Facebook: a limited network exemption in the Netherlands?

Here is a brief post, to alert professionals in the field to the fact that Facebook Inc has in the Netherlands been registered as an exempt institution out of scope of the payments directive based on the article 3k/3l in the PSD2:

The filing occured in february 2020 but it is not the only entry in our registers. The same company holds an incoming EU-license, originating from Ireland, to do payments business as a cross-border service. So there is a generic incoming payments license (see the blog here), the discussion on Libra/Calibra (see here) but also a local exemption.

What is the exemption all about: origins

When we go back to the original legislation we see the PSD2 having an exemption for small scale payment methods. 

This exemption dates back to the e-money directive of 2000 which stipulated a waiver for small scale appearances of e-money. 

And this waiver was born out of the understanding of supervisors that it would not make sense to go about checking all kinds of sports events, local stadiums or situations where owners of closed loop ecosystems offered digital forms of money on cards. It specifically took out campus-money systems as too irrelevant to be concerned about. Although also those campus systems were bound to rules as to refunding on request, proper contractual arrangements and limits on the devices.

Exemption in practice for Facebook: for gaming

The register seems to outline in-gaming payments as the focus for the exemption: 

Facebook provides an in-gaming payment service which enables Facebook users to purchase digital content within online games.

Now, as I don't know the details of the mechanism at play, nor the considerations of the regulator, I do wonder how this works. Does this mean that if Facebook puts in place a closed loop payment environment for games, they steer away from all regulation? Regardless of their worldwide scope?

I don't think this was really the intention of that exemption, so I am a bit puzzled here. 

Or is it a crypto-asset?

The next question is: would it perhaps fall under the definition of crypto-asset of the recently proposed EU legislation:"

(b) ‘crypto-asset’ means a digital representation of value or rights, which may be transferred and stored electronically, using distributed ledger or similar technology;  

Technically I would say yes, because similar technoloy in terms of distributed ledgers is a wide concept, effectively encompassing all ICT-tooling available. But the jury is still out of course.

Where are we heading with Facebook in Europe?

While we can fuss about the small print, as above, I think the regulators would be well advised to look at the broader picture. Facebook has a bad track record in terms of supporting proper communication, democracy and being responsible to parliaments. It violates EU privacy laws and is taking the EU to court to push away that problem.

Meanwhile all the stablecoin reports have a huge red bulb flashing: watch out for worldwide bigtech platforms doing their own payment think and destabilising economies. Don't let them move. With the result that Facebook quickly rebranded its Libra initiative into a different name (separating profitable single wallet business from the dead-on-arrival Libra-long term identity play - see 3 blogs here).

Of course I might be missing something here in the picture. But if anyone can explain why it would make sense to exempt inpayment gaming payments on worldwide Facebook as a limited network, I am open to ideas.

 

Perspectives on (Ca-)Libra #3: Why the Libra is not e-money (on the history of e-money and stablecoins)

Quickly after the announcement of Libra, I, stated that Libra could not be viewed as e-money. Now has come the time to explain my earlier analysis (of June 2019) as to the organisational set up and regulatory qualification of Libra.

Libra is a privately issued and distributed digital  and virtual ‘currency’, that is intended to function as a means of payment. It is not a true currency because its actual composition/counter value is a basket of fiat-currencies and financial instruments. It is not e-money as the Libra is not ‘monetary value’. The digital value qualifies as a financial instrument (a mini-participation in an open ended investment fund) and is used in an open source payment instrument, to be used for payment and acquiring. Both payments and securities legislation apply, as well as the relevant competition and consumer protection rules. 

The Libra association is a manager of the governance and operational arrangements and activities that come with using the virtual currency Libra and participating in the Libra (payment) scheme. This Libra scheme is a private and commercial arrangement which:
- defines a unit of account for a new virtual currency: the Libra,
- defines the asset mix that backs one currency unit,
- lays out the distribution and management rules of the currency units and reserve funds,
- lays out commercial rules and does a private placement to further promote the use of the Libra by giving them away (for free or at a discount). 

