- The Council of Ministers has approved the Royal Decree that develops the legal regime of payment institutions
- The new legal framework reinforces security and transparency for users of payment services, encourages innovation, promotes competition and harmonizes the provision of this service in the European Union
- The Bank of Spain will supervise all payment service providers operating in Spain to ensure the proper application of protection and transparency measures
The Government completes the transposition of the Payment Services Directive, known as PSD2. The Council of Ministers has adopted the Royal Decree that develops the legal regime of these entities and in the coming days the Ministerial Order that develops its transparency requirements will be approved.
These rules complete the Royal Decree-Law on payment services and other urgent measures in financial matters approved at the end of last year, which included the main provisions of the Directive. The transposition to the Spanish legal system represents a substantial advance in the regulation of these services because it reinforces security and transparency, fosters innovation by guaranteeing the protection of users, favors competition and harmonizes the provision of this service in the European Union.
The new legal framework regulates the payment services through which customers can make and receive payments, either through an account or using instruments or procedures such as cards, QR codes or the initiation of payments (intermediaries that guarantee payment from consumer to merchant as an alternative to card payments), also including cash withdrawal at ATMs.
These regulations introduce relevant changes for citizens, merchants and financial operators. In the case of citizens, security in the hiring of new suppliers is increased and the information of the contracts signed and the operations carried out is increased. For merchants, transparency is improved by establishing the information they should receive from all payment transactions in which they intervene. Finally, the requirements for the provision of these services are specified for financial operators.
The Royal Decree develops the legal regime of payment institutions, the specific regime of new suppliers and the powers of the Bank of Spain in terms of authorization and registration.
Specifically, it improves the protection of payment service customers by acting in three areas. First, an authorization procedure is established for initiators and registration for payment aggregators, which will be regulated and supervised by the Bank of Spain.
Secondly, the security requirements in the provision of these services are increased. Payment institutions must have a security policy and a procedure for the supervision, processing and monitoring of security incidents and user complaints.
Thirdly, payment institutions and electronic money that grant credits must comply with bank transparency regulations, which will result in greater protection for payment service customers who additionally request a credit.
To ensure that payment institutions comply with the established rules of conduct, transparency and protection, the Royal Decree establishes that the Bank of Spain may request the information it deems necessary.
Likewise, the new legal framework of authorizations established in the Royal Decree favors competition as it allows the provision of new services and the incorporation of new suppliers for their provision. Specifically, electronic money entities may perform payment services under the same conditions as payment entities.
Finally, progress is being made in promoting innovation in payment services, one of the main objectives of the Community Directive. For this, the registration procedure is established without the need for authorization for small payment institutions (the so-called Small Payments Institutions) which will favor the emergence of innovative companies.
The transposition of the Payment Services Directive will be completed with the approval of a Ministerial Order in the coming days.
The Order includes additional elements to increase user protection. Thus it is established as a novelty that the information requirements are mandatory when the users are a consumer or a microenterprise.
For the first time, the information that payment service providers must provide to users is regulated, in particular that they must provide to customers when providing the account initiation service. Finally, it is established which entities have the obligation to maintain a customer service.