• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

Mobile payments: regulatory landscape

What is a mobile payment?

In essence, a mobile payment is a payment that is effected in a way which at some stage involves a mobile phone. This, obviously, is a very broad definition. The one thing that unites nearly all mobile payment models is that each of them contains four elements:

  • A handset (“device”)
  • An account containing the user’s funds (“account”)
  • A means of communicating the user’s desire to transfer funds (“communication”)
  • A connection to the user’s funds account enabling the transfer to take place (“connection”)

Each of the above elements can take multiple forms depending on the payment model, and the areas of regulation that need to be considered will depend on exactly how each of these elements is realised in the technological process.

Regulatory framework

It is difficult to describe in any definitive way what the regulatory regime for “mobile payments” is because there are simply so many different processes, mechanisms and technologies — or “payment models” — which fall under this often misunderstood term, each of which occupies a different place in the regulatory landscape.

There is currently no legislation which is specific to mobile payments or m-commerce, although mobile has been very much in mind in the drafting of the existing legislation, and the European Commission has plans to look at this area in more detail.

The main pieces of legislation which affect mobile payments most directly at the moment are:

  • The Payment Services Regulations 2009, (PSRs), which are the UK implementation of the Payment Services Directive (PSD) 2007.
  • The proposed second Payment Services Directive (PSD2), which at the time of writing is being considered in the European
  • Parliament. 
  • The Electronic Money Regulations 2011, (EMR2) based on the second Electronic Money Directive.

Deciding which of these pieces of legislation will apply to a given mobile payments solution will depend entirely on the particular payment model being implemented and the technological processes and money flows behind it. Deciding to whom the legislation applies is a matter of working out exactly where each entity sits in the chain of actors involved in bringing each payment model into action, and whether its function in that chain is itself subject to regulation.

One of the interesting aspects of the mobile payments area is that it brings together:

(a) Payments legislation that has been designed to allow new participants from areas outside traditional financial services into the payments space.

(b) Other areas of regulation that were previously only tangentially related to financial services, in particular regulation relating to consumers, telecoms and certain aspects of personal data (e.g., location data), which will constitute a regulatory overlay to the financial services core.

These other areas of regulation will be focused on in part two of this article. However, what follows here is a brief overview of the main pieces of payments legislation and some analysis of what these regulations mean for the development of the market.

Payment services regulations 2009

The core of the PSRs is that they provide a platform from which entities other than traditional financial services providers can become authorised to provide and execute payment services. This opens up the payments market to new players and facilitates convergence in the mobile payments space.

Will the PSRs apply?

The definition of “payment services” is broad, encompassing money remittance, the operation of payment accounts and the execution of payment transactions through a payment card or a similar device, among other things.

Even when the various definitions have been understood, however, the question of whether or not the PSRs will apply will still depend on the precise function of the relevant party. For instance, the PSRs do not apply to:

The activities of technical service providers that do not at any time hold the funds being transferred. This is likely to be a significant exclusion for many of the participants in the transaction chain who provide purely technological support (including those who provide authentication, data processing and storage services).

Payment transactions executed “by means of any telecommunication, digital or IT device” where the operator of the same is acting as more than an intermediary, i.e., is adding value in some way. This is known as the “value-add” exemption. This is currently an important exclusion as it potentially allows certain payment models to escape the need for authorisation/registration if they add some value to the transaction.

Services based on instruments that can be used to acquire goods or services:

- Only on the issuer’s premises.

- Under a commercial agreement with the issuer, either within a limited network of service providers or for a limited range of goods or services.

This is known as the “limited network” exemption.

Obligations under the payment services regime

If, having waded through the various parameters of what does and does not constitute a payment service, an entity finds that it is providing a payment service and that the PSRs do apply to it, it will have to comply with the relevant obligations imposed by the

PSRs, which differ depending on whether the entity is to be classified as an authorised payment institution, a small payment institution, an e-money issuer or a bank / building society. These obligations include the holding of capital, the imposition of certain contractual terms and various reporting obligations.

The scope of the regulations is fairly broad, and in some respects intervenes in areas that might normally be viewed as falling within the remit of contract and/or consumer rights. The requirements of the regime, plus the fact that to carry on a payment service without the proper authorisation/registration is a criminal offence, means that consideration of the precise function and nature of each entity within a payment model is crucial.

Electronic money regulations 2011

The concept of e-money is by no means new. However, the advancement of technology has broadened the scope of e-money such that it is now found in a range of different technological solutions, including some of the mobile payment models.

