PSD3: COREPER approves Council of EU’s amended PSD3 and PSR texts, paving the way for inter-institutional negotiations on final texts

What’s the story so far?

The European Commission published its anticipated PSD3 and PSR proposals to improve the functioning of PSD2 in June 2023. Those texts are now subject to review and amendment by the European Parliament and Council of the EU as well as inter-institutional negotiations (trilogues) with the Commission.

In November 2023, ECON published draft reports on the proposals with recommendations for amendments (see 'PSD3: Putting citizens at the heart of EU payments'). ECON voted to adopt the texts in February 2024 (see ‘PSD3: European Parliament’s ECON Committee adopts draft reports on PSR and PSD3’). In April 2024, the Parliament voted to adopt both texts in plenary, closing the first reading (see ‘PSD3: European Parliament adopts amendedPSD3 and PSR texts at first reading’).

The COREPER’s approval of the Council’s position on both texts marks the move to the next stage in the legislative process – inter-institutional negotiations (trilogues) to reach final texts ready for approval by the Parliament and Council.

What are some key proposed amendments in the Council’s approved texts?

• Impersonation fraud:The Commission’s proposed PSR seeks to make PSPs liable for authorised payments made by consumers who have been tricked into making those payments by someone impersonating the PSP. The Parliament’s April 2024 text proposed going significantly further in extending this liability to payments that result from ‘any other relevant entity of a public or private nature’. The Council is not proposing any such extension of liability. Other points of interest in its amended text include:
  • extending the time limit for PSPs to refund consumers who have been victims of impersonation fraud from 10 to 15 business days;
  • clarifying the consumer’s obligation, on becoming aware of the fraud, to provide the PSP with all the relevant information requested by the PSP and that the consumer ‘can reasonably be expected to have regarding the events leading up to the disputed payment transaction’;
  • capturing “big tech” (electronic communications services providers - ECSPs) within the scope of regulation. This is similar to the aim of the Parliament’s text, although the Council’s amendments focus on several measures aimed at cross-sectoral cooperation for the purpose of fraud prevention and detection whereas the Parliament looked to make ECSPs liable to PSPs if they fail to remove fraudulent or illegal content once notified of its existence. The Council’s proposed amendments include:
    • ECSPs’ obligation to establish dedicated communication channels with PSPs, or participate in a system for effective communication, or in an information sharing mechanism, to allow for faster and more effective sharing of any information that could be useful in preventing and detecting fraud; and
    • the drawing up of a voluntary code of conduct at Union level to foster prevention, enhance security and combat payment fraud and financial scams, encouraged and facilitated by the Commission and the European Board of Digital Services.
• TPP access: In relation to the availability and performance requirements for the dedicated interface for third party provider (TPP) access, the Council’s proposed amendments include adding a requirement for the EBA to develop draft regulatory technical standards specifying:
  • the requirements related to the quarterly statistics on the availability and performance of the interfaces which account servicing payment service providers (ASPSPs) will be required to publish on their websites; and
  • standards establishing an optimal recovery time in case of the unplanned unavailability of a dedicated interface, based on the severity of the incident - taking into account, among other things, the number of account information and payment initiation service providers’ customers impacted and the types of functionality affected.
• Access for PSPs to payment systems and services: The Council proposes the addition of provisions requiring payment card schemes and processing entities to disclose the rules and fees imposed on acquirers in a ‘transparent and consistent manner’ (the criteria for which would be specified by the EBA in regulatory technical standards, in close cooperation with the ECB). Acquirers would also be required to ‘transparently disclose’ merchant services charges applied to their business payments services users in accordance with their Interchange Fee Regulation obligations.

Like the Parliament, the Council also proposes amendments to the provisions on payment institutions’ access to payment accounts. For example, the Council suggests a further tightening of the grounds on which a credit institution can refuse to open, or to close, a payment account for a payment institution. There is also the introduction of a longstop of 1 month from an application to open a payment account for the credit institution to notify the payment institution of any decision to refuse to open the account. The Council proposes a requirement for 3 months’ notice of closure of a payment account to be given by credit institutions (a slight reduction on the Parliament’s proposal for 3 months’ notice).

• Surcharging: The Council has not followed the Parliament’s proposal to prohibit surcharging on any payment instrument.
• Outsourcing: The Council has not accepted the Parliament’s proposal to delete the obligation to enter into an outsourcing agreement with a technical service provider that provides and verifies the elements of strong customer authentication.

The Council’s text also proposes some changes to bolster consumer protections including:

• Confirmation of Payee: The Council proposes to rely on the verification of payee requirements introduced in the recent changes to the SEPA Regulation 260/2012, which it suggests should be extended to apply to all credit transfers (i.e. including those that fall outside the scope of the SEPA Regulation). Whilst this broadly achieves the same purpose, the requirement in the SEPA Regulation does not permit a customer to opt out of receiving the service.
• Spending limits: The Council’s text imposes an obligation to have limits on payment instruments rather than allowing these to be agreed between the payer and its PSP.

Authored by Eimear O’Brien, Charles Elliott and Virginia Montgomery.