Bill of law amending the Payment Services Law and implementing the ICTr Regulation

On 20 November 2024, Bill of Law No 8460 (the “Bill”) was submitted to the Parliament of the Grand Duchy of Luxembourg (“Luxembourg”). The purpose of the Bill is to operationalise the ICTr Regulation1, and to this end, the Bill introduces targeted amendments to the Payment Services Law2

For more details on the ICTr Regulation, please refer to our newsflash New Regulation on Instant Credit Transfers – Key takeaways dated 4 June 2024.

New option for payment institutions and electronic money institutions to safeguard received funds with central banks

By amending Articles 14 and 24-10 of the Payment Services Law, the Bill introduces the possibility for payment institutions (“PIs”) and electronic money institutions (“EMIs”) to open accounts with central banks for safeguarding received funds (subject though to the discretion of the central bank concerned). This option is provided in addition to the existing possibility to deposit such funds in a segregated account with a credit institution or to invest them in low-risk, liquid and safe assets. 

Participation of PIs and EMIs in payment systems

The Bill amends the rules concerning the participation in payment systems, by allowing PIs and EMIs to participate directly, without relying on a third party (typically a credit institution), in the payment systems designated at the national level in accordance with the Settlement Finality Directive3. A direct participation guarantees that the transfer orders by PIs and EMIs are settled even in the event of their insolvency.

The Bill sets out the general conditions to be met by PIs and EMIs if they intend to participate in a payment system referred to in Article 108 of the Payment Services Law. It also provides detailed requirements for PIs and EMIs to ensure that they have the following in place:

  • a description of the measures taken to protect clients funds in accordance with Articles 14 or 24-10 of the Payment Services Law, as applicable;
  • a description of the PI’s or EMI’s governance arrangements and internal control mechanisms, including administrative, accounting and risk management procedures, as well as a description of the arrangements for the use of the PI’s or EMI’s ICT services relating to Articles 6 and 7 of DORA4; and
  • a winding-up plan in the event of failure.

An application for participation in a payment system requires prior notification of at least two months to the CSSF by PIs and EMIs intending to participate. This notification must contain information demonstrating compliance with the conditions set forth in the Payment Services Law. Where these requirements are met, the CSSF shall inform the PI or EMI within two months. If the requirements to participate in the payment systems are not met, the CSSF shall determine the measures to be taken by the PI or EMI within the above-mentioned period.

Extension of the Settlement Finality Directive protection

The Bill also chooses the option to transpose the extension of protection offered by the Settlement Finality Directive to transfer orders entered by an indirect participant as if such orders were entered by a participant. This is conditional upon the indirect participant being known to the system, and is justified for reasons of systemic risk. However, where an indirect participant is to be considered as a participant, it does not limit the responsibility of the direct participant which transmits the transfer orders to the system for the indirect participant. The Bill’s commentary clarifies that the mechanism of protection of indirect participants does not result in their integration into the system.

Introduction of penalties regime applicable to infringements of the SEPA Regulation

The Bill introduces a new article to the Payment Services Law specifying the penalties applicable to breaches of certain provisions of the SEPA Regulation5 as amended by the ICTr Regulation. The list of administrative penalties and measures is inspired by the provisions of Article 63 of the Law of 5 April 1993 on the financial sector, as amended, and includes warnings, reprimands and fines of between EUR 250 and EUR 250,000. However, infringements of Article 5d of the amended SEPA Regulation relating to the service ensuring verification and screening of targeted financial restrictive measures are subject to more severe fines, namely: 

  • in the case of a legal person, administrative fines of a maximum of at least 10% of its total annual net turnover in the preceding financial year; and
  • in the case of a natural person, administrative fines of a maximum of at least EUR 5,000,000.

Conclusion

The ICTr Regulation framework operationalised by the Bill represents a significant milestone in modernising the regulatory framework for PIs and EMIs. By allowing these institutions to open safeguarding accounts with central banks and granting them direct access to payment systems under defined conditions, it aims at bolstering financial stability and fostering competition. Importantly, PIs and EMIs that intend to participate in payment systems, must evaluate the requirements set forth by the Bill and implement the necessary arrangements.

Furthermore, it is important to note that all payment service providers (including PIs and EMIs) must adjust their documentation and their internal operational systems to align with the new obligations laid down by the SEPA Regulation as amended by the ICTr Regulation to ensure compliance and avoid penalties.

1

Regulation (EU) 2024/886 of the European Parliament and of the Council of 13 March 2024 amending Regulations (EU) No 260/2012 and (EU) 2021/1230 and Directives 98/26/EC and (EU) 2015/2366 as regards instant credit transfers in euro (the “ICTr Regulation”).

2

Law of 10 November 2009 on payment services, on the activity of electronic money institution and settlement finality in payment and securities settlement systems, as amended (the “Payment Services Law”).

3

Directive 98/26/EC on settlement finality in payment and securities settlement systems, as amended (the “Settlement Finality Directive”).

4

Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“DORA”).

5

Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (the “SEPA Regulation”).