Definitions of e-money and term: monetary value
The reason why Libra, as a basket of different currencies, cannot be considered e-money is that it doesn't qualify as such under the definition as it is not monetary value. And to comprehend the definition we must understand that the e-money directive has had a first version and that the European Central Bank was clear on its analysis. E-money is a fiat currency in a digital shape and must be treated as such in terms of: reporting requirements for monetary aggregates, redeemability (at par), assurance that customer fiat money equivalent was kept safe etcetera.

The definition and use of the term 'monetary value' in the first version reflects that all we could think of was digital tokens that one-on-one reflected the physical or existing scriptural account-money forms. This is particularly clear from the consideration 19 in the Opinion of the central bank on the first draft directives.

What we can see here is a central bank ensuring that redeemability against the fiat currency is obliged, in combination with a definition of e-money which does not allow offering e-money at a discount:

"electronic money" shall mean monetary value as represented by a claim on the issuer which is:

(i) stored on an electronic device;

(ii) issued on receipt of funds of an amount not less in value than the monetary value issued;

(iii) accepted as means of payment by undertakings other than the issuer.

Redeemability

1. A bearer of electronic money may, during the period of validity, ask the issuer to redeem it at par value in coins and bank notes or by a transfer to an account free of charges other than those strictly necessary to carry out that operation.

To me, the full analysis and reasoning behind the e-money rules, can only mean that e-money thus covers the 100% forms of convertible fiat currencies. The whole regulatory construct and monetary safeguards in the e-money directive wouldn't work for other constructs. Also, the idea of issuing anything else than a digital equivalent of fiat-currency would have been hypothetical.We are talking the days that each digital player would seek maximum acceptance of the public of any new forms of payments, by piggy-backing on the trust/security mechanisms of the fiat instruments. Introducing a non-fiat-related digital currency was just a step too far and it's not what the E-money directive was meant to support.

When the second e-money directive came in and was aligned with the EU payments directive, it changed some of the structure and definitions. The ECB opinion as to redeemability and monetary matters remained unchanged however, so in essence the rules are still of the same construct. E-money means a one-on-one converted form of existing fiat money and all kinds of monetary statistics, redeemability etc are still in place for the wide variety of mechanisms that now use this regulatory avenue.

We must also understand that at that time we were nowhere near the existence of worldwide consumer platforms with such inherent power to dictate an alternate currency alongside fiat currencies. But now we do have those, including one that tries to issue and launch a Libra. Given the EU e-money directive however, the only reason this Libra would qualify as e-money is when it would be a 100% EU currency backing the Libra. As this is not the case, the Libra will not qualify as e-money.

Should we adapt the EU definition for e-money then?
In theory one could argue that the e-money definition needs adjustment in order to allow the Libra basket of currencies to be regulated. But this doesn't make sense from a financial instruments/securities perspective.

Whenever you dilute a 100% currency basket in the users own currency towards a different asset base, you reform the token at hand into a investment basket. The user is exposed to an additional form of currency and counterparty risk, which does not exist when using the 100% e-money form. Of course the issuer of the financial instrument can proclaim the new asset base to be stable. Or almost stable, but the rules of the financial instrument game are different. If you issue such combinations of assets, you must warn the user of risks, assess whether he/she may be up to the investment/risks that they are taking and so on.

Not obliging Libra to have to do so would be creating an uneven playing field towards all kinds of other providers of financial instruments that equally seek to provide their financial services to customers via a similar asset package that can be bought in tiny portions. In addition, the monetary concerns involved in overissuance of the e-money product may go beyond the geography of the central banks involved as monetary authorities in the currency basket. Merely allowing a basket of currencies as backing for an e-money product would not be consistent with the ECB analysis on relevant monetary considerations and rules to ensure financial stability.

