PSD2 in Europe

What is PSD2?

PSD2 is an abbreviation for the 2nd Payment Services Directive, which is a European Union Directive governing payment services and payment service providers in the EEA. The PSD2 was adopted in 2018 to push forward the present competition, innovation, and security in the field of payment services. To a great extent, it had replaced the original Payment Services Directive and provided a number of key changes, one of which is the obligation of certain payment service providers to obtain a license according to PSD2.

A license under PSD2 actually comes in the form of the following types of licenses:

• Payment Institution (PI) License
• Electronic Money Institution (EMI) License

Both a PI licensee and an EMI license can offer a broad span of activities, including but not limited to:

• Perform a variety of payment transactions, such as credit transfers, direct debits, and card payments
• Provide money remittance services – the transferring of funds nationally and across borders
• PISP: provide services for the initiation of payment orders by customers for online payments without the usage of a credit or debit card
• AISP: provide customers with an overall view of their account information from various financial institutions
• Currency exchange services
• Issuance of payment instruments, including pre-paid cards and digital wallets
• Settle and receive merchant/e-commerce payments on behalf of merchants, hence enabling card and other electronic forms of payments
• Provide mobile payment services to enable similar transactions between the owner of the phone and other parties
• Provide peer-to-peer payment services that would enable people to send money to other people

Whereas the principal difference between a PI and an EMI license is that EMI license holders have the right to issue electronic money, such as, for example, digital currency, prepaid cards, or electronic account balances. This is their main activity. They may also store electronic money on behalf of customers and give electronic wallets or accounts for users to access and manage their funds.

Advantages of Holding a PSD2

Holding one of the above-mentioned licenses has many other serious advantages, which you should consider if your aim is to provide payment services for EU customers. It may open a great and diverse market to your business, and it will establish your firm as one that is trustworthy and compliant, in a very closely regulated industry, which is key to developing long-term growth, innovation, and success in the European financial industry.

By acquiring a license under PSD2, one may gain a number of important advantages, including:

• A license from PSD2 may serve to engender trust and confidence in your business from its customers and other partners because it has met the stringent requirements necessary to operate as a legitimate and trustworthy payment service provider.
• Because of the principle of passporting, with one license you would be allowed to offer your payment services across the EEA, made up of EU member states, Norway, Iceland, and Liechtenstein – that immense and lucrative market has more than 500 million consumers.
• PSD2 fosters innovation in the sense that it prompts open banking, allowing third-party providers to access customer account information, and therefore, license holders are effectively supported in the development of innovative financial products and services.
• Licensees under PSD2 have access to customer account information that proves to be of value for developing personalized financial products and services.
• The licensed payment service providers may have access to the payment settlement systems, enabling them to process and settle transactions in an efficient manner.
• Operating with a PSD2 license provides clarity regarding regulatory compliance, which reduces uncertainty and potential legal risks.
• A PSD2 license can serve as a stepping stone for global expansion, as EU regulations and standards are recognized and valued worldwide.

Payment Services Regulations in the EU

As the name of the license suggests, PSD2 licensees are essentially regulated by the PSD2. It was, of course, built upon the PSD, which is worth taking into consideration in its own right since not everything from it was superseded by PSD2. Together with other applicable regulations, these directives form a single EU framework promoting secure, innovative, and competitive financial services within the member countries. This has harmonized and integrated single cross-border payments in the European Union at less cost for consumers and businesses in making transactions across all member countries.

Main Provisions of the PSD:

• PSD created two main types of payment service providers: Payment Institutions (PIs) and Electronic Money Institutions (EMIs) – that must be licensed and registered with the competent national authority of any EU state in which they wish to operate.
• PSD introduced effective consumer protection by putting in place rules on secure and transparent payment procedures, providing relevant information to customers, and limiting liability in case of unauthorized or fraudulent transactions. The payment service providers were to implement the needed security measures for protecting customers’ data and information on all transactions, including SCA methods for online transactions.
• PSD defined the relevant rights and responsibilities of payment service users and payment service providers with regard to respective obligations concerning dispute resolution and liability.

Strong points of the PSD2:

• PSD2 extends the scope of payment services against the backdrop of the emergence of new types of payment services, like mobile payments and currencies, and brings them into the scope of regulation.
• PSD2 allows licensed third-party providers, including AISPs and PISPs, with the customer’s explicit consent, to access customer account information. This encourages open banking and the creation of new financial services.

Regulatory Technical Standards: The EBA drafted the demands for those special aspects of PSD2, including SCA and secure communication between TPPs and banks. The PSD2 requires that payment service providers should monitor fraudulent activities occurring in transactions and report them to the authorities.

All licensees of PSD2 are also obliged to have profound knowledge and follow the standards of 1-6th EU Anti-Money Laundering Directives (AMLDs), which include the following:

• Customer Due Diligence: To undertake customer due diligence and, where necessary, enhanced customer due diligence, the licensees of PSD2 should have the identification and verification of customers. Reporting suspicious transactions is also included in their work.
• It’s also essential to maintain accurate records of customer transactions and communications for a minimum period of at least five years after the end of a business relationship or after the completion of a transaction.
• Identifying and monitoring politically exposed persons (PEPs) is a must for every PSD2 licensee.
• The employees have to be given training and awareness programs on how to identify suspicious activities and report them by the PSD2 license holder.
• Identifying and managing the risks of money laundering and terrorist financing within the licensed operations is equally important and has to be done continuously.

