The majority of criteria proposed in this guideline are reasonable and useful to promote a harmonized implementation and application of the exemptions foreseen in Article 3(k).
Nevertheless, as regards GL 1.4 clarification on the type of information that the competent authorities will check in order to verify that the service providers are applying technical and contractual restrictions will be welcomed. The concept of technical restrictions is a very broad concept, and it could be difficult to give evidence in this connection.
Regarding GL 1.6 on several exempted payment instruments on one single mean of payment, our understanding is that one single means of payment could comprise several exempted payment instruments. This approach seems in line with the ECJ judgement C 287/19, but we see a risk that this may lead to a card that can basically function in the same way as a general-purpose card, but in fact hosts several exempted payment instruments that are not subject to PSD2 requirements. This could open up for circumvention of consumer protection rules, and an unlevelled playing field for regulated PSPs and non-regulated PSPs.
Additionally, please note that GL 1.6 and GL 1.7 are not coherent and could have adverse effects. While GL 1.6 allows the issuers of a means of payments to combine more than one payment instrument within the scope of Article 3(k) of PSD2 in the same means of payment, GL 1.7 does not allow a single means of payment to accommodate simultaneously payment instruments within the scope of PSD2 and specific payment instruments within the scope of Article 3(k) of PSD2 as established in GL 1.7.
Once the combination of more than one payment instrument is allowed to be accommodated within the same means of payment it should not be determining whether the different payment instruments are within the scope of PSD2 or within the scope of Article 3(k) of PSD2, provided that the exemption applies to the payment instrument and not to the means of payment, and provided that they comply with the technical and contractual restrictions specified in GLs 1.4 and 1.5. With those requirements, payment users will be better protected by allowing the combination of exempted and non-exempted payment instruments in the same means of payment as far as these are issued by a single service provider. This will create incentives for unlicensed service providers to get a PSP license in order to be able to combine regulated and exempted payment instruments in the same means of payment, thus limiting the number of non-regulated players in the market that provide only payment services beyond the PSD2 scope.
Therefore, combining payment instruments within the scope of Article 3(k) and ‘regulated’ instruments in the same means of payment should always be possible, provided that each instrument within the means of payment is autonomous and independent, is clearly differentiated from the rest of instruments embedded in the same device through unequivocal elements such as the procedure of use, the functionalities or differentiated credit lines, and the payment user have been properly informed and is aware of the features of the different payment instruments combined in a single means of payment.
The means of payment in such cases are to be considered as a wallet of payment instruments regardless the physical or electronic format. On the contrary, physical payment instruments such as cards would be left at a competitive disadvantage before electronic payment solutions such as mobile wallets. These electronic payment solutions allow users to aggregate different payment instruments within one single device despite the fact the provider of the mobile wallet (typically the mobile manufacturer / OS provider) is not regulated under PSD2.
Furthermore, it would be aligned with GL 5.2, regarding the provision of regulated and not regulated services/electronic money by the same service provider or electronic money issuer, where it suffices to distinguish between them in a clear and easily recognizable way.
Bearing all the above in mind, GL 1.7 should be removed and GL 1.6 reworded as follows:
“Competent authorities should take into account that a single card-based means of payment can accommodate simultaneously more than one specific payment instrument within the scope of Article 3(k) of PSD2. Competent authorities should ensure that the technical and contractual restrictions specified in GLs 1.4 and 1.5 apply to each specific payment instrument within the scope of Article 3(k) of PSD2.”
GL 1.12 states that the issuer of a payment instrument under Article 3(k) can be established in a Member State different from the Member State whose competent authority has received the notification under Article 37(2). It is our understanding that this does not necessarily imply that one and the same payment instrument issued under Article 3(k) can be used in several different Member States. If so – it should be clarified if EBA is of the opinion that cross border functionality is consistent with the purpose of the exclusion.
The guideline should provide clarity on cross border issues. We do not view the so-called flexible approach (point 24 under section 4.2.2) as being helpful for Competent Authorities nor other industry participants since the “flexible approach” opens up for arbitrary and incoherent decisions that would threaten to further distort competition on the payment instrument market. As of today, some countries accept a limited network exempted card to be used cross border and some countries do not.
Platforms that do not themselves offer goods or services but instead only facilitate and offer a marketplace for goods or services shall not be viewed as offering premises as worded in PSD2 Article 3 (k)(i) which follows by GL 3. Furthermore, it should be clarified that internet-based platforms with business models based on continuously growing lists of connected service providers shall not qualify for the limited network exemption. This should be suggested as a disqualifying factor in the guidelines or at least a factor that heavily weighs against an exclusion. Despite this e.g., Facebook Payments International Limited has been registered under the limited network exemption in several member states.
Regarding GL 2.1 b) and c) - "before submitting the notification" should probably rather be "when submitting the notification".
