authorised and the payment transaction is initiated through a payment initiation service provider, the account servicing payment service provider concerned shall refund immediately, and in any event no later than by the end of the business day immediately following the date that the account servicing payment service provider notes or is notified of the transaction, the amount of the unauthorised payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place.

(3) Where a payment initiation service provider is liable for an unauthorised payment transaction in respect of which an account servicing payment service provider has issued a refund in accordance with paragraph (2), the payment initiation service provider shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer concerned, including the amount of the unauthorised payment transaction.

(4) This Regulation does not affect any other right that the payer concerned may have to obtain compensation (including damages).

Payer’s liability for unauthorised payment transactions

98. (1) Notwithstanding Regulation 97 and subject to paragraph (3), a payer shall bear the losses relating to any unauthorised payment transactions, up to a maximum of €50, resulting from the use of a lost or stolen payment instrument or from the misappropriation of a payment instrument.

(2) Paragraph (1) shall not apply where—

(a) the loss, theft or misappropriation of a payment instrument was not detectable to the payer prior to a payment, except where the payer has acted fraudulently, or

(b) the loss was caused by an act or omission of an employee, agent or branch of a payment service provider or of an entity to which its activities were outsourced.

(3) Notwithstanding Regulation 97, a payer shall bear all of the losses relating to an unauthorised payment transaction where the losses were incurred by the payer—

(a) acting fraudulently, or

(b) failing to comply with its obligations under Regulation 93 either intentionally or as a result of gross negligence on its part.

(4) Where a payer’s payment service provider does not require strong customer authentication, the payer shall not bear any financial losses relating to an unauthorised payment transaction unless the payer has acted fraudulently.

(5) Where a payee or the payment service provider of the payee fails to accept strong customer authentication, it shall refund the financial damage relating to an unauthorised payment transaction caused to the payer’s payment service provider.

(6) A payer shall not bear any financial consequences resulting from use of a lost, stolen or misappropriated payment instrument after notification in accordance with Regulation 93(1) (b), except where the payer has acted fraudulently.

(7) Where a payment service provider does not provide appropriate means for the notification at all times of a lost, stolen or misappropriated payment instrument, as required under Regulation 94(1) (c), the payer shall not be liable for the financial consequences resulting from the use of that payment instrument, except where the payer has acted fraudulently.

Payment transactions where the transaction amount is not known in advance

99. (1) Where a payment transaction is initiated by or through a payee in the context of a card-based payment transaction and the exact amount is not known at the moment when the payer gives consent to execute the payment transaction, the payer’s payment service provider may block funds on the payer’s payment account only if the payer has given consent to the exact amount of the funds to be blocked.

(2) The payer’s payment service provider shall release the funds blocked on the payer’s payment account under paragraph (1) without undue delay after receipt of information about the exact amount of the payment transaction and at the latest immediately after receipt of the payment order.

Refunds for payment transactions initiated by or through a payee

100. (1) A payer is entitled to a refund from the payment service provider concerned of an authorised payment transaction which was initiated by or through a payee and which has already been executed, where both of the following conditions are satisfied:

(a) the authorisation did not specify the exact amount of the payment transaction when the authorisation was made;

(b) the amount of the payment transaction exceeded the amount the payer could reasonably have expected taking into account the previous spending pattern, the conditions in the framework contract concerned and any other relevant circumstances.

(2) At the payment service provider’s request, a payer shall bear the burden of proving the conditions referred to in paragraph (1) are satisfied.

(3) A refund under paragraph (1) shall be of the full amount of the executed payment transaction.

(4) The credit value date for the payment account of a payer refunded under paragraph (1) shall be no later than the date the amount was debited.

(5) Without prejudice to paragraph (7), in addition to the rights referred to in paragraphs (1) to (4), for direct debits as referred to in Article 1 of Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 201218 , a payer has an unconditional right to a refund within the time limits laid down in Regulation 101.

(6) For the purposes of paragraph (1) (b), a payer shall not rely on reasons relating to currency exchange if the reference exchange rate agreed with its payment service provider in accordance with Regulation 69(1) (d) and Regulation 76(c) (ii) was applied.

(7) A payer and a payment service provider may agree in a framework contract that the payer has no right to a refund where—

(a) the payer has given consent to execute the payment transaction directly to the payment service provider, and

(b) where applicable, information on the future payment transaction was provided or made available in an agreed manner by the payment service provider or the payee to the payer not less than 4 weeks before the due date.

Requests for refunds for payment transactions initiated by or through a payee

101. (1) A payer may request a refund under Regulation 100 up to 8 weeks from the date on which the funds concerned were debited.

(2) Within 10 business days of receiving a request for a refund, a payment service provider shall either refund the full amount of the payment transaction or provide reasons for refusing the refund and indicate the bodies to which the payer may refer the matter in accordance with Regulations 121, 124 and 125 if the payer does not accept the reasons provided.

(3) A payment service provider’s right to refuse a refund under paragraph (2) shall not apply where a payer has a right to a refund in accordance with Regulation 100(5).

Chapter 3

Execution of payment transactions

Receipt of payment orders

102. (1) The time of receipt of a payment order by the payment service provider of the payer concerned is when the payment order is received by the payment service provider.

(2) A payment service provider shall not debit the account of the payer concerned prior to receipt of a payment order.

(3) Where the time of receipt of a payment order is not on a business day for the payment service provider of the payer concerned, the payment order shall be deemed to have been received on the following business day.

(4) A payment service provider may establish a cut-off time near the end of a business day beyond which any payment order received shall be deemed to have been received on the following business day.

(5) Where a payment service user initiating a payment order agrees with the payment service provider concerned that execution of the payment order shall start—

(a) on a specific day,

(b) at the end of a certain period, or

(c) on the day on which the payer has put funds at the payment service provider’s disposal,

the time of receipt for the purposes of Regulation 107 is deemed to be the day agreed upon.

(6) Where the day agreed in accordance with paragraph (5) is not a business day for the payment service provider, the payment order shall be deemed to have been received on the following business day.

Refusal of payment orders

103. (1) Where a payment service provider refuses to execute a payment order or to initiate a payment transaction, the refusal and, if possible, the reasons for it and the procedure for correcting any factual mistakes that led to the refusal shall be notified to the payment service user, unless prohibited by law.

(2) A payment service provider shall provide or make available the notification referred to in paragraph (1) in an agreed manner at the earliest opportunity, and in any case, within the periods specified in Regulation 107.

(3) A framework contract may include a condition that the payment service provider concerned may charge a reasonable fee for a refusal referred to in paragraph (1) if the refusal is objectively justified.

(4) Where all of the conditions set out in a payer’s framework contract are satisfied, the payer’s account servicing payment service provider shall not refuse to execute an authorised payment order irrespective of whether the payment order is initiated by a payer, including through a payment initiation service provider, or by or through a payee, unless prohibited by law.

(5) For the purposes of Regulations 107 and 112 a payment order for which execution has been refused shall be deemed not to have been received.

Irrevocability of a payment order

104. (1) Subject to paragraphs (2) to (6), a payment service user shall not revoke a payment order after it has been received by the payer’s payment service provider.

(2) Where a payment transaction is initiated by a payment initiation service provider or by or through a payee, the payer concerned shall not revoke the payment order concerned after the payer has given consent—

(a) to the payment initiation service provider to initiate the payment transaction, or

(b) to the payee to execute the payment transaction.

(3) In the case of a direct debit and without prejudice to any right to a refund, a payer may revoke the relevant payment order at the latest by the end of the business day preceding the day agreed for debiting the funds.

(4) Where Regulation 102(5) applies, the payment service user concerned may revoke a payment order at the latest by the end of the business day preceding the day agreed under that paragraph.

(5) A payment order may only be revoked—

(a) in a case in which a time limit specified in paragraphs (1) to (4) has been exceeded, but neither paragraph (2) nor paragraph (3) applies, where the payment service user and the relevant payment service provider agree to its revocation, or

(b) in a case in which a time limit specified in paragraphs (1) to (4) has been exceeded and paragraph (2) or (3) applies, where the payment service user, the relevant payment service provider and the relevant payee agree to its revocation.

(6) If agreed in a framework contract, the relevant payment service provider may charge for revocation.

Amounts transferred and amounts received

105. (1) Subject to paragraph (2), in the execution of a payment transaction, the payment service provider of the payer concerned, the payment service provider of the payee concerned and any intermediaries of the payment service providers shall transfer the full amount of the payment transaction and shall not deduct charges from the amount transferred.

(2) A payee and a payment service provider may agree that the payment service provider may deduct its charges from the amount transferred before crediting it to the payee, in which case the full amount of the payment transaction and charges shall be separated in the information given to the payee.

(3) Where any charges other than those referred to in paragraph (2) are deducted from an amount transferred, the payment service provider of the payer concerned shall ensure that the payee concerned receives the full amount of the payment transaction initiated by the payer.