So, as stable as you may give your product a name or try to sell it to the public or regulators, all regulatory and market experts know that no currency basket will ever be stable. Effectively, suggesting the fact that it would be stable for the end-user would be mis-selling of the product, misleading the consumer and what have you. So name it stablecoin as you like, but it remains a risky participation in an investment fund/currency basket. And all rules under EU securities to such investments do apply. Meaning disclosure rules, but also rules as to who can trade/distribute this instrument. It will not at all be open to trade for everyone, without restrictions.

Does paying with Libra involve a payment instrument then?
Next up is the question what exactly qualifies as a payment instrument in the Libra setup. In my view the financial participation is a digital asset/financial instrument. And of course, if you wish, such an instrument could be used to pay. Rather than sending someone digital fiat currencies, the provision of the tradeable digital financial instrument would consist the payment. The payment with Libra would thereby be a payment in kind, as if I exchange a bread for a bottle of water.

So is there a payment instrument involved and where is it?

Next up is the question if we can see a payment instrument, a payment order and a payment transaction under the Payment Services Directive, leading to the placing, transferring or withdrawing of funds. I think the main idea in this respect is to take the intentions of Libra to serve as a worldwide payment system as a starting point. This means we will have to take a close look at the question if tools are provided to the user (yes) meaning those tools (wallets) may qualify as payment instruments, if they move funds, which are defined as:

banknotes and coins, scriptural money or electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC;

If the Libra is not banknotes and coins nor eletronic money, we only have the wonder if it could qualify as scriptural money. But this is indeed where it becomes a bit complicated. As the ECB put it, when advising on the Payment Services Directive:

12.10 The term ‘scriptural money’ is used in the proposed directive without being defined, e.g. in Article 3(b), Article 4(8) of the proposed directive and paragraph 7 of the Annex to the proposed directive. It is suggested that a definition of scriptural money should be established (in the definitions article), bearing in mind that only central banks and credit institutions (which include e-money institutions) may hold such funds.

So we have two options. We could consider the Libra issued by Libra association to the Libra association members (who are all registered security companies, allowed to offer, trade and sell financial products to the public and each other) a form of scriptural money. This is not illogical, given the explicit intentions of the Libra association and it would require the regulatory flexibility to allow for a self issued unit of account / securities product to be viewed as a form of money.

The other option is of course to not view the Libra as scriptural money and not apply the Payment Services Directive to a payment instrument which has a worldwide scope and impact. Although this may sound illogical, it is not illogical at all. The apps and tools that are used to pass on the Libra to other consumers would still have to comply with all securities related regulations. Users would have to sign up, pass suitability tests, issuers, brokers and exchanges of the Libra would need to have their MIFID licenses and such, so the customer would still be protected.

The exercise does show however that the Libra association has had little consideration to the relevant EU requirements and definitions when choosing Switzerland as their jurisdiction. Their guess may have been that they might be able to convince the local regulator to bend the rules a little, but the choice of a currency basket (and financial instrument structure) effectively deters its worldwide inclusive use for cross-border payments. Alternatively, a choice for a single currency basket might work, which would make it regular e-money, to which the PSD and all kinds of KYC/AML rules apply. Yet, this would mean that there needs to be a single issuer in the business model, as the reselling of e-money is prohibited under the EU regulations.

It is this considerable ignorance of relevant EU rules that has made it clear to me that Libra and Facebook will at no point in time be able to make their business model work. A brief visit to any innovation hub at any central bank would have made the above inconsistencies clear, but they apparently chose to ignore this. And the reason may be that the Swiss policy papers on stablecoins may have provided them with the impression that there was some leeway here. But even the relevant local supervisor has explained to them that both securities and payments legislation applies and that their business model will not work.

Then again, this is Facebook, pushing and moving so why could they have been so wrong in their assessment?

My hunch is that Facebook have applied a US centric approach to the whole regulatory debate on issuance of stablecoins and forgot how the regulatory regimes between EU and US differ. But for that I refer to the PS.

The main conclusion for now is: Libra does not qualify as e-money and the transfer of Libra might constitute a payment transfer, depending on the view one has with respect to the application of the word scriptural money under todays context.