GL 2.1 and 2.2 still seem to be very vague and may still lead to different treatments. For example: What would the limitation of number of providers be for online platforms? Should they be entitled to use this exemption at all?
Some of the 2.2 points are questionable/difficult to understand and may lead to different interpretations and implementations, e.g.:
a) "size of the geographical area". We consider the actual area size to be totally irrelevant.
c) What is meant with "The envisaged amount to be credited to the payment instrument” - only e-money that can be loaded to the payment instrument or also e.g., a spending cap or a credit line?
e) What is meant with "categories of customers"? It could be interpreted as B2C or B2B, but beyond that would be difficult to interpret and apply.
g) Whereas the network is centralised or decentralised would need to be elaborated in terms of added risk.
Point 25 under section 4.2.2 of the Consultation Document
On the topic of different examples of existing limited networks, we suggest not adding the following proposed potential requirements to the background and rational section of the proposed guidelines due to being far too extensive as well as impractical to assess:
• A specific region with local producers of foods and services
• Stores within a town, which are registered in the local town chamber of commerce
Point 26 under section 4.2.2 of the Consultation Document
We suggest not adding this paragraph in the background and rational section of the proposed guidelines as it could be perceived as proposing a manner to circumvent the limitations set to contain the use of the exemption. The proposed set up could be assumed to create paperwork without the added value that should be provided by the explained rational for regulatory guidelines.
The guideline could provide even more clarity on what range of goods or services should be considered “limited range of goods or services”. We suggest including examples indicating what goods or services that cannot be assessed as having a functional connection between them. Some countries consider it acceptable to mix fuel and victuals under the limited range of goods or services exemption as long as they are provided at the same place, and some countries do not accept it. Given that today’s supermarkets typically offer hundreds of thousands of goods of various categories there is a need to reach a common definition of the concept of limited range of goods or services. E.g., what motivates GL 4.3?
GL 4.4: The current phrasing is too vague and will not lead to the necessary harmonisation.
GL 4.4(f): Same comment as concerning GL 2.2.(g) above. Whether the network is centralised or decentralised would need to be elaborated in terms of added risk. If this is not done, we suggest removing this indicator as it does not guide the regulator when assessing the applicability of the exclusion.
Generally, EBF does not agree that it is unclear from PSD2 if regulated entities should be able to use the exemption or not. In addition to the reasoning already provided by the EBA itself, it is also clear from the location of both Article 3(k) and Article 37 that also regulated entities shall be able to use the exemption. Both articles are located in chapters that regulate joined provisions that apply for all payment service providers.
It is not completely clear what is meant by "different brands" in point GL 5.2. E.g., could it still be a combination of the payment brand (that is used for several products) and a product specific brand or should it only be a product specific brand?
In relation to GL 5.3 - we can see that it can be beneficial for consumers to receive the information that the payment instrument is not protected by the PSD2 provisions. But we do not see why this obligation should only apply to regulated entities - the need would be the same for regulated and unregulated entities. Having this obligation for regulated entities only could give the impression that products from regulated entities are worse and thus give a competitive disadvantage.
In relation to GL 5.4 - also here - the same rules should apply for regulated and unregulated entities. There is no legal basis for having stricter obligations for regulated entities compared to unregulated entities.
General comment: EBF would find it beneficial if it could be clarified that regulated entities do not have to make use of the exclusion, but instead can treat the card as a regulated card and thus not require notifications or similar.
Regarding GL 6.1, "where the service is provided" seems not to be a suitable criterion to base the reporting country on given that "where a service provided" is very difficult to determine for cross-border services and no clear guidance exists to our knowledge. The EBA seems to have concluded this itself in its’ "Report on potential impediments to the cross-border provision of banking and payment services from October 2019", page 4 and 5
"In particular, digital solutions provide new ways for institutions, including new entrant FinTech firms, to reach consumers in multiple jurisdictions but competent authorities and consumers face difficulties in determining when such activities constitute cross-border business under the freedom to provide services. Although this issue is not limited to financial services, the EBA highlights the need for the European Commission to update its 1997 Communication in order to promote greater convergence of practices in determining when business is to be regarded as being provided cross-border under the freedom to provide services, taking particular account of technological developments.".
From a practical perspective, it would seem easier to require notification on HQ and on branch level. This would also be in line with other reporting obligations. That an entity has passported cross-border services to a certain country does not necessarily mean that a service is provided there - an entity may just have chosen to do so for security reasons in case a local authority would deem a service to be provided locally e.g. due to residency of the customer.
Also, EBF suggests the following deletion from GL 6.1: “and where the thresholds set out in Article 37(2) of PSD2 are breached in the particular jurisdiction.”
Indeed, EBF believes that the calculation of the threshold should be carried out at the level of the single provider but not also for single country/jurisdiction.