What is e-money and how is it different from other payment services?

By way of reminder, e-money is defined in Regulation 2 of EMR2 as follows:

“Electronically (including magnetically) stored monetary value as represented by a claim on the electronic money issuer which:

(a) is issued on receipt of funds for the purpose of making payment transactions;

(b) is accepted by a person other than the electronic money issuer; and

(c) is not excluded by regulation 3.”

Regulation 3 contains two express exclusions. These are in essence the same as the “limited network” and “value-add” exemptions under the PSD.

The interesting thing here is looking at what does or does not count as e-money as you tweak a given mobile payments solution. So, for instance, a closed loop payments system (the Starbucks app) may well not fall within the scope of e-money if the funds on the app are not “accepted by a person other than the electronic money issuer” (i.e., Starbucks itself), but as soon as you allow the app to be used outside Starbucks, or at least outside the ephemeral concept of a “limited network”, it will be e-money. Conversely, a handset used to access a mobile payments platform whereby a data connection is needed to access an online banking app will not constitute e-money (as the monetary value is not “stored” on the handset), but if you allow it to “store” value on a near field communication

(NFC) chip for those times when no data connection is available, then suddenly the regulation will take hold.

Obligations under the e-money regime

In any case, the e-money regime closely resembles the payment services regime in many respects. It too is designed to open up a branch of financial services to non-traditional financial services providers, imposing a similar regime of requirements to that found under PSD2, and with criminal sanctions attached to certain breaches. Nonetheless, for all the similarities, the regimes are different and require separate consideration.

What do these pieces of regulation mean for mobile payment models?

There are of course many effects of a set of regulations as extensive as this, but in broad terms the principal effects appear to be these:

(a) The regulatory door is open for non-banks to enter the payments market, in some form or other. The obvious candidates are those who already fulfil one of the four elements of device, account, communication and connection. For instance:

(i) The banks are already in an excellent position to take advantage of the opportunities in mobile payments: they already have the accounts and, through existing mobile platforms, the connection, and the likes of Paym add the device and communication elements.

(ii) The advent of Apple Pay is no surprise at all, given the size of the payment card database they already have in place through iTunes, and the deep market penetration of the iPhone: Apple has had all the ingredients for the four elements of communication, device, connection and (albeit indirectly) account in place for some time, plus phenomenal brand presence, and so the scene was set for them to enter the market with some conviction. However, it remains to be seen how Apple Pay will fare in the UK, where EMV is ubiquitous and card fraud is low, compared with the US where the lack of EMV means that there is a much clearer fraud-reduction business case for Apple to take to the banks.

(iii) The mobile network operators have the device, connection and communication abilities already in hand, but to create accounts that they could use for payment services purposes they would need authorisation under the relevant regime, and would have to battle with the rigors of AML regulation or otherwise team up with banks that had been through those processes already.

(b) The scope of application of the regulations will depend on the precise nature of the payment activity being facilitated. Those facilitating transactions remotely using some aspect of, or data collected by, a smartphone only as a means of authentication may well need to be authorised as payment service providers. However, where the transaction does not happen remotely but rather by virtue of a connection with a local store of funds through, e.g., an NFC chip or app, the facilitating entity is more likely to need authorisation as an e-money issuer.

(c) There will be a number of important functions in any mobile payment model which are exempt from authorisation, including many of the technology providers who provide services, hardware and/or software which facilitate payments, but never hold funds themselves. However, even these providers should be aware of the parameters of regulation so as to ensure that they do not inadvertently stray into regulated territory.

There may be many entire mobile payment solutions which need no authorisation at all (e.g., the Starbucks app) but development of these will have to be watched closely to ensure that regulatory boundaries are not crossed as new ideas on technical functionality and operation are introduced.

Conclusion: challenges and opportunities

Although the payment services and e-money regulations are a huge step in opening up the market, their complexity is such that the banks and other traditional financial service providers — which already qualify under both regimes — still have the advantage, and can perhaps afford to be more innovative and adaptive without fear of crossing over the boundary from one regime into another.

However, this is by no means to say that there is not a very significant part for others to play in this market, just that they may have to be cognisant of the interplay between product development and regulatory pitfalls. In part two of this article, we will look in more detail at how other areas of regulation around data, AML, security, payment systems and roaming are set to provide both challenges and huge opportunities for a range of players in this rapidly developing market.

For more information, please contact Chris Hill.

This article was originally published by Payments Compliance.