February 5, 2020


PS. Regulatory regimes for stablecoins (US) and e-money (EU)
To put this in perspective for US readers, I want to shed a regulatory light onto the difference between stablecoins and e-money and the relevance of 1990s legislative landscapes in the US en Europe with respect to payments. The background against which the e-money directive was being developed here in Europe, was one in which - just as now - all over the world, people were thinking about the best forms of regulation of a new phenomenom: e-cash: electronic cash or Internet cash.

At that point in time I worked for the Dutch central bank and I investigated the difference between the existing regulatory regimes in Europe and in the US payments (see the American Law Review article here). And the big thing to take away here is that:
- the US had both banking supervision laws and money transmission laws,
- Europe did not have money transmission laws and only bank supervision regulation (somewhat harmonized under EU rules).

The consequence of this difference is that the US regulators had a clear money transmission framework that they could use, to apply to new forms of Internet payments and digital coins. In essence they all proclaimed new internet payment stuff to be some fort of money transmission, either by their design or by their nature. And thus: the regulation of those new forms of payment was easily done. No change in laws was required.

In Europe, there was no uniform payment legislation on a European scale. Different member states had different local rules on payments. We had to have a euro in place and many years of deliberation before we even ended up with a harmonised Payment Services Directive in 2007. So we had no payments legislation but we did have some form of e-cash begging to be regulated somehow. As the ECB had clearly outlined its concerns in this respect.

So the fierce debate in Europe was: should e-money be considered the functional equivalent of banking?

The main reasoning was: upon issuance of an e-money token of 1 euro, the issuer receives one euro of the public. This means attracting deposits from the public, which is part of the banking definition. Whereas central banks and Ministries of Finance felt this way, the Ministries of Economic Affairs succeeded in convincing them that an intermediate, light-weight banking regime should be set up. So we got an E-money Directive, creating EU license regimes for organisations that issue electronic money to the public, upon receipt of regular fiat money, which electronic money is then used for all sorts of payments.

The digital e-money had to be issued and redeemed at a 1 on 1 level (at par) and the e-money organisation had to safeguard the full reserve in a separate financial vehicle (or insurance arrangement). No license would be given if the safeguards weren't in place, so this means that the European e-money regime boils down to a regulatory regime which safeguards e-money. Or, what most US people would view as stablecoins (digital tokens, to be issued, traded, sold and transacted on the basis of an at-par rule with the original fiat currency).

Now back to the US. Initially the US payments regulation thus seemed well suited to adapt to new technologies. The birth of the bitcoin and other currencies created an issue. In essence, the US regulators didn't care to define a separate token or form of e-money into their payments regulation. They just stated that virtual currencies were a form of currencies and hence the money transmission regulations should be in place somehow.

Therefore Tether and TrueUSD are registered with the Fincen, but without the legal European safeguards in place to guarantuee the peg. Then again the New York bitlicense regime does have those safeguards, but it is clear that no US regime for stablecoins exists. We can see that the US now lags in regulatory terms. It has fragmented state laws on payments, where EU caught up with harmonised payments legislation and harmonised e-money legislation. And the European e-money regime is essentially the unified EU stablecoin regime for tokens that seek a 1-1 peg with a fiat currency.

So what's up with the Google-licenses

Last weeks, we hear all kinds of stories on the Google-license, so let's have a closer look.

Google already has a license since 2007
Most people forget this, but the earliest register entry for Google dates back to 2007 for E-money, and was handed out to Google Payment Limited in London. I blogged about it then, and since then we could see a Google Wallet in the works, Google bucks. The register of the FCA/FSA still has the entry here, demonstrating that it was effective until 19/5/2011. The brand name in the register is for Google-checkout.

Passporting
Then from 19/5/2011 onwards there is the next register entry (with the register later being handed over to FCA by 31st of March 2013). The register entry is still for e-money with passports to other countries. These passports date from 18-5-2011 as our Dutch e-money register shows and the firm is also licensed to perform payments under the PSD1 definition. Offering additional PSD2 services is not part of this license.

