PSD2 in Europe

What is a PSD2?

PSD2, which stands for the 2nd Payment Services Directive, is an EU directive that regulates payment services and payment service providers within the EEA. PSD2 was introduced in 2018 to promote competition, innovation, and security in the payment services industry. It largely superseded the original Payment Services Directive (PSD) and brought about several key changes, one of which is the requirement for certain payment service providers to obtain a PSD2 license.

A PSD2 license is actually divided into the following types of licenses:

• Payment Institution (PI) License
• Electronic Money Institution (EMI) License

Both, a PI licensee and an EMI license can engage in a wide range of activities:

• Execute various payment transactions, including credit transfers, direct debits, and card payments
• Offer money remittance services, enabling the transfer of funds domestically and cross-border
• Be a payment initiation service provider (PISP) and initiate payment orders on behalf of customers, facilitating online payments without the need for a credit or debit card
• Be an account information service provider (AISP) that offers customers a consolidated view of their account information from multiple financial institutions
• Offer currency exchange services
• Issue payment instruments, such as prepaid cards and digital wallets
• Accept and process payment transactions for merchants and e-commerce businesses, facilitating card payments and other forms of electronic payments
• Facilitate mobile payment services
• Offer peer-to-peer payment services (i.e., enable individuals to transfer funds to each other)

The main difference between a PI and an EMI license is that in addition to the above activities, EMI licensees can issue electronic money, including digital currency, prepaid cards, or electronic account balances which is their main function. They can also store electronic money on behalf of their customers and provide electronic wallets or accounts for users to access and manage their funds.

Advantages of Holding a PSD2

Holding one of the PSD2 licenses boasts several significant advantages that you should take into account if your goal is to offer payment services to EU customers. These licenses can provide access to a vast and diverse market and position your business as a trusted and compliant company in a highly regulated industry, setting the stage for growth, innovation, and long-term success within the European financial industry.

By obtaining a PSD2 license, you can benefit from several key advantages:

• A PSD2 license can build trust and credibility in the eyes of customers and business partners as it signals that your company has met the rigorous requirements necessary to operate as a legitimate and trustworthy payment service provider
• Thanks to the passporting principle, by holding one license you would be able to offer your payment services throughout the EEA, which includes the EU member states, Norway, Iceland, and Liechtenstein (this vast and lucrative market consists of over 500 million consumers)
• PSD2 encourages innovation by promoting open banking and facilitating third-party access to customer account information, and therefore license holders are effectively supported in the development of innovative financial products and services
• PSD2 licensees have access to customer account information, which can be valuable for developing personalized financial products and services
• Licensed payment service providers can access payment settlement systems, enabling them to process and settle transactions more efficiently
• Operating with a PSD2 license provides clarity regarding regulatory compliance which reduces uncertainty and potential legal risks
• A PSD2 license can serve as a stepping stone for global expansion, as EU regulations and standards are recognized and valued worldwide

Payment Services Regulations in the EU

As the name of the license suggests, PSD2 licensees are essentially regulated by the PSD2. Of course, it was built upon the PSD which is also worth taking into account as not everything was superseded by the PSD2. These directives and other applicable regulations create a unified EU framework that promotes secure, innovative, and competitive financial services within the member countries. This framework has simplified and standardized cross-border payments within the EU, making it more cost-effective for consumers and businesses to conduct transactions across member countries.

The main provisions of the PSD:

• PSD established two main categories of payment service providers – Payment Institutions (PIs) and Electronic Money Institutions (EMIs) which must be licensed and registered with an appropriate national authority of an EU country to operate within the EU
• PSD introduced strong consumer protection measures, including rules for secure and transparent payment processes, provision of relevant information to customers, and limiting liability in the event of unauthorized or fraudulent transactions
• Payment service providers were required to implement robust security measures to protect customer data and transaction information, including the use of strong customer authentication (SCA) methods for online transactions
• PSD outlined the respective rights and obligations of both payment service users and providers, establishing a clear regulatory framework for disputes and responsibilities

The main provisions of the PSD2:

