LAW 16/2009 OF 13 NOVEMBER ON PAYMENT
SERVICES: IMPLEMENTATION IN SPAIN OF THE EUROPEAN PAYMENT SERVICES
1. SUBJECT MATTER AND SCOPE OF THE LPS (title i)
1.1. Definition of payment services
1.2. Authorised payment services providers
2. REGULATION OF PAYMENT INSTITUTIONS (title ii)
TRANSPARENCY OF CONDITIONS AND INFORMATION REQUIREMENTS FOR
PAYMENT SERVICES, TERMINATION AND MODIFICATION OF THE FRAMEWORK CONTRACT
RIGHTS AND OBLIGATIONS IN RELATION TO THE PROVISION AND USE OF
PAYMENT SERVICES (title iv)
4.1. Obligations in relation to payment
4.2. Liability for unauthorised payment
4.3. Refund of authorised payment
4.4. Burden of proof
4.5. No liability
5.2. Transitional provisions for certain
On 14 November 2009, Law 16/2009 of 13 November on payment services (the
“LPS”) was published in the Spanish Official Gazette (“Boletín Oficial
del Estado”) (the “Gazette”). The main purpose of the LPS is to
implement Directive 2007/64/EC of the European Parliament and of the
Council of 13 November 2007 on payment services in the internal market (the
“PSD”). The Member States’ deadline to implement the PSD was 1 November
2009. The LPS came into force on 4 December 2009 (twenty days after its
publication in the Gazette).
Following the spirit of the PSD, the LPS establishes a legal framework
that regulates the manner in which payment services are rendered in
Spain, the entities that are authorised to provide these services, and
the duties of both users and providers of payment services. Its aim is
to ensure that cross-border and domestic payments in the European Union
(EU) are treated in the same way.
The LPS partially implements the PSD, focusing on regulating those
provisions that must be passed in a law. The remaining provisions of the
PSD will be regulated in secondary legislation.
The text of the LPS has the same structure and contents as the PSD and
focuses on: (i) the definition of the payment services to which it
applies and the entities authorised to render them, (ii) the regulation
of payment institutions; (iii) the rules on transparency and information
requirements for payment services, and (iv) the rights and duties of
payment services users and providers.
1. SUBJECT MATTER AND SCOPE
OF THE LPS (tItLE i)
The LPS establishes that the rendering of payment services is an
activity that only certain entities can perform as a regular occupation
or business activity.
1.1. Definition of
a) Payment services for the purposes of the LPS:
(i) the deposit and withdrawal of cash in a payment account and
those transactions necessary for the management of payment accounts;
(ii) the execution of payment transactions (including transfers of
funds) through a payment account with the payment services user’s
provider or with any other payment services provider;
(iii) the execution of payment transactions when the funds are
covered by a credit line opened for a user of such services;
(iv) the issuance and acquisition of payment instruments;
(v) money remittance; and
(vi) the execution of payment transactions in which the payer’s
consent to each transaction is transferred by any telecommunication,
digital or IT device, and the payment is made through the
corresponding telecommunication, IT system or network operator,
which only acts as an intermediary between the payment services user
and the supplier of the goods and services.
b) Negative scope:
The LPS does not apply, among others, to:
(i) payment transactions made exclusively in cash;
(ii) professional physical transport of banknotes and coins;
(iii) money exchange business, when the funds are not held on a
(iv) payment transactions where the payment services provider places
funds at the payee’s disposal through the issuance of paper
documents such as cheques, vouchers, postal money orders or other
(v) payment transactions related to securities asset servicing, or
redemption or sale, by entities allowed to have the custody of
(vi) payment transactions carried out between payment service
providers, their agents or branches for their own account; or
(vii) payment transactions between companies within the same group,
without any intermediary intervention, by a payment services
provider not belonging to the same group. In connection with this
exception, although the text of the LPS is the same as that of the
Spanish version of the PSD, the English version of the PSD provides
that payment transactions between companies within the same group
must in fact be made by a payment services provider belonging to the
1.2. Authorised payment
In accordance with the LPS, the services listed in section 1.1.a)
cannot be rendered by any individual or legal entity that does not
have the status of payment services provider, or which is expressly
excluded from the scope of the LPS. As a result, the rendering of the
services is restricted to:
a) Credit institutions.
b) Electronic money institutions.
c) Payment institutions.
d) The Spanish post office giro institution (namely, Sociedad
Estatal de Correos y Telégrafos, S.A.) for those services it is
entitled to render by virtue of the specific regulations applicable
e) The Bank of Spain, as well as the national (Administración
General del Estado), regional (Comunidades Autónomas) and
local authorities (Entidades Locales), when not acting in
their capacity as public authorities.