As for trading names the FCA entry shows Google Wallet is used from 4-1-2013 to 23-1-2018 and since 20-2-2018 it has the brand names: Google Pay and Google Pay balance in the register as well. So the sum entry of all brand names in the UK register is:

• Google Pay,
• Google Pay balance,
• Google Checkout,
• Google Payment Limited,
• Google Wallet

Brexit coming: seek refuge
Now, with the Brexit coming up, there is of course the question how to manage future uncertainty. Many players have been trying to solve the puzzle and my assumption is that the recent moves towards Lithuania and Ireland are Brexit-related. Lithuania is quickly becoming a hot spot for e-money licenses and taking over the dominant role of London in this respect. The license there will allow Google to continue operating in the e-money and payments domain and also offer Payment Initiation and Payment account services.  This makes Google Brexit-proof and PSD2-proof.

Also, we should note that Lithuania does a nice job in offering a digital form of license as well. Have a look at it over here.

When checking the Dutch register, I noted that there is no passport for the Lithuanian entry, but still the UK one. I expect however that the new passporting will become effective in a couple of months, so Google can continue its operations in the EU, now under the Lithuanian passport rather then the UK passport.

As for Ireland, the license is limited to issuing payment instruments and accepting payment transactions, which would point to the fact that Ireland may be the corporate base that also has a role in shaping the future payments infrastructure for Google. It also suits the concept of PSD2 that one has to get the license in the country where it is also used.

Conclusion
Google is since many years in the payments domain and treading carefully, applying different concepts and such. They made themselves Brexit and PSD2-proof by moving to Lithuania (where they are still wating for the passport procedures to finalise) and created additional future business flexibility by applying for payments issuing/transaction acquiring in Ireland.

Facebook obtained its e-money license : is it the gamechanger for the bigtech disruption of finance ?

About three weeks ago, Facebook has obtained it's e-money license in Ireland. This was in the making since early 2014 and it begs the question whether or not this will mark a big shift in the banking landscape.

Bigtech going for finance?

One could argue that the move by Facebook is another of many steps of big tech players moving into the financial arena and disrupting the financial sector. Where Google has lead the pact from London (with a license in 2007), Amazon chose Luxembourg (license in 2010, passport-out in 2012). With Facebook going down the same path, could we expect Apple or Microsoft to also set up their e-money institution?

My guess is that the bigtech will indeed all move towards some form of e-money license in Europe. It will allow them a direct billing and payment relationship with their customers as well as a role in terms of payment provider for their platforms and services. This is not to say that they will move there fast. If I'm correct, my Google account payments still do not flow via their e-money institution but via a normal bank.

Now, if this happens indeed, will the bigtech further move into financial services or just stick with digital cash and consumer credit?

Bigtech won't dive deep into finance

I don't expect the bigtech to move into full finance for many reasons. We've seen some of the current players moving still quite slowly and sticking to the straightforward business of e-money.

Moving towards other business lines leads to increased complexity and regulatory burden. Bear in mind that the future revenue opportunities for financial institutions as a whole are quite limited and not so attractive. Finally, financial institutions are often held to a higher standard with respect to maintaining their customers privacy, whereas customer data are the lifeblood for Bigtech.

Further move towards less-cash society

The main impact of bigtech going e-money will therefore be the acceleration of our move to wards a less-cash society in which strong brands, platforms and retailers issue their own payment instruments and digital cash. From the outset, Facebook cash could become a big hit as it has the user base, a regular usage pattern for its users and the possibility to best integrate it's e-money functions within their own platform

Only time will tell whether Facebook is also viewed by the public - reputationwise - as a partner to be trusted with your money. But we can rest assured that their offerings will certainly contribute to a less-cash society.

Where and how to look for innovation in payments ?

This week I had the pleasure of joining a panel on retail payments innovation as a part of a seminar by van Doorne and Innopay on the Payment Services Directive and the future changes for the payment industry. Panel chair Gijs Boudewijn challenged me to formulate some thoughts on the future direction of retail payments. I answered that the best place to look would be in places and via perspectives that we could be overlooking right now.