• PSD2 covers a broader range of payment services by acknowledging emerging payment services, such as mobile payments and virtual currencies, and brings them under the regulatory framework
• PSD2 enables licensed Third-Party Providers (TPPs), including AISPs and PISPs, to access customer account information with explicit customer consent which encourages open banking and the development of new financial services
• PSD2 strengthens consumer protection measures by reducing the liability of customers in cases of unauthorized or fraudulent transactions
• The European Banking Authority (EBA) developed Regulatory Technical Standards that specify detailed requirements for certain aspects of PSD2, including SCA and secure communication between TPPs and banks
• PSD2 requires payment service providers to monitor transactions for fraudulent activities and report them to the authorities

All PSD2 licensees are also obligated to have deep knowledge of and adhere to the standards of 1-6th EU Anti-Money Laundering Directives (AMLDs) which include the following provisions:

• PSD2 licensees must conduct customer due diligence and where needed enhanced customer due diligence, including identification and verification of customers and reporting suspicious transactions
• It’s also essential to maintain accurate records of customer transactions and communications for a minimum period of at least five years after the end of a business relationship or after the completion of a transaction
• Identifying and monitoring politically exposed persons (PEPs) is a must for every PSD2 licensee
• PSD2 license holders must provide training and awareness programs to their employees to help them identify and report suspicious activities
• It’s equally important to conduct ongoing risk assessments to identify and manage money laundering and terrorist financing risks within the licensed operations

Top Jurisdictions for a PSD2 License

Lithuania has emerged as an attractive destination for payment service providers seeking to obtain a PSD2 license within the EU. Compared to other EU countries, the Bank of Lithuania, the regulator of the Lithuanian financial industry, granted the highest number of fintech licenses between 2017-2021. Today, the country remains at the forefront of serving innovative businesses due to such reasons as modern business infrastructure, talented and multilingual workforce, streamlined business formation and licensing processes, and competitive regulatory fees. To obtain a PSD2 license in Lithuania, you should prepare 20,000-25,000 EUR for the minimum required capital, and 898 EUR as the state fee for your application review.

The Netherlands has also been generous in granting fintech licenses, including PSD2 license. The Dutch Central Bank, which is the regulator for financial institutions, strives to promote innovative businesses just as much as to ensure the stability, integrity, and safety of the Dutch financial system. Against the backdrop of the economic crisis, it’s crucial to emphasize that the Netherlands has a resilient and highly developed financial services industry, and its strong economy, strategic location, and open business culture make it an attractive hub for international financial activities. To obtain a Dutch PSD2 license, you have to possess roughly around 125,000 EUR for the minimum capital, and 5,000-10,000 EUR for the application fee. Of course, the exact amounts will be determined based on the complexities of your business.

Estonia is also considered a favorable jurisdiction for obtaining a PSD2 license.  Estonia’s regulatory authority, the Estonian Financial Supervision Authority, has a reputation for efficiency and responsiveness which means you can expect a straightforward and quick licensing process. Estonia is known for its advanced e-government infrastructure and the widespread use of digital identity which is essential for complying with SCA requirements. Due to the considerable advantages, the country is already a vibrant fintech hub, and the presence of numerous fintech startups and innovation centers offers opportunities for networking, collaboration, and knowledge sharing. The required minimum capital starts from 20,000 EUR but can increase significantly for a wider scope of activities. The application fee is 3,300 EUR.

Germany, with its robust financial services industry and well-structured regulatory framework, is known as an influential jurisdiction for financial institutions, including those seeking a PSD2 license. The country’s reputation for financial stability, supportive business environment, and active promotion of innovation make it an attractive choice for businesses entering the payment services industry. The Federal Financial Supervisory Authority (BaFin) is dedicated to maintaining Germany’s reputation and ensuring that licensees operate with integrity which in turn builds trust among customers and business partners. The required minimum capital amount and the application fee heavily depend on the specific business scale and are determined on a case-by-case basis but on average they are around 125,000 EUR and 5,000-10,000 EUR respectively.

