Due to the Single Euro Payments Area (SEPA) customers were introduced to reliable, agile and efficient ways of making cashless euro payments across the European Union (EU). All those payments now feel like and resemble national payments, though they can likewise be made in several non-EU countries that requested to join SEPA. PSD2 and SEPA form a unison to safeguard the customer and their finances concomitantly with financial data.
SEPA came to life in 2008 to accommodate credit transfers and the following year, in 2009, applied to credit cards. The absolute SEPA integration was concluded by 2014 in the countries with euro and by 2016 in non-euro countries.
The payment synthesis caused by SEPA was a fundamental element in generating effectiveness and competitiveness in the European economy. It was done by abolishing inconsistencies between national and cross-border payments. Hence, all the payments became corresponded and were implemented under the same standard in all SEPA countries.
SEPA regulation is based on four other regulations which act unitedly - Payment Services Directive (PSD/ PSD2), Cross border payments regulation, SEPA migration end-date regulation and the Interchange Fee Regulation. Furthermore, the SEPA framework was created by close collaboration between the European Central Bank (ECB) and the European Commission.
When the day came to launch SEPA it was done with the help of the European banking and payments industry. It received support from the national governments, the European Commission, the Eurosystems and many other public authorities who wished to implement advances brought by SEPA. Since SEPA brought common standards for non-cash euro payments and marked the completion of the euro currency, the Eurosystem demonstrated a strong interest in the SEPA progress.
Any country can become a member of SEPA even though they do not have the euro as a currency. As of 2020 October, there were 36 European countries and several non-euro countries as SEPA members.
Payment Services Directive SEPA
The conception of SEPA strained the boundaries on payments and ignited major developments in the payment market. The SEPA framework redefined what happens to the money when they move among businesses, customers and financial markets. When SEPA was implemented it had two main instruments - cash and derivatives. Cash instruments constitute loans or payments that were granted to transfer by both involved parties - a creditor (sender) and a customer (receiver). Derivative instruments involve assets or interest rates - anything that can be of value that derives from a core unit.
A financial instrument as described by the International Accounting Standards (IAS) is any binding agreement that transfers a financial asset from one entity to another by providing a financial liability to the second entity.
Payment Services Directive SEPA modifies real-time payments with visible immediate effects. Hence, the novel standard demands instant transfer of funds, which is unchangeable and the result is promptly visible. The transaction completion is visible no matter the outcome - failed or successful. To successfully implement such transfers and instant results, it requires 24-7 payments availability.
In any SEPA transaction, it is possible to be one of the two parties - the payer or the payee. These transactions apply to Peer to Peer (P2P), Business to Business (B2B), Business to Peer (B2P), and Peer to Business (P2B) types of payments.
The legal backbone of SEPA
First the Payment Services Directive (PSD), now the Second Payment Services Directive (PSD2) are the ones enabling SEPA and presenting a legal backbone for it. The initial PSD was ratified within the European Union (EU) in 2007 to establish a framework of a regulation that would methodize payments and online money within the EU. At the time the EU had 30 member countries and was getting ready to accept newcomers. Therefore, the need for a single market for payments was growing and something had to be done. Due to the aforementioned regulations, the foundation for SEPA emerged.
The world’s digitalisation gained momentum and the financial sector faced a revolution where emerging fintech and digital banks with their third-party services offered innovative solutions to financial institutions and increased the number of new services to provide.
Regrettably, the innovative services were out of PSD’s scope, therefore, they had no legal measures to follow and caused discrepancies within the financial market. To maintain SEPA and its successful operation novel, renewed regulations were entailed. Consequently, the PSD2 was developed with the purpose to secure the payments and forfeit fraud possibility. PSD2 safeguarded consumers while accelerating innovation to its limits. Equally, it generated a more elevated level of integrity and increased competition among organisations of all sizes.
PSD2 opened up the Application Program Interface (API) which gave Third Party Service Providers (TPSPs) a legal way to reach consumer data through financial institutions. Hence, both - consumers and companies - had the opportunity to use TPSPs to handle their finances and the data related to them. PSD2 meant that TPSPs and their services now had a legal framework to follow and had standardised regulations.