(4) Where a payment transaction is initiated by or through a payee, the payment service provider of the payee shall ensure that the full amount of the payment transaction is received by the payee.

Scope of Regulations 107 to 110

106. (1) Regulations 107 to 110 apply to—

(a) payment transactions in euro, and

(b) payment transactions involving only one currency conversion between the euro and the currency of a Member State outside the euro area, where—

(i) the required currency conversion is carried out in that Member State, and

(ii) in the case of a cross-border payment transaction, the cross-border transfer takes place in euro.

(2) Regulations 107 to 109 apply to payment transactions not referred to in paragraph (1), unless otherwise agreed between the payment service user and the payment service provider.

(3) Where, in the case of a payment transaction not referred to in paragraph (1) which is an intra-Union payment transaction, the payment service user and the payment service provider agree a period longer than that set out in Regulation 107, that period shall not exceed 4 business days following the time of receipt as referred to in Regulation 102.

(4) Regulation 110 applies to payment transactions not referred to in paragraph (1) .

Payment transactions to a payment account

107. (1) Subject to paragraph (2), a payer’s payment service provider shall ensure that after the time of receipt referred to in Regulation 102 the amount of the payment transaction will be credited to the payee’s payment service provider’s account by the end of the following business day.

(2) The time limit referred to in paragraph (1) is extended by a further business day for paper-initiated payment transactions.

(3) The payment service provider of a payee shall value date and make available the amount of the payment transaction to the payee’s payment account after the payment service provider has received the funds in accordance with Regulation 110.

(4) A payee’s payment service provider shall transmit a payment order initiated by or through the payee to the payer’s payment service provider within the time limits agreed between the payee and the payment service provider, so as to enable settlement, as far as direct debit is concerned, on the agreed due date.

Absence of payee’s payment account with the payment service provider

108. Where a payee does not have a payment account with a payment service provider, a payment service provider who receives funds for the payee shall make the funds available to the payee within the time limit specified in Regulation 107.

Cash placed on a payment account

109. (1) Where a payment service user that is a consumer places cash on a payment account with a payment service provider in the currency of that payment account, the payment service provider shall ensure that the amount is made available and value dated immediately after receipt of the funds.

(2) Where a payment service user that is not a consumer places cash on a payment account with a payment service provider in the currency of that payment account, the amount shall be made available and value dated not later than the following business day after receipt of the funds.

Value date and availability of funds

110. (1) The credit value date for a payee’s payment account shall not be later than the business day on which the amount of the payment transaction is credited to the payee’s payment service provider’s account.

(2) The payment service provider of a payee shall ensure that the amount of a payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account where, on the part of the payee’s payment service provider, there is—

(a) no currency conversion,

(b) a currency conversion between the euro and a Member State currency, or

(c) a currency conversion between two Member State currencies.

(3) Paragraph (2) shall also apply to payments within one payment service provider.

(4) The debit value date for a payer’s payment account shall not be earlier than the time at which the amount of the payment transaction is debited to that payment account.

Incorrect unique identifiers

111. (1) Where a payment order is executed in accordance with a unique identifier, the payment order shall be deemed to have been executed correctly where payment is made to the payee specified by the unique identifier.

(2) Where the unique identifier provided by a payment service user is not the unique identifier of the person to whom payment was intended to be made, the payment service provider concerned shall not be liable under Regulation 112 for non-execution or defective execution of the payment transaction concerned.

(3) Where the unique identifier provided by a payment service user is not the unique identifier of the person to whom payment was intended to be made—

(a) the payer’s payment service provider shall make reasonable efforts to recover the funds involved in the payment transaction, and

(b) the payee’s payment service provider shall cooperate in those efforts by communicating to the payer’s payment service provider all relevant information for the collection of funds.

(4) Where the recovery of funds in accordance with paragraph (3) is not possible, the payer’s payment service provider shall provide to the payer, upon written request, all information available to the payer’s payment service provider and relevant to the payer in order for the payer to issue proceedings for the recovery of the funds.

(5) Where agreed in the framework contract concerned, a payment service provider may charge the payment service user for recovery of funds.

(6) Where a payment service user provides information in addition to that specified in Regulation 69(1) (a) or Regulation 76(b) (ii), the payment service provider shall be liable only for the execution of payment transactions in accordance with the unique identifier provided by the payment service user.

Payment service providers’ liability for non-execution, defective or late execution of payment transactions

112. (1) Where a payment order is initiated directly by a payer, the payer’s payment service provider shall, without prejudice to Regulations 95, 111(2), (3) and (4), and 116, be liable to the payer for correct execution of the payment transaction, unless the payer’s payment service provider can prove to the payer and, where relevant, to the payee’s payment service provider that the payee’s payment service provider received the amount of the payment transaction in accordance with Regulation 107(1) and (2).

(2) Where, in accordance with paragraph (1), the payer’s payment service provider can prove to the payer and, where relevant, to the payee’s payment service provider that the payee’s payment service provider received the amount of the payment transaction in accordance with Regulation 107(1) and (2), the payee’s payment service provider shall be liable to the payee for the correct execution of the payment transaction.

(3) Where a payer’s payment service provider is liable under paragraph (1), it shall, without undue delay, refund to the payer the amount of a non-executed or defective payment transaction, and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.

(4) Where a payer’s payment service provider refunds a payer in accordance with paragraph (3), the credit value date for the payer’s payment account shall be no later than the date on which the amount was debited.

(5) Where a payee’s payment service provider is liable under paragraph (2), it shall immediately place the amount of the payment transaction at the payee’s disposal and, where applicable, credit the corresponding amount to the payee’s payment account.

(6) Where a payee’s payment account is credited in accordance with paragraph (5), the credit value date for the payee’s payment account shall be no later than the date on which the amount would have been value dated, had the transaction been correctly executed in accordance with Regulation 110.

(7) Where a payment transaction is executed late, the payee’s payment service provider shall ensure, upon the request of the payer’s payment service provider acting on behalf of the payer, that the credit value date for the payee’s payment account is no later than the date the amount would have been value dated had the transaction been correctly executed.

(8) In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by the payer, the payer’s payment service provider shall, regardless of liability under paragraphs (1) to (7) and free of charge for the payer, on request, make immediate efforts to trace the payment transaction and notify the payer of the outcome.

(9) Where a payment order is initiated by or through a payee, the payee’s payment service provider shall, without prejudice to Regulations 95, 111(2), (3) and (4), and 116, be liable to the payee for correct transmission of the payment order to the payment service provider of the payer in accordance with Regulation 107(4).

(10) Where a payee’s payment service provider is liable under paragraph (1), it shall immediately re-transmit the payment order in question to the payment service provider of the payer.

(11) In the case of a late transmission of a payment order, the amount of the payment order shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.

(12) The payment service provider of a payee shall, without prejudice to Regulations 95, 111(2), (3) and (4), and 116, be liable to the payee for handling the payment transaction in accordance with its obligations under Regulation 110.

(13) Where a payee’s payment service provider is liable under paragraph (12), it shall ensure that the amount of the payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account.

(14) Where the amount of a payment transaction is put at the payee’s disposal in accordance with paragraph (13), the amount shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.

(15) In the case of a non-executed or defectively executed payment transaction for which a payee’s payment service provider is not liable under paragraph (9), (10) or (11), the payer’s payment service provider shall be liable to the payer concerned.

(16) Where a payer’s payment service provider is liable under paragraph (15), the payment service provider shall, as appropriate and without undue delay, refund to the payer the amount of the non-executed or defective payment transaction and restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.

(17) Where a payer’s payment service provider refunds a payer in accordance with paragraph (16), the credit value date for the payer’s payment account shall be no later than the date on which the amount was debited.

(18) The obligation under paragraph (16) shall not apply to the payer’s payment service provider where the payer’s payment service provider proves that the payee’s payment service provider has received the amount of the payment transaction, including where execution of the payment transaction has been delayed.

(19) Where paragraph (18) applies, the payee’s payment service provider shall value date the amount on the payee’s payment account no later than the date the amount would have been value dated had it been executed correctly.

(20) In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by or through a payee, the payee’s payment service provider shall, regardless of liability under paragraphs (9) to (19) and free of charge for the payee, on request, make immediate efforts to trace the payment transaction and notify the payee of the outcome.

(21) A payment service provider shall be liable to its payment service user for any charges for which the payment service user is responsible, and for any interest to which the payment service user is subject as a consequence of non-execution or defective, including late, execution of the payment transaction.

Liability in the case of payment initiation services for non-execution, defective or late execution of payment transactions

113. (1) Where a payment order is initiated by a payer through a payment initiation service provider, the account servicing payment service provider concerned shall, without prejudice to Regulations 95 and 111(2), (3) and (4), refund to the payer the amount of a non-executed or defective payment transaction and, where applicable, restore the debited payment account concerned to the state in which it would have been had the defective payment transaction not taken place.

