PayTechTalk 48 – PayTechLaw end-of-year review 2019

PayTechTalk 48 | PayTechLaw-Jahresrückblick 2019
Please click here and accept cookies to load the SoundCloud player.

Lex Apple Pay, online direct debits, crypto custody business, the implementation of the AMLD5, Libra and SCA: 2019 was an eventful year from a FinTech perspective. As the year came to an end, Frank Müller, Susanne Grohé and Christian Walz discussed their personal favourite topics of the past year. Below is a brief summary of those entries for those who missed these posts.

And for those of you who prefer listening to reading, have fun with our last PayTechTalk episode of the 2019. Enjoy PayTechTalk 48!

A great moment for Parliament or legislative nonsense? The Lex Apple Pay

Is the Lex Apple Pay only about Apple? In the newly inserted S. 58a of the German Payment Services Supervision Act (ZAG) companies whose technical infrastructure services contribute to the provision of payment services or the operation of e-money business, are defined as system operators. However, what exactly are technical infrastructure services? Susanne looked into how much room for interpretation there is regarding S. 58a ZAG in her PayTechLaw blog entry.

I discussed with Susanne, Kilian Thalhammer and Hanno Bender in a podcast whether Lex Apple Pay should be seen as a great moment for Parliament or whether it is legislative nonsense. An interesting discussion ensued…

Online direct debits

Since 14 September 2019 strong customer authentication has been required for certain payment transactions. The EBA had commented on what this means for SEPA direct debit mandates which are provided remotely, which would have massive consequences for online direct debits and direct debit-based mobile payments. This is why Christian and Susanne pondered the question “Is this the end for online direct debits (once again)?”, in the 33rd episode of PayTechTalk.

A further question raised was whether strong customer authentication (SCA) is required for the electronic processing of online SEPA direct debits. According to the EBA this is necessary when setting up an online SEPA mandate as this constitutes an action which bears the risk of payment fraud or other abuse within the meaning of Article 97 (1) (c) PSD2. In her entry, Susanne looks at the EBA’s answer in more detail and what it means for online SEPA direct debits.

Then, finally BaFin provided some clarification and we all breathed a sigh of relief: It stated that strong customer authentication for online SEPA direct debits is only required when setting up SEPA direct debit mandates if it is a mandate within the meaning of the SEPA rules.

Crypto custody business and the AMLD5

Towards the end of the year, it was mainly Frank who was kept busy with crypto custody business issues. In our 44th episode of our PayTechTalk podcast, which is a co-podcast with our colleagues from Payment & Banking, Frank talked to Kilian Thalhammer, Hartmut Giesen and Martin Kreitmair about news regarding crypto regulation.

The Act regarding the “Implementation of the Amending Directive to the fourth EU Anti-Money Laundering Directive” sounds less exciting than it actually is. This is proved by our 46th episode of PayTechTalk which deals with crypto custody business as a new financial service in the German Banking Act (KWG). Frank talked to Hartmut Giesen about crypto custody business and the amendments to the KWG in connection with the implementation of the fifth Anti-Money Laundering Directive.


It goes without saying that Facebook’s currency Libra has kept our PayTechLaw team on their toes. Susanne started off with an entry in which she provided a simple explanation of the Libra cryptocurrency. Additionally, Frank, Susanne and Hugo Godschalk discussed Libra’s macroeconomic implications in a podcast. Hugo Godschalk contemplated whether the world needs Libra as a new global currency and if Libra constitutes a new currency or rather a new worldwide payment system on a blockchain basis. PayTechLaw also considered whether Libra is e-money or rather a virtual currency.

Strong customer authentication / SCA

After the European Banking Authority (EBA) had caused somewhat of a stir with one of its answers in the Q&A tool (see Susanne’s entry on The future of online SEPA direct debits), and BaFin had already published a notice (see “Strong customer authentication for online SEPA direct debits”), the EBA published its clarification around the middle of the year: in accordance with this, the setting-up of a SEPA direct debit mandate does not require a strong customer authentication if the institution where the payment account is being kept is not involved.

The podcast is in German.


Cover picture: Copyright © PayTechLaw

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like