Cross-border provision of payment initiation services
By Małgorzata Gołębiowska, associate, Osborne Clarke
Businesses providing payment initiation services (PIS), or planning to start rendering their services in a different EU member state without a branch or any other establishment, only under the appropriate license obtained in a ‘home’ EU member state, might have to address operational and legal issues before making a decision regarding cross-border provision of PIS.
Below, I will outline the ones I find to be most important to payment initiation service providers (PISP) before entering the new market, from the Polish perspective.
Where is an online PIS service provided in a cross-border configuration? How can one determine whether the service is being provided on the territory of Poland?
When adjusting PIS documentation and operational activities, PISP should keep in mind that, neither EU legislation, nor the Polish Act on Payment Services (APS) determines unequivocally where (territorially) the online PIS is provided.
Determining the place of provision of the payment service seems to be one of the major issues noticed by the European bodies – “One of the most significant and frequently occurring issues is the place of provision of payment services, in particular when provided online. (…) The European Banking Authority acknowledges that the issue is very complex and that it would require a broader approach for the entire financial sector and beyond, and that it should not be tackled only in payments legislation, in order to ensure a harmonised and consistent approach at EU level and to provide legal certainty to the market. In that regard, the EBA stresses the need for clarity at EU level on how to identify the place of provision. The above may have implications for determining what law governs a given action, both from an administrative and civil perspective of services online.” 
The above may have implications for determining law governing offered PIS, both from an administrative and civil law perspective.
Polish regulations applicable directly
Determining the scope of Polish regulations the PISP must apply directly when providing PIS on the territory of Poland, apart from all the regulation imposed on it by the PISP’s ‘home’ EU member state, requires great meticulousness and is not an easy task due to the fact that most Polish regulations do not explicitly indicate that their jurisdiction cannot be excluded or that they compel their own application. In that regard, for the sake of this article, it needs to be flagged that the provisions of the Act on Payment Services (APS), the Polish Civil Code (PCC) and consumer regulations need to be analysed in the first place (but not exclusively).
Art. 5 of Polish Act on Payment Services
The scope of the territorial regulation of ASP is a complex and ambiguous issue. Despite its great importance, the determination of the circumstances in which the APS is applicable to a PIS provided on cross-border basis, might be difficult at times.
Scope of the directly applicable regulations of the APS depends primarily on the currency and if it is a two-leg or one-leg transaction. The scope of the APS regulations applicable directly must be carefully examined on a case-by-case basis, but generally the applicable APS regulations can be divided into the following areas: (i) regulations relating to transparency of conditions and information requirements for payment services; (ii) regulations relating to operational and security risks and authentication; (iii) regulations relating to framework contracts; (iv) regulations relating to liability.
Inappropriate implementation of the art. 72 of PSD2
In accordance with the art. 45 sec. 1a of the APS, “if a payment transaction is initiated via a payment initiation service provider, the provider shall bear the burden of proving that, within the scope of its characteristics, the payment transaction was authorised and correctly recorded in the provider’s payment transaction processing system and that it was not affected by a technical failure or any other type of defect related to the payment service for which that provider is responsible“.
The provision has been implemented contrary to the wording of Art. 72 of the PSD 2 and establishes a very challenging requirement of proving the authorisation (i.e. consent) by the PSP, and not, as is clear from the wording of Art. 72 of the PSD2 directive – authentication.
The provision in question has been widely criticized, but this criticism has not yet led to its amendment, forcing businesses to develop solutions to mitigate the aforementioned risks of PISP liability.
Expanding the protection of the micro-entrepreneurs with the application of abusive clauses regime
In accordance with the PCC, provisions on consumer protection in the scope of abusive clauses apply to contracts concluded by an individual conducting business in a manner of a sole proprietorships (as a sole trader). The PCC differentiates treatment of clients on whether a given activity is of a ‘professional nature’ for a given individual.
There may occur a difficulty in distinguishing when a given client being a natural person conducting business in a manner of a sole proprietorships should be treated as a consumer and when as an entrepreneur (with regard to abusive clauses).
Choice of law
Generally, a contract with a consumer can be governed by the law of an EU member state. However, provisions of contracts less favourable to the consumer than the provisions of the Polish Act on Consumer Rights are considered invalid and are replaced by the adequate provisions of the above act. Therefore, a contract governed by a foreign law should be limited by the scope of protection granted to a Polish consumers by national regulations, which ultimately means the PISP should address this issue in an applicable documentation concluded with the consumer.
Sanctions for not complying with the Polish law
In accordance with Article 104(4) PSD2, the authority for enforcing compliance with PSD2 primarily lies with the home state regulator.
Nevertheless, certain supervisory powers were vested in the KNF, Poland’s financial supervision authority. In the event that PISP, while operating in the territory of Poland, violates the provisions of Polish law, the KNF can: 1) requests, in writing, that the PISP complies with the applicable provisions of Polish law and sets a deadline for removing the identified defaults; 2) immediately notify the competent authorities supervising the PISP about the default.
If the violation of the Polish law relates to the regulations on: (i) information obligations regarding the provision of payment services; or (ii) rights and obligations regarding the provision and use of payment services, after the expiry of the deadline set in the notice referred to in point 1 above, the KNF can: 1) apply to the corporate body of the PISP for dismissal of the managing person directly responsible for the identified defaults; 2) limit the scope of activities of the PISP in Poland.
If, despite the application of supervision measures by the competent supervisory authorities of the home Member State, the PISP still fail to comply with the provisions of the Act, the KNF may take further steps.
This article signals some of the key risks that may affect the decision to offer the PIS on the Polish market. No less important, however, are issues concerning AML, the handling of complaints, advertising rules, jurisdiction of the Financial Ombudsman or the question of the choice of competent court.
Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2), EBA/Op/2022/06, 23 June 2023, Par. 1.1 “Place of provision of the payment service“, and other positions of EU bodies cited therein;