(2) Where a payment order is initiated by a payer through a payment initiation service provider, the burden shall be on the payment initiation service provider to prove—

(a) that the payment order was received by the payer’s account servicing payment service provider in accordance with Regulation 102, and

(b) to the extent that it is within the sphere of competence of the payer’s payment initiation service provider, that the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the non-execution, defective or late execution of the transaction.

(3) Where a payment initiation service provider is liable for the non-execution, defective or late execution of a payment transaction, it shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer concerned.

Additional financial compensation

114. Any financial compensation additional to that provided for under Regulations 111 to 116 may be determined in accordance with the law applicable to the contract concluded between the payment service user and the payment service provider.

Right of recourse

115. (1) Where the liability of a payment service provider under Regulation 97 or 112 is attributable to another payment service provider or to an intermediary, that payment service provider or intermediary, as the case may be, shall compensate the first-mentioned payment service provider for any losses incurred or sums paid under Regulation 97 or 112, including where any of the payment service providers concerned fail to use strong customer authentication.

(2) Financial compensation in addition to that provided for under paragraph (1) may be determined in accordance with an agreement between the payment service providers concerned or the payment service provider and intermediary concerned, as the case may be, and the law applicable to that agreement.

Abnormal and unforeseeable circumstances

116. A person shall not be liable under Chapter 2 or 3 of this Part—

(a) where, but for this Regulation, the person’s liability would have resulted from abnormal and unforeseeable circumstances beyond that person’s control, the consequences of which could not have been avoided by it, or

(b) where the person is a payment service provider, they are subject to other legal obligations under Union law or the law of the State.

Chapter 4

Data protection

Data protection

117. (1) A payment system or payment service provider may process personal data where this is necessary to safeguard the prevention, investigation and detection of payment fraud.

(2) The provision of information to individuals about the processing of personal data and the processing of such personal data and any other processing of personal data for the purposes of these Regulations shall be in accordance with—

(a) prior to the date of application of the General Data Protection Regulation, the Data Protection Acts 1988 and 2003, and

(b) after that date—

(i) the General Data Protection Regulation, and

(ii) the law of the State giving further effect to the General Data Protection Regulation.

(3) A payment service provider shall only access, process and retain personal data necessary for the provision of its payment services, with the explicit consent of the payment service user concerned.

Chapter 5

Operational and security risks and authentication

Management of operational and security risks

118. (1) A payment service provider shall establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services that it provides.

(2) As part of the framework referred to in paragraph (1), a payment service provider shall establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.

(3) A payment service provider shall provide to the Bank on an annual basis, or at shorter intervals as determined by the Bank, an updated and comprehensive assessment of—

(a) the operational and security risks relating to the payment services provided by the payment service provider, and

(b) the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.

Incident reporting

119. (1) Where a major operational or security incident occurs, a payment service provider shall, without undue delay, notify the competent authority of its home Member State.

(2) Where an incident to which paragraph (1) applies has or may have an impact on the financial interests of the payment service users of the payment service provider concerned, the payment service provider shall, without undue delay, inform its payment service users of the incident and of all measures that those users can take to mitigate the adverse effects of the incident.

(3) The Bank shall, following receipt of a notification referred to in paragraph (1), without undue delay, provide the relevant details of the incident to the European Banking Authority and to the European Central Bank.

(4) The Bank shall, following receipt of a notification referred to in paragraph (1) and after assessing the relevance of the incident concerned to relevant authorities of the State, notify those authorities accordingly.

(5) Where the Bank receives a notification from the European Central Bank under Article 96 of the Payment Services Directive, the Bank shall, on the basis of that notification, where appropriate, take all of the necessary measures to protect the immediate safety of the financial system.

(6) A payment service provider shall provide, at least on an annual basis, statistical data on fraud relating to different means of payment to the competent authority of its home Member State.

(7) The Bank shall provide to the European Banking Authority and the European Central Bank, in an aggregated form, data received under paragraph (6).

Authentication

120. (1) A payment service provider shall apply strong customer authentication where a payer—

(a) accesses its payment account online,

(b) initiates an electronic payment transaction, or

(c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

(2) Where a payer initiates an electronic remote payment transaction, a payment service provider shall apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.

(3) Where paragraph (1) applies, a payment service provider shall have in place adequate security measures to protect the confidentiality and integrity of the personalised security credentials of the payment service user concerned.

(4) Paragraphs (2) and (3) also apply where a payment is initiated through a payment initiation service provider.

(5) Paragraphs (1) and (3) also apply where information is requested through an account information service provider.

(6) An account servicing payment service provider shall permit a payment initiation service provider and an account information service provider to rely on the authentication procedures provided by the account servicing payment service provider to the payment service user in accordance with paragraphs (1) and (3) and, where the payment initiation service provider is involved, in accordance with paragraphs (1), (2) and (3).

Chapter 6

Infringements, supervision, dispute resolution and enforcement

Reporting of infringements

121. (1) The Bank shall establish a procedure to allow payment service users and other interested parties including consumer associations, to submit reports to the Bank with regard to alleged infringements of these Regulations by payment service providers.

(2) Where appropriate and without prejudice to any right to bring proceedings before a court, the reply from the Bank to a report submitted to it with regard to an alleged infringement of these Regulations by a payment service provider shall inform the person submitting the report of the existence of the alternative dispute resolution procedures set up in accordance with Regulation 125.

Supervision

122. The Bank may—

(a) require a payment service provider to provide any information needed to monitor the institution’s compliance with these Regulations,

(b) carry out on-site inspections at—

(i) the premises of a payment service provider,

(ii) any agent or branch providing payment services under the responsibility of a payment service provider,

(iii) the premises of any entity to which a payment service provider’s activities are outsourced, and

(iv) any premises at which payment services are, or are suspected of being conducted, and

(c) issue recommendations, guidelines, policy statements and codes of practice.

Bank’s power to give directions

123. (1) If the Bank considers it necessary to do so in the interests of the proper and orderly supervision of payment services, the Bank may give a direction in writing to—

(a) a payment institution,

(b) another person registered to provide payment services, or

(c) any other person involved in or connected with the provision of a payment service,

in the State.

(2) A direction under paragraph (1) —

(a) takes effect on the date, or on the occurrence of the event, specified in the direction for the purpose, and

(b) ceases to have effect on the earlier of—

(i) the date, or the occurrence of the event, specified in the direction for the purpose, or

(ii) the expiration of the period of 12 months immediately following the day on which it took effect.

(3) If a direction under this Regulation has not been complied with or is unlikely to be complied with, the Bank may apply to the court in a summary manner for such order as the court thinks appropriate by way of enforcement of the direction.

Dispute resolution

124. (1) A payment service provider shall put in place and apply adequate and effective complaint resolution procedures for the settlement of complaints of payment service users concerning the rights and obligations arising under Parts 3 and 4.

(2) A complaint resolution procedure referred to in paragraph (1) which applies in the State shall be available in Irish or English or, where another language is agreed between a payment service provider and a payment service user, that language.

(3) A payment service provider shall make every possible effort to reply, on paper or, if agreed between the payment service provider and a payment service user, on another durable medium, to the payment service users’ complaints.

(4) A reply from a payment service provider to a complaint from a payment service user shall address all points raised in the complaint, within an adequate timeframe and at the latest within 15 business days of receipt of the complaint.

(5) Where, in an exceptional situation, a payment service provider is unable to comply with paragraph (4) for reasons beyond the control of the payment service provider, the payment service provider shall send a reply to the payment service user clearly indicating the reasons for a delay in answering the complaint and specifying the deadline by which the payment service user will receive a reply in compliance with paragraph (4).

(6) Where, in an exceptional situation, a payment service provider is unable to comply with paragraph (4) for reasons beyond the control of the payment service provider, the payment service provider shall send a final reply to the payment service user concerned, addressing all points raised in the complaint, at the latest within 35 business days of receipt of the complaint.

(7) Notwithstanding paragraphs (3) to (6), where the Bank introduces or maintains rules on dispute resolution procedures that are applicable to the complaint and parties concerned and more advantageous to the payment service user than the obligations specified in those paragraphs, those rules shall apply in place of paragraphs (3) to (6).

(8) Where the Bank has not introduced or maintained rules on dispute resolution procedures that are applicable to the complaint, paragraphs (3) to (6) will not apply in a case in which—

(a) the complaint has been resolved to the complainant’s satisfaction within five business days of receipt of the complaint, and

(b) a record of the resolution of the complaint to the satisfaction of the complainant is maintained by the payment service provider.

(9) A payment service provider shall inform a payment service user of at least one ADR entity which is competent to deal with disputes concerning the rights and obligations arising under Parts 3 and 4.

