EU Legislation
(Payment Services – SEPA) (Amendment) (Jersey) Regulations 2017
Made 30th November 2017
Coming into force in
accordance with Regulation 38
THE STATES, in pursuance of Article 2 of the European Union Legislation
(Implementation) (Jersey) Law 2014[1], have made the following
Regulations –
1 Interpretation
In these Regulations “principal
Regulations” means the EU Legislation (Payment Services –
SEPA) (Jersey) Regulations 2015[2].
2 Regulation 1
amended
In Regulation 1 of the principal Regulations –
(a) before
the definition “BBAN” there shall be inserted the following
definitions –
“ ‘account
servicing payment service provider’ means a payment service provider providing
and maintaining a payment account for a payer;
‘authentication’
means a procedure which allows a payment service provider to verify the
identity of a payment service user or the validity of the use of a specific
payment, including the use of the payment service user’s personalized
security credentials;”;
(b) in the
definition “electronic money” for the words “Community
Provisions (Wire Transfers) (Jersey) Regulations 2007[3]” there shall be
substituted the words “EU Legislation (Information Accompanying Transfers
of Funds) (Jersey) Regulations 2017[4]”;
(c) for
the definition “group” there shall be substituted the following definition –
“ ‘group’
has the meaning given by Article 4 of the Payment Services Directive;”;
(d) in
the definition “means of distance communication” for the words
“any means” there shall be substituted the words “a
method”;
(e) in
the definition “payment service user” the word “either”
shall be deleted;
(f) for
the definition “Payment Services Directive” there shall be
substituted the following definition –
“ ‘Payment Services
Directive’ means Directive (EU) 2015/2366 of the European Parliament
and of the Council of 25 November 2015 on payment services in the
internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU
and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015,
p. 35);”;
(g) after
the definition “payment transaction” there shall be inserted the following
definition –
“ ‘personalized
security credentials’ means personalized features provided by a payment
service provider to a payment service user for the purposes of authentication;”;
(h) after
the definition “reference exchange rate” there shall be inserted
the following definition –
“ ‘remote
payment transaction’ means a payment transaction initiated through the
internet or otherwise initiated through a device that can be used for distance
communication;”;
(i) for
the definition “single payment service contract” there shall be
substituted the following definition –
“ ‘single
payment service contract’ means a contract for a single payment
transaction not covered by a framework contract;”;
(j) after
the definition “single payment service contract” there shall be
inserted the following definition –
“ ‘strong customer
authentication’ means authentication based on the use of 2 or more
elements that are independent, in that the breach of one element does not
compromise the reliability of any other element, and designed in such a way as
to protect the confidentiality of the authentication data, with the elements
falling into 2 or more of the following categories –
(a) something known only by the payment service
user (‘knowledge’);
(b) something held only by the payment service
user (‘possession’);
(c) something inherent to the payment service
user (‘inherence’);”;
(k) in
the definition “unique identifier” in paragraph (a) for the
words “the other” there shall be substituted the word “another”.
3 Regulation 2
amended
In Regulation 2 of the principal Regulations –
(a) for
paragraph (1) there shall be substituted the following paragraphs –
“(1) This Part applies to payment
services where –
(a) the services are provided from an
establishment maintained by a payment service provider in Jersey; and
(b) the services are provided in one of the
following circumstances –
(i) the
payment service providers of both the payer and the payee are located within
the SEP statutory area, or
(ii) the
payment service provider of either the payer or the payee, but not both, is
located within the SEP statutory area.
(1A) In the circumstances mentioned in paragraph (1)(b)(ii),
this Part applies only in respect of those parts of a transaction which are
carried out in the SEP statutory area.”;
(b) in paragraph (5) –
(i) for
sub-paragraph (a) there shall be substituted the following
sub-paragraph –
“(a) a payment transaction from a
payer to a payee through a commercial agent authorized in an agreement to
negotiate or conclude the sale or purchase of goods or services on behalf of
either the payer or the payee but not both the payer and the payee;”,
(ii) in
sub-paragraph (f), after the words “a payment transaction”
there shall be inserted the words “and related service;
(c) after
paragraph (5) there shall be inserted the following paragraph –
“(6) This Part shall continue to
apply to a payment service provided prior to 13th January 2018
as if the EU Legislation (Payment Services – SEPA) (Amendment)
(Jersey) Regulations 2017[5] had not been enacted.”.
