• Panel discussion about Payment Regulations headlined Qube Events’ 9th NextGen Payments & RegTech Forum
• 8 speakers from the side of regulators and business discussed the implementation of PSD2, the progress of open banking, and the rise of the stablecoin
• The audience got a unique opportunity to take a look at an illustrated comparison of the EU’s, the UK’s, and the Dubai free zone’s approaches to payment regulations

On November 24-25th, Qube Events welcomed financial services leaders and enthusiasts at its 9th NextGen Payments & RegTech Forum. Unlike Qube Events’ previous event that ITKeyMedia got a chance to cover, this time, the event was hybrid – offering opportunities for online and offline presence for both guests and speakers. The event took place at Amathus Beach Hotel, a five-star venue in Limassol, Cyprus.

The Forum offered a lucrative programme of mind-bending speeches and discussions with countless recognized experts from all over the world. There was enough information to keep one’s mind occupied for months, or at least until Qube Events’ next Forum. That’s why, instead of trying to seize the unseizable, ITKeyMedia’s correspondent chose to spotlight something specific.

Speakers and Topics

Namely, we decided that the Forum’s final panel discussion dedicated to Payment Regulations would be particularly interesting to our reader because it touched upon the ongoing implementation of the European PSD2 regulations and gave an opportunity to compare the perspectives of CEE countries’ representatives and speakers from other European countries, as well as those from outside the EU. Specifically, the discussion was about the following points:

• how different are the EU’s payment regulations compared to those in other regions
• how the implementation of PSD2 is progressing across the EU
• how to regulate stablecoins
• what new challenges arise concerning payment regulations.

The discussion was moderated by Sumsub’s head of legal Tony Petrov. The participants (most of whom we remember from Qube’s previous events) were:

• Bank of Lithuania’s director of financial service and capital markets supervision Ruta Merkeviciute,
• EcommBX’s CEO Michael C. G. Charalambides,
• Dubai Financial Services Authority’s director and head of innovation and technology risk supervision Ken Coghill,
• Central Bank of Cyprus’ head of financial market infrastructures and payments department Stelios Georgakis,
• Bank of England’s payments policy leader Matthew Osborne,
• Banco de Portugal’s head of unit of payment system department Rui Pimentel,
• Czech National Bank’s head of unit payments regulation and oversight Jiří Ambrož,
• and their senior legal counsel Denisa Jindřichová.

How Well Does PSD2 Work?

Just by looking at such an impressive cast one could tell that the discussion should be extremely insightful and informative. As Mr Petrov pointed out, what made this discussion particularly exciting is that both regulators’ business’ sides were represented. The discussion promised to barely fit into the timeframe – so, after a very brief introduction and without further ado, the moderator went on directly to the first question about the bearing column of European payment regulation – PSD2 which was enacted several years ago. Particularly, the interest was in how the speakers see its effects and how up-to-date it is in today’s changed world.

‘It is too general, but the void may be filled by national regulations’

Ms Jindřichová took the first word and willingly offered a few point by which PSD2 can be changed, amended or specified:

• Special professional insurance
• Requirements for qualified holding
• Conditions for authorization of account information services providers

The legal counsel noticed that special professional insurance for account information services providers was too general and didn’t state a clear legal framework. It needs clearer conditions and requirements. According to her, it is a necessary condition for relevant insurance products to appear across the EU. Without it, there are no clear terms and conditions to accord to and an insurance product can only be called such by title. Ms Jindřichová points out that this void can be filled by national regulations in the member states.

As for the requirements for qualified holding, they need to be unified with other sectors of the financial market to make it easier both for regulators and all businesses. In Ms Jindřichová’s opinion, there is no need for any special regulations for payments.

Finally, the speaker pointed out that the conditions for authorization of account information services providers limit them severely, and they need to be brought in accord with the payment requirements. As of now, those providers refuse to process any sensitive data.

‘The focus should be to give a nudge’

To amend Ms Jindřichová’s answer, Mr Petrov asked another regulator representative – Ruta Merkeviciute of Bank of Lithuania – to share her opinion on the ‘digital finance package’ concerning crypto,open banking, among other aspects, that the European Commission had adopted a year ago and where it may lead us. According to Ms Merkeviciute, the most interesting aspect of this package concerned retail payments – namely, that they need to be instant at all times. She mentions that only 60% of retail payments are connected to the actually instant payment schemes.

‘The focus should be to give a nudge. From Lithuanian perspective, we invited all banks and other relevant participants to connect to instant payment systems – because it’s really beneficial for the customers, but it didn’t work. So, we had to nudge the participants to work on instant retail payments,’ Ms Merkeviciute admits. This may have influenced that the European Commission also noticed that merely providing a working strategy that’s not mandatory is not enough to convince all the participants to adopt instant retail payments.

