RTS

Commission Publishes Delegated Regulation Supplementing MLD4

 

On May 14, a Delegated Regulation ((EU) 2019/758) supplementing the Fourth Money Laundering Directive ((EU) 2015/849) (MLD4) with regulatory technical standards (RTS) specifying the minimum action and the type of additional measures credit and financial institutions must take to mitigate money laundering and terrorist financing risk in certain third countries was published in the Official Journal of the EU (OJ). READ MORE

Council of EU Confirms the Ten Delegated Regulations on RTS under BMR

 

On October 9, The Council of the EU published the minutes of a meeting held in its configuration as the Environment Council (12898/18).

Page 11 of the minutes confirms that the Council has decided not to object to ten Delegated Regulations setting out regulatory technical standards (“RTS“) under the Benchmarks Regulation ((EU) 2016/1011) (“BMR“) that were adopted by the European Commission in July 2018.

The European Parliament’s next step is to consider the Delegated Regulations and decide whether to object to them. If the Parliament does not object, the Delegated Regulations will be published in the Official Journal of the EU (“OJ“). The Regulations will enter into force 20 days after their publication in the OJ and apply two months after the date of publication.

The EDPB Replies to Queries from European Parliament on Protection of Personal Data in Context of PSD2

 

The European Data Protection Board (“EDPB“) has published a letter sent to the European Parliament in relation to the revised Payment Services Directive ((EU) 2015/2366) (“PSD2“).

The letter is in response to a request from Parliament for further clarification of a number of issues relating to the protection of personal data in the context of PSD2. The EDPB is monitoring developments owing to the complex legal framework in this area.

The EDPB comments on the following issues in the letter:

  • Whether the processing of personal data of “silent parties” is legitimate when explicit consent for the processing has (only) been given by another data subject.
  • Commission Delegated Regulation (EU) 2018/389, which contains regulatory technical standards (“RTS“) on strong customer authentication (“SCA“) and common and secure communications (“CSC“) under PSD2.
  • Whether the legal framework is sufficiently clear in relation to the processes of issuing and withdrawing consent under PSD2. The EDPB considers whether the concept of “explicit consent” included in both PSD2 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR“) should be interpreted in the same way.
  • Whether banks are sufficiently cooperative in establishing secure interfaces and avoiding alternative, less secure, methods of accessing account data.

The EDPB considers that there may be grounds for “fruitful” interaction between EU data protection and financial supervision authorities. It would therefore like a dialogue between these authorities to start, with a view to then establishing a coordinated approach aimed at ensuring greater and more consistent consumer protection.

The EDPB replaced the Article 29 Working Party (“WP29“) on May 25, 2018 (the GDPR application date).

EBA Opinion and Draft Guidelines on Implementation of Delegated Regulation Setting Out RTS on SCA and CSC Under PSD2

 

On June 13, 2018, the European Banking Association (“EBA“) published a consultation paper (EBA/CP/2018/09) on draft guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Delegated Regulation (EU) 2018/389, which sets out regulatory technical standards (“RTS“) on strong customer authentication (“SCA“) and common and secure communication (“CSC“) under the revised Payment Services Directive ((EU) 2015/2366) (“PSD2“).

Alongside the consultation paper, the EBA has published an opinion (EBA-Op-2018-04) on implementation of the RTS on SCA and CSC. Both the draft guidelines and the opinion are designed to clarify a number of issues identified by market participants relating to the RTS on SCA and CSC, which will apply from 14 September 2019.

The draft guidelines propose a pragmatic and consistent approach to the four conditions that an account servicing payment service provider (“ASPSP“) must meet if it wishes to benefit from an exemption from the fallback option envisaged under Article 33(6) of the Delegated Regulation. The EBA considers that the draft guidelines provide clarity for all parties involved (that is, ASPSPs, national competent authorities (“NCAs“) and the EBA) on the information to be considered to determine whether an exemption request meets the Article 33(6) conditions. In particular, the guidelines will enable NCAs to carry out a quick assessment of exemption requests, especially during the time when the bulk of these requests are received.

The EBA plans to hold a public hearing to discuss the draft guidelines on 25 July 2018. Comments can be made on the draft guidelines until 13 August 2018.

The opinion focuses on implementation of the RTS. It sets out the EBA’s views in “pressing” areas identified by the market and NCAs, including on exemptions to SCA, consent, the scope of data sharing, and requirements for application programming interfaces (“APIs“) and dedicated interfaces to take into account. Although the opinion is addressed to NCAs, given the supervisory expectations it is conveying, the EBA advises it should prove useful for PSPs, among others.

In the opinion, the EBA explains that it will provide further clarification on interpretation of the RTS on SCA and CSC through its online interactive single rulebook and Q&A tool. The tool will be extended to PSD2-related queries by the end of June 2018.

EBA Final RTS on Cooperation and Exchange of Information for Passporting under PSD2

On December 14, 2016, the European Banking Authority (“EBA“) published the regulatory technical final draft on passport notifications under the revised Payment Services Directive ((EU) 2015/2366) (“PSD2“) (EBA/RTS/2016/08).

Article 28 of PSD2 requires an authorized payment institution to inform the competent authorities of its home member state if it wishes to provide payment services for the first time in one or more member states other than its home member state. Article 28(5) gives the EBA a mandate to develop draft RTS, specifying method, means and details of the cross-border cooperation between competent authorities in the context of passport notifications of payment institutions. The RTS must include the scope of information to be submitted, a common terminology and standard templates, to ensure that the process is consistent and efficient.