4 Regulation 4
amended
In Regulation 4 of the principal
Regulations –
(a) in
paragraph (1), after the words “in paragraph (2)”, there
shall be inserted the words “in relation to the service”;
(b) in
paragraph (2)(c), the words “the amounts of” shall be deleted.
5 Regulation 5 amended
In Regulation 5(1) of the principal Regulations, after the
words “in paragraph (2)”, there shall be added the words “in
relation to the service to be provided by the payer’s payment service
provider”.
6 Regulation 6
amended
In Regulation 6(1) of the principal Regulations,
after the words “in paragraph (2)”, there shall be added the
words “in relation to the service provided by the payee’s payment
service provider”.
7 Regulation 8
amended
In Regulation 8(2) of the principal Regulations, for the word “supplying”, there shall be substituted the
word “providing”.
8 Regulation 10
amended
In Regulation 10 of the principal Regulations –
(a) in paragraph (3),
for the words “immediately and without charge” there shall be
substituted the words “without charge at any time”;
(b) in paragraph (4)(a),
for the words “the changes”, there shall be substituted the words
“any such changes”.
9 Regulation 11 amended
In Regulation 11 of the principal
Regulations –
(a) in
paragraph (3), for the words “Subject to paragraph (4),
any” there shall be substituted the word “Any”;
(b) for
paragraph (4) there shall be substituted the following paragraph –
“(4) The payment service provider
shall not charge the payment service user for the termination of the contract
under paragraph (1) or (2) after the expiry of 6 months of the
contract.”.
10 Regulation 13
amended
In Regulation 13 of the principal
Regulations –
(a) for
paragraph (1) there shall be substituted the following paragraph –
“(1) The payer’s payment
service provider under a framework contract shall provide to the payer the
information referred to in paragraph (2) in respect of each payment
transaction on paper or on another durable medium at least once per month free
of charge.”;
(b) in
paragraph (2)(a) for the word “each” there shall be
substituted the word “the”;
(c) for
paragraph (3) there shall be substituted the following paragraphs –
“(3) A framework contract may
include a condition that the payer may require the information referred to in paragraph (2)
be provided or made available periodically at least once a month, free of
charge and in an agreed manner which enables the payer to store and reproduce
the information unchanged.
(4) Paragraph (1) does
not require a payment service provider to provide information where –
(a) the information has
been, or is to be, provided or made available as required by the payer under a
condition of the type referred to in paragraph (3); or
(b) more than one month has
passed since information was last provided, but there are no payment
transactions in respect of which the payment service provider has not
previously provided or made available information in accordance with paragraph (1)
or as required by the payer under a condition of the type referred to in paragraph (3).”.
11 Regulation 14 amended
In Regulation 14
of the principal Regulations –
(a) for
paragraph (1) there shall be substituted the following
paragraph –
“(1) The payee’s payment
service provider under a framework contract shall provide to the payee the
information referred to in paragraph (2) in respect of each payment
transaction on paper or on another durable medium at least once per month free
of charge.”;
(b) in paragraph (2)(a),
the words “,where appropriate,” shall be deleted;
(c) after
paragraph (3), there shall be added the following paragraph –
“(4) Paragraph (1) does not
require a payment service provider to provide information where –
(a) the information has been, or is to be,
provided or made available in accordance with a condition of the type referred
to in paragraph (3); or
(b) more than one month has passed since
information was last provided, but there are no payment transactions in respect
of which the payment service provider has not previously provided or made
available information in accordance with paragraph (1) or in accordance
with a condition of the type referred to in paragraph (3).”.
12 Regulation 18
amended
In Regulation 18 of the principal Regulations for paragraphs (4)
and (5) there shall be substituted the following paragraphs –
“(4) The payment service provider,
or any relevant other party involved in the transaction, shall (before the
initiation of a payment transaction) inform the payment service user of any
charge requested by the payment service provider or other party, as the case
may be, for the use of a particular payment instrument.