1. Is it access to the account or a traceable id that matters?
There is a lot of discussion on the text of the second Payment Services Directive and on the legal and technical mechanisms that are required to make access to the account work. Due to their origin, these discussions are quite bank centric and the implementation issues surrounding this topic will drain a lot of resources of many players involved.

While being busy with this PSD2 issue, we may overlook the fact that all one really needs is a simple chip-id. In the Netherlands for example, one could use the chip-id of public transport ticket issuer TLS as a basis for use in hip and new proprietary retailer/consumer applications. These would combine the chip-id with an intelligent voucher/billing/customer system that utilises SEPA-direct debits in the back-end. It would provide a smooth customer and retailer experience while the bank only sees regular transactions.

My proposition here is that if we're all looking towards access to the account as the hot spot for innovation, we may be looking in the wrong direction. It might be more about the traceable id.

2. The retailers have landed in an interesting position
In his tomorrows transactions blog Dave Birch referred to an analysis by Peter Jones from PSE on the impact of the interchange fee regulation, published in the Journal for Payments Strategy and Systems. The main conclusion of it was that financially the retailers are the winners by getting a cap on their fees. I agree with that and would be inclined to broaden this perspective.

By tradition banks were the players with the monopoly on payments technology and security knowledge. Even in the 1980s, the collective of retailers in the Netherlands had done a feasibility study to set up their own Point of Sale system. This showed they could set it up for € 5 million euro but they didn't want to take the risk of it failing. So they left it to the banks (to complain about high fees later).

Since that time, the knowledge on processing and payments has become available to a wide range of players, to the extend that banks are now lagging in expertise and capability (while being locked into old technology solutions). The consequence is that retailers will be well able to develop or use in-house apps, customer relation services and payment mechanisms that use the bank infrastructure, without being subject to the rules of the Payment Services Directive.

The main development is therefore that the obliged intermediary role of banks in providing payment mechanisms is gone and will erode. Retailers can regain their customer relationship by themselves or in cooperation with any other ICT-provider that allows them to identify the customer and provide a processing infrastructure. Some interesting innovations can therefore be expected at the outer boundaries of the PSD, as a consequence of the possible exemptions.

I expect both physical and e-retailers to use the non-bank, non-payment space that the PSD defines to achieve exactly what they're after: increased customer retention, increased conversion and a smooth payment experience. Bottom line: we might better be looking outside of the PSD to see innovation in action.

3. On ledgers and tokens
As a final thought I would encourage everyone to try a different mindset for the developments that we are witnessing. Because in essence, anything that happens (in payments/retail) boils down to either tokens (coins, notes, points) or ledgers (private or public). Now let's see what happens if we apply this framework.

We might then appreciate the bitcoin emergence as an innovation in the area of collective ledger provision with distributed trust. We could reposition Linked-In as a privately owned, open and self-administered ledger, that logs individuals achievements that are relevant in the work domain. The same would hold for Facebook and many other e-commerce companies. We would call banks the keepers of the trusted and well protected financial ledgers and would also note that in the public domain, a whole range of ledgers are being interconnected for the sake of security, anti-fraud measures etc.

We could also look at the world of tokens, in its many variations. Tokens of shopping behaviour (saving points), tokens of access (tickets), tokens from government (coins and banknotes), tokens of appreciations (awards, prizes) and tokens that prove identity or personal characteristics. Some of those tokens might be valuable and lead to a change of some of the ledgers, while others would have a role in their own right (voucher for a free coffee).

While it is clear that there are quite a few interesting new developments in the ledger-space, could it be that it is the token-domain where the true action is going to be ?

Payments as an afterthought
In sum: the non-bank, identity-based, non-regulated commercial domain might well be the area where we can see innovations that show us how today's technology can be made to work best so that payments become the afterthought that they are.