Employing a particular regulation, like SEPA, eases operations across the borders which creates a more efficient environment for financial services. Since it regulates the competition and employs standardized rules, consumers also benefit from lower costs. They receive another added benefit which allows consumers to make payments and financial decisions not only through their bank but also from TPSPs. Overcharges in SEPA are forbidden and the fee caps safeguard consumers' interest.
In case of fraudulent payments, the individual will pay 50 Euro at most, however, before PSD2 SEPA it could have been up to 150 Euro. Therefore, PSD2 together with SEPA enhance consumer digital security by requiring the use of Strong Customer Authentication (SCA). At the same time, SCA safeguards consumers and financial institutions from fraudulent transactions by requiring consumer consent for the use of their sensitive data.
Strong Customer Authentication (SCA)
Whenever a consumer wishes to access their payment account PSD2 mandates that financial institutions require SCA. The essence of SCA is to demand Two Factor Authentication (2FA) which means two or more security elements. These elements can be something a person knows - password or PIN; possesses - mobile phone, code generator; or is - fingerprint, face scan. Each financial organisation or TPSP can determine which authentication factors to require, however, consent must be acquired from a consumer. In general, EU regulations focus on consumer consent.
SEPA and General Data Protection Regulation (GDPR) compliance
The General Data Protection Regulation (GDPR) was published due to an unstable digital environment and data protection breaches. The European Union perceived the need to regulate and safeguard the individual’s sensitive information and fortify data infringements. Therefore, GDPR came to effect replacing the former regulation - Data Protection Directive 95/46/EC. The main objective of GDPR is to preserve the individual's data within the EU. It sets criteria for data collection, storage, sharing, transferring, processing and management. A consumer must be acquainted with their information acquisition and usage as well as be able to withdraw or delete that information upon their request.
With the growing worldwide personal data theft probability and increasing hacking developments, the EU must react and counterfeit the likelihood of data theft. Consequently, GDPR is one of the most impactful and important regulations within the EU which even addresses data export outside the EU. Even more, GDPR aims to entitle its citizens and residents to reshape the way businesses view and deal with data privacy.
GDPR portrays a definition of a data subject (or natural subject) as a protection of the personal data of EU citizens. Personal data means anything that can lead to the identification of a data subject, for instance, a name, photo, e-mail, social network posts, IP address, bank details etc. The financial institutions and TPSPs providing financial services handle extensive volumes of Personal Identifiable Information (PII); it is crucial that they be PSD2, SEPA and GDPR compliant.
The SEPA modified how card-not-present euro payments are working throughout the EU. It enabled European consumers and businesses to make and receive credit transfers, direct debit payments and card payments under identical conditions. Therefore, all transactions made in euro within the EU, even though it is a cross border payment, seem like a domestic payment.
The Single Euro Payment Area covers the whole EU and includes other countries that are part of the geographical scope. These countries are the following - Andorra, Iceland, Norway, Switzerland, Liechtenstein, Monaco, San Marino, United Kingdom, Vatican City State, Mayotte, Saint-Pierre-et Miquelon, Guernsey, Jersey and Isle of Man.
SEPA as a statute has various advantages to both consumers and businesses, here are the principal four:
- It is a single system formed to function between domestic and cross-border bank payments.
- SEPA authorises transnational payments made via debit card. This means that if a customer buys a product from one country while in another, the transaction occurs smoothly and without obstructions.
- It enables consumers who have employment relations in countries other than their home country to use their current bank account/card and collect payments or handle utilities in both SEPA countries.
- Due to the single set of standards, SEPA ensures affordable, secure and swift cross-border transactions. It also guarantees conscientious pricing across SEPA countries and sets price caps.
The European Payments Council (EPC) recognised the need for SEPA and in cooperation with the European banking and payment industry came up with the SEPA standards and legislations. However, with the launch of SEPA, its development did not end. After incorporating SEPA payments for credit transfers and direct debits, EPC moved on to develop regulations for payment cards and later on a framework for mobile payments. SEPA is a never-ending process that accommodates the current payment circumstances and advances accordingly.
