EPSM - European Association of Payment Service Providers for Merchants

The scope of the guidelines reaches too far.

In addition, EBA should also verify if EBA has done enough to consult non-bank actors (like potential outsourcing providers, and their associations) with this “bank-oriented” online consultation, according to EBA’s task in Recital (108) PSD 2. The current EBA consultation is probably not known to many European and global market participants that will be indirectly affected by this new regulation.

This outsourcing regulation should apply only to the outsourcing of important and critical functions and should not apply not apply to outsourcing of other, minor" functions and not to the use of additional “general purpose” services (like telephone or IP services, building rental services or building cleaning services). Also the use of payment services of other regulated payment service providers (like the payment services of CRR-credit institutions or central banks) should not be considered as “outsourcing” to avoid "double regulation".

Also to keep Europe innovative and attractive for start-ups, it should be evaluated to exclude small payment and e-money institutions from many of these new requirements, at least for the initial years of their business.

The EPSM supports in general the detailed statements of several other national and European associations, like BVZI, IG Kreditkarten, and EPIF, concerning in general that the present wording of the planned guidelines risks to be over-reaching, will create unnecessary bureaucratic burden and does not fit to the concept of appropriate, proportional regulation.

"Less would be more".

Finally, a general remark to the wording of the definitions:
Very frequently the text says “institutions and payment institutions”: For better readability of the text, the definition ”institutions” should also include payment and e-money institutions. If a specific regulation shall not be required for payment and e-money institutions, the wording “institutions, with the exemption of payment and e-money institutions” might be used for better readability."
No, they are not clear enough.

For clarification, the EPSM suggests, that EBA will consult with national regulators and market participants, to create EU-wide “white” and “black” lists, which services are categorized generally by EU regulators as

a) outsourcing of critical or important operational functions
b) outsourcing of other services, and
c) other external services which are no outsourcing services at all
(like telephone services (see draft guidelines topic 23) or regulated banking services (like fiduciary
settlement accounts by banks for payment institutions, of payment scheme processing services as described in the IF-Regulation).

In the content structure of the Guidelines, there should be also a better differentiation between “outsourcing of critical or important operational functions” (PSD2, Art 196) and outsourcing “of other functions”.
Not in all cases.

In our understanding, the wording in Paragraph 92 should be clarified, e.g. to “Institutions and payment institutions should make available the register of all existing outsourcing arrangements of critical or important operational functions, ”.

Alternatively, to reduce the scope, only for payment institutions using the wording from PSD2, Article 19, 6: “… payment institutions should make available the register of all existing outsourcing arrangements of operational functions of payment services, “.

If the present wording will be kept, e.g. the use of a “letter shop” for distributing paper marketing leaflets for non-regulated services might be considered as “outsourcing with corresponding notification requirements” to the home regulators. A new wording should contribute to avoid unnecessary over-regulation for regulated institutions and their service providers.
Nicolas Adolph