Among the exclusions for certain types of services under the new Payment Services Directive (PSD2) is the "limited network exclusion". This mainly covers instruments that can only be used to pay for items in the issuer's premises, or among a limited network of service providers contracting with the issuer, or to buy a very limited range of goods or services. As if this weren't already vague enough, further confusion is developing among EEA member states over whether gift cards are within this exclusion or are out of scope of PSD2 altogether. This matters, because limited networks with volumes exceeding €1m in any 12 month period must be registered with the local EEA financial regulator, which then has a duty to determine whether the limited network exclusion actually applies to it. All registered programmes will appear on a central EU register. The first 12 month period expires on 13 January 2019, with registration due on 10 February....
The consequences of a finding that a programme does not benefit from the limited network exclusion (unless it's completely out of scope of PSD2 in the first place) would potentially include shutting down the programme and prosecution for offering an e-money and/or payment service without being duly authorised (or registered as an agent of a duly authorised firm), subject to any 'due diligence' or other defence that might be available in the given jurisdiction.
Gift cards: in or out?
Among the examples of services listed by the Central Bank of Ireland that would need to benefit from the limited network exclusion to avoid being regulated payment services are "gift cards, fuel cards or shopping center cards."
Of course, the term "gift card" is commonly used to describe a lot of different instruments, including vouchers, plastic and virtual gift cards - after all, the 'value' or transaction amount is usually recognised by the retailer's IT system from a string of numbers, regardless of where they are recorded. Indeed, entering the number can result in a balance being credited to an associated data account with the retailer, which is debited against the consumer's purchase(s) with that retailer. There is a subtle difference between this and paying for a specific item in advance. But in both cases there is a 'closed loop' - the funds can't be spent elsewhere. So, the retailer has been able to treat the funds paid by the purchaser as its own funds, and the customer takes the risk that the retailer might go bust before the value can be redeemed or the specific item delivered. If the value could be spent with any third party it would be 'open-loop' and constitute a regulated "electronic money" and/or "payment service".
At any rate, the CBI's inclusion of gift cards is consistent with the 'traditional' view of the UK's Financial Conduct Authority (FCA), for example, which includes "a closed loop gift card" amidst a more detailed explanation of the limited network exclusion (see Q.40 here). However, the FCA has just consulted on the revision of that guidance to remove the gift card example and replace it with the following explanation:
"... in our view, ‘gift cards’ where the issuer is a retailer and the gift card can only be used to obtain goods or services from that retailer are not payment instruments within the meaning of the PSRs 2017. This is because these basic gift cards do not initiate payment orders; payment for the goods or services is made by the customer to the retailer of the goods in advance, when the card is purchased from the retailer. Accordingly, this exclusion is not relevant to them."
In other words, the FCA seems to be saying such "basic" gift cards are simply out of scope of PSD2 altogether, and don't need to benefit from an exclusion. But does that include server-side stored value that can only be spent with the issuer? The analysis is also at odds with the fact that VAT is not assessed on gift card purchases, on the basis that VAT will be levied on the actual purchase of items from the retailer in due course (let's ignore 'breakage', where the consumer leaves a balance that the retailer eventually takes to revenue).
If the FCA's view becomes final, it might indeed relieve some large UK gift card programmes of the need to be registered with the FCA. But it clearly conflicts with other interpretations and may have wider consequences for the interpretation of the related definitions and scope of PSD2. The same programmes that might not need to be registered in the UK could still need to be registered in the other EEA countries where they are marketed.
Of course, issuers operating more complex programmes than gift cards could dodge the issue of whether the exclusion applies by either shutting their programmes or outsourcing them to authorised firms right now.
And those with large gift card programmes who are uncertain as to whether the programme is out of scope altogether or excluded could write to the regulators explaining the basis of any genuine belief that their programme is excluded in the hope of receiving a definitive answer (rarely forthcoming); or use the formal limited network registration process to obtain an actual decision. Crucially, however, there is no "passport" for rulings on the exclusions or scope of PSD2, and it's possible that each member state regulator might take a different view - as we'll see shortly.
All these approaches are examples of "regulatory creep", which occurs where uncertainty leads people to do more or act differently than is actually required, thereby increasing the scope of regulation without legislators having to lift a finger. It's not good regulatory practice: aside from the uncertainty, it raises issues of whether regulatory powers have been exceeded and otherwise tends to undermine the rule of law.
This matters, because limited networks with volumes exceeding €1m in any 12 month period must be registered with the local EEA financial regulator, which then has a duty to determine whether the limited network exclusion actually applies to it. All registered programmes will appear on a central EU register.