Best Available Jurisdictions for a PSD2 License

Among all countries, Lithuania has become a very attractive destination for payment service providers to obtain a PSD2 license within the EU. During the period 2017-2021, the Bank of Lithuania – the regulator of the Lithuanian financial industry – had issued the largest number of fintech licenses compared to other EU countries. Today, it continues to rank first in serving innovative businesses with its modern business infrastructure, talented and multilingual manpower, streamlined process of setting up a business and licensing, and competitive regulatory fees. In Lithuania, you should be prepared to have at least 20,000-25,000 EUR as the minimum capital required to obtain a PSD2 license and 898 EUR as the state fee for reviewing your application.

The Netherlands has also been very open-handed with regard to fintech licenses, including PSD2 licenses. Just as much as it tries to focus on the stability, integrity, and safety of the Dutch financial system, the Dutch Central Bank, being the regulator for financial institutions, tries to stimulate innovative business. Within the context of the financial crisis, it is important to mention that the industry of financial services in the Netherlands is exceptionally resilient and highly developed; hence, it provides a really alluring international financial hub with such a strong economy, strategic location, and open business culture. In order to get a Dutch PSD2 license, you’ll require approximately 125,000 EUR for the minimum capital and 5,000-10,000 EUR as an application fee. The precise figures are naturally going to differ depending on the specifics of your business.

Estonia is also considered a friendly regime for a PSD2 license. Estonia’s regulatory body, the Estonian Financial Supervision Authority, is renowned for efficiency and responsiveness, meaning that you can expect a smooth fast-track process. With the advanced e-government infrastructure and pervasiveness of digital identity in Estonia, it is easy to comply with the requirements of SCA. The country, with considerable benefits accruing from that position, has emerged as a vibrant fintech hub with a number of fintech startups, innovation centers offering opportunities for networking, collaboration, and sharing of knowledge. The minimum required capital starts from 20,000 EUR but may rise up to a quite substantial amount, depending on a wider scope of activities that the particular payment service provider is allowed to conduct. The application fee is 3,300 EUR.

Germany is considered one of the most important destinations in the field of financial services, but also one with relatively well-structured legislation and regulations, thus very popular among financial institutions and recipients eager to obtain a PSD2 license. The country has a reputation for financial stability, supporting business environment, and promotion of innovation, therefore generally being attractive for enterprises establishing a business in the payment services industry. Lastly, the Federal Financial Supervisory Authority is committed to protecting Germany’s good name and ensuring that licensees are reputable and act in a trustworthy manner. It heavily depends on the specific business scale, and the decision will be made case by case. It is around 125,000 EUR on average, but the application fee usually ranges from 5,000 to 10,000 EUR.

Requirements for Applicants for a PSD2 License

Although the exact requirements may vary from one jurisdiction to another, and we can advise you on this in a personalized consultation, there are several general but equally important legal requirements that are prevalent in most of the EU countries. You will most probably be required to start with establishing a local entity in a jurisdiction where you will apply for a PSD2 license. Usually, you are supposed to select a very specific legal form, such as Private Limited Liability Company in Lithuania, have a local registered office, and possess appropriate minimum capital.

Once you have established an entity, at least the following compliance will be required:

• Show how they apply the SCA to reduce the fraud risk
• Show firm’s AML/CFT policies and procedures to prevent financial crime effectively
• If one intends to hold customer funds, prove appropriate safeguarding arrangements such that the customer funds can be protected once the firm becomes insolvent
• Internal control systems and risk management procedures for operational and financial stability
• Demonstrate the capability to keep records and report specific financial and operational information to the supervisory authority
• Ensure appropriate security measures and IT infrastructure cover customer data protection, secure payment transactions, and cybersecurity

In general, as an applicant for a PSD2 license, you would have to submit a number of documents which are as follows:

• Company Incorporation Certificate
• Memorandum of Association
• A fully written business plan that details the nature and scope of the proposed payment services, including type of transactions and customers served
• Financial statements: including balance sheets, income statements, and cash flow statements
• Evidence that the application fee has been paid
• A business continuity plan describing how your company will manage and recover from a disruption such as system failure or cyber-attack
• Corporate structure of the firm, including ownership structure, board of directors, and key personnel
• Evidence of internal AML/CFT policies and procedures
• Full risk management framework, including identifying and mitigating operational and compliance risks
• Proof of professional indemnity insurance
• CVs of firm directors and other key people, together with evidence of their financial qualifications and relevant experience
• Copies of the passports of key personnel and shareholders

How to Apply for a PSD2 License?

The application process may take anything from three months up to a year, depending on your chosen jurisdiction, the quality of your application, and also the responsiveness of regulatory authorities. The specific application stages and milestones are also different, although there are certain general steps you will have to go through almost in any jurisdiction.

Following are the major steps towards applying for a PSD2 license:

Ongoing Requirements for PSD2 License Holders

From the moment you become a license holder under PSD2, there are scores of requirements and standards to observe. Our continued support will make you confident that your payment services company will at all times stay compliant with the ever-changing regulatory framework of the EU and relevant national regulations, an important factor in avoiding associated risks and ensuring uninterrupted operations.

For the purpose of this text, know that holding a PSD2 license comes with other obligations, such as:

• Filing periodic reports to the competent authority on various aspects of your business, including but not limited to: transaction data, security incidents, and SCA requirements
• Respecting the GDPR and national legislations on protection of personal data
• Implementing safeguarding measures in case of insolvency, related to customer funds
• Continuously monitor and enforce internal control in pursuance of the appropriate functioning of your payment services and conformity to regulatory standards

If you need a PSD2 license, the team of professionals here at Regulated United Europe will be glad to support you with the establishment of a company and the licensing process in an EU jurisdiction that would suit your business needs. Our qualified experts can also assist you through the process of purchasing a shelf company with a PSD2 license already included. With experienced lawyers, business development professionals, and financial accountants by your side, you will find the processes of a PSD2 business start-up to be easy, seamless, and transparent. Contact us now to arrange for a personalized consultation and set the stage to create sustainable success.