The UK is one of three EU member states that have opted out of signing up to new guidelines from the European Banking Authority (EBA) on standards for payment service providers. The guidelines, which come into effect this August, require payment firms to meet a number of certain standards, notably those related to the privacy and security of their customers when making payments online.
Head of Consumer Protection, Financial Innovation and Payments for the EBA, Dirk Haubrich, said “This work will ensure increased confidence in internet payments for consumers and firms in the EU, and is aimed at allowing this sector of the payments market to continue to grow.”
24 member states have so far signed up to the EBA’s guidelines, a further 2 have promised to comply in part, and 3 members – Estonia, Slovakia, and the UK, have chosen to opt out.
A spokesperson for the UK's Financial Conduct Authority said, “[The EBA] does not have the power without legislative change to make binding rules requiring all payment service providers (credit institutions, payment institutions and e-money institutions) to comply with the EBA Guidelines”. The FCA does however insist that it is supportive of the EBA’s objectives and is subsequently considering issuing its own, similar set of guidelines to payment service providers at some point in the future.
The new guidelines are being introduced as a stopgap and will eventually be superseded by the revised Payments Services Directive (PSD2), expected to come into force 2018/19. The FCA notes that it is required to comply with PSD2, along with any security recommendations similar to the EBA guidelines that it may contain.