(5) A person who (being such other party) fails
to comply with paragraph (4) shall be guilty of an offence and liable to a
fine of level 3 on the standard scale.
(6) A payer or payment service user is not
obliged to pay a charge of the type referred to in paragraph (1) or (4) if
the payer or payment service user was not informed of the full amount of the
charge in accordance with the relevant paragraph.”.
13 Regulation 18A
inserted
After Regulation 18 of the principal Regulations there shall be
inserted the following Regulation –
“18A Burden
of Proof on payment service provider
Where a payment service
provider is alleged to have failed to provide information in accordance with
this Part, it is for the payment service provider to prove that it provided the
information in accordance with this Part.”.
14 Regulation 19
amended
In Regulation 19 of the principal Regulations –
(a) for
paragraph (1) there shall be substituted the following
paragraphs –
“(1) This Part applies to payment
services where –
(a) the services are provided from an
establishment maintained by a payment service provider in Jersey; and
(b) the services are provided in one of the
following circumstances –
(i) the
payment service providers of both the payer and the payee are located within
the SEP statutory area, or
(ii) the
payment service provider of either the payer or the payee, but not both, is
located within the SEP statutory area.
(1A) In the circumstances mentioned in paragraph (l)(b)(ii) –
(a) this Part applies only in respect of those
parts of a transaction which are carried out in the SEP statutory area; and
(b) Regulations 21(2), 30, 31, 35, 36(1)
and (2), 40, 41, 42 and 43 do not apply.”;
(b) after
paragraph (3) there shall be substituted the following
paragraph –
“(4) This Part shall continue to
apply to a payment service provided prior to 13th January 2018 as if
the EU Legislation (Payment Services – SEPA) (Amendment) (Jersey) Regulations 2017
had not been enacted.”.
15 Regulation 20 amended
In Regulation 20(2) of the principal
Regulations –
(a) in
sub-paragraph (a), for the words “and 29(3)” there shall be
substituted the words “and 29(4)”;
(b) in
sub-paragraph (c), for the words “the payment service provider is
not required under Regulation 33(1)” there shall be substituted the
words “despite Regulation 33(1), the payment service provider is not
required”.
16 Regulation 21 amended
In Regulation 21 of the principal Regulations, for paragraphs (2)
and (3) there shall be substituted the following paragraphs –
“(2) Where both the payer’s
and the payee’s payment service providers, or the only payment service
provider, in respect of a payment transaction are within the SEP statutory
area, the respective payment service providers shall ensure that –
(a) the payee pays any charges levied by the
payee’s payment service provider; and
(b) the payer pays any charges levied by the
payer’s payment service provider.
(3) The payee’s payment service provider
shall not prevent the payee from –
(a) requesting payment of a charge by the payer
for the use of a particular payment instrument;
(b) offering a reduction to the payer for the
use of a particular payment instrument; or
(c) otherwise steering the payer towards the use
of a particular payment instrument.”.
17 Regulation 24
amended
In Regulation 24 of the principal Regulations –
(a) in
the heading, after the words “payment instruments” there shall be
added the words “and personalized security credentials”;
(b) for
paragraph (2), there shall be substituted the following
paragraphs –
“(2) Paragraph (l)(a) applies
only in relation to terms and conditions that are objective, non-discriminatory
and proportionate.
(3) The payment service user shall take all
reasonable steps to keep safe personalized security credentials relating to a
payment instrument.”.
18 Regulation 25 amended
In Regulation 25 of the principal Regulations –
(a) in paragraph (1) –
(i) in
sub-paragraph (a), for the words “features of the payment instrument”
there shall be substituted the word “credentials”,
(ii) for
sub-paragraph (c)(ii) there shall be substituted the following
clause –
“(ii) to request that, in
accordance with Regulation 23(6), the use of the payment instrument is no
longer stopped;”,
(iii) for
sub-paragraph (e) there shall be substituted the following
sub-paragraphs –
“(e) provide the payment service
user with an option to make a notification under Regulation 24(1)(b) free
of charge, and ensure that any costs charged are directly attributed to the
replacement of the payment instrument;
(f) prevent any use of the payment
instrument once notification has been made under Regulation 24(1)(b).”;
(b) for
paragraph (2) there shall be substituted the following
paragraph –
“(2) The payment service provider
bears the risk of sending to the payment service user a payment instrument or
any personalized security credentials relating to it.”.