EPC wasn't the only one supporting the emergence of SEPA, the European Central Bank (ECB) and the European Union have sponsored the SEPA evolution. The Euro Retail Payments Board that brings together ECB chairs together with consumer representatives concerned with the SEPA method, conducted governance and manoeuvred the process. The EU however, established the legal framework to enable SEPA introduction.
The SEPA Regulation (EU) No 260/2012 placed the original deadline for SEPA implementation on February 2014, nevertheless, it was later postponed to August 2014. SEPA regulates not only money transactions within the EU and countries with euro, it also applies the same framework for transfers in euros outside the euro area.
Regulations on costs for transnational transactions in euro
The regulation (EC) No 924/2009 monitored charges applied when making transnational payments in euro, therefore was utilised in the setting of SEPA. If payment is made in euro, banks are obliged to implement the same costs whether a payment is transnational or domestic.
After further amendments by SEPA, all digitally processed transactions in euro had equal charges. These included direct debits, credit transfers, cash withdrawals, transactions via debit or credit cards and money remittance.
SEPA was only implemented to regulate euro transactions and charges, yet, there was a possibility to extend its application to national currencies, like in the case of Sweden and Romania.
In 2018 SEPA established an extension that encompassed its advantages to consumers and businesses in non-euro countries. If a consumer or a business performs money transfer transnationally they still encounter the same chargers as for domestic transactions. However, in cases where a currency conversion is needed, consumers must be informed about the additional conversion costs beforehand.
The political drivers behind SEPA
The progress of SEPA is maintained by four institutional bodies - The European Commission (Commission), The European Central Bank (ECB) and the Eurosystem, The European Parliament and The Council of the European Union.
The Commission serves as the representative of a general EU's interest and recommends, administers and implements legislation. It also executes law with the advice of the Court of Justice and arbitrates in the international sphere.
The ECB and the Eurosystem - including ECB and national banks of euro countries - function as an incentive for the unification of the euro payment market. It aims to develop the continuous performance of payment systems and has performed these duties since SEPA’s initiation. The ECB constructed Euro retail Payments Board (ERPB) in 2013, to gather the supply and demand element of retail payments. It approaches strategic concerns in the area and facilitates payment integrations. A strategic concern can be anything ranging from instant payments to P2P mobile payments. The ERPB issues statements after each biannual meeting and the output can be found on ECB’s website.
The European Parliament consists of 751 members who are elected by the citizens of member states. The elected body operates in cooperation with the Commission and the Council to form regulations and policies of the EU.
The Council of the European Union which aggregates governments is constituted of the finance ministers of EU member states.
Mandatory PSD2 SEPA deadlines
In February 2012, the Regulation (EU) No 260/2012 (The SEPA Regulation) was ratified setting technical and business fundamentals for credit transfers in euro and direct debits. It established required deadlines to adopt SEPA credit transfer and direct debit methods when processing transactions in euros within the European Union. These were the main three deadlines to follow:
- 1 August 2014 - all SEPA migrations had to be complete until this extended deadline, which was originally set on 1 February 2014. All euro countries were obliged to substitute national euro credit and direct debits to SEPA Credit Transfer (SCT) and SEPA Direct Debit (SDD). This deadline only had one exemption - niche products.
- 1 February 2016 - was the deadline for transitional exemptions. All EU member states had to conform. The exemptions included niche products and the International Bank Account Number (IBAN).
- 31 October 2016 - SEPA regulation was applied to non-euro countries that made credit transfers or direct debits in the euro.
The Payment Services Directive and its revision
The Payment Services Directive (PSD) was released on 13 November 2007 and had a deadline of completion on 1 November 2009. It was created by the European Parliament and the Council of the European Union and aimed at payment services in the internal market. The PSDs goal was to create an innovative and extensive set of commands suitable to all electronic payment services in the European Union. However, this set of rules had a broader scope than SEPA services. PSD should not be confused with the SEPA directive as they are separate regulations for the financial sector. PSD is comprehensive and aspiring legislation with a vital and broad scope of financial services ratification concerning the payments market. PSD has introduced common practices for authorisation and repudiation of direct debit.
