Since 2017, European banks and other payment service providers (“PSPs”) have been able to offer instant credit transfer (“ICT”) services, to their customers (i.e. payment service users (“PSUs”), that allow them to make euro transfers immediately, 24 hours a day and every day of the year. These services enable instant euro transfers not only between account holders within the same Eurozone country, but also to recipients with accounts in other Single Euro Payments Area (SEPA) countries.
With the aim of moving towards a unified market for instant euro credit transfers, where transactions are conducted under standardised rules, the Regulation (EU) 2024/886 of 13 March 2024 amending Regulation (EU) No 260/2012, Regulation (EU) 2021/1230, Directive 98/26/EC and Directive (EU) 2015/2366 as regards instant credit transfers in euro (the “ICT Regulation”) entered into force on 8 April 2024; the ICT Regulation:
- has made offering ICT services mandatory for all PSPs that handle euro credit transfers;
- has made certain amendments to the Regulation (EU) 260/2012 of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (the “SEPA Regulation”);
- has created a new security framework for ICTs by requiring the PSPs to offer a service of checking and matching beneficiary names and IBANs and to follow a harmonised control procedure for financial restrictive measures, and
- has amended the Directive 98/26/EC (the “Settlement Finality Directive”) and Directive 2015/2366 (EU) (“PSD 2”), to permit direct access of payment institutions (“PIs”) and electronic money institutions (“EMIs”) to the payment systems at the national level, as well as to central banks to safeguard customer funds.
In view of effective implementation of the ICT Regulation, and the transposition of the amendments to the Settlement Finality Directive and PSD 2, the Draft Law No. 8460 (the “Draft Law”) amending the Payment Services Law of 10 November 2024 (the “Payment Services Law”) has been submitted to the Luxembourg Parliament (Chambre des Députés) on 20 November 2024.
Key provisions of the Draft Law
New Safeguarding Option for PIs and EMIs for their received funds
The Draft Law shall introduce an amendment to the Payment Services Law, according to which the PIs and EMIs will have an option to safeguard their received funds in a segregated account opened in the central bank in addition to their option to deposit such funds into a segregated account in a credit institution or invest them in low-risk, liquid and safe assets. This is the transposition of the relevant provision of the ICT Regulation, which amends the corresponding provision of PSD 2.
Direct Participation of PIs and EMIs to the payment systems
Moreover, in line with the amendments made by the ICT Regulation to the PSD 2, the Draft Law shall also make targeted amendments to the Payment Services Law to provide PSPs direct access to the payment systems within the meaning of Settlement Finality Directive, i.e. without relying on a third party, which would usually be a credit institution.
The Draft Law provides the general conditions that should be met, in order for the PIs and EMIs to have direct access to the said payment systems, i.e. the PIs and EMIs should have the following in place prior to applying for participating to the relevant payment systems:
- a description of measures taken to protect client funds;
- a description of the applicant PI’s or EMI’s governance arrangements and internal control mechanisms, including administrative, accounting and risk management procedures, as well as a description of the arrangements concerning the use of the PI’s or EMI’s information and communication technology services within the meaning of Regulation (EU) 2022/2554 of 14 December 2022 on digital operational resilience for the financial sector (DORA); and
- a liquidation plan in the event of failure.
PIs and EMIs intending to participate in a payment system must provide a notification to the CSSF at least 2 months prior to their participation, which includes information demonstrating compliance with the above requirements. The CSSF shall approve the participation within 2 months of application, if the conditions are met. If not, CSSF will provide further guidance regarding measures to be taken by the applicant PI or EMI within this deadline.
New Penalty Regime for Breaches of SEPA Regulation
Finally, a new penalty regime for the violations of the SEPA Regulation, as amended by the ICT Regulation, shall be established by the Draft Law’s amendments to the Payment Services Law.
Accordingly, CSSF, who is the body responsible for overseeing compliance to the SEPA Regulation, will have the power to order sanctions to the PIs and EMIs that are in breach of the SEPA Regulation (including the new provisions introduced by the ICT Regulation) ranging from warnings and reprimands to administrative monetary fines.
In case of a breach to Article 5 (d) of the SEPA Regulation however, more severe fines are envisaged. New Article 5 (d) of the SEPA Regulation sets forth the requirements for the PSPs offering ICTs to apply a certain screening procedure for verifying whether a payment service user is a person or an entity subject to targeted financial restrictive measures. If these requirements are violated, the CSSF may apply an increased amount of administrative fines which would be calculated based on the annual net turnover, if the breaching PSP is a legal entity.
Share on