19 Regulation 27
amended
In Regulation 27 of the principal Regulations –
(a) in paragraph (1),
after the words “some other deficiency” there shall be added the
words “in the service provided by the payment service provider”;
(b) for
paragraphs (2) and (3) there shall be substituted the following paragraphs –
“(2) Where a payment service user
denies having authorized an executed payment transaction, the use of a payment
instrument recorded by the payment service provider shall not in itself
necessarily be sufficient to prove that –
(a) the payment transaction was authorized by
the payer; or
(b) the payer acted fraudulently or failed with
intent or gross negligence to comply with Regulation 24.
(3) If a payment service provider claims that a
payer acted fraudulently or failed with intent or gross negligence to comply
with Regulation 24, the payment service provider shall provide supporting
evidence to the payer.”.
20 Regulation 28
substituted
For Regulation 28 of the principal Regulations there shall be
substituted the following Regulation –
“28 Payment
service provider’s liability for unauthorized payment transactions
(1) Subject to Regulations 26 and 27, where
an executed payment transaction was not authorized in accordance with Regulation 22,
the payment service provider shall –
(a) refund the amount of the unauthorized
payment transaction to the payer; and
(b) where applicable, restore the debited
payment account to the state it would have been in had the unauthorized payment
transaction not taken place.
(2) The payment service provider shall provide a
refund under paragraph (l)(a) as soon as practicable, and in any event no
later than the end of the business day following the day on which it becomes
aware of the unauthorized payment transaction.
(3) Paragraph (2) does not apply where the
payment service provider has reasonable grounds to suspect fraudulent behaviour
by the payment service user and notifies a police officer mentioned in Article 33(1)(a)
or (b) of the Proceeds of Crime (Jersey) Law 1999[6] of those grounds in writing.
(4) When crediting a payment account under paragraph (1)(b),
a payment service provider shall ensure that the credit value date is no later
than the date on which the amount of the unauthorized payment transaction was
debited.”.
21 Regulation 29
substituted
For Regulation 29 of the principal Regulations there shall be
substituted the following Regulation –
“29 Payer’s
or payee’s liability for unauthorized payment transactions
(1) Subject to paragraphs (2), (3) and (4),
a payment service provider which is liable under Regulation 28(1) may
require that the payer is liable up to a maximum of £35 for any losses
incurred in respect of unauthorized payment transactions arising from the use
of a lost or stolen payment instrument, or from the misappropriation of a
payment instrument.
(2) Paragraph (1) does not apply
if –
(a) the loss, theft or misappropriation of the
payment instrument was not detectable by the payer prior to the payment, except
where the payer acted fraudulently; or
(b) the loss was caused by acts or omissions of
an employee, agent or branch of a payment service provider or of an entity
which carried out activities on behalf of the payment service provider.
(3) The payer shall be liable for all losses
incurred in respect of an unauthorized payment transaction where the
payer –
(a) has acted fraudulently; or
(b) has with intent or gross negligence failed
to comply with Regulation 24.
(4) Except where the payer has acted
fraudulently, the payer shall not be liable for any losses incurred in respect
of an unauthorized payment transaction –
(a) arising after notification under Regulation 24(1)(b);
(b) where the payment service provider has
failed at any time to provide, in accordance with Regulation 25(1)(c),
appropriate means for notification; or
(c) where Regulation 44B requires the
application of strong customer authentication, but the payer’s payment
service provider does not require strong customer authentication.
(5) Where Regulation 44B requires the
application of strong customer authentication, but the payee or the
payee’s payment service provider does not accept strong customer
authentication, the payee or the payee’s payment service provider, or
both (as the case may be) shall compensate the payer’s payment service
provider for the losses incurred or sums paid as a result of complying with Regulation 28(1).”.
