Earlier this year, the Bulgarian National Bank (“BNB”) introduced amendments to its Ordinance No 3 on the Terms for the Opening of Payment Accounts, Execution of Payment Transactions and Use of Payment Instruments (“Ordinance”). Barring a single exception, the amendments entered into force in late June 2019.
Most notably, an entire new Chapter of the Ordinance regulates the common and secure open standards of communication and the strong customer authentication, thus harmonizing the Ordinance with Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 (“Regulation”). The latter itself is not explicitly envisaged in Article 24 containing the EU pieces of legislation to be complied with by payment services providers, but clearly falls within the “delegated and implementing regulations” category.
The new Chapter sets the requirements regarding the interfaces provided by the payment service providers, including the general obligations for access interfaces, the requirements regarding the dedicated interfaces and the procedure for providing exception from the obligation to set up a contingency mechanism. While the requirements towards the access interfaces and the dedicated interfaces mainly refer to the Regulation directly, the contingency mechanism exemption procedure is explicitly provided for in the Ordinance. The procedure is initiated upon written application by the payment services provider. Within two months as of its submission the BNB verifies the compliance of the submission with the exemption requirements (documents and information as per items 2-8 of Guidelines EBA/GL/2018/07 are necessary). Potential irregularities in the application may be remedied by the applicant within a term set by the BNB (up to one month though). Only after that, the BNB initiates the consultation with the EBA. The exception is finally granted within one month as of receipt of EBA’s comments, but in any event not later than two months as of initiation of the consultations. In addition to the above, other changes introduced by the BNB also concern:
- the conclusion of a framework agreement for remote payment services through a qualified electronic signature (recognized by Bulgarian legislation as equal to the handwritten signature);
- conduct of a customer due diligence by the payment service providers in accordance with Bulgarian AML legislation;
- reporting by payment service providers of statistical data on payment-related frauds;
- the obligation for payment service providers to provide statistical data to the BNB regarding payment-related frauds;
- data placed on payment cards & indication of payment accounts with IBANs.