In the contemporary world, everything undeviatingly moves online and the digitalisation momentum is indisputable. The European economy isn’t any different, therefore, since PSDs development, a digital world has advanced and plenty of new services and players for online payments have emerged. Fintech startups probably were key players in the necessity of updated PSD since they fell out of scope with their novel services and faced no regulations in the European Union. Consequently, the Commission introduced a Second Payment Services Directive (PSD2). Its purpose was to enhance customer safeguarding, make a safer environment for payments and encourage innovation while guaranteeing the same opportunities for all players, even the new ones.
According to European Payments Council (EPC), PSD2’s real name is “Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC”. It was launched on 23 December 2015 and had to be interchanged among EU member countries into legal legislation by 13 January 2018. The execution of PSD2 depends on the six RTSs and five collections of Guidelines associated with PSD2 that the EBA had been authorised to produce.
Regulation (EC) NO 924/2009
The European Union is ingenious when it comes to regulations and ensuring that everything works like a well-oiled clock. Therefore, Regulation (EC) NO 924/2009 also took part in shaping the European payments landscape. According to EPC the full name of Regulation (EC) NO 924/2009 is “Regulation (EC) 924/2009 of the European Parliament and of the Council of 16 September 2009 on cross-border payments in the community and repealing Regulation (EC) 2560/2001”. With its provisions, this regulation promoted SEPA implementation and European Union's financial unification.
Its impact could be felt due to the three prerequisites as follows:
- As of November 2009, the euro transnational direct debit pricing had to be adjusted with the domestic transactions. The same regulations already applied to credit transfers and card transactions.
- Before November 2012 it had to introduce clear commands for transaction-based multifarious charges.
- Banks that operate in the euro region and offer direct debits in euro to borrowers had to become accessible for transnational direct debit acquisitions. This provision came to effect in November 2010.
Regulation (EC) NO 924/2009 had to be implemented in all EU member states by 1 November 2009. However, according to EPC, this Regulation was amended by “Regulation (EU) 260/2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) 924/2009”.
Ten years later in 2019, the Regulation (EC) NO 924/2009 was further revised as stated by EPC “Regulation (EU) 2019/518 amending Regulation (EC) 924/2009 as regards certain charges on cross-border payments in the Union and currency conversion charges”. The amendment's purpose was to regulate the charges of transnational payments in euros made between euro and non-euro countries. It also had to strengthen charges transparency associated with currency conversion services within the European Union.
PSD2 SEPA Direct Debit
SEPA Direct Debit (SDD) received less attention than the whole PSD2 SEPA combination. The reasoning behind it is that SDD is not a popular payment type in the eurozone. According to ECB SDD’s only make up to 2.1% of all transactions. Another impending determinant for SDD could be complex implementation.
SDD is a method for payment acquisition in euros inside the SEPA area. The payments can only be collected if a bank account has been appointed to receive collections. All collections must be based on customer authorisation or consent. Therefore the debtor - the customer - must allow a creditor to collect their money. This type of authorisation is known as a Mandate. The SEPA directive standardised SDD Mandate and it must be provided in the customer's language. Also, a consumer must sign the Mandate and deliver it to the creditor. These are the minimum requirements that can be expanded according to SCA.
To make a transaction valid both parties must hold an account in the partaking bank within SEPA SDD. There are two SEPA SDD schemes - Core and Business to Business (B2B). The BIC /IBAN reestablished legacy bank routing and customer’s bank account number.
More resources for SDD
The European Payments Council (EPC) is the place to go if there are any pending questions related to PSD2 SEPA Direct Debit. The SEPA Direct Debit Overview will tell you about basic SEPA and its schemes. Both schemes have their own designated pages - SEPA Direct Debit Core Scheme and SEPA Direct Debit B2B Scheme. In these pages, you will find rulebooks and the guidelines that must be followed in order to comply with SEPA.