Snatching victory from the jaws of defeat, the United Kingdom and the European Union finally agreed a trade deal at the end of last year, just when the Brexit transition period expired. Although some commentators had retained a forlorn hope that financial services would be on the table, and that ‘passporting’ rights currently enjoyed by UK firms could continue, nothing of the kind materialised.

What was left was an unfair situation in which financial service firms from the European Economic Area could notify the Prudential Regulation Authority and the Financial Conduct Authority of their intention to subject themselves to the ‘Temporary Permissions Regime’ (TPR) and benefit from some ‘grandfathering.’ This allowed their passported activity to continue in January, while the EEA had made no reciprocal arrangement for British firms that had been doing business within its ample borders. There is talk of ‘equivalence’ assessments and a Memorandum of Understanding to be agreed between the UK and the EU by the end of March; it is anyone’s guess what this will entail.

In the run-up to the expiry of the Brexit transition period, I saw many firms heed the warnings from the European Supervision Authorities and the PRA/FCA and make plans for the UK’s departure from the European Union, the better to help their businesses continue. In most cases, the firm in question did this by setting up a separate legal entity in another EEA jurisdiction and obtaining authorisation from the regulators to allow it to continue to operate in that jurisdiction and 'passport' its services all over the EEA. If the firm was already established in this-or-that EU country as a branch, the regulators were likely to make a fairly straightforward decision. If, however, the firm had no permanent, physical presence in the EEA and operated solely on a ‘cross-border’ basis it was, in my view, questionable whether such action was necessary.

As head of the Passport Notification Unit at the FSA for a number of years, and having worked closely with the European Commission’s Payments Committee in drafting and publishing passporting guidelines for payments and e-money institutions prior to the PSD2 (the second Payment Services Directive) and the Passporting RTS or regulatory technical standards, I can speak on passporting matters with some degree of experience.

Smoke and mirrors?

So the big question is, were some cross-border passports – or ‘notifications under the freedom to provide services’ – ever really needed? Now, I’m not suggesting that passporting was simply a cottage industry grown by the regulators, or that there were no genuine situations where notification was required.

No, I’m simply challenging some of the core principles that have somehow been forgotten over the years. Let me take you back to 1997 and the publication of the European Commission Interpretative Communication on ‘Freedom to provide services and the interest of the general good in the Second Banking Directive’ (97/C 209/04). Although this is more than 20 years old, the European Commission let everybody know, when finalising PSD, 2EMD and PSD2, that the document was still relevant in the present day because payment services were/are part of the list of passportable activities in Annex I of the Banking Directive (and its re-cast successors) and, as such, to be read across to payment and e-money institutions. What, then, does it say that is so interesting?

The communication itself is concerned with the circumstances in which a services passport notification might be made. I have set out below some relevant extracts.

• “It is necessary, therefore, to 'locate' the place of supply of the future banking service in order to determine whether prior notification is required.”
• “…in its opinion, only activities carried on within the territory of another Member State should be the subject of prior notification. In order to determine where an activity was carried on, the place of provision of what may be termed the 'characteristic performance' of the service, i.e. the essential supply for which payment is due must be determined.”
• “This line of reasoning is aimed merely at establishing whether prior notification is necessary.”
• “A bank may have non-resident customers without necessarily pursuing the activities concerned within the territory of the Member States where the customers have their domicile.”
• “Lastly, the provision of distance banking services, for example through the Internet, should not, in the Commission's view, require prior notification, since the supplier cannot be deemed to be pursuing its activities in the customer's territory.”
• “The Commission considers that the prior existence of advertising or an offer cannot be linked with the need to comply with the notification procedure.”

My summary is that it was the place from which the supply of services took place that dictated whether a passport notification was required. Therefore, if no passport was required, irrespective of whether one was actually made, then no authorisation of any kind should be required after Brexit.

I am not a lawyer, so feel free to challenge my logic. Interestingly, however, the FCA’s Perimeter Guidance, PERG 15.6, sets out whether a foreign payment institution that provides payment services from a location outside the UK ought to be authorised in the UK. This also cites the aforementioned Commission Interpretative Communication and concludes by stating “we would not generally expect a payment services provider incorporated and located outside the UK to be within the scope of the regulations, if all it does is to provide internet-based and other services to UK customers from that location.” The situation for EEA firms that want to provide services in the UK would appear to be clear.

Reverse solicitation

Unfortunately, not every EEA member-state agrees with the ‘characteristic’ test favoured by the European Commission, instead following a ‘solicitation’ test. Basically, this means that if one reaches out across borders to ‘solicit’ a client in another EEA state, one needs a passport notification.
However (a common word when speaking of EU legislation and regulations!), some transactions can be initiated through reverse solicitation i.e. exclusively at the direction and discretion of a European client. This scenario is set out in MiFID II rather than PSD2 but, although it is not stated explicitly, surely there should be some read-across.

What to do?

Before the Brexit transition period ended, we read press coverage of British banks notifying customers in certain jurisdictions of the closure of their accounts due to Brexit. I suspect that these jurisdictions are places where people were applying the solicitation test.

There is, unfortunately, no list of EEA Member States that tells us whether they favour the characteristic performance test (per the Commission Interpretative Communication) or the solicitation test. As a result, there is no clear indication of whether British firms might be free to provide services in the EEA on a cross-border basis, in line with the characteristic performance test. There is, though, at least a valid argument to support the idea that a firm might nevertheless choose to provide services on this basis. Ultimately, though, the best defence for such a course is likely to be a legal opinion in the jurisdiction(s) in which the firm intends to provide services.

* James Borley can be reached on 0203 457 3177 or at james.borley@compliancy-services.co.uk