Payments Regulatory Landscape #2, Part II: the upcoming Payments Package and vIBANs

During the second part of the “Payments Regulatory Landscape” event organized jointly by LUXHUB and A&O Shearman Luxembourg, the payments experts focused on the most recent developments on the PSR/PSD3 and FiDA (the Payments Package) topics, and tackled the trendy Virtual IBANs.
Update on the draft Payments Package
Andrei Costica (Senior Associate, A&O Shearman Luxembourg) launched the Payments Package part of the conference and discussed the liability rules under PSR (Payment Services Regulation), addressing several key points. First, he underlined the proposed harmonization of the VOP regime under Article 50 PSR with the VOP regime under IPR, to make sure there are no divergences. He also highlighted the need to clarify when a payment transaction shall be considered as authorized, sharing the two options currently discussed between Member States. According to him, another key point of attention is the open discussion on the liability regime in case of impersonation fraud: how is it defined? How can the liability rule be applied? Also, there is a need for harmonization of the concept of gross negligence… which currently differs from one national law to another. Andrei then focused on the liability regime for electronic communications service providers and added: “they hold an important role in the chain and, therefore, can have a responsibility in the transfer of funds. What happens if there’s a failure on their side?”
The Senior Associate also shared additional points of attention. The first one is the potential interaction between PSD and MiCAR licensing regimes (which regime applies? It could be both if e-money is used as a means of payment). He also discussed the grounds on which an ASPSP (Account Servicing Payment Service Provider) can refuse to open/decide to close a bank account for a PI/EMI and related notification obligations towards competent authorities.
Anne-Sophie Morvan (Chief Commercial Officer, LUXHUB) stated that PSR will reinforce the current Open Banking obligations and insisted on the introduction of permission dashboards. “They will have to be provided by data holders and will consist in an interface where PSUs will have a view on the permissions they’ve given, with the possibility to manage and retract them,” she added. The deadline is not yet fixed in the law, but one can foresee the implementation of such dashboards in the 18-24 months after the future adoption of PSR.
On the topic of FiDA (Financial Data Access framework), Anne-Sophie highlighted that the proposal was NOT withdrawn from the European Commission’s work program, and reminded the audience that it was about extending the scope of Open Banking, with more data available for more purposes. She explained: “the FiDA trilogue actually started on April 1st, and the EC was requested to provide a non-paper around the simplification of FiDA”. This non-paper is supposed to be released in the next few weeks, while FiDA, more generally, continues to raise a lot of interest from the market for business purposes.
Recent focus on virtual IBANs
Baptiste Aubry (Partner, A&O Shearman Luxembourg) returned to the stage for the last part of the conference, sharing key information on what is expected in the months to come in the EU regarding “vIBANs”. “A Virtual IBANs is defined as an IBAN generated out of a master account. They prove to be especially useful for reconciliation purposes,” he highlighted.
Currently, there is no regulatory definition in force of vIBANs, but they were mentioned in Article 2(26) of the EU AML Regulation: “Virtual IBAN means an identifier causing payments to be redirected to a payment account identified by an IBAN different that that identifier”. Moreover, an EBA report on vIBANs dating from May 2024, draws on the definitions on IBAN and vIBAN and on the feedback from National Competent Authorities and PSPs to present a series of uses cases for vIBANs and related regulatory risks in this context. It also underlines that fragmentation, regulatory arbitrage, lack of transparency and Money Laundering/Terrorist Financing risks are the main categories of risks identified.
Baptiste ended his presentation by highlighted the vIBANs challenges in respect of VOP: “under the new payments package proposal, vIBANs are to constitute IBANs for the purposes of the VOP rules”.

Interested in learning more about these topics?