It has been a while since BaFin has issued new guidance with regard to the supervision of payment services. More precisely, it took almost five years for BaFin to update its guidance notice on the German Payment Services Supervisory Act (Zahlungsdiensteaufsichtsgesetz, ZAG).
Last week, on 14 February 2023, BaFin has given the financial industry a Valentine’s Day present and issued its new leaflet (Guidance Notice) without, however, explaining the background of the changes in more detail or referring to individual changes. So, it took some time to identify the specific changes – and essentially: the amendments are rather (helpful) clarifications with which BaFin sets out in writing its already existing administrative practice. In addition to some editorial changes, BaFin also implements requirements resulting from the EBA guidelines concerning limited network exemptions in its administrative practice.
We have summarized the material changes below. So, you can skip ahead (should you choose to) – the main topics are:
- Money remittance services
- Account information services
- E-Money business
- Exemptions
1) Money remittance services
a) Power of attorney granting access to accounts
BaFin has now incorporated in its Guidance Notice statements as to whether the granting of a power of attorney (PoA) granting access to accounts could trigger a license requirement for the money remittance business. This was previously only published as part of a BaFin presentation on 8 June 2021. The clarification is relevant for all in-house / treasury services of companies that have not relied on a payment services license when initiating payments on behalf of other group companies. In general, BaFin assumes that for the fulfilment of the money remittance business it is generally sufficient that the service provider links to a payment account of the payer or a third party, e.g. by having a corresponding PoA granted for this purpose and thereby having access to the funds on a payment account. The economic purpose pursued by the PoA is to be determined on a case-by-case basis and the question is to be asked as to whether the service also qualifies as a money remittance service in accordance with the meaning and purpose of the legal regulation. In this respect, according to BaFin, the type and scope of the PoA is decisive. However, since the definition of money remittance services would be extended without limit, BaFin provides restrictive criteria. Accordingly, the need for supervision generally does not apply in the case of a so-called “Vertretung mit gebundener Marschroute”, i.e. a representation with a bound line of approach that has no decision-making leeway with regard to the content of the contract and the contracting parties. This presupposes that:
- the authorisation is unconditional and revocable at any time,
- the principal’s power of disposal over the account remains unrestricted,
- the authorisation specifies in a sufficiently concrete and conclusive manner the services that are directly related to the payment transaction in terms of time and substance,
- the authorisation does not establish a general payment procedure when viewed from a prudential economic perspective; and
- the service is envisaged is manifestly not relevant to money laundering or terrorist financing.
However, the individual criteria are not further specified. BaFin just emphasizes that if there is even the theoretical possibility of money laundering or terrorist financing relevance, as well as in cases of collusive, abusive – also criminally relevant – cooperation between the representative and the agent and/or a third party, a teleological reduction is excluded from the outset.
According to BaFin, the use of a type “T” transport authorisation in the E-BICS payment procedure is not problematic. This type of authorisation only allows the transport of the order to the executing credit or payment institution.
b) Non-performing receivables
BaFin also clarifies its statements on the question of the conditions under which debt collection is to be classified as a money remittance service. In Germany, it is often difficult to assess whether a particular “collection service” qualifies as licensable factoring or money remittance business or just has to be considered as “legal service” to be registered with the Legal Services Register regulated under the Legal Services Act (Rechtsdienstleistungsgesetz). As before, the collection of unpaid (non-performing) receivables should not qualify as a money remittance service. BaFin has now emphasized that even after the implementation of PSD2, the conceptual understanding set out in the Guidance Notice from 2011 still applies although the explanations were not included in the updated Guidance Notice from 2017 and had therefore raised questions. According to BaFin, “collection” and “enforcement” of receivables should be understood to mean solely dunning and enforcement activities as well as judicial assertion of non-performing receivables. These activities alone are not intended to constitute a payment service. That determination whether, beyond these services, a particular collection activity qualifies as money remittance service or as other payment service, continues to depend on the specific individual case.
2) Account information services
As regards account information services, BaFin clarifies that the aim of the provision is to protect customers’ payment account-related data from unauthorised access. This is linked to the receipt of the account access data, i.e. the “credentials” such as PIN and TAN. If the activity of the service provider is therefore limited to providing account information to the recipient, the requirement is not met. Access to the customer’s payment account data is always required.
According to BaFin, if the service is provided based on a division of activities, the person who is not legally obliged to offer the account information, does not come into the possession of the account access data and receives the account information from another licensed or registered account information service provider does not fulfil the requirement. Meanwhile, this requires that the account holder enters into its own contractual relationship with other licensed or registered account information service providers.
3) E-Money business
a) Bonus programs
Good news for operators of bonus programs as BaFin incorporated some helpful clarifications relevant for their business models. With regard to the criterion of “issuance in exchange for a monetary amount”, BaFin has previously stated that this criterion is not fulfilled in the case of the issuance of monetary values as a gift. BaFin has now emphasized that this is also the case for electronically stored bonus points that the customer receives on the occasion of the purchase of goods or services. If, on the other hand, monetary values can be purchased in return for payment of a sum of money, the monetary values previously issued as gifts also qualify as electronic money. The same applies to discount systems in which acceptance points exist that are dedicated exclusively to the redemption, but not the issuance, of the value units.