22 Regulation 30
amended
In Regulation 30 of the principal Regulations –
(a) for
paragraph (3) there shall be substituted the following
paragraph –
“(3) The payer shall be entitled
to an unconditional refund from its payment service provider of the full amount
of any direct debit transactions of the type referred to in Article 1 of
Regulation (EU) No. 260/2012 of the European Parliament and of the Council
of 14 March 2012 establishing
technical and business requirements for credit transfers and direct debits in
euro and amending Regulation (EC) No 924/2009 (OJ
L 94, 30.3.2012, p. 22).”;
(b) paragraphs (4)
and (5) shall be renumbered as paragraphs (5) and (6) respectively;
(c) after
paragraph (3) there shall be inserted the following paragraph –
“(4) When crediting a payment
account under paragraph (1), a payment service provider shall ensure that
the credit value date is no later than the date on which the amount of the
unauthorized payment transaction was debited.”.
23 Regulation 31
amended
In Regulation 31 of the principal Regulations –
(a) in paragraph (2),
for the words “ascertain whether” there shall be substituted the
words “prove that”;
(b) in paragraph (3),
for the words “Subject to paragraph (4), the” there shall be
substituted the word “The”;
(c) for
paragraphs (4) and (5) there shall be substituted the following paragraphs –
“(4) Any refund or justification
for refusing a refund shall be provided within 10 business days of
receiving a request for a refund or, where applicable, within 10 business
days of receiving any further information requested under paragraph (2).
(5) If the payment service provider requires
further information under paragraph (2), it may not refuse the refund
until it has received further information from the payer.”.
24 Regulation 32
amended
In Regulation 32 of the principal Regulations –
(a) paragraphs (2),
(3), (4) and (5) shall be renumbered as paragraphs (3), (4), (5) and (6)
respectively;
(b) for
paragraph (1), there shall be substituted the following paragraphs –
“(1) A payer’s payment
service provider shall not debit the payment account before receipt of a
payment order.
(2) Subject to paragraphs (3) to (6), for
the purposes of these Regulations the time of receipt of a payment order is the
time at which the payment order is received by the payer's payment service
provider.”;
(c) in renumbered
paragraph (6), for the words “paragraph (4)” there shall
be substituted the words “paragraph (5)”.
25 Regulation 33
amended
In Regulation 33 of the principal Regulations –
(a) in paragraph (3),
for the word “notification” there shall be substituted the word “refusal”;
(b) in paragraph (5)
for the words “framework contract have been satisfied, the payment
service provider” there shall be substituted the words “framework
contract with the account servicing payment service provider have been
satisfied, the account servicing payment service provider”.
26 Regulation 34 amended
In Regulation 34 of the principal Regulations –
(a) in paragraph (2),
the words “transmitting the payment order or” shall be deleted;
(b) in paragraph (4),
for the words “Regulation 32(4)” there shall be substituted
the words “Regulation 32(5)”;
(c) for
paragraph (5)(a) there shall be substituted the following
subparagraph –
“(a) agreed between the payment service
user and the relevant payment service provider or providers; and;”;
(d) in
paragraph (6), after the words “may provide for the” there
shall be inserted the word “relevant”.
27 Regulation 35
amended
In Regulation 35 of the principal Regulations –
(a) in paragraph (2),
for the words “may agree that the payment service provider” there
shall be substituted the words “may agree for the relevant payment
service provider to”;
(b) in paragraph (3)
the word “nevertheless” shall be deleted wherever it occurs.
28 Regulation 36
amended
In Regulation 36(1) of the principal Regulations, for the words
“paragraphs (2) and (3)” there shall be substituted the
words “paragraph (2)”.
29 Regulation 38
amended
In Regulation 38 of the principal Regulations –
(a) paragraphs (2)
and (3) shall be renumbered as paragraphs (3) and (4) respectively;
(b) after
paragraph (1) there shall be inserted the following paragraph –
“(2) Paragraph (3) applies
where –
(a) the transaction does not involve a currency
conversion;
(b) the transaction involves only a currency
conversion between the euro and pounds sterling or another member State
currency, between pounds sterling and another member State currency, or between
two other member State currencies; or
(c) the transaction involves only one payment
service provider.”.