The EBA consulted on the draft RTS in December 2015. Changes to the final version of the RTS in light of responses to the consultation include:

  • More clarity for when a payment institution uses an agent or an e-money institution uses a distributor.
  • New provisions so that payment institutions will be informed when the notification is transmitted from the competent authority in the home member state to the authority in the host member state.
  • A new field in a number of templates to include the legal entity identifier (LEI) as an identification number where available.
  • Deletion of information relating to governance arrangements and internal control mechanisms, outsourcing and the agent structural organization.

The EBA has also published a flowchart providing a guide to competent authorities on which notification templates to use, a copy of which can be found here.

The final draft RTS will now be submitted to the European Commission for endorsement. The draft Delegated Regulation states that it shall enter into force 20 days after it is published in the Official Journal of the EU (OJ).

Council of EU Postpones PRIIPS Regulation by One Year

 

On December 8, 2016, the Council of the EU announced that it has adopted a Regulation postponing the application date of the Regulation on key information documents (KIDs) for packaged retail and insurance‑based investment products (“PRIIPs“). (Regulation 1286/2014) (PRIIPs Regulation).

The PRIIPs Regulation will now apply from January 1, 2018 rather than December 31, 2016.

In the Council’s press release on December 8, 2016, the Council explained that the delay will enable regulatory technical standards (RTS) to be defined, leaving enough time for the industry to adapt to the new rules.

The Council published a document (PE-CONS 51/16) setting out the text of the Regulation postponing the application of the PRIIPs Regulation.

European Parliament Writes to EBA About the Development of Regulatory Technical Standards (RTS) on Strong Customer Authentication and Secure Communication

 

On November 11, 2016, the EBA published a letter (dated October 24, 2016) from the European Parliament in relation to the development of regulatory technical standards (“RTS“) on strong customer authentication (“SCA“) and secure communications under the Revised Directive on Payment Services (“PSD2“) in the internal market ((EU) 2015/2366).

The European Parliament’s negotiating team is of the view that payment initiation service providers and account information service providers should have direct access to the payer’s account without being required by an account servicing payment service provider to use a particular business model. In its letter, the European Parliament therefore raised its concerns surrounding the EBA’s proposal for a dedicated interface that could give rise to account servicing payment service providers excluding or limiting direct access to a payer’s account via existing online banking facilities. Article 98(2) of PSD2 mandates that the EBA develop RTS in order to secure and maintain fair competition among all payment service providers and to ensure technology and business model neutrality, and the introduction of the dedicated interface will go against this principle.

The European Parliament also stated in its letter that it is of the view that the RTS are unclear in relation to the exemptions from the SCA (notably, whether the exemptions are optional or mandatory).

European Commission Adopts Delegated Regulation on RTS on Minimum Details of Data to Report to Trade Repositories

 

On October 19, 2016, the European Commission adopted a Delegated Regulation amending Delegated Regulation 148/2013 supplementing EMIR (Regulation 648/2012) as regards regulatory technical standards (RTS) on the minimum details of the data to be reported to trade repositories (C(2016) 6624 final).

EMIR requires all counterparties and central counterparties (CCPs) to report the details of any OTC derivative contract they have concluded and of any modification or termination of the contract to a trade repository.

The Delegated Act updates existing standards that were published in the Official Journal of the EU (OJ) in February 2013 (see Legal update, Delegated regulations on EMIR regulatory technical standards published in Official Journal). It reflects recent developments and experience gained in the area of trade reporting. The revised RTS aim to:

  • Introduce new fields and values to reflect market practice or other necessary regulatory requirements.
  • Clarify data fields, their description or both.
  • Adapt existing fields to the reporting logic prescribed in existing Q&As or reflect specific ways of populating them.

The Commission has also published an Annex, which sets out the counterparty data and common data details to report to trade repositories.

The next step is for the Council of the EU and the European Parliament to consider the Delegated Regulation. If neither of them objects to it, the Delegated Regulation will enter into force 20 days after its publication in the OJ.

European Commission Adopts Delegated Regulation on RTS on Risk Mitigation Techniques for Uncleared OTC Derivative Contracts under EMIR

 

On October 4, 2016, the European Commission adopted a Delegated Regulation supplementing EMIR (the Regulation on OTC derivatives, CCPs and trade repositories) (Regulation 648/2012) with regulatory technical standards (“RTS”) on risk mitigation techniques for uncleared OTC derivative contracts, together with related Annexes (C(2016) 6329 final).

The Delegate Regulation sets out the levels and types of collateral that OTC derivatives counterparties must exchange bilaterally if the transaction is not cleared through a central counterparty (“CCP”). In the event that one counterparty to the transaction defaults, the margin collected will protect the non-defaulting counterparty against resulting losses.

The Joint Committee of the European Supervisory Authorities (ESAs) submitted the final draft RTS to the Commission in March 2016. In July 2016, the Commission informed the European Banking Authority that it intended to endorse the draft RTS with some amendments, including in relation to the concentration limits for pension scheme arrangements and the timeline for.

The Council of the EU and the European Parliament will now consider the Delegated Regulation. If neither of them objects to it, the Delegated Regulation will enter into force 20 days after its publication in the Official Journal of the EU.