Summary of Payment Regulations Update

Summary of Payment Regulations Update

Germany has recently added provisions related to Lex Apple Pay into its new law transposing the 5MLD, a move that has sparked discussions and concerns about the unintentional capture of business models not intended by the legislator [1]. In a similar vein, the EU's AML framework for providers of Account Information Services (AIS) and Payment Initiation Services (PIS) is undergoing evolution, with ongoing debate and calls for adjustments to better fit their business models under the revised Payment Services Directive (PSD3) framework [2].

The current status quo sees AIS and PIS providers, as Third Party Providers (TPPs), falling under AML/CFT regulations and being subject to licensing, registration, and authorization by National Competent Authorities under PSD2-related rules. These providers must also implement AML/CFT risk assessments, internal controls, and policies commensurate with their risks [1][2]. However, the European Third Party Providers Association (ETPPA) has expressed concerns that the current or proposed AML regulations, particularly under PSD3, do not adequately reflect the nature and risks associated with AIS and PIS. ETPPA proposes these providers should be excluded from the broader AML Regulation and instead be subject to a more limited set of AML/CFT requirements to ensure a level playing field with other payment service providers while effectively combating fraud [3].

The Dutch Central Bank and the European Banking Authority (EBA) have published new money laundering guidelines, providing detailed assessments of ML/TF risks, including for electronic money and payment institutions related to these services [1]. The UK, too, has its own regulations in place, with the prohibition against charging for retail payment instruments extending to PayPal and SOFORT. Interestingly, German merchants can charge customers for paying by PayPal or SOFORT, a practice that is not permitted in the UK [4].

The application and competition law aspects of Lex Apple Pay may not be tested for some time, while the EBA is currently consulting on institutional risk [5]. In Italy, Umberto Piatelli, Head of Financial Services, has published a legal guide for payment and electronic money institutions, offering insights on the draft Regulation of the Italian Ministry of Economy and Finance on the FinTech sandbox [6].

As we move towards the mid-2025 mark, the exact scope and application of AML regulations for AIS and PIS providers remain subject to ongoing legislative refinement and sector stakeholder input. The EU's AML framework continues to evolve, with the EBA providing detailed guidelines and assessments of ML/TF risks, and the dialogue between industry actors and regulators is an active one, with some advocating for easing or tailoring AML rules specifically for AIS and PIS to better match their operational realities.

References: [1] European Banking Authority. (n.d.). Money laundering and terrorist financing risk assessments for electronic money and payment institutions. Retrieved from https://eba.europa.eu/-/money-laundering-and-terrorist-financing-risk-assessments-for-electronic-money-and-payment-institutions [2] European Commission. (n.d.). Revised Payment Services Directive (PSD2). Retrieved from https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12422-Revised-Payment-Services-Directive-PSD2 [3] European Third Party Providers Association (ETPPA). (n.d.). ETPPA calls for a tailored AML regime for Third Party Providers. Retrieved from https://etppa.eu/etppa-calls-for-a-tailored-aml-regime-for-third-party-providers/ [4] The Financial Times. (2019, November 13). Germany adds provisions for Apple Pay to new anti-money laundering law. Retrieved from https://www.ft.com/content/a6852294-f7f6-11e9-b9a3-3a47d1b8d2a8 [5] European Banking Authority. (n.d.). Consultation on the draft Regulatory Technical Standards on institutional risk for the purposes of the Capital Requirements Regulation. Retrieved from https://eba.europa.eu/-/consultation-on-the-draft-regulatory-technical-standards-on-institutional-risk-for-the-purposes-of-the-capital-requirements-regulation [6] Umberto Piatelli. (n.d.). The draft Regulation of the Italian Ministry of Economy and Finance on the FinTech sandbox. Retrieved from https://www.linkedin.com/pulse/draft-regulation-italian-ministry-economy-finance-fintech-piatelli/

1. The European Third Party Providers Association (ETPPA) has expressed concerns about the current and proposed AML regulations being too broad for providers of Account Information Services (AIS) and Payment Initiation Services (PIS), as they do not adequately reflect the nature and risks associated with these services.
2. In the revised Payment Services Directive (PSD3) framework, there is ongoing debate and calls for adjustments to better fit the business models of AIS and PIS providers, with some advocating for a more limited set of AML/CFT requirements to ensure a level playing field and effectively combat fraud.
3. The Fair, Simplified and More Resilient (FSMR) regulation, which covers banking-and-insurance, finance, and business, contains provisions related to financial regulation and competition law that are also undergoing evolution to better meet the needs of the fintech industry.

Read also: