We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
23 November 2018
Luxembourg has finally implemented the EU Payment Services Directive (PSD 2) through the Law of 20 July 2018. As the PSD 2 is a full harmonisation directive,(1) most of Luxembourg's PSD 2 provisions are identical to the legal framework implemented across the European Union. Nonetheless, EU member states were given scope to decide on certain topics and the Grand Duchy seized the opportunity to define its own rules. The regulator has also adapted its procedures in view of the new framework.
This article explores the local implementation of PSD 2 and, in particular, the implementation of the open banking rules by local stakeholders.
The Law of 20 July 2018 amended the Law of 10 November 2009 on payment services (LPS) to implement, among other things, the following changes introduced by the PSD 2:
Local deviation – right of establishment and freedom to provide services
In addition to the provisions which had to be implemented, the legislature was free to deliberate on certain topics, such as the supervision of payment institutions exercising their right of establishment and freedom to provide services. Under Articles 29(2) and (4) of the PSD 2, EU member states can strengthen the obligations applicable to such institutions.
The Luxembourg legislature seized this opportunity. As such, Luxembourg's financial sector regulator (the CSSF) can require payment institutions and electronic payment institutions(6) with agents or branches in Luxembourg to report periodically on the activities which they carry out in Luxembourg.(7) Further, payment institutions and electronic payment institutions(8) which operate in Luxembourg through agents and have a head office in another EU member state will appoint a central contact point in the Grand Duchy to ensure adequate communication and information reporting.(9)
The EU legislature has left it to EU member states to determine the penalties which will apply to parties that infringe the national laws which transpose the PSD 2.(10) In Luxembourg, a distinction has been made between payment institutions and e-money institutions on the one hand and all other institutions subject to the LPS and the Law of 5 April 1993 on the financial sector, as amended (LFS), on the other. The former are subject to the penalties set out in the LPS, whereas the latter are subject to the penalties set out in the LFS.
In both cases, the CSSF has injunction and suspension powers(11) and may, among other things, impose administrative penalties. Where the administrative penalty decided on is a fine, its amount will vary according to the type of institution responsible for the infringement:
Further, certain breaches of the LPS – irrespective of the type of institution that commits them – are subject to criminal penalties of up to €125,000 and five years' imprisonment.(13)
As Brexit is at the forefront of everyone's mind, the Grand Duchy reaffirmed its position as a destination of choice for PSPs. In this context, the CSSF once again demonstrated its proactiveness and did not wait for the legislature to take the first steps to implement the PSD 2.
By way of Circulars 18/677(14) and 18/681,(15) the CSSF adopted two European Banking Authority (EBA) guidelines which complemented the PSD 2 in January 2018. In addition, the CSSF updated the various application forms and notification templates for PSPs and introduced an application form for account information services providers to register their sole activity.(16)
These application forms must be used in the following scenarios, for which the administrative procedure will differ:
'Open banking' means that banks must grant third-party providers access to information or operations that were previously part of the bank's monopoly and will be a major regulatory and technological challenge for many banks. Luxembourg market players are adapting to the new environment and developing solutions, including as follows:
Following the implementation of the LPS, a technical framework is now being established. The European Commission has established regulatory technical standards for strong customer authentication and common and secure open standards of communication,(20) which will apply from 14 September 2019 (except the sandbox availability provisions, which will apply from 14 March 2019). Meanwhile, the EBA has provided substantial guidance on the practical implementation of the PSD 2 and the European Commission's regulatory technical standards via several guidelines and the Single Rulebook Q&A.
For further information on this topic please contact Josée Weydert, Vincent Wellens, Jad Nader or Anne Sophie Morvan at NautaDutilh Avocats Luxembourg by telephone (+352 26 12 29 1) or email (firstname.lastname@example.org, email@example.com, firstname.lastname@example.org or email@example.com). The NautaDutilh Avocats Luxembourg website can be accessed at www.nautadutilh.com.
(14) CSSF Circular 18/677 (Orientations de l'Autorité bancaire européenne sur les informations à fournir pour l'agrément d'établissements de paiement et d'établissements de monnaie électronique et pour l'enregistrement de prestataires de services d'information sur les comptes au titre de l'article 5, paragraphe 5, de la directive (UE) 2015/23661 (EBA/GL/2017/09)).
(15) CSSF Circular 18/681 (Adoption des orientations de l'Autorité bancaire européenne sur les critères à utiliser pour déterminer le montant minimal de l'assurance de responsabilité civile professionnelle ou d'une autre garantie comparable au titre de l'article 5, paragraphe 4, de la directive (UE) 2015/23661 (EBA/GL/2017/08)).
(19) Further information is available here.
(20) EU Regulation 2018/389 of 27 November 2017 supplementing the PSD 2 with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.