Requirements for Applicants for a PSD2 License

While exact requirements can vary from one jurisdiction to another and we can advise you on this in a personalized consultation, there are several general but equally important legal requirements that are prevalent in most of the EU countries. Most likely, you’ll have to start with establishing a local company in a jurisdiction where you intend to apply for a PSD2 license. Usually, you’ll be required to choose a very specific legal form, such as a Private Limited Liability Company (UAB) in Lithuania, have a local registered office, and meet appropriate minimum capital requirements.

Once you’ve established a company, you’ll have to meet at least the following requirements:

• Demonstrate the ability to implement SCA to reduce the risk of fraud
• Have robust AML/CFT policies and procedures in place to effectively prevent financial crime
• If you intend to hold customer funds, you must demonstrate appropriate safeguarding arrangements to ensure the protection of customer funds in the event of insolvency
• Establish effective internal control systems and risk management procedures to ensure operational and financial stability
• Demonstrate the capacity to keep records and report relevant financial and operational data to the regulatory authority
• Establish effective security measures and IT infrastructure to safeguard customer data, ensure secure payment transactions, and guarantee cybersecurity

As an applicant for a PSD2 license, you’ll have to prepare various documents:

• Company registration certificate
• Articles of Association
• A thoroughly written business plan detailing the nature and scope of the payment services to be provided, including the types of transactions and customers served
• Financial statements, including balance sheets, income statements, and cash flow statements
• Proof of paid application fee
• A business continuity plan detailing how your company will manage and recover from disruptions, such as system failures or cyberattacks
• Documentation of the company’s corporate structure, including the ownership structure, board of directors, and key personnel
• Documentation of internal AML/CFT policies and procedures
• A detailed risk management framework, including the identification and mitigation of operational and compliance risks
• Proof of professional indemnity insurance
• CVs of company directors and other key personnel, along with evidence of their financial qualifications and relevant experience
• Copies of passports of the key personnel and shareholders

How to Apply for a PSD2 License?

The application process can take anywhere from three months to a year, depending on your chosen jurisdiction, the quality of your application, and the responsiveness of regulatory authorities. The specific application stages and milestones also vary, although there are certain general steps that you will have to take almost in any jurisdiction.

Applying for a PSD2 license involves the following key steps:

• Gathering and drafting the required documentation, and filling out a formal application form provided by the regulatory authority
• Paying the required application fee
• Submitting the application form along with the documents to the regulatory authority
• The company’s management team and shareholders should pass a fit and proper assessment, demonstrating their integrity, competence, and experience in the financial services industry
• If requested by the authority, provide additional information, clarifications, or modifications to your application during the review process
• You may also have to allow the conduct of an onsite inspection of your operations where the regulatory authority will assess your compliance and risk management practices

Ongoing Requirements for PSD2 License Holders

Once you’re a PSD2 license holder, there will be a myriad of requirements and standards you’ll have to adhere to. With our continuous help, you can rest assured that your payment services company will always remain compliant with the ever-evolving EU regulatory framework and relevant national regulations which is crucial in avoiding associated risks and ensuring uninterrupted operations.

For now, know that maintaining a PSD2 license entails adherence to such requirements as:

• Preparing and submitting regular reports to the regulatory authority, covering such aspects of your business as transaction data, security incidents, and compliance with SCA requirements
• Complying with the GDPR and national data protection regulations
• Maintaining safeguarding arrangements to protect customer funds in the event of insolvency
• Continuously monitoring and enforcing internal controls to ensure the proper functioning of your payment services and adherence to regulatory standards
• Maintaining effective procedures for handling customer complaints, including timely resolution and compliance with dispute resolution mechanisms

If you wish to obtain a PSD2 license, our team here at Regulated United Europe will be delighted to support you in incorporating a company and applying for a license in an EU jurisdiction that suits your business goals. Our dedicated specialists can also guide you through the acquisition of a ready-made company with an existing PSD2 license. With experienced lawyers, business development professionals, and financial accountants at your side, you will find the processes of starting a PSD2 business easy, seamless, and transparent. Contact us now to schedule a personalized consultation and set the stage for sustainable success.