Credit Registration System Act, Revision, PSD2, AFM, remuneration

News Update Financial Regulatory

Consultation on the Credit Registration System Act and revision of PSD2

24 July 2023

In this News Update we discuss a consultation on the Credit Registration System Act; a revision of PSD2; and the AFM notice for non-compliance with remuneration rules.

We further highlight some other financial regulatory publications issued since our last News Update.

Consultation on the Credit Registration System Act

On 21 June 2023, the Minister of Finance published the Credit Registration System Act (Wet stelsel kredietregistratie) and the accompanying Explanatory Memorandum for consultation. Market participants have until 3 September 2023 to give their views on this bill (in Dutch only).

The bill will create legal safeguards for today's credit registration practices by making the management of the credit registration system a statutory duty. It lays down conditions for a consistent, high-quality and objective credit registration system. Given the importance of preventing problem debts and the overextension of credit and in view of the type of information processed in the credit registration system, it should not be left up to the private sector but to the legislature to decide what information to register and how long to retain this information.

The rules aim to ensure that personal data is handled with care in the credit registration process. Statutory rules will apply to agreement registration. The Minister of Finance will designate an entity (i.e. the Credit Registration Office (BKR)) as legally responsible for managing the credit registration system. This will be subject to strict conditions. The Minister will supervise the manager, while the Dutch Data Protection Authority will monitor how personal data is used.

The bill applies to all consumer credit within the meaning of the Financial Supervision Act (Wet op het financieel toezicht). It specifies what data must be recorded for each loan and offers the option of creating subordinate legislation to lay down what other categories of agreements must be registered and what other categories of data must be specified.

Revision of PSD2

On 28 June 2023, the European Commission published three proposals on payment services and financial data access: to modernise and amend the current Payments Services Directive (PSD2) resulting in PSD3 and to establish a Payment Services Regulation and a Financial Data Access Regulation. These proposals build on the European Commission's 2020 Retail Payment Strategy and the 2020 Digital Finance Strategy.

See below the proposed amendments for payment services.

Competition and level playing field by

Allowing non-bank payment service providers (non-bank PSPs) access to all EU payment systems, with appropriate safeguards. Payment system operators must carry out appropriate risk assessments, and the rules on the admission of payment institutions as participants in payment systems will be reinforced.
Introducing stricter requirements for bank account services to non-bank PSPs. Banks must explain why they refuse to open or wish to close a bank account. Payment institutions that have been refused will have right of appeal with a national authority. Furthermore, central banks will have the option to provide account services to non-bank PSPs.

Stronger measures to combat payment fraud including

Extending the IBAN/name matching verification service to all credit transfers.
Enabling PSPs to share fraud-related information between themselves in full respect of the General Data Protection Regulation via dedicated IT platforms.
Extending the refund entitlement for victims of fraud to situations where the IBAN/name verification service failed to detect a mismatch and to victims of "spoofing" fraud, where the fraudster contacts the consumer pretending to be an employee of the consumer's bank, tricking the consumer into taking actions that damage their finances. In order to claim damages for "spoofing" fraud the victim must file a police report and notify their PSP immediately (without undue delay).
Improving Strong Customer Authentication (SCA). This includes the requirement that methods to perform SCA do not depend on a single mechanism or device, like the possession of a smartphone. Another requirement in this area is the obligation to perform SCA when, in short, a payment instrument is placed in a wallet.

Merging the legal frameworks applicable to electronic money and to payment services

The E-money Directive and the PSD2 will be merged into one new directive on payment services and electronic money services. The new directive will focus on the licensing and supervision of payment institutions (and will amend certain other Directives).

Further improvement of consumer information and rights

Introduction of three new transparency requirements: (i) for credit transfers and money remittances from the EU to third countries by providing information about the estimated charges for currency conversion and the estimated time for the funds to be received by the payee's PSP in a third country; (ii) for payment account statements, including requirements to clearly specify the name of the payee's commercial trade name, and (iii) for ATM charges.
For blocked funds on payment cards there will be changes to speed up the pay-out of unused blocked funds and to introduce requirements on the proportionality of the blocked amount.
Improvements to the availability of cash by allowing retailers to provide a cash provision service without the need to obtain a licence or to be an agent of a payment institution. The amount is limited to EUR 50 and the retailer must disclose any possible fees charged. In addition, ATM operators which do not service payment accounts will no longer need a licence. This should encourage more ATMs.

Other amendments relate to

Improving the functioning of open banking / open finance, especially as regards the performance and standardisation of data interfaces, removing obstacles to open banking services and consumer control over their data access permissions. Noteworthy in this regard is that the framework for financial data access introduces a general obligation for all financial institutions (i.e. data holders) to make customer data available to data users at the customer's request.
Reinforcing the enforcement powers of national competent authorities and facilitating implementation of the rules clarifying various elements.

AFM notice for non-compliance with remuneration rules

In late October 2022, the Dutch Authority for the Financial Markets (AFM) issued a notice to Verzekeringsadviescentrum Zaanstad BV (VACZ), informing VACZ that it should change its remuneration of freelancers to bring it in line with the remuneration rules of the Financial Supervision Act.