2. REGULATION OF PAYMENT
INSTITUTIONS (tITLE ii)
Payment institutions (“PI”) are a newly created figure, different from
both credit institutions and electronic money institutions. The PI are
subject to the supervision of the Bank of Spain (“Banco de España”, the
Spanish regulator), and can be authorised to render all or some of the
payment services listed in section 1.1.a). Under no circumstances are
these entities entitled to take deposits or other repayable funds, nor
issue electronic money.
Without prejudice to the above, the PI may grant credit related to the
payment services referred to in points (iii), (v) and (vi) of section
1.1.a) if the following conditions are met:
(i) it is granted exclusively in connection with the execution of a
(ii) it is repaid within a period of no more than twelve (12) months;
(iii) it is not granted from the funds received or held for the
purpose of executing a payment transaction; and
(iv) in view of the overall amount of credit granted, the own funds of
the PI are at all times appropriate and to the satisfaction of the
Bank of Spain.
The LPS has not regulated these entities in depth, but reproduced the
text of the PSD. For those matters for which the PSD offered more than
one choice and granted the Member States sufficient freedom to choose
the option that they deemed most appropriate (initial capital, own funds,
safeguarding requirements), the LPS has left this task to secondary
legislation. Notwithstanding the foregoing, the LPS grants the Ministry
of Economy and Treasury the power to authorise the creation of PI and
the establishment in Spain of branches of PI from outside the EU (a PI
authorised in one Member State can be authorised to operate in another
following communication from one national supervisor to another).
3. TRANSPARENCY OF
CONDITIONS AND INFORMATION REQUIREMENTS FOR PAYMENT SERVICES,
TERMINATION AND MODIFICATION OF THE FRAMEWORK CONTRACT (TITLE III)
This section establishes limits to the manner in which the contractual
relations arising from a contract between a payment services provider
and a user of the same can be conducted. Title III of the PSD is careful
in ensuring the consumer protection aims are achieved and, as such, when
neither of the parties is a consumer they can opt not to apply its
The contents, the type of information, the conditions of the payment
service as it must be rendered to the payment services user, and the
time within which they must be performed are some of the matters left
for secondary legislation (until this has been carried out, among other
legal provisions, article 7.1 of Law 22/2007 of 11 July on distance
rendering of financial services addressed to consumers will apply in
connection with the distance rendering of financial services).
Nevertheless, the LPS stipulates that the burden of proving compliance
with the provisions of Title III lies with the payment services provider.
4. RIGHTS AND OBLIGATIONS IN
RELATION TO THE PROVISION AND USE OF PAYMENT SERVICES (tITLE iv)
Both the relation between payment services providers and payment
services users and the procedure for the execution of payment orders,
are regulated in significant detail.
4.1. Obligations in
relation to payment instruments
a) Of the payment services user:
- To use the payment instrument in accordance with the terms
governing the issue and use of the payment instrument, taking all
reasonable steps to keep its personalised security features safe.
- To notify the payment service provider, or the entity specified by
the latter, without undue delay on becoming aware of loss, theft or
misappropriation of the payment instrument or of its unauthorised
- In the event of unauthorised or incorrectly executed payment
transactions, the payment services user must notify its provider no
later than thirteen (13) months after the debit date, provided that
the payment services user has become aware of the transaction thanks
to the information made available by the payment service provider.
The parties can agree on a shorter term when the payment services
user is not a consumer.b) Of the payment services provider:
- To make sure that the personalised security features of the
payment instrument are not accessible to parties other than the
payment service user entitled to use the payment instrument.
- To refrain from sending an unsolicited payment instrument (unless
in case of replacement).
- To ensure that appropriate means are available at all times to
enable the payment service user to make a notification for the loss,
theft or misappropriation of the payment instrument, as well as the
means to prove that such notification has been made for the next
eighteen (18) months thereafter.
- To prevent all use of the payment instrument once notification
concerning the loss, theft or misappropriation of the payment
instrument has been made by the payment services user.
