Retail Payment Services and Card Schemes Regulation

Following the introduction of the Stored Value Facilities Regulations in 2020, as a next step to the development of financial technology practices and enhancing the payments industry in the United Arab Emirates (UAE), the Central Bank has on 6 June 2021 issued the Retail Payment Services and Card Schemes Regulations (“Regulations”).

The Retail Payment Services are digital payment services and have been categorised into nine sub categories under the regulations, namely:

• payment account issuance services
• payment instrument issuance services
• merchant acquiring services
• payment aggregation services
• domestic fund transfer services
• cross-border fund transfer services
• payment token services
• payment initiation services
• payment account information services

Card Schemes are also regulated under the regulations. Card Schemes have been defined as the set of rules, practices and standards that enable a holder of a payment instrument to affect the execution of card-based payment transactions within the UAE, which is separated from any infrastructure of payment system that supports its operation, and includes the card scheme governing body.

In summary, these regulations set out the:

1. requirements for granting a license for providing retail payment services;
2. rights and obligations of users of Retail Payment Services and Payment Service Providers (PSPs);contractual arrangements allowing PSPs providing payment initiation and payment account information services to access payment accounts held with banks and other PSPs providing payment account issuance services;
3. conditions for granting a license to Card Schemes;
4. conditions for participating and obtaining an access to the wages protection system; and
5. powers of the Central Bank with regard to the supervision of PSPs and the on-going reporting requirements for Card Schemes.

We have highlighted below some of the noteworthy elements of the Regulations.

Retail Payment Services

Licensing

• No person shall without obtaining the requisite licence conduct or involve itself in promotion of Retail Payment Services other than the Central Bank licensed banks offering Retail Payment Services and finance companies issuing of credit cards subject to them following certain conditions.
• The Regulations set out different categories of licenses depending on the type and number of services an entity wishes to provide. It also sets out conditions which the entity needs to fulfil to obtain the license i.e. legal form, capital requirements, etc.

Ongoing Requirements

• Corporate governance – maintain effective, robust and well-documented corporate governance arrangements, including a clear organizational structure with well-defined, transparent and consistent lines of responsibility.
• Risk management – PSPs must comply with the relevant UAE anti-money laundering laws and regulations and address money laundering and terrorist financing risks through appropriate preventive measures and must have comprehensive and effective internal policies, procedures and controls to identify and trace suspicious activities.
• Accounting and audit – appointment of an auditor on an annual basis to prepare finance statements and conduct an audit of the systems of the PSP.
• Record keeping – maintain all records for a period of upto 5 years from the date of receipt of such data.
• notification requirements – of any material change affects the accuracy and completeness of information provided to the Central Bank.
• Professional indemnity insurance – PSPs providing Payment Initiation and Payment Account Information Services shall hold a professional indemnity insurance whose amount shall be decided upon by the Central Bank.

Payment Token Services

• These services deal with payment tokens which are a type of crypto-asset that is backed by one or more fiat currencies (legal tender issued by a central bank), which can be digitally traded and functions as (i) a medium of exchange; and/or (ii) a unit of account; and/or (iii) a store of value, but does not have legal tender status in any jurisdiction.
• These services do not include Security Token and Commodity Token, Virtual Asset Token (which have been defined in the Regulations) and the provision of associated services (these are governed by the Securities and Commodities Authority).
• Given the high risk associated with money laundering and terrorist financing risk due to their speed, anonymity and cross-border nature, PSPs shall undertake risk assessment and take appropriate measures to manage and mitigate the identified risks in accordance with applicable legal and regulatory requirement.

Obligations towards Retail Payment Service Users Card Schemes

• Safeguarding of funds in-transit
• Transparency of contractual terms, services, information, etc.
• Liability for any fraudulent or any unauthorized payment transaction and related refunds
• Protection of personal data
• Assisting with information requests relating to payment orders, invoices, etc.

Card Scheme

• Card Schemes can obtain a license from the Central Bank based on the licensing conditions set out in the Regulations. A Card Scheme may be operated by a private or public sector entity.
• Similar requirements as that provided for Retail Payment Services i.e. governance, risk management, reporting requirements, etc.

Access to Wages Protection System

• Payment Service Providers have under the Regulations been permitted to apply to the Central Bank to participate in and, be given access to the Wages Protection System subject to an approval granted by the Central Bank.

• Conduct workshops, organise marketing campaigns, undertake payments in a timely manner, provide account holders with requisite statements.

Transition period

The Central Bank may order the cessation of provision of the Retail Payment Services or the operations of the Card Scheme if the PSP or the Card Scheme concerned has not obtained the relevant license from the Central Bank before the end of the transition period i.e. one year from the date of this regulation. We understand that the transition period applies to existing schemes, which need to adjust their licencing position and not to new schemes which are intended for launch post the issuance of the Regulations.

Exclusions to the Regulations

This regulation shall not apply to the following:

• Payment transactions involving Stored Value Facilities (which are defined and regulated under the Stored Value Regulation of 2020) ;
• Transactions involving commodity or security tokens;
• Transactions involving virtual asset tokens;
• Payment transactions involving remittances; The Regulations clarifies that “Remittance” is where the payer does not have a payment account with the PSP.
• Currency exchange operations where the funds are not held on a payment account; and
• Any service other than payment initiation and payment account information service.

Summary

With these Regulations, the Central Bank aims at providing safety, soundness and efficiency of Retail Payment Services, adoption of effective and risk-based licensing requirements for Payment Service Providers, promoting the reliability and efficiency of Card Schemes as well as public confidence in card-based payment transactions and promoting innovation and creating a level playing field for market participants.

For further information, please contact Sarah El Serafy.