PSD2 and online marketplaces
Will your online marketplace become a DNB regulated entity?
Under the revised, much-discussed Payment Service Directive (PSD2), online marketplaces are required to obtain a regulatory license. This results organisations becoming regulated entities and ultimately, payment institutions. The impact on these marketplaces will therefore be significant. In this blog, we discuss what PSD2 has changed, what it implies for online marketplaces and what exemptions and alternatives exist.
PSD2: things are about to be different
Online marketplaces have rapidly taken a central position in the spending pattern of European citizens. They can be seen as one of the most disruptive consequences of the digital revolution. Some of these marketplaces have developed into multi-billion conglomerates, but many of them are of a more moderate size. What they generally all have in common though is the fact that these marketplaces are – or better: were - non-regulated, unlike payment services providers or other undertakings with a financial services component. For most of these platforms, things are about to change drastically.
What has changed?
In the original Payment Service Directive (PSD1), the European Commission included a commercial agent exclusion, placing certain online marketplaces whom act only for payer or payee out of regulatory scope. However, the exclusion was open to interpretation, and this interpretation widely varied between Member State regulators. In practice, the exclusion was applied by virtually all online marketplaces, neutralizing the intent of PSD1 and basically surpassing it. This was deemed undesirable as usually, online marketplaces facilitate payments between payer and payee, holding the received money for a limited period of time. This resulted in an increased risk for both merchants and consumers because online platforms were left outside the scope of the legal supervisory framework. Hence, these merchants and customers were not protected against potential bankruptcies.
The European Commission made an effort to terminate this situation, as it considered in the PSD2 preamble that the generous application of the exclusion went beyond the intended scope of PSD1. The preamble further states that “the exclusion should (…) apply when agents act only on behalf of the payer or only on behalf of the payee, regardless of whether or not they are in possession of client funds. Where agents act on behalf of both the payer and the payee (such as certain e-commerce platforms), they should be excluded only if they do not, at any time enter into possession or control of client funds”.
The exclusion will therefore only be applied as initially intended in PSD1. And so it applies only when an online marketplace explicitly acts on behalf of either the payee or the payer, not when acting for both the parties. All in all, no more than five words were added to the original text of the PSD1 exclusion. However small, this minor change indeed provides more clarity on the intent of the exclusion and results in significant changes ahead for online marketplaces.
Becoming a licensed entity
With the exclusion narrowed down, online marketplaces acting on behalf of both the payer and the payee and managing the payments between those two parties, are effectively required to obtain a license from a regulator in their home Member State. In the Netherlands, this is De Nederlandsche Bank (Dutch Central Bank, DNB). In short, obtaining a license means the regulator provides an authorization to operate and the entity itself becomes regulated. Understandably, this prospect can be daunting for even the large players in the market, let alone the smaller players who still function as ‘start-up’ or ‘scale-up’. It means the regulator exercises a certain level of supervision. Moreover, the regulator would issue requirements influencing the structure of many aspects of the business of the online platform.
The process of obtaining such a license is always intensive and time-consuming, especially for parties who until recently did not have any regulatory know-how whatsoever. At the moment, PSD2 has not yet been implemented into Dutch legislation, and it is not expected to do so until after the summer recess of the Dutch parliament (as the envisioned delayed implementation in Q2 of this year will most likely not be met). DNB has therefore not yet finalized the licensing process. Still, it is fairly clear what the requirements to obtain a license are. For example, a business plan should be drafted including a forecast budget calculation. Also, a systematic integrity risk analysis (SIRA) is to be performed and clear plans to monitor and report on fraud and security incidents should, inter alia, be made. Before the license application is submitted, specific functionaries are to be appointed such as a risk management officer and compliance officer. A minimum capital should be held at all times and transaction monitoring on money laundering and terrorism financing should be in place.
Alternatives to obtaining a license
Is obtaining a license the only option once PSD2 is live? The European Commission has still left room for exclusion grounds. In the Netherlands, it is expected that one exemption will be available for marketplaces. Organizations with an average total amount of payment transactions not higher than EUR 1 million per month in the foregoing twelve months, can use this exemption. In PSD2, this amount is set on EUR 3 million per month, although room is left for Member States to deviate from this. It is generally expected that the Netherlands, like other Member States, will use this option, although no clarity exists yet on the definite outcome.
Another option would be to change the business model and operate either on behalf of the payee or on behalf of the payer. For many online marketplaces, this would have a large impact on the business model and potentially put them out of business.
For marketplaces who would by now feel the pressure to start putting together a project team to start the licensing process, it is good to know that it is also possible to have a licensed third party execute the required activities. Currently, there are multiple organizations in the market who provide such services and many online marketplaces already make use of this option. Collaborating with such companies has advantages; the online marketplace can focus on its strengths, while the third party facilitates the payments process. An important consideration though, is the effect on the business model. If the payment-related activities are substantial, outsourcing could not be less attractive – both from a profitability and business model perspective. Margins for online marketplaces are usually tight and paying a service fee to a third party can be of a large financial impact on the overall business case. In that aspect, it is good to note that fees can be substantial. On the other hand, for most small online marketplaces, this option will be the most feasible one.
Whatever option an online marketplace is pondering; PSD2 is coming close. It is therefore essential to act quickly and be prepared. Although the Dutch implementation is not yet final and it is not yet possible to start an application process under PSD2, the outline of the law is clear. It provides enough clarity for online marketplaces to start implementing the required changes in case they want to apply for a license, a license exemption or to start conversations with licensed third parties. Moreover, non-compliance with the provisions laid down in PSD2 - while falling within its scope - is an offence.
And finally, it is good to realize that the license obligation comes with a price, but it can also spur innovation, mainly for the larger online platforms. Why not bring the entire payment process in-house, cutting out the payments service providers and therewith improving the overall customer journey?
What can Deloitte do for you?
Whichever approach you choose, Deloitte can provide guidance in your PSD2 licensing process. Deloitte has a multi-functional Market Entry team available, with experts with a regulatory, legal, tax, consulting, privacy and cybersecurity background, cooperating to provide clients with a tailor-made advice for any payments-related organization.
Want to know more on PSD2 and the regulatory changes? Please contact Martin Eleveld, Pieter van Doorn or Jan-Maurits Hoijtink via their contact details below.