30 Regulation 39
amended
In Regulation 39 of the principal Regulations, for paragraph (3)
there shall be substituted the following paragraphs –
“(3) The payee’s payment
service provider shall co-operate with the payer’s payment service
provider in its efforts to recover the funds, in particular by providing to the
payer’s payment service provider all relevant information for the
collection of funds.
(4) If the payer’s payment service
provider is unable to recover the funds it shall, on receipt of a written
request, provide to the payer all available relevant information in order for
the payer to claim repayment of the funds.
(5) Where the payment service user provides
information additional to that referred to in Regulation 4(2)(a) or paragraph 2(b)
of Schedule 1, the payment service provider shall be liable only for the
execution of payment transactions in accordance with the unique identifier
provided by the payment service user.”.
31 Regulations 40 and 41 substituted
For Regulations 40 and 41 of the principal Regulations there
shall be substituted the following Regulations –
“40 Non-execution
or defective or late execution of payment transactions initiated by the payer
(1) This Regulation applies where a payment order
is initiated directly by the payer.
(2) The payer’s payment service provider
shall be liable to the payer for the correct execution of the payment
transaction unless it can prove to the payer and, where relevant, to the payee’s
payment service provider, that the payee’s payment service provider
received the amount of the payment transaction in accordance with Regulation 36(1)
and (2).
(3) Where the payer’s payment service
provider is liable under paragraph (2), it shall without undue delay
refund to the payer the amount of the non-executed or defective payment
transaction and, where applicable, restore the debited payment account to the
state in which it would have been had the defective payment transaction not
taken place.
(4) The credit value date for a credit under paragraph (3)
shall be no later than the date on which the amount was debited.
(5) If the payer’s payment service
provider proves that the payee's payment service provider received the amount
of the payment transaction in accordance with Regulation 36, the payee’s
payment service provider shall be liable to the payee for the correct execution
of the payment transaction and shall –
(a) immediately make available the amount of the
payment transaction to the payee; and
(b) where applicable, credit the corresponding
amount to the payee’s payment account.
(6) The credit value date for a credit under paragraph (5)(b)
shall be no later than the date on which the amount would have been value dated
if the transaction had been executed correctly.
(7) Where a payment transaction is executed
late, the payee’s payment service provider shall, on receipt of a request
from the payer’s payment service provider on behalf of the payer, ensure
that the credit value date for the payee’s payment account is no later
than the date the amount would have been value dated if the transaction had
been executed correctly.
(8) Regardless of liability under this
Regulation, the payer’s payment service provider shall, on request by the
payer, immediately and without charge –
(a) make efforts to trace any non-executed or
defectively executed payment transaction; and
(b) notify the payer of the outcome.
41 Non-execution
or defective or late execution of payment transactions initiated by the payee
(1) This Regulation applies where a payment
order is initiated by the payee.
(2) The payee’s payment service provider
shall be liable to the payee for the correct transmission of the payment order
to the payer's payment service provider in accordance with Regulation 36(4).
(3) Where the payee’s payment service
provider is liable under paragraph (2), it shall immediately re-transmit
the payment order in question to the payer’s payment service provider.
(4) The payee’s payment service provider
shall also ensure that the transaction is handled in accordance with Regulation 38,
such that the amount of the transaction –
(a) is at the payee’s disposal immediately
after it is credited to the payee’s payment service provider’s
account; and
(b) is value dated on the payee’s payment
account no later than the date the amount would have been value dated if the
transaction had been executed correctly.
(5) The payee’s payment service provider
shall, on request by the payee and free of charge, make immediate efforts to
trace the payment transaction and notify the payee of the outcome.
(6) Subject to paragraph (8), if the payee’s
payment service provider proves to the payee and, where relevant, to the payer’s
payment service provider, that it is not liable under paragraph (2) in
respect of a non-executed or defectively executed payment transaction, the
payer’s payment service provider shall be liable to the payer and shall,
as appropriate and immediately –
(a) refund to the payer the amount of the
payment transaction; and
(b) restore the debited payment account to the
state in which it would have been had the defective payment transaction not
taken place.
(7) The credit value date for a credit under paragraph (6)(b)
shall be no later than the date on which the amount was debited.