That said, the Bank of Lithuania’s representative acknowledged the rise of new fraudulent schemes connected to instant payment, particularly social engineering schemes. This stops both service providers and customers from trusting and using instant payments. Therefore, these aspects need to be thoroughly covered in the regulations in order to motivate both service providers and customers to use instant payments.

As for the insurance issue that Ms Jindřichová mentioned, Ms Merkeviciute agreed that the creators of PSD2 had something different in mind. It had been intended to make it easier for startups, but in practice, startups that want to provide payment initiation and account information services encounter difficulties.

Mr Georgakis agreed that the Central Bank of Cyprus was also trying to nudge the local banking community to adopt instant payments more actively, but to little avail. He sees the role of the central bank as a catalyst to this process.

The Progress of Open Banking

Moving on to the next question, Mr Petrov reminded that the mentioned digital finance package concerned open banking. It was arguably the main reason why instant payments occurred and the need for new regulations became apparent. In view of this, the moderator asked Mr Ambrož to share his observations of the progress of open banking in Europe overall and in the Czech Republic specifically.

‘New service providers need to try extra hard to build confidence’

Mr Ambrož confirmed that additional clarifications are necessary from the European Banking Authority in this regard. Namely, the 90-day SCA (strong customer authentication) requirement becomes complicated when several banking institutions are involved – because they all have their own different timelines. According to him, EBA already responded to this concern by suggesting an amendment stating that when accessing data through an account information service provider, SCA is no longer needed.

‘The issue that has not been resolved yet is the relation between PSD2 and GDPR. Hopefully, this issue will be addressed in the revision of PSD2,’ Mr Ambrož added.

The speaker continued that, concerning PSD2 and the new forms of payment that it regulates, he noticed that Czech users were concervative. They trust their funds only to banks and prefer traditional payment methods. Therefore, new service providers need to try extra hard to build confidence. They also became a driver to some other innovations in the Czech Republic – for example, the local bank ID scheme. It uses API and serves a variety of purposes.

‘PSD2 worked, but it is already largely outdated’

To this, Michael Charalambides of EcommBX remarked that the purpose of PSD2 was to ‘level the playing field,’ which it did to a certain extent. However, he admitted that it had already become outdated. He also agreed that the revised version would need to handle the mentioned issues and added one more issue – how instant payment should surpass the internal borders within the EU. Further, the speaker pointed out the proactive cooperation of regulators in many EU countries on the one hand and the reluctance to cooperate with fintechs from the side of many local banks on the other hand.

According to Mr Charalambides, this obstacle prevents fintechs from providing instant payment services, and this issue needs to be handled by the regulators. This can be done by forcing banks to cooperate with fintechs – after all, it’s beneficial for the banks too because otherwise they won’t be able to keep up with the new payment methods.

‘New regulations should concern all the relevant players, not just banks’

Mr Petrov noted that some countries – Portugal, for example – are proactively friendly to fintechs. In view of this, he asked for the opinion of Banco de Portugal’s opinion on the mentioned issues within the national payment system.

Mr Pimentel once again agreed with the necessity of a clearer framework for instant payments. He also mentioned that open banking was not too widespread in Portugal at the moment, but the interest was  apparent. According to him, the new regulations should concern not only the banks but all the relevant players including other payment institutions, alternative money institutions, and other new players.

In 2021, Banco de Portugal focused on the development of the national retail payment strategy which shares some common goals with the European strategies on this matter. Namely, the regulator saw its mission in enforcing the new trends that arose due to the pandemic – such as contactless instant payments. Banco de Portugal aims to reach the end of 2022 with the most modern payment system.

Regulating Stablecoin

Next on the agenda was arguably the hottest topic of today – the stablecoin. Mr Petrov quoted the Governor of the Bank of England saying that the commercial banking deposits will decrease by 20% as the result of the introduction of stablecoin. It was natural for the Bank of England’s representative to be the first to comment.

‘Central banks are very much interested in stablecoin’

Matthew Osborne stated that stablecoin, as the new form of private money, has much more potential for application than the previous incarnation of crypto. ‘They pose similar – but not the same – risks as banks. They have a different risk profile, but they share the risks from the regulator’s point of view – such as loss of confidence, mass redemptions, and others,’ the speaker explained. That’s why central banks have no reason not to be interested in stablecoin.

As for the Bank of England in particular, it has come up with a regulatory approach that the regulatory regime for stablecoin should deliver standards that are at least equivalent to those applied to bank deposits. Mr Osbourne pointed out Bank of England’s four characteristics of the banking regime that should be reflected in the rules for stablecoin:

• capital requirements to cover the relevant risks
• liquidity requirements
• robust legal claim to enable redemption
• robust backstop (to ensure the customers being compensated in case the stablecoin fails)

Naturally, the regulatory rejim cannot be the same as that for banks, but these points need to be reflected for the people to have confidence in their funds.