(10) A payment service provider shall—

(a) provide the information referred to in paragraph (9), and

(b) inform the payment service user how further information on the ADR entity concerned and on the conditions for using it can be accessed,

in a clear, comprehensive and easily accessible way on the website of the payment service provider concerned, where one exists, at the branch, and in the general terms and conditions of the contract between the payment service provider and the payment service user.

(11) A reference in paragraph (9) or (10) to an ADR entity includes, where applicable, a reference to the Financial Services and Pensions Ombudsman.

Alternative dispute resolution procedures

125. (1) The Financial Services and Pensions Ombudsman has jurisdiction over the settlement of disputes between payment service users (being payment service users that are consumers or the operators of undertakings that were at the relevant time micro enterprises) and payment service providers concerning rights and obligations arising under these Regulations.

(2) The Financial Services and Pensions Ombudsman shall cooperate effectively in the resolution of cross-border disputes concerning the rights and obligations arising under Parts 3 and 4.

Offence — operation as a payment institution without authorisation, etc.

126. A person who contravenes Regulation 6 shall be guilty of an offence.

Offence — false or misleading information in application

127. (1) A person shall be guilty of an offence if the person—

(a) knowingly or recklessly makes a false or misleading statement in an application for authorisation to operate as a payment institution, or

(b) makes a false or misleading statement to the Bank in relation to—

(i) the obtaining of an authorisation to operate as a payment institution, or

(ii) an approval, waiver or permission from the Bank concerning the operation of a payment institution.

Offence — misappropriation of users’ funds

128. A person who is a director, officer or employee of a payment institution shall be guilty of an offence if he or she fraudulently misappropriates users’ funds.

Offence — failure to inform Bank of relevant changes, etc.

129. A payment institution that fails to comply with Regulation 27 shall be guilty of an offence.

Offence — failure to keep appropriate records

130. A payment institution that fails to comply with Regulation 32 (whether by not keeping appropriate records or by not holding such records for the period required by that Regulation) shall be guilty of an offence.

Offence — provision of false or misleading information under Regulation 122(a)

131. A payment institution shall be guilty of an offence if the payment institution gives the Bank, in purported compliance with a requirement of the Bank under Regulation 122(a), information that the payment institution knows or reasonably ought to know is false or misleading.

Prosecution of offences

132. (1) Summary proceedings for an offence under these Regulations may be brought and prosecuted by the Bank.

(2) Notwithstanding section 10(4) of the Petty Sessions (Ireland) Act 1851 , summary proceedings for an offence under these Regulations may be instituted—

(a) at any time within 3 years from the date on which the offence was committed,

(b) where, at the expiry of that period, the person against whom the proceedings are to be brought is outside the State, within 6 months of the date on which he or she next enters the State, or

(c) at any time within 3 years from the date on which evidence that, in the opinion of the person by whom the proceedings are brought, is sufficient to justify the bringing of the proceedings, comes to that person’s knowledge,

whichever is the later, provided that no such proceedings shall be commenced later than 5 years from the date on which the offence concerned was committed.

(3) For the purpose of this Regulation, a certificate signed by or on behalf of or jointly with the person bringing the proceedings as to the date on which evidence relating to the offence concerned came to his or her knowledge shall be prima facie evidence and in any legal proceedings a document purporting to be a certificate issued for the purpose of this subsection and to be so signed shall be deemed to be so signed and shall be admitted as evidence without proof of the signature of the person purporting to sign the certificate.

Publication of information

133. Where the Bank imposes a sanction under Part IIIC of the Act of 1942 in respect of a contravention of these Regulations, it shall not publish information under section 33BC of that Act where such publication would seriously jeopardise the financial markets or cause disproportionate damage to the parties involved.

Penalties

134. A person who is guilty of an offence under these Regulations shall be liable—

(a) on summary conviction, to a class A fine or to imprisonment for a term not exceeding 6 months, or to both, or

(b) on conviction on indictment, to a fine not exceeding €500,000 or to imprisonment for a term not exceeding 3 years, or to both.

Offences by bodies corporate and managers etc.

135. Where an offence is committed under these Regulations by a body corporate and is proved to have been committed with the consent, connivance or approval of any person, being—

(a) a director, manager, secretary or other officer of the body corporate, or

(b) a person who was purporting to act in any such capacity,

that person as well as the body corporate shall be guilty of an offence and shall be liable to be proceeded against and punished as if that person were guilty of the first-mentioned offence.

PART 5

Consumer Rights Information

Obligation to inform consumers of their rights

136. (1) The Bank shall ensure that the leaflet produced by the Commission of the European Union in accordance with Article 106(1) of the Payment Services Directive is made available in an easily accessible manner on its website.

(2) A payment service provider shall ensure that the leaflet produced by the Commission of the European Union in accordance with Article 106(1) of the Payment Services Directive is made available—

(a) in an easily accessible manner on its website (if any), and

(b) in paper form at its branches (if any), agents (if any) and any entity to which its activities are outsourced.

(3) A payment service provider shall not charge its clients for making available the information referred to in paragraph (2).

(4) The Bank and payment service providers shall ensure that the leaflet produced by the Commission of the European Union in accordance with Article 106(1) of the Payment Services Directive is made available in an accessible format to persons with disabilities.

PART 6

Final Provisions

Derogation

137. (1) Save to the extent provided under these Regulations, a payment service provider shall not derogate, to the detriment of payment service users, from these Regulations.

(2) A payment service provider may provide its services to payment service users on more favourable terms than is provided for under these Regulations.

Revocation

138. The Regulations of 2009 are revoked.

Saver

139. The revocation of the Regulations of 2009—

(a) does not affect any investigation undertaken, or disciplinary or enforcement action undertaken by the Bank or any other person, in respect of any matter in existence at, or before, the time of the revocation, and

(b) does not preclude the taking of any legal proceedings, or the undertaking of any investigation, or disciplinary or enforcement action by the Bank or any other person, in respect of any contravention of the Regulations of 2009 or any misconduct which may have been committed before the time of the revocation.

Transitional provisions

140. (1) Where a payment institution has taken up activities in accordance with the Regulations of 2009 on or before 13 January 2018, the payment institution—

(a) shall be permitted to continue those activities in accordance with those Regulations, and

(b) shall not be required to seek authorisation in accordance with Regulation 7 or to comply with the other provisions of, or referred to in, Part 2,

until 13 July 2018.

(2) A payment institution to which paragraph (1) applies shall submit all relevant information to the Bank in a timely manner in order to allow the Bank to assess whether the payment institution complies with its requirements under Part 2 and, if not, which measures need to be taken in order to ensure compliance or whether a withdrawal of authorisation is appropriate.

(3) The Bank shall complete the assessment referred to in paragraph (2) by 13 July 2018.

(4) Where the Bank is satisfied that a payment institution to which paragraph (1) applies complies with the institution’s obligations under Part 2, the Bank shall grant an authorisation to the payment institution and enter in the Register the information required under Regulation 25 in respect of the payment institution.

(5) Where the Bank is not satisfied by 13 July 2018 that a payment institution to which paragraph (1) applies complies with the institution’s obligations under Part 2, the payment institution shall, in accordance with Regulation 6, be prohibited from providing payment services.

(6) Where a person is granted a waiver under Regulation 35(2) of the Regulations of 2009 prior to 13 January 2018 and pursued payment services within the meaning of those Regulations prior to that date, the person—

(a) shall be permitted to continue those activities within the State in accordance with those Regulations, and

(b) shall not be required to seek authorisation under Regulation 7 or, to obtain an exemption pursuant to Regulation 41, or to comply with the other provisions of, or referred to in, Part 2,

until 13 January 2019.

(7) A person to whom paragraph (6) applies who has not, by 13 January 2019, been authorised or exempted under these Regulations shall, in accordance with Regulation 6, be prohibited from providing payment services.

(8) Notwithstanding paragraphs (1) to (4), a payment institution that has been granted authorisation to provide payment services as referred to in paragraph 7 of Schedule 1 to the Regulations of 2009 shall retain that authorisation for the provision of those payment services which are considered to be payment services as referred to in paragraph 3 of the Schedule where, by 13 January 2020, the Bank has evidence that the requirements laid down in Regulation 8(1) (c) and in Regulations 11 to 16 have been complied with.

(9) Where a person has provided the payment service referred to in paragraph 7 of the Schedule in the State prior to 12 January 2016, that person shall not be required to seek authorisation in accordance with Regulation 7 or to comply with the other provisions of, or referred to in, Part 2 until the date that is 18 months from the date that the regulatory technical standards referred to in Article 98 of the Payment Services Directive enter into force.

(10) Where a person has provided the payment service referred to in paragraph 8 of the Schedule in the State prior to 12 January 2016, that person shall not be required to be registered in accordance with Regulation 42 or to comply with the other provisions of, or referred to in, Part 2 until the date that is 18 months from the date that the regulatory technical standards referred to in Article 98 of the Payment Services Directive enter into force.