BaFin also specifies that bonus programs that enable the purchase of points may fall under the exemption pursuant to Sec. 1 (2) sent. 4 ZAG (limited networks). In other words, only where bonus points can be purchased, the scope of application of the exemption is open. The previous Guidance Notice from 2017 was misleading in this regard as it was not clear whether bonus programs generally qualify as e-money or may only benefit from the exemption.
b) Crypto assets
BaFin also elaborates on the qualification of bitcoins and other virtual assets as e-money in connection with the criterion “issuance against payment of a sum of money”. In this respect, BaFin notes that Bitcoins and comparable virtual currencies are units of account pursuant to Sec. 1(11) sent. 1 no. 7 of the German Banking Act (Kreditwesengesetz, KWG) and as such already qualify as financial instruments. The same applies to crypto assets which would qualify as financial instruments as laid down in Sec. 1 (11) sent. 1 no. 10 KWG would qualify as financial instruments. However, beyond this, the statements are quite misleading as BaFin notes that units of account and other crypto assets are to be qualified as e-money within the meaning of the ZAG. This is apparently not the case as set out in Sec. 1 (11) sent. 4 KWG. Accordingly, crypto assets are no e-money in the meaning of the ZAG. It is unclear what BaFin had actually in mind.
4) Exemptions
a) Limited network exemptions
Particularly relevant for operators of fuel-card systems, voucher cards and alike is that BaFin emphasized that it will adhere to the EBA guidelines on limited network exemption pursuant to PSD2 dated 24 February 2022 and that all market participants wishing to make use of the exemption would have to comply with the requirements of the EBA guidelines.
With regard to the criterion “limited networks” (Sec. 2(1) no. 10(a) ZAG), BaFin notes, with reference to the EBA guidelines, that a limited network of service providers can consist only of physical stores, only of online stores or a combination of physical stores and online stores. It is no longer relevant that only the goods or services physically indicated on site can be purchased on the internet. However, the operator of an internet marketplace on whose platform other providers offer goods or services may still not make use of the exemption.
In the range of “very limited goods or services” (Sec. 2 (1) no. 10(b) ZAG), the payment instrument could also be used for purchases of goods and services in the internet store of the acceptance points. The use in pure internet stores without a physical presence is also permissible. However, this case does not extend to so-called online marketplaces, which merely mediate the conclusion of contracts between sellers and buyers.
In accordance with the EBA guidelines, the notification obligation pursuant to Sec. 2(2) ZAG already applies before the end of the 12-month period if the million threshold is exceeded at an earlier point in time. The notification may also be submitted ahead of time if the threshold is expected to be exceeded in the near future. As the law does not regulate any further notification obligations for the subsequent period, there is no obligation to submit further notifications as long as and to the extent that the business model does not change.
b) Payment transactions within payment and securities settlement systems
Within the context of the exemption for securities settlement systems, BaFin clarifies that a service provider is can only rely on the exemption if it enters into contractual relationships exclusively with licensed credit institutions, securities trading companies or payment institutions that are themselves involved in the payment process. Only in this case does service provider not provide a payment service since he only provides service for licensed payment service providers. As soon as he enters into a contractual relationship directly with the payer or the payee in the course of a payment, he cannot invoke Sec. 2(1) no. 7 ZAG.
c) Exemptions for technical service providers
BaFin notes with regard to technical service providers that if even they enter into contractual relationships directly with the payment service user, the exemption may apply. In this respect, they would have to limit themselves to providing purely technical services. Under no circumstances may the technical service provider enter into contractual or pre-contractual relationships with the end user that go beyond the provision of technical infrastructure services.
Commercial services are not covered by the exemption. While the mere provision of technical infrastructure services or purely technical services fall within the scope of application, the privileged status is lost, according to BaFin, if the technical service provider also handles the processing and settlement of payment transactions or participates in this activity based on a division of services and this activity fulfils the criteria of a payment service.
In addition, BaFin emphasizes, as previously, that the technical service provider may not have access to the funds at any time. However, the BaFin clarifies that this does not apply if the technical service provider has been granted an account authorisation that is limited to a specific function, referring to its principles on account authorisation in the context of money remittance services.
Conclusion
Is there more that BaFin could have clarified or regulated? Certainly. Are some of the clarifications still misleading? Yes. Nevertheless, the update of the Guidance Notice is to be welcomed. Surprisingly, BaFin did not incorporate its guidance on ‘payment factories’ and as adjusted its statements on the intra-group exemption. We are sure that this is to be expected in the next round of updates. However, this will probably take another five years – at least when PSD3 will enter into force which will bring a number of changes to the payment services regime (see our blog).