On 17 April 2018 the Lithuanian Parliament adopted the package of the draft laws regulating the activities of the payment services implementing the second Directive on Payments (the PSD II).
The amended laws regulate the activities of the payment service providers, including the electronic money institutions. New rules and requirements set by these laws are mainly related to:
- regulation of newly emerged payment services;
- conditions for applying certain exemptions on certain payment-related activities;
- security measures ensuring a high level of payment security and protection of consumers;
- access by payment institutions to payment account services of credit institutions;
- requirements of good repute;
The changes result from adoption of the following amended and restated Lithuanian legal acts: the Law on Payments; the Law on Payment Institutions; The Amended Laws will come into force on 1 August 2018. Below we summarise the major changes.
Regulation of “one-leg transactions”
Some provisions of the Amended Laws apply to transactions with third countries where only one of the payment service providers is located within the EU in respect of those parts of transactions which are carried out in the EU (“one-leg transactions”). This extension of scope primarily concerns providers of payment services located in the EU. These payment service providers will have to provide information and transparency on the costs and conditions of international payments, at least in respect of their part of the transaction.
New types of payment services
The scope of payment services regulation is widened by:
- covering new services and players, ie. payment initiation service providers and account information service providers;
- extending the scope of existing services (ie. payment instruments issued by payment service providers that do not manage the payment service user’s account), enabling their access to payment accounts.
The Amended Laws require payment service providers of these new services to be authorised and regulated.
The new regulation enables bank customers to use third-party providers to manage their finances (to pay bills, make person-to-person transfers and analyse their spending), while still having their money safely placed in their bank account. Banks, though, must allow these third-party providers access to their customers’ accounts through an open application program interface. This enables third parties to build financial services on top of bank data and infrastructure by increasing competition in the Baltic payment market where “bank-link” services currently dominate.
Access to payment accounts
Under the Amended Laws, credit institutions cannot block or prevent access to payment accounts, while payment institutions should have access to payment account services of credit institutions objectively, non-discriminatorily and proportionately. A credit institution that refuses to open an account must immediately notify the Bank of Lithuania.
Conditions for using exemptions on certain payment-related activities are clarified:
- The commercial agent exemption should apply when agents act only on behalf of the payer or payee, regardless of whether they are in possession of client funds. The recitals of PSD2 state that where agents act on behalf of both payer and payee ‒ such as certain e-commerce platforms ‒ they should be excluded only if they do not at any time enter into possession or control of client funds.
- The limited network exemption applies if at least one of the following conditions are met: (i) the payment instrument is used for the purchase of goods and services from a specific retailer or specific retail chain where the entities involved are directly linked by a commercial agreement; (ii) the instrument is used for the purchase of a very limited range of goods or services; or (iii) where the payment instrument is regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services.
- The exemption for payment transactions by means of telecom of information technology devices is specified and narrowed down as follows: limited mainly to micro-payments for digital services downloaded on to a digital device or of electronic tickets or donations to charities; and only payments under a certain threshold are excluded.
- Conditions for notifying the Bank of Lithuania when acting under the limited network exemption or the telecom exemption are set so that the Bank of Lithuania can assess whether or not the activities are subject to licensing requirements. These activities will be listed in public registers.
Strong customer authentication
To make electronic payments safer and more secure, providers of payment services will be obliged to apply so-called strong customer authentication when a payer initiates an electronic payment transaction. For remote transactions, such as online payments, the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising risks in case of mistake or fraud. Click here and read the full article on the homepage of Sorainen, the exclusive partner of WTS Global in Lithuania!