(8) If the payer’s payment service
provider proves that the payee’s payment service provider has received
the amount of the payment transaction, paragraph (6) does not apply and
the payee’s payment service provider shall value date the amount on the
payee’s payment account no later than the date the amount would have been
value dated if the transaction had been executed correctly.”.
32 Regulation 42 amended
In Regulation 42 of the principal Regulations after the word “defective”
there shall be inserted the words “or late”.
33 Regulation 43
substituted
For Regulation 43 of the principal Regulations there shall be
substituted the following Regulation –
Where the liability of a
payment service provider under Regulation 28, 40 or 41 is
attributable to another payment service provider or an intermediary, including
where there is a failure to use strong customer authentication as required by Regulation 44B,
the other payment service provider or intermediary shall compensate the
first-mentioned provider for any losses incurred or sums paid pursuant to those
Regulations.”.
34 Regulation 44A
inserted
After Regulation 44 of the principal Regulations there shall be
inserted the following Regulation –
“44A Consent
for use of personal data
A payment service provider
shall not access, process or retain any personal data for the provision of
payment services by it unless it has the explicit consent of the payment service
user to do so.”.
35 Regulation 44B
inserted
After new Regulation 44A
of the principal Regulations there shall be inserted the following
Regulation –
(1) A payment service provider shall in
accordance with regulatory technical standards adopted under Article 98 of
the Payment Services Directive apply strong customer authentication where a
payment service user –
(a) accesses its payment account online;
(b) initiates an electronic payment transaction;
or
(c) carries out any action through a remote
channel which may imply a risk of payment fraud or other abuses.
(2) Where a payer initiates an electronic remote
payment transaction, the payment service provider shall in accordance with
regulatory technical standards adopted under Article 98 of the Payment
Services Directive apply strong customer authentication that includes elements
which dynamically link the transaction to a specific amount and a specific
payee.
(3) A payment service provider shall maintain
adequate security measures to protect the confidentiality and integrity of
payment service users’ personalized security credentials.
(4) Paragraphs (1), (2) and (3) are subject
to any exemptions from the requirements in those paragraphs provided for in
regulatory technical standards adopted under Article 98 of the Payment
Services Directive.”.
36 Regulations 51
amended
In Regulation 51(6)(a) of the principal Regulation, for the
words “paragraph (1)(b)” there shall be substituted the words
“paragraph (7)”.
37 Schedule 1 amended
In Schedule 1 to the principal Regulations –
(a) in paragraph 2(d),
for the words “as defined in” there shall be substituted the words “in
accordance with”;
(b) in paragraph 3 –
(i) for
sub-paragraph (a) there shall be substituted the following
subparagraph –
“(a) details of all charges
payable by the payment service user to the payment service provider, including
those connected to the manner in and frequency with which information is
provided or made available and, where applicable, a breakdown of the amounts of
any charges;”,
(ii) in
sub-paragraph (c) before the word “if” there shall be inserted
the words “where relevant and”;
(c) in paragraph 4(a),
after the words “payment service user’s equipment” there
shall be inserted the words “and software”;
(d) in paragraph 5 –
(i) sub-paragraphs (b),
(c), (d), (e) and (f) shall be renumbered as subparagraphs (c), (d),
(e), (f) and (g),
(ii) after
sub-paragraph (a), there shall be inserted the following subparagraph –
“(b) the secure procedure by which
the payment service provider will contact the payment service user in the event
of suspected or actual fraud or security threats;”,
(iii) in
renumbered sub-paragraph (c), for the words “Regulation 23”
there shall be substituted the words “Regulation 23(2), (3), (4), (5)
and (6)”;
(e) in paragraph 6(c),
before the words “the right of” there shall be inserted the words “where
relevant,”;
(f) in
paragraph 7(b), for the words “out-of-court complaint and redress”
there shall be substituted the words “alternative dispute resolution”.
38 Citation
and commencement
These Regulations may be cited as the EU Legislation (Payment
Services – SEPA) (Amendment) (Jersey) Regulations 2017 and
shall come into force on 13th January 2018 except that Regulation 35
shall come into force on the same day as Regulation 100 of the United
Kingdom’s Payment Services Regulations 2017 (S.I. 2017/752)
comes into force.
l.-m. hart
Deputy Greffier of the States