Finally, Mr Osbourne proposed that it’s natural for the banks to issue stablecoins themselves, as well as for stablecoins to establish themselves as banks. Another suggestion is to restrict stablecoins to holding their assets in HQLA (high quality liquidity assets). It is also possible to have stablecoins back themselves with deposits at all times – which would make them similar to the UK’s or the EU’s present-day e-money.

Additionally, Mr Osbourne wanted to share a few words about the American approach. In the US, there is a group of regulators (The President’s Working Group on Stablecoins) led by the Treasury. According to their report, the stablecoins should be subject to Federal regulation and issued by insured depository institutions – banks. The report, however, did not mention the backing assets, the backstop or insurance, all of which is yet to be specified.

MiCA: The EU’s approach

Further, Ms Merkeviciute took the word once again to share a few words about the European perspective on stablecoin and the EU’s MiCA (Markets in Crypto-assets) policy proposal. She explained that MiCa specifies three types of crypto-assets:

• stablecoin or e-money tokens
• asset reference tokens (pegged to a basket of currencies or other commodities)
• utility tokens (pegged to a good or service used in infrastructure)

Essentially, the European Commission proposes to classify and regulate crypto-assets in the same way that regulators approach their subject of regulation. For example, an e-money token can only be issued by an e-money provider (banks or other e-money institutions). Interestingly, the responsibility lies not only on national regulators, but also on the EBA and the companies issuing tokens. In Ms Merkeviciute’s opinion, it increases the significance of the mentioned companies and their interest in customer satisfaction, thus enforcing self-supervision in the space, comparable to the case with Facebook Libra.

As Mr Petrov noted, the Central Bank of Cyprus is known to be on the conservative side when it comes to the mentioned innovations. That’s why, it stood to reason to hear Mr Georgakis’ stand.

Cypriot Skepticism

Agreeing that Cyprus is on the conservative or even sceptical side when it comes to financial directives, Mr Georgakis described it as following the pack rather than leading, stating that Cyprus always remains in line with the existing regulations. According to him, it only stands to reason when the advancement of technology is as quick as it is today. However, the frameworks that the EU is developing add to the confidence even of the sceptics.

Mr Georgakis further admits that, unfortunately, the Central Bank of Cyprus is somewhat slow when it comes to reacting to the rapidly changing environment.

‘Digital transformation was the current buzz, but because of the pandemic, it’s the current must. Adding to this, there is sustainability and inclusion, and such big institutions as regulators have to deal with all those issues concurrently,’ Mr Georgakis continued.

He listed the current and announced relevant regulations – most importantly, EBA’s upcoming guidelines on the use of remote customer onboarding solutions. This technology-neutral framework is supposed to harmonize the already existing national regulations of the member states. It is meant to cover the following points:

• Expectations relating to internal policies and procedures of remote customer onboarding
• Governance of these policies and procedures and the role of the AML compliance officer and the responsible management body
• The role of the internal and external audit
• Pre-implementation assessment of the customer onboarding solution
• Ongoing monitoring of the customer onboarding solution
• The information necessary to identify the customer and the nature of the business
• How to identify the documents’ authenticity and integrity
• The use of digital IDs
• Reliance of third-party providers and outsourcing arrangements

Having clear regulations on these points will facilitate the implementation of the mentioned innovations by decreasing the relevant risks.

Dubai Takes After the EU

‘Since banks in Cyprus don’t work with virtual assets, these assets land elsewhere – for example in Dubai,’ Mr Petrov notices. At this point, the word was passed to Ken Coghill of DFSA to give an overview of how the said payment-related issues are handled in Dubai.

First of all, Mr Coghill cleared that the Dubai Financial Service Authority – despite the name – is not responsible for everything going in Dubai. Instead, it is an independent regulator for the Dubai International Financial Center – one of the UAE’s 34 free zones. Interestingly, service providers licensed under its regulations are not limited to DIFC but can operate all over the UAE.

In terms of payments, Mr Coghill agreed with the way Cyprus handles it and suggested that DIFC doesn’t need to be the first mover. Overall, the free zone prefers to watch how things play out before implementing them. For example, last year it adopted a model very similar to PSD2. As such, the problems they encountered were largely similar to those mentioned by the representatives of the EU member states’ regulators and everything said about the possible solutions applies to DIFC.

Raising Further Questions

To conclude, Mr Charalambides had to add that since all of the EU member states have given up a big portion of their financial autonomy to the EU institutions, the European Commission needs to be more protective of the smaller economies. He sees this lack of support as one of the reasons why, for example, the Central Bank of Cyprus chooses to follow the progress rather than to lead it. Mr Charalambides continued that this may have even been one of the reasons for Brexit. Moreover, he shared an observation that the UK is currently doing a lot better in terms of opening their market to innovations.

Looking at the clock when the discussion was over, it seemed incredible how lengthy it turned out. One loses track of time when listening to so many speakers with such different perspectives. If not for Qube Events, it would be difficult for such a cast to get together for such a fruitful and insightful discussion. We can’t wait for Qube’s next event in March!