Amendment of European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004

141. Regulation 6 of the European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004 ( S.I. No. 853 of 2004 ) is amended—

(a) in paragraph (1), by the substitution of “Subject to paragraph (1A), within a reasonable time” for “Within a reasonable time”, and

(b) by the insertion of the following paragraph after paragraph (1) :

“(1A) Where the European Union (Payment Services) Regulations 2018 also apply, the supplier shall, within a reasonable time before a consumer is bound by a distance contract for the supply of a financial service, give the consumer—

(a) the information specified in paragraphs (j), (k), (l), (m), (n), (o), (r), (s) and (x) of Schedule 1, and

(b) the information required to be provided under Regulations 68, 69, 75 and 76 of those Regulations.”.

Amendment of European Communities (Electronic Money) Regulations 2011

142. The European Communities (Electronic Money) Regulations 2011 are amended—

(a) in Regulation 3(1) —

(i) by the insertion of the following definitions:

“ ‘account information service’ has the same meaning as it has in the Payment Services Regulations 2018;

‘Directive (EU) 2015/849’ means of the European Parliament and of the Council of 20 May 201519 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC;

‘European Banking Authority’ means the European Banking Authority established by Regulation (EU) 1093/2010 of the European Parliament and of the Council of 24 November 201020 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC;

‘payment initiation service’ has the same meaning as it has in the Payment Services Regulations;

‘payment service provider’ has the same meaning as it has in the Payment Services Regulations;

‘Regulation (EU) No 1093/2010’ means Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC21 ;

‘sensitive payment data’ means information, including personalised security credentials, which could be used to carry out fraud; but in relation to account information services and payment initiation services does not include the name of an account holder or an account number;”,

(ii) by the substitution of the following definition for the definition of “Payment Services Directive”:

“ ‘Payment Services Directive’ means Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 201522 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC;”, and

(iii) by the substitution of the following definition for the definition of “Payment Services Regulations”:

“ ‘Payment Services Regulations’ means the European Union (Payment Services) Regulations 2018 ( S.I. No. 6 of 2018 );”,

(b) in Regulation 7, by the insertion of the following paragraphs after paragraph (2):

“(2A) The Bank shall enter in the Register any withdrawal of an authorisation and any withdrawal of a waiver pursuant to Regulation 36.

(2B) The Bank shall notify the European Banking Authority of the reasons for the withdrawal of any authorisation and of any waiver pursuant to Regulation 36.”,

(c) by the insertion of the following Regulation after Regulation 7:

“European Banking Authority Register

7A. (1) Where information is entered in the Register, the Bank shall, without delay and in a language customary in the field of finance, send a notification to the European Banking Authority informing it of the information so entered.

(2) The Bank shall ensure that the information provided to the European Banking Authority under paragraph (1) is accurate and up-to-date.”,

(d) in Regulation 8—

(i) in paragraph (1) —

(I) by the substitution of the following subparagraph for subparagraph (f) :

“(f) for applicants subject to the obligations in relation to money laundering and terrorist financing under Directive (EU) 2015/849 and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 201523 , a description of the internal control mechanisms which the applicant has established in order to comply with those obligations,”,

(II) by the substitution of the following subparagraph for subparagraph (g) :

“(g) a description of the applicant’s structural organisation, including, where applicable, a description of the intended use of agents and branches and of the off-site and on-site checks that the applicant undertakes to perform on them at least annually, as well as a description of outsourcing arrangements, and of its participation in a national or international payment system,”,

(III) in subparagraph (k), by the substitution of “documents,” for “documents, and”,

(IV) in subparagraph (l), by the substitution of “office,” for “office.”, and

(V) by the insertion of the following subparagraphs after subparagraph (l) :

“(m) a description of the procedure in place to monitor, handle and follow up a security incident and security related customer complaints, including an incidents reporting mechanism,

(n) a description of the process in place to file, monitor, track and restrict access to sensitive payment data,

(o) a description of business continuity arrangements including a clear identification of the critical operations, effective contingency plans and a procedure to regularly test and review the adequacy and efficiency of such plans,

(p) a description of the principles and definitions applied for the collection of statistical data on performance, transactions and fraud,

(q) a security policy document, including a detailed risk assessment in relation to the applicant’s payment services and a description of security control and mitigation measures taken to adequately protect payment service users against the risks identified, including fraud and illegal use of sensitive and personal data, and

(r) in the case of an applicant that proposes to provide payment initiation services or account information services, information on the professional indemnity insurance policy or comparable guarantee against liability it holds or proposes to put in place to cover potential liabilities in relation to the provision of such services.”,

(ii) in paragraph (2), by the substitution of “For the purposes of subparagraphs (d), (e), (g) and (m) of paragraph (1), the applicant shall” for “The applicant shall”, and

(iii) by the insertion of the following paragraphs after paragraph (2):

“(2A) The security control and mitigation measures referred to in subparagraph (q) of paragraph (1) shall indicate how those measures ensure a high level of technical security and data protection, including for the software and information technology systems used by the applicant or the undertakings to which it outsources the whole or part of its operations.

(2B) The measures referred to in paragraph (2A) shall also include the security measures referred to in Regulation 118(1) and (2) of the Payment Services Regulations and shall take into account the European Banking Authority’s guidelines on security measures where such guidelines have been issued under Article 95(3) of the Payment Services Directive.

(2C) An applicant that applies for authorisation to provide payment initiation services, shall as a condition of its authorisation, hold a professional indemnity insurance policy, covering the territories in which it offers services, or some other comparable guarantee against liability to ensure that it can cover its liabilities in relation to the provision of such services.

(2D) An applicant that applies for authorisation or registration for the purposes of providing account information services, shall as a condition of its authorisation, hold a professional indemnity insurance policy covering the territories in which it offers services, or some other comparable guarantee against its liability vis--vis an account servicing payment service provider or a payment service user resulting from non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information.

(2E) In paragraph (2D), “account servicing payment service provider” and “payment service user” have the same meaning as they have in the Payment Services Regulations.”,

(e) in Regulation 14, by the substitution of the following paragraph for paragraph (3):

“(3) Methods, A, B and C are set out in Regulations 12, 13 and 14, respectively, of the Payment Services Regulations.”,

(f) by the substitution of the following for Regulation 19:

“Accounting and statutory audit

19. (1) The European Union (Credit Institutions: Financial Statements) Regulations 2015 ( S.I. No. 266 of 2015 ) and Regulation (EC) No 1606/2002 of the European Parliament and of the Council of 19 July 200224 shall apply to an electronic money institution, subject to the modification that a reference in the European Union (Credit Institutions: Financial Statements) Regulations 2015 to a credit institution shall be construed as a reference to an electronic money institution.

(2) Part 6 of the Companies Act 2014 (No. 38 of 2014) shall apply mutatis mutandis to an electronic money institution to which that Act does not otherwise apply.

(3) Unless exempted under the Companies Act 2014 (including as applied in accordance with paragraph (2)), where applicable, the European Union (Credit Institutions: Financial Statements) Regulations 2015, the annual accounts and consolidated accounts of an electronic money institution shall be audited by a statutory auditor or audit firm within the meaning of the European Union (Statutory Audits) (Directive 2006/43/EC, as amended by Directive 2014/56/EU, and Regulation (EU) No 537/2014) Regulations 2016 ( S.I. No. 312 of 2016 ).

(4) For supervisory purposes, an electronic money institution shall provide separate accounting information for the issuance of electronic money and activities referred to in Regulation 28, which shall be subject to an auditor’s report prepared, where applicable, by the statutory auditors or an audit firm.

(5) Regulation 52 of the European Union (Capital Requirements) Regulations 2014 ( S.I. No. 158 of 2014 ) shall apply to the statutory auditor or audit firm of an electronic money institution in respect of the issuance of electronic money, subject to the modification that a reference in those Regulations to a credit institution shall be construed as a reference to an electronic money institution.”,

(g) by the substitution of the following for Regulation 21:

“Use of agents

21. (1) Where an electronic money institution whose home Member State is the State intends to provide payment services through an agent it shall communicate the following information to the Bank:

(a) the name and address of the agent;

(b) a description of the internal control mechanisms that will be used by the agent in order to comply with the obligations in relation to money laundering and terrorist financing under the law of the State giving effect to Directive (EU) 2015/849, to be updated without delay in the event of material changes to the particulars communicated at the initial notification;

(c) the identity of directors and persons responsible for the management of the agent to be used in the provision of payment services and, for agents other than payment service providers, evidence that they are fit and proper persons;

(d) the payment services of the electronic money institution for which the agent is mandated;

(e) where applicable, the unique identification code or number of the agent.

(2) Within 2 months of receipt of the information referred to in paragraph (1), the Bank shall inform the electronic money institution whether the details of the agent concerned have been entered in the Register.

(3) An agent shall not commence provision of payment services prior to the entry of its details in the Register.