The bitlicense: current state of thinking in New York

A week ago, the New America Foundation organised a meeting (Cryptocurrencies, the new coin of the realm) on the topic of virtual currencies and regulation in New York. Some news bulletins picked up on the meeting and the future New York Bitlicense regime. The good thing is that the New America Foundation has streamed the whole event, so it allows me (and you) to listen first hand to the speech by Benjamin M. Lawsky, Superintendent of Financial Services, New York State Department of Financial Services (DFS).

I will outline some of the highlights of his contribution below as I think that the New York discussion represents a good example of the issues at stake when it comes to regulation of Bitcoin. I expect to further touch on those issues in my contribution to the Bitcoin Pre-conference expert session of the EPCA-summit in Brussels (March 12-13).

Open source code currencies and open source code regulation
In his speech, Lawsky outlines the current remit of the NY department of Financial Services. It acts as the supervisor for money transmission companies in New York. The DFS-starting point is therefore that in some instances dealing with virtual money may effectively constitute money transmission, which needs to be regulatred. This is similar to the approach in the FINcen guidance of one year ago.

The New York regulator chose to emulate the open source code approach of virtual currencies. And thus, Lawsky refers to the DFS-approach as 'open source code regulation': regulation based on a public exchange of thoughts, allowing the best insights to be used. Given their current remit, the main idea is to see where the money transmitter rules need to change in order to suit the nature of virtual currencies.

As for the further process in 2014, Lawsky explained that the DFS will move towards further regulation this year and will most likely hold a  market consultation for the proposed regulatory framework for companies that want a so-called 'bit-license.'

What will the bitlicense be like?
When listening to the speech, my impression is that the core fundamentals of the bitlicense will be:
- very strong customer disclosure, requiring companies to outline that transactions are irreversible and that the digital currency may be very volatile,
- a strict adherence to know-your-customer requirements, essentially demanding that anti-money laundering rules are adhered to,
- a robustness/capital requirement, ensuring that the company will be able to withstand some of the market shocks that may occur when dealing with volatile digital currencies/commodities,
- safety and soundness requirements, ensuring a certain quality of operations and consumer protection.

As for the nature of capital and collateral requirements, the DFS is still wrestling with the concept of virtual currencies. This has to do with the angle and object of regulation. While it is easy to require capital safeguards for banks that deal with attracting and lending money, this is harder to apply for companies that issue, distribute or redeem virtual currencies.

Similar questions arise when defining the scope of transaction monitoring. Should only the purchase and redeem-transactions be subject to rules or does the supervision extend to a full transaction logging of all transactions with the virtual currency? Should those transactions be in a public ledger and to which extend can they be anonimized?

Step-up regulatory approach with a safe harbour
Although the DFS is still contemplating its exact licensing regime, I expect it to also contain a safe harbour provision. This would allow companies that comply with customer disclosure and know-your-customer rules, to continue to operate, while further obtaining the full bitlicense. Such a regime would assist in lowering the barriers for virtual currency platforms/traders/exchanges and create an easy entry towards the proper regulatory regime.

Lawsky outlined that the regulator prefers companies to be in his state and regulated, rather than driven off-shore. A safe harbour rule helps achieve that and fits a model where a light-weight, low-barrier entry model is developed to prevent legitimate providers from leaving the jurisdiction, while creating a sufficient barrier for the illegitimate players in the market. This is also a realistic approach considering the alternative channels for illegitimate behaviour: cash and banks. In the words of Lawsky:

Let's be frank: a lot more money has been laundered through banks than through virtual currencies'

Boldly go where no man has gone before?
I commend the DFS for their open minded approach to the topic of regulation of virtual currencies. I do disagree however with one of the remarks of the Superintendent. He outlined that regulators are in new and unchartered waters when it comes to virtual currencies.

I don't think they are.

Since day and age, people have used all kinds of symbols, coins and means of representation of goods that worked fine for transferring ownership of property. We created a number of laws and institutions to ensure these property rights and a fair treatment of parties to certain contracts. In doing so we were able to move from coins to paper-based money to deposit accounts. At the same time we created digital representations of shares, bonds, IOUs and agreed that ledgers at private companies and government institutions could officially represent a claim on goods, services, bits of land, anything.