The AFM said that VACZ did not currently comply with those remuneration rules. Natural persons working under a financial services provider's responsibility, including freelancers, are entitled to variable pay of up to 20% of their fixed remuneration per year (the bonus cap). At least 50% of this variable pay must be based on non-financial criteria. According to the AFM, however, the freelancers' remuneration was completely variable. Moreover, less than 50% of the freelancers' appraisal and subsequent granting of variable pay was based on non-financial criteria. In addition, the remuneration policy must describe which of the pay components or pay structures could potentially lead to poor client treatment. Variable pay is such a component, in the AFM's view. VACZ's remuneration policy lacked this description, meaning VACZ had breached the description obligation.

The AFM's press release shows that VACZ has remedied these shortcomings.

Other financial regulatory publications

We have highlighted a selection of other publications by legislatures and regulators for the financial markets and financial supervision since our June 2023 News Update.

AFM

Dutch Authority for the Financial Markets (AFM) sent its legislative letter 2023 to the Minister of Finance (in Dutch only);
AFM issued draft Guidelines on sustainability claims for consultation;
AFM published an exploratory document (verkenning) on the servicing and outsourcing of closed-book portfolios of individual life insurance policies (in Dutch only);
AFM published an overview on the Digital Operational Resilience Act (DORA).

DNB

Dutch Central Bank (DNB) published a news item How effectively do bank and payment institutions manage cyber risk?;
DNB fined Lewben Netherlands BV, a trust office, for failing to commission audits; the amount of the fine was EUR 10,000;
DNB fined trust office TMF Netherlands for not meeting the customer due diligence legal requirements; the amount of the fine was EUR 3,125,000;
DNB published a factsheet on the scope of know your client requirements for trust offices (in Dutch only);
On 10 July 2023, DNB published a factsheet for investment firms and investment funds on various prudential aspects (licences and declarations of no-objection) (in Dutch only, an English translation will be published soon).

ESAs

The European Supervisory Authorities (ESAs) started a joint consultation process on the first set of policies under the Digital Operational Resilience Act (DORA) on 19 June 2023; the consultation period ends on 11 September 2023.

EBA

On 16 June 2023, the European Banking Authority (EBA) published its Report on money laundering/terrorist financing risks associated with payment institutions;
EBA's fourth Opinion on money laundering and terrorist financing risks across the EU was published on 13 July 2023;
On 12 July 2023 EBA started a consultation on draft technical standards on complaints handling procedures under the Market in Crypto-Assets Regulation (MiCA). The consultation period ends on 12 October 2023;
A consultation on Draft technical standards on EU market access of issuers of asset-referenced tokens under MiCA started on 12 July 2023 and will end on 12 October 2023;
EBA's Annual Report 2022 was published on 12 June 2023.

EIOPA

The European Insurance and Occupational Pensions Authority (EIOPA) published its Annual Report 2022 on 14 June 2023;
On 3 July 2023 EIOPA published its draft Regulatory Standard containing changes to the minimum amount of professional indemnity insurance cover and financial capacity for intermediaries under the Insurance Distribution Directive;
On 11 July 2023 EIOPA published Methodological principles of insurance stress testing – cyber component;
EIOPA's Peer Review on Product Oversight and Governance was published on 20 July 2023.

ESMA

The European Securities and Markets Authority (ESMA) updated its guidance on the definition of advice under the Markets in Financial Instruments Directive (MiFID II) on 11 July 2023;
On 15 June 2023, ESMA published its Data Strategy 2023-2028;
Following the publication and entry into force of the Markets in Crypto Assets Regulation (MiCA) in June 2023, ESMA launched an overview of the MiCA Consultation Process for the Level 2 and Level 3 measures (MiCA Implementing Measures);
ESMA's first consultation package under MiCA was published on 12 July 2023; the consultation period ends on 20 September 2023;
ESMA's 2022 Annual Report was published on 16 June 2023 together with its Strategy 2023-2028;
ESMA launched a Call for Evidence on the integration of sustainability preferences into the suitability assessment and product governance arrangements under MiFID II; the response period ends on 15 September 2023;
Following a common supervisory action and mystery shopping exercise in 2022 on compliance with MiFID II cost transparency requirements, ESMA published the results in a Public Statement;
ESMA issued a public statement on risks and requirements of securities lending in relation to retail client financial instruments;
ESMA's final report containing regulatory and implementing technical standards (RTS and ITS) on passporting under MIFID II was published on 11 July 2023;
On 12 July 2023, ESMA published the updated version of its Sustainable Finance Implementation Timeline.

Ministry of Finance

Consultation on the implementation of the EU directive on credit services and credit purchasers (in Dutch only). The short consultation period ended on 11 July 2023;
The Financial supervision funding regulation 2023 (Regeling bekostiging financieel toezicht 2023) was published on 9 June 2023 in the Dutch State Gazette (in Dutch only);
News item on the maximum credit fee (14%) for consumer credit from 1 July 2023 (in Dutch only);
Preconsultation on the envisaged Modernising of the Dutch Sanction legislation (in Dutch only). The consultation period ends on 25 August 2023;
Consultation on the Act Implementing the Markets in Crypto-Assets Regulation (in Dutch only).
Consultation on the Act Implementing the Regulation on information accompanying transfers of funds and certain crypto-assets (Transfer of funds regulation) (in Dutch only)
Publication of the Implementing Decree following changes to MiFID II to help recovery from the COVID-19 crisis (MiFID II Quick Fix) (in Dutch only). The Decree entered into force on 20 July 2023.