4.2. Liability for
unauthorised payment transactions
a) The payment service provider must immediately refund to the
payer the amount of the unauthorised payment transaction and, where
applicable, restore the debited payment account to the state in
which it would have been had the unauthorised payment transaction
not taken place.
b) The payer:
- Must bear (i) the losses relating to any unauthorised payment
transactions, up to a maximum of EUR 150, resulting from the use of
a lost or stolen payment instrument, or (ii) all the losses relating
to any unauthorised payment transactions if he incurred them by
acting fraudulently or by failing to fulfil one or more of his
obligations under section 3.1.a) above with intent or gross
- Except where he has acted fraudulently, the payer is not liable
for the financial consequences resulting from (i) the use of the
lost, stolen or misappropriated payment instrument after
notification in accordance with section 3.1.a), second paragraph,
nor (ii) the use of a payment instrument, if the payment services
provider does not provide appropriate means for the notification at
all times of a lost, stolen or misappropriated payment instrument.
4.3. Refund of
authorised payment transactions
The payer is entitled to a refund from his payment service provider of
an authorised payment transaction initiated by or through a payee
which has already been executed, if the following conditions are met:
(i) the authorisation did not specify the exact amount of the payment
transaction when the authorisation was made, and (ii) the amount of
the payment transaction exceeded the amount the payer could reasonably
have expected taking into account his previous spending pattern.
For direct debits, the payer and his payment service provider may
agree in the framework contract that the payer is entitled to a refund
from his payment service provider even though the conditions for
refund in the previous paragraph are not met. The parties may also
agree that the payer has no right to a refund where he has given his
consent to execute the payment transaction directly to his payment
service provider and he had received the information on the future
payment transaction at least four weeks before the due date.
In any event, the payer must request the refund within a period of
eight weeks from the date on which the funds were debited from his
account. Within the following ten (10) business days, the payment
service provider must either refund the full amount of the payment
transaction or provide justification for refusing to refund,
indicating the procedures that are at the payer’s disposal if he does
not accept the justification provided.
4.4. Burden of proof
The payment services provider bears the burden of proving that a
payment transaction was duly authorised, registered and accounted in
the event that the user denies having authorised an executed
transaction or claims that it was not correctly executed.
4.5. No liability
The LPS provides that liability established in accordance with the
provision thereunder shall not apply in cases of abnormal and
unforeseeable circumstances, which are beyond the control of the party
pleading for the application of those circumstances, and the
consequences of which would have been unavoidable despite all efforts
to the contrary, or where a payment service provider is bound by other
5. OTHER SIGNIFICANT ISSUES
a) PI are subject to the penalties set out in Law 26/1988 on
intervention and discipline of credit institutions, and to the
penalty procedure established for entities taking part in financial
markets. These rules may be extended to those individuals or legal
persons which have a significant holding in a PI.
b) Provisions under the LPS in relation to the rules applicable to
PI, the obligations on transparency of conditions and applicable
information requirements, and those concerning out-of-court redress
procedures are considered as rules of regulation and discipline for
payment services providers.
c) Those activities carried out by branches or agents of payment
services providers authorised in other EU Member States will also be
subject to the regime set forth under this section in the event that
they infringe the provisions under the LPS with regard to the
obligations on transparency of conditions, applicable information
requirements and concerning the respective rights and obligations of
payment services providers and users.
provisions for certain contracts
- Those contracts entered into by credit institutions and their
customers to regulate the conditions applicable to the rendering of
payment services now subject to the LPS will still be valid,
although they will have to be adapted to the current legal framework
within a term of twelve (12) months (eighteen (18) months for credit
or debit card contracts). Notwithstanding this, those conditions
more favourable for customers who are individuals will be applied
from the entry into force of the LPS.
- Consent: amendments referred to in the previous paragraph will be
deemed to be tacitly accepted provided that the customer has not
expressly rejected them within a term of three (3) months after the
receipt of a communication with respect thereto, or if, within one
(1) month after such receipt, the customer applies for a new service
under the amended contract. Rejection of the proposed amendments
will allow the customer to terminate the contract in force until
then without any charge.
- Subjects bound: the provisional rules set out in this section will
also be applied to those contracts entered into by currency exchange
institutions and their clients to regulate the management of money
transfers with other countries, and to any other legal entities that
were carrying out PI activities before 25 December 2007.
18 December 2009.