(4) Before listing an agent in the Register, the Bank shall, if it considers that the information provided to it pursuant to paragraph (1) is incorrect, take further action to verify the information.

(5) Where, after taking action to verify the information, the Bank is not satisfied that the information provided to it pursuant to paragraph (1) is correct, it shall not list the agent in the Register and shall inform the electronic money institution accordingly without undue delay.

(6) Where an electronic money institution proposes to provide payment services in another Member State by engaging an agent or establishing a branch it shall follow the procedures set out in Regulation 26.”,

(h) by the substitution of the following for Regulation 22:

“Outsourcing of functions

22. (1) Where an electronic money institution whose home Member State is the State proposes to outsource an operational function relating to the provision of electronic money services or payment services, it shall inform the Bank accordingly not less than 30 days prior to the date on which it proposes to commence such outsourcing.

(2) Outsourcing of important operational functions, including information technology systems, shall not be undertaken in a manner that materially impairs the quality of the electronic money institution’s internal control and the ability of the Bank to monitor and review the electronic money institution’s compliance with these Regulations.

(3) For the purposes of this Regulation, an operational function shall be regarded as important if a defect or failure in its performance would materially impair the continuing compliance of an electronic money institution with the requirements of its authorisation under this Part, its other obligations under these Regulations, its financial performance, or the soundness or the continuity of its provision of electronic money services or payment services.

(4) An electronic money institution may only outsource an important operational function where it meets the following requirements:

(a) the outsourcing will not result in the delegation by senior management of its responsibility;

(b) the relationship and obligations of the electronic money institution towards its electronic money holders or payment service users under these Regulations will not be altered;

(c) the conditions with which the electronic money institution is to comply in order to be authorised and remain so in accordance with this Part will not be breached;

(d) none of the other conditions subject to which the electronic money institution’s authorisation was granted will be removed or modified.”,

(i) by the insertion of the following Regulation after Regulation 22:

“22A Information obligation

(1) An electronic money institution shall ensure that agents or branches acting on its behalf inform electronic money holders and payment service users of this fact.

(2) An electronic money institution whose home Member State is the State shall communicate to the Bank without undue delay any change regarding the use of—

(a) entities to which activities are outsourced, and

(b) in accordance with the procedure provided for in paragraphs (2), (3), (4) and (5) of Regulation 21, agents, including additional agents.”,

(j) by the substitution of the following for Regulation 25:

“Record-keeping

25. (1) An electronic money institution shall keep all appropriate records for the purpose of this Part for at least 5 years.

(2) Paragraph (1) does not affect the operation of the law of the State giving effect to Directive (EU) 2015/849 or other relevant European law.”,

(k) by the substitution of the following for Regulation 26:

“Application to exercise the right of establishment and freedom to provide services

26. (1) An electronic money institution which proposes to provide

(a) electronic money services, or

(b) payment services,

for the first time in another Member State, in the exercise of the right of establishment or the freedom to provide services, shall communicate the following information to the Bank not less than 3 months prior to the date on which it proposes to commence provision of those services:

(i)the name, address and, where applicable, authorisation number of the electronic money institution;

(ii)the Member State or Member States, as the case may be, in which it intends to operate;

(iii)the electronic money or payment services to be provided;

(iv)where the electronic money institution intends to make use of an agent, the information referred to in Regulation 21(1) ;

(v)where the electronic money institution intends to make use of a branch, the information referred to in subparagraphs (b) and (e) of Regulation 8(1) with regard to the electronic money business in the host Member State, a description of the organisational structure of the branch and the identity of those responsible for the management of the branch;

(vi)where the electronic money institution proposes to outsource operational functions of electronic money or payment services to other entities in the host Member State, that it proposes to do so.

(2) Where an electronic money institution becomes aware of any relevant change regarding the information communicated in accordance with paragraph (1), including as regards additional agents, branches or entities to which activities are outsourced in the host Member States in which it operates, it shall communicate any such change to the Bank without undue delay.

(3) Within 1 month of receipt of all of the information referred to in paragraph (1), or change regarding such information received in accordance with paragraph (2), as the case may be, the Bank shall send the information to the competent authority of the host Member State.

(4) Where the Bank receives information from a competent authority of another Member State in accordance with the law of that Member State equivalent to paragraph (3), the Bank shall, within 1 month of receipt of the information assess that information and provide that competent authority with relevant information in connection with the proposed provision of electronic money or payment services by the electronic money institution, authorised by that competent authority, in the exercise of the freedom of establishment or the freedom to provide services.

(5) The Bank shall, when providing relevant information in accordance with paragraph (4), inform the competent authority concerned in particular of any reasonable grounds for concern in connection with the intended engagement of an agent or establishment of a branch with regard to money laundering or terrorist financing within the meaning of Directive (EU) 2015/849.

(6) Where the Bank does not agree with an assessment provided by the competent authority of a host Member State, provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), it shall provide that competent authority with the reasons for the Bank’s disagreement with that assessment.

(7) If the assessment of the Bank, in particular in light of the information received from the competent authority of the host Member State provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), is not favourable, the Bank shall refuse to register the agent or branch or shall withdraw the registration if already made.

(8) If the assessment of the Bank, in particular in light of the information received from the competent authority of the host Member State provided by that competent authority in accordance with the law of that Member State equivalent to paragraphs (4) and (5), is favourable, the Bank shall enter the agent or branch in the Register.

(9) Within 3 months of receipt of the information referred to in paragraph (1), or where a change to that information has been provided in accordance with paragraph (2), receipt of the most recently received of such information, the Bank shall communicate its decision to the competent authority of the host Member State and to the electronic money institution.

(10) Upon entry in the Register, the agent or branch, as the case may be, of the electronic money institution concerned may commence its activities in the host Member State.

(11) The electronic money institution concerned shall notify the Bank of the date from which it commences its activities through the agent or branch, as the case may be, in the relevant host Member State.

(12) The Bank shall inform the competent authority of the host Member State concerned of the information provided by the electronic money institution concerned in accordance with paragraph (11).”,

(l) by the insertion of the following Regulations after Regulation 26:

“Supervision of electronic money institutions exercising the right of establishment and freedom to provide services

26A. (1) In order to carry out the controls and take the necessary steps provided for in this Part and in Parts 3, 4 and 5 in respect of the agent or branch of an electronic money institution authorised under Regulation 9 located in the territory of another Member State, the Bank shall cooperate with the competent authorities of the host Member State of that agent or branch.

(2) The Bank shall notify the competent authority of the host Member State concerned where the Bank intends to carry out an on-site inspection in that Member State.

(3) The Bank may delegate to the competent authority of the host Member State concerned the task of carrying out on-site inspections of the agent or branch concerned.

(4) The Bank may require an electronic money institution authorised in another Member State having an agent or branch in the State to report to the Bank periodically on the activities carried out in the State.

(5) A report referred to in paragraph (4) shall be required for information or statistical purposes and, as far as the agent or branch concerned conducts the electronic money or payment service business under the right of establishment, to monitor compliance with this Part and Parts 3, 4 and 5.

(6) The Bank shall provide the competent authority of a host Member State of the agent or branch of an electronic money institution authorised under Regulation 9 with all essential and relevant information, in particular in the case of infringements or suspected infringements of these Regulations by an agent or a branch, and where such infringements occurred in the context of the exercise of the freedom to provide services.

(7) The Bank shall, for the purposes of compliance with paragraph (6), communicate, upon request, all relevant information and, on its own initiative, all essential information, including on the compliance of the electronic money institution with the conditions under Regulation 11(1) .

(8) The Bank may require an electronic money institution operating in the State through an agent under the right of establishment, the head office of which is situated in another Member State, to appoint a central contact point in the State to—

(a) ensure adequate communication and information reporting on compliance with this Part and Parts 3, 4 and 5, without prejudice to any obligations under anti-money laundering law or counter terrorist financing law, and

(b) facilitate supervision by the competent authority of the home Member State and any other host Member States of the electronic money institution concerned, including by providing such competent authorities with documents and information on request.

(9) Paragraph (8) shall not apply to an electronic money institution that distributes or redeems electronic money through natural or legal persons acting on its behalf.

Measures in case of non-compliance, including precautionary measures

26B. (1) Where the Bank ascertains that an electronic money institution authorised in another Member State having agents or branches in the State contravenes this Part or Parts 3, 4 or 5 it shall inform the competent authority of the home Member State of the electronic money institution concerned without delay.

(2) Where the Bank receives information from a competent authority in another Member State pursuant to the law of that Member State equivalent to paragraph (1), the Bank shall, after having evaluated the information received, without undue delay, take all appropriate measures, available to it under this or any other law of the State, to ensure that the electronic money institution concerned ceases its contravention.