Then, when it comes to new forms of money, we also have recent experience. In the late 1990s we witnessed a very similar type of discussion on bank supervision and specialised supervision regimes for new forms of 'electronic-money' as it was called in those days. It took some time and deliberation to get to grips with pre-paid digital representations of fiat-currencies, but we found our way in the end.

The challenge: finding the right regulatory framework
The true challenge is to first consider the fundamental nature of virtual currencies and then determine the appropriate regulatory framework. In essence, the DFS is doing the reverse as their starting point is their existing legal competence as supervisor of money transmitter businesses. While there is a lot of logic to it, it might be useful to reconsider alternative types of regulation that exist.

It's my hunch that perhaps an exchange/trade oriënted regulatory framework might make more sense as the basis for regulation, than the money transmitter framework. So that is what I will explore in my next blog.

Towards a more flexible approach of authentication

In July last year, the European Commission published a proposalfor a revised Payment Services Directive (PSD). The proposal draws on the work of the SecuRePay forum of supervisors and requires ‘strong customer authentication’ when a payer initiates an electronic payment transaction.

Strong authentication
Strong authentication is defined as a procedure for the validation of the identification of a natural or legal person based on two or more elements categorized as knowledge, possession and inherence. These elements are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.

The concept of strong authentication is in itself nothing new. What is new however, is its appearance as a detailed regulatory requirement. So far, both the Payment Services Directive and the Electronic Money Directive contained a more generic requirement for licensed operators to demonstrate that their governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate. This allows for a system wide supervisory review of risks and security measures.

The current approach in both the envisaged PSD and Recommendations of the supervisors in Europe is however to take out and stress one element of the risk/security puzzle. This approach may turn out to be counterproductive and be an impediment to achieve retail payments that are as secure, efficient and as frictionless as possible.

Different market approaches to customer authentication
Traditionally the banking sector and card schemes have played a major role in the payments industry. For a long time they acted as the main channel through which new technological developments were introduced. In this process, strong authentication in a range of countries became a standard for use in payments. Further security measures for use in transactions over the Internet were then being developed as an add-on to the basic design.

More recently, Electronic Money Institutions (EMIs) and Payment Service Providers (PSPs) have entered the payments value chain using the Internet as their basic transaction processing initiation channel. As a result, their approach to payment security tends to be based on a variety of methods, to be able to counter a range of attacks associated with this inherently unsafe environment. PSPs have had to move very quickly up the e-payment security learning curve and found out that they must remain vigilant with respect to new threats. PSPs are consistently using additional information (geo-location information, IP address matching, IP address pattern detection, industry blacklists, comparison against a customer’s existing “profile” etc.) to validate the interaction with a user.

There is still much to gain by combining the expertise of both the “classic” and more recently-established providers of payment services. Customers will be using all kinds of devices as a service entry point; this requires a flexible approach to authentication. Rather than two-factor authentication we could speak of multi-factor authentication, which would include the specific user-payment service provider interaction context. But that is not all.

Stuck with two-factor customer authentication?
The analytical flaw that underlies the SecurePay recommendations is its strong focus on too detailed a part of the business and security process: customer authentication. Of course this is quite an important element of the transaction process, but the overall security of (mobile) retail payments is always achieved by a proper combination of security measures.

Customers, devices, processes and issuers should all be authenticated properly. And any risk control structure does not just rest on authentication but on a wide array of logical and functional controls. These controls may sometimes be labeled: 'fraud detection' but the quality of the risk prevention that they achieve can be just as good as one of the classic factors, that are not in the definition of strong authentication.

It is evident that new authentication measures and security challenges are being used and developed to achieve a level of security in retail payments which is contingent on the risks that are relevant in the user-transaction-device context. We can witness this in the bank, card, Internet and mobile payment domain. As these developments occur, it is unwise to freeze one detailed building block of security measures into a regulatory requirement. This will skew the market into less efficient and more cumbersome customer experiences, while technically not necessarily safeguarