By Tuulia Heiskanen, Junior Associate, Aliant Finland.
Electronic payments (e-payments) are used increasingly around the world and are especially convenient in purchasing things online. In Finland, services providing e-payment solutions are broadly available. To list a few, there is online banking, digital wallets, mobile payment services, electronic bank card payment services, contactless payment services, and payment services utilising tokenization (a technique that allows making a payment using an algorithmically generated number, instead of having to disclose any banking or credit card details ).
The Single Euro Payments Area
Finland is part of the Single Euro Payments Area (SEPA), which makes it possible for consumers, companies and public administrations to make credit transfers, direct debit payments and card payments between all the SEPA countries under the same basic conditions. The principle of equal charges for both national and cross-border payments allows making all cross-border e-payments in Euro for the same price as national ones.
EU Directive on E-Payments
In the EU level, rules and standards concerning e-payments are maintained by the European Payments Council (EPC). The latest significant change to EU legislation concerning e-payments is the Directive (EU) 2015/2366 on EU-wide payment services (PSD2) which covers all types of e-payment services in the EU. The directive came into force in 12 January 2016 and had to be implemented by the member states by 13 January 2018 simultaneously repealing Directive 2007/64/EC (PSD). The directive’s objective was to harmonize e-payment service legislation further in the internal market and create common security requirements for e-payments and the use and processing of consumer financial data. The directive also clarifies the rights and obligations of payment services.
Concerning the implementation in Finland, one of the most significant changes from the point of view of the consumer, is that in cases of illegal misuse of a payment card or another tender due to recklessness of the consumer, the consumer’s personal liability was reduced from EUR 150 to EUR 50. In addition, consumers are no longer liable for unauthorized use of their payment cards in e-payment services, if the service provider has not required strong identification.
Establishing an E-Payment Service in Finland
Concerning the e-payment services sector, the key regulatory authority in Finland is the Finnish Financial Supervisory Authority (FSA). For a company to start providing e-payment services, authorization is generally required. However, there is an exception to the rule. Payment services, other than ones for the provision of issue of electronic money, can be provided without an authorization, if total value of completed transactions by natural persons does not exceed an average of EUR 50,000 a month over a period of 12 months. For legal persons, the maximum amount is an average of EUR 3 million a month. The FSA must be still notified before beginning provision of the service.
Under the Act on the Activities of Foreign Payment Institutions in Finland, a foreign payment institution can establish a branch in Finland after the authorities of the company’s domestic country have notified the Finnish Financial Supervisory Authority. In addition, foreign payments institutions are allowed to practice in Finland without establishing a branch when the FSA has been notified by the company’s domestic supervising authority.
Service Contracts Between Providers and Consumers
When making a service contract between the provider and the client, the contract does not have a strict form but some regulation still needs to be considered by the parties. The provider has to give relevant information to the user, such as the service price, contract terms and customer rights before closing the contract. Unreasonable terms are not allowed. A contract term is always considered unreasonable, if it requires the acquisition or use of goods, services or other commodities outside the scope of the payment service activities to an extent that is inappropriate from the point of view of the customer, or if the right of the customer to conclude contracts with another entrepreneur is restricted. Concerning cancellation of the contract, the user of payment services is allowed to terminate the general agreement immediately if not agreed otherwise. The payment service provider has to give at least a 2-month term of notice before termination of the general agreement.
Payment service providers have a secrecy obligation concerning the user’s private data. The payment service provider must assure that any personal information of the user is solely given to the receiver of the payment, and only with the permission of the user. The provider cannot use, attain or store any of the user’s data, except data used for provision of the service, specifically permitted for use by the service user.
Action Against Criminal Activity
The potential criminal aspects of e-payment services in Finland are money laundering, terrorist financing, fraud and identity theft. To combat this there is a Financial Intelligence Unit within the National Bureau of Investigation which duties include detecting and preventing money laundering and terrorist financing. In addition, The FSA and the Finnish police are a part of the EU Black Wallet project for increasing member state cooperation in the fight against money laundering and terrorist financing.
Payment service providers also have an obligation required by law to establish preventive measures for potential crimes against their users. They have an obligation to identify customers and verify their identity, and to monitor and obtain information on customers’ transactions. Strong identification must be used when electronic payments are made. Beneficial owners shall be identified as well, and their identity verified if necessary. A transaction is allowed to be suspended for further inquiries if it is suspicious, or if it is suspected that the transferred assets are used for terrorist financing. Banks have the duty to reimburse unauthorized payment transactions to the customer, if the customer has acted in due care and reported the unauthorized payment.