(3) Where the Bank takes measures under paragraph (2), it shall communicate those measures without delay to the competent authority of the host Member State of the electronic money institution concerned and to the competent authorities of any other Member State concerned.

(4) In an emergency situation, where immediate action is necessary to address a serious threat to the collective interests of the electronic money holders in the State, where the State is the host Member State, the Bank may, in parallel with the cross-border cooperation between competent authorities and pending measures by the competent authorities of the home Member State of the electronic money institution concerned, as provided by Regulation 26A, take such precautionary measures, available to it under this or any other law of the State, as it considers appropriate in the circumstances.

(5) A precautionary measure taken under paragraph (4) shall—

(a) be appropriate and proportionate to its purpose to protect against a serious threat to the collective interests of the electronic money holders in the State,

(b) not result in a preference for electronic money holders of the electronic money institution concerned in the State over electronic money holders of the electronic money institution in other Member States,

(c) be temporary, and

(d) be terminated when the serious threats identified are addressed, including with the assistance of or in cooperation with the home Member State’s competent authority or with the European Banking Authority in accordance with Regulation 61A.

(6) Where compatible with the emergency situation referred to in paragraph (4), the Bank shall inform—

(a) the competent authorities of the home Member State of the electronic money institution concerned and those of any other Member State concerned,

(b) the Commission, and

(c) the European Banking Authority

in advance and in any case without undue delay, of the precautionary measures taken under paragraph (4) and of their justification.

Reasons and communication

26C. (1) The Bank shall only take a decision pursuant to Regulation 26, 26A, 26B or 59 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment where that decision is justified in the circumstances relating to the decision.

(2) Where the Bank takes a decision pursuant to Regulation 26, 26A, 26B or 59 involving penalties or restrictions on the exercise of the freedom to provide services or the freedom of establishment, it shall communicate the reasons for its decision to the electronic money institution concerned.

(3) Regulations 26, 26A and 26B shall be without prejudice to the obligation of the Bank under the law of the State giving effect to Directive (EU) 2015/849 and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 201525 , in particular under the law of the State giving effect to Article 48(1) of Directive (EU) 2015/849 and Article 22(1) of that Regulation, to supervise or monitor the compliance with the requirements laid down in those enactments.”,

(m) in Regulation 27—

(i) in paragraph (1), by the substitution of the following subparagraph for subparagraph (a) :

“(a) if the institution—

(i) does not engage in the provision of electronic money services or payment services, in accordance with the authorisation within 12 months, expressly renounces the authorisation or ceases to engage in that business for more than 6 months,

(ii) obtained the authorisation through false statements or any other irregular means,

(iii) would constitute a threat to the stability of or trust in the payment system by continuing its electronic money or payment services business, or

(iv) no longer meets the conditions for granting the authorisation or fails to inform the competent authority on major developments in this respect,”, and

(ii) by the deletion of paragraph (6),

(n) in Regulation 59, by the insertion of the following paragraph:

“(3) Where the Bank requires an electronic money issuer to provide information under paragraph (1) (a), it shall specify the purpose of the request, where appropriate, and the time limit by which the information is to be provided.”,

(o) in Regulation 61, by the substitution of the following paragraph for paragraph (2):

“(2) The Bank may exchange information with—

(a) the competent authorities of other Member States responsible for the authorisation and supervision of electronic money institutions,

(b) the European Central Bank and the central banks of other Member States, in their capacity as monetary and oversight authorities, and, where appropriate, other public authorities responsible for overseeing payment and settlement systems,

(c) relevant authorities of other Member States designated under laws giving effect to the Payment Services Directive, Directive (EU) 2015/849 and other acts of the European Union applicable to payment service providers (including acts applicable to money laundering and terrorist financing), and

(d) the European Banking Authority, in its capacity of contributing to the consistent and coherent functioning of supervising mechanisms (as referred to in point (a) of Article 1(5) of Regulation (EU) No 1093/2010).”,

(p) by the insertion of the following Regulation after Regulation 61:

“Settlement of disagreements between competent authorities of different Member States

61A. (1) Where the Bank considers that, in a particular matter, cross-border cooperation with competent authorities of another Member State referred to in Regulations 26, 26A, 26B, 26C or 61 does not comply with the relevant conditions set out in those provisions, it may refer the matter to the European Banking Authority and request its assistance in accordance with Article 19 of Regulation (EU) No 1093/2010.

(2)Where the European Banking Authority has been requested to assist in accordance with Article 19 of Regulation (EU) No 1093/2010 or the European Banking Authority, on its own initiative, is assisting the Bank and competent authorities of other Member States in reaching an agreement in accordance with the second subparagraph of Article 19(1) of that Regulation, the Bank shall defer its decision on the matter concerned pending resolution under Article 19 of that Regulation.”, and

(q) by the insertion of the following Regulation after Regulation 77:

“Activities taken up before 13 January 2018

77A. (1) An electronic money institution that has, before 13 January 2018, taken up activities—

(a) in the State in accordance with these Regulations and the European Communities (Payment Services) Regulations 2009, or

(b) in another Member State in accordance with the laws of that Member State giving effect to the Electronic Money Directive and Directive 2007/64/EC of the European Parliament and of the Council of 13 November 200726 ,

may continue to carry out those activities in the State until 13 July 2018 without being required to seek authorisation in accordance with Regulation 8 or to comply with the other requirements of Part 2.

(2) An electronic money institution to which paragraph (1) applies shall submit all relevant information to the Bank in a timely manner in order to allow the Bank to assess whether the electronic money institution complies with its requirements under Part 2 and, if not, which measures need to be taken in order to ensure compliance or whether a withdrawal of authorisation is appropriate.

(3) The Bank shall complete the assessment referred to in paragraph (2) by 13 July 2018.

(4) Where the Bank is satisfied that an electronic money institution to which paragraph (1) applies complies with the institution’s obligations under Part 2, the Bank shall grant an authorisation to the electronic money institution and enter in the Register the information required under Regulation 7 in respect of the electronic money institution.

(5) Where the Bank is not satisfied by 13 July 2018 that an electronic money institution to which paragraph (1) applies complies with the institution’s obligations under Part 2, the electronic money institution shall be prohibited from issuing electronic money.”.

Amendment of European Union (Capital Requirements) Regulations 2014

143. The Schedule to the European Union (Capital Requirements) Regulations 2014 ( S.I. No. 158 of 2014 ) is amended by the substitution of the following paragraph for paragraph (4):

“(4) Payment services as defined in Article 4(3) of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 201527 .”.

Amendment of Act of 1942 — professional secrecy

144. Section 33AK of the Act of 1942 is amended—

(a) in subsection (4)(a) (ii), by the insertion of “or (5B)” after “subsection (1A)”,

(b) by the insertion of the following subsections after subsection (5):

“(5A) Subsection (5) shall not apply to confidential information received by the Bank in the performance of its functions as a competent authority designated as such for the purposes of the Payment Services Directive.

(5B) A person to whom subsection (1) applies shall not disclose confidential information concerning—

(a) the business of any person or body whether corporate or incorporate that has come to the person’s knowledge through the person’s office or employment with the Bank, or

(b) any matter arising in connection with the performance of the functions of the Bank or the exercise of its powers,

if such disclosure is required to be prohibited by the Payment Services Directive.

(5C) Subject to subsection (5B), the Bank may disclose confidential information received by it in the performance of its functions as a competent authority (so designated for the purposes of the Payment Services Directive)—

(a) to a public authority or body designated by another Member State as the competent authority for the purposes of the Payment Services Directive,

(b) to the European Central Bank and the central banks of other Member States, in their capacity as monetary and oversight authorities, and, where appropriate, other public authorities responsible for overseeing payment and settlement systems,

(c) to the European Banking Authority, in its capacity of contributing to the consistent and coherent functioning of supervising mechanisms (as referred to in point (a) of Article 1(5) of Regulation (EU) No 1093/2010 of 24 November 201028),

(d) to the relevant authorities of other Member States designated under laws giving effect to the Payment Services Directive, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 201529 and other Acts of the European Union applicable to payment service providers (including Acts applicable to the protection of individuals with regard to the processing of personal data and to money laundering and terrorist financing),

(e) to authorities entrusted with the public duty of supervising other financial sector entities and the authorities responsible for the supervision of financial markets,

(f) to authorities or bodies charged with responsibility for maintaining the stability of the financial system in Member States through the use of macroprudential rules,

(g) to reorganisation bodies or authorities aiming at protecting the stability of the financial system,

(h) to bodies involved in the liquidation and bankruptcy of institutions and in other similar procedures,

(i) to the persons responsible for carrying out statutory audits of the accounts of institutions, insurance undertakings and financial institutions,

(j) to the ESCB central banks and other bodies with a similar function in their capacity as monetary authorities when the information is relevant for the exercise of their respective statutory tasks,

(k) to contractual or institutional protection schemes as referred to in Article 113(7) of Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 201330 ,

