Payments UK has issued a voluntary: “Code of Conduct for Indirect Access Providers” (the “Payment Access Code“). The Code is in response to the Payment Systems Regulator’s (PSR) policy statement findings following its consultation – “A New Regulatory Framework for Payment Systems in the UK“.
In particular, the Code looks to mitigate the risk that PSPs will not have a secure supply into certain key UK payment systems.
What does the Payment Access Code cover?
As stated in the Code, it:
sets out standards of best practice for key elements of the commercial arrangements between Indirect Access Providers and Indirect PSPs.
For this purpose:
Indirect Access Providers: are Payment Service Providers offering “Indirect Access” (i.e. access services to other PSPs enabling the other PSPs to clear / settle / transfer funds) related to one or more in-scope UK Payment Systems (which include – BACS, Faster Payments, CHAPS, Link and Cheque and Credit Clearing) .
Indirect PSPs: are “Payment Service Providers that use Indirect Access Providers to access one or more UK Payment Systems for the purpose of enabling the transfer of funds”.
Payments considered eligible for inclusion within the scope of this Code are those where:
• both the payer’s and beneficiary’s Payment Account are domiciled in the UK; or
• for cross-border payments, those parts of the transaction which are completed using one of the in-scope UK Payment Systems.
Payment Access Code Commitments
The Code provides the following commitments that code beneficiaries can expect:
1. Entitlement to an Agreement for the Supply of Indirect Access
2. Support Services & Communication of Important Information
(Important information is described to include: information relating to the channels, technical specifications, security access requirements, operation, availability and/or service performance levels of the services. Important Information also includes any changes to these services that will have a one-off or permanent impact to the normal operating conditions of them, including planned and unplanned outages or maintenance and planned or unplanned extensions to operating hours).
3. Managing the Security of the Supply of Service; and
4. Ensuring the Security of Information
Thoughts on the Payment Access Code
The Code is a great start to formalising access by participants to the UK payments networks. However, it is only a start. Apart from it being voluntary – to benefit from the Code, an Indirect Access Provider must subscribe to the code and also be authorised by the UK FCA / EEA Passported Firm. This does not assist innovative payment systems which may fall outside the scope of authorisation – such as payment initiation services and/or some Bitcoin operators.
As we move towards formalising the third party access provisions set out in the proposed PSD2 it will be worth watching this space to see what other ‘access’ rights will be granted.