(l) where appropriate, to other public authorities responsible for overseeing payment systems,

(m) to the European Systemic Risk Board, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority, where that information is relevant for the exercise of their functions under Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 201031 , Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 201032 or Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 201033 , as the case may be,

(n) to a clearing house or other similar body recognised under Irish law for the provision of clearing or settlement services where that information is necessary in order to ensure the proper functioning of those bodies in relation to defaults or potential defaults by market participants,

(o) to a liquidator, examiner, receiver or any other person or body involved in the liquidation or bankruptcy of a supervised entity in relation to that entity,

(p) to the Minister for Housing, Planning and Local Government in connection with that Ministers functions under the national housing programme with respect to a mortgage lender,

(q) to—

(i) the Minister, in accordance with the provisions of the Payment Services Directive in relation to the Minister’s responsibility for policy on the supervision of supervised entities,

(ii) authorities in other Member States with responsibilities corresponding to that of the Minister referred to in subparagraph (i), or

(iii) where the Bank is the chair of a college of supervisors established under Regulation 104 of the European Union (Capital Requirements) Regulations 2014 ( S.I. No. 158 of 2014 ), to the Committee of European Banking Supervisors,

(r) to an inspector appointed by the Minister and acting on the Minister’s behalf,

(s) where the information is required for the purposes of criminal proceedings, or

(t) with the consent of the person to whom the information relates and, if the information was obtained from another person, that other person.

(5D) Where confidential information has been received from an authority designated as a competent authority for the purposes of the Payment Services Directive in another Member State, the Bank shall only disclose such confidential information pursuant to subsection (5C)(h), (i) or (k) in accordance with the express consent of that authority.

(5E) In subsections (5A), (5B), (5C) and (5D), “Payment Services Directive” means Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 201534 .

(5F) Subsections (5A), (5B), (5C) and (5D) shall apply to confidential information received in connection with the operation of the European Communities (Electronic Money) Regulations 2011, subject to the modification that a reference to the Payment Services Directive shall be construed as a reference to Directive 2009/110/EC of the European Parliament and of the Council of 16 September 200935 .”,

(c) by the insertion of the following subsection after subsection (6A):

“(6B) Any person or entity to whom confidential information is provided under subsection (5C) shall, when holding and dealing with that information, ensure its confidentiality.”,

(d) in paragraph (a) of subsection (8), by the insertion of “or (5B)” after “subsection (1A)”, and

(e) in subsection (10), in the definition of “supervisory EU legal acts”, by the deletion of paragraphs (p) and (q) .

Amendment of Act of 1942 — insertion of references

145. The Act of 1942 is amended—

(a) in section 2(2A)—

(i) in paragraph (ar), by the substitution of “and of the Council of 8 June 2016;” for “and of the Council of 8 June 2016.”, and

(ii) by the insertion after paragraph (ar) of the following paragraph:

“(as) Commission Delegated Regulation (EU) 2017/2055 of 23 June 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for the cooperation and exchange of information between competent authorities relating to the exercise of the right of establishment and the freedom to provide services of payment institutions.36 ”, and

(b) in Part 2 of Schedule 2 by the insertion of the following item after the last item:

71

S.I. No. 6 of 2018

European Union (Payment Services) Regulations 2018

The whole instrument

”.

SCHEDULE

Payment Services

1. Services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account.

2. Services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account.

3. Execution of payment transactions, including transfers of funds on a payment account with the user’s payment service provider or with another payment service provider:

(a) execution of direct debits, including one-off direct debits;

(b) execution of payment transactions through a payment card or a similar device;

(c) execution of credit transfers, including standing orders.

4. Execution of payment transactions where the funds are covered by a credit line for a payment service user:

(a) execution of direct debits, including one-off direct debits;

(b) execution of payment transactions through a payment card or a similar device;

(c) execution of credit transfers, including standing orders.

5. Issuing of payment instruments and/or acquiring of payment transactions.

6. Money remittance.

7. Payment initiation services.

8. Account information services.

/images/ls

GIVEN under my Official Seal,

12 January 2018.

PASCHAL DONOHOE,

Minister for Finance.

EXPLANATORY MEMORANDUM

(This note is not part of the Instrument and does not purport to be a legal interpretation.)

These Regulations transpose into domestic law the provisions of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (the “revised Payment Services Directive” or “PSD2”). These Regulations revoke the European Communities (Payment Services) Regulations 2009 ( S.I. No. 383 of 2009 ), which transposed the original Payment Services Directive (Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007.

The objective of PSD2 is to set a common legal framework for payment services, providing a consistent set of rights and obligations for businesses and consumers making and receiving payments.

The main elements of the Regulations are:-

• Part 1 covers preliminary matters such as important definitions and the scope of the Regulations. The scope has expanded now that PSD2 extends to payment transactions in non-EEA currencies and to “one-leg” transactions (payment transactions where only one of the payment service providers is located within the Union) and the extent to which some payment transactions and services are excluded from the scope of the Regulations has been narrowed.

The vast majority of the provisions of PSD2 come into operation on 13 January 2018. A small number of provisions will come into operation 18 months from the date the regulatory technical standards on strong customer authentication and common and secure open standards of communication enter into force.

• Part 2 sets out the categories of payment service providers that can provide payment services. It adds two new categories of payment service providers to be regulated; providers of account information services and providers of payment initiation services. This Part establishes the authorisation requirements and process for payment institutions, including the relevant requirements for initial capital, own funds, and safeguarding of users’ funds. This Part also designates the Central Bank as the competent authority in the State for the purposes of the Payment Services Directive, and provides for it to maintain a register on which authorised payment institutions and their agents are to be included and to notify the European Banking Authority of changes to that register.

• Part 3 establishes transparency and information requirements to ensure that payment service users are given pertinent information by payment service providers.

• Part 4 sets out the respective rights and obligations of payment service providers and payment service users in relation to the provision and use of payment services.

It also covers reporting of infringements, and certain matters relating to supervision and directions from the Central Bank. This Part requires payment service providers to have effective procedures for the resolution of complaints from payment service users and provides for the Financial Services and Pensions Ombudsman to have jurisdiction over the settlement of disputes between eligible payment service users and payment service providers.

• Part 5 ensures that the leaflet produced by the Commission of the European Union in accordance with Article 106(1) of PSD2 on the rights of consumers under PSD2 is made available to consumers.

• Part 6 contains final provisions, including the revocation of the European Communities (Payment Services) Regulations 2009 with associated saver and transitional provisions. It also contains amendments necessitated to other legislation as a consequence of the transposition of PSD2.

Although it is not required to be provided for in these Regulations, it should be noted that Article 108 of PSD2 provides that the EU Commission shall submit to the European Parliament and to the Council a report on the application of the Directive by 13 January 2021.

1 OJ No. L 337, 23.12.2015, p. 35.

2 OJ No. L 124, 20.5.2003, p. 36.

3 OJ No. L 267, 10.10.2009, p. 7.

4 OJ No. L 176, 27.6.2013, p. 338.

5 OJ No. L 141, 5.6.2015, p. 73.

6 OJ No. L 119, 4.5.2016, p.1.

7 OJ No. L 337, 23.12.2015, p.35.

8 OJ No. L 141, 5.6.2015, p. 1.

9 OJ No. L 176, 27.6.2013, p. 1.

10 OJ No. L 331, 15.12.2010, p. 12.

11 OJ. No. L 243, 11.9.2002, p.1.

12 OJ No. L 302, 17.11.2009, p. 32.

13 OJ No. L 335, 17.12.2009, p. 1.

14 OJ No. L 173, 12.6.2014, p. 349.

15 OJ No. L 123, 19.5.2015, p. 1.

16 OJ No. L 123, 19.5.2015, p. 1.

17 OJ No. L 94, 30.3.2012, p. 22.

18 OJ No. L 94, 30.3.2012, p. 22.

19 OJ No. L 141, 5.6.2015, p. 73.

20 OJ No. L 331, 15.12.2010, p. 12.

21 OJ No. L 331, 15.12.2010, p. 12.

22 OJ No. L 337, 23.12.2015, p.35.

23 OJ No. L 141, 5.6.2015, p. 1.

24OJ. No. L 243, 11.9.2002, p.1.

25 OJ No. L 141, 5.6.2015, p. 1.

26 OJ No. L 319, 5.12.2007, p. 1.

27 OJ No. L 337, 23.12.2015, p.35.

29 OJ No. L 141, 5.6.2015, p. 73.

30 OJ No. L 176, 27.6.2013, p. 1

31 OJ No. L 331, 15.12.2010, p. 1.

32 OJ No. L 331, 15.12.2010, p. 48.

33 OJ No. L 331, 15.12.2010, p. 84.

34 OJ No. L 337, 23.12.2015, p.35.

35 OJ No. L 267, 10.10.2009, p.7.

36 OJ No. L 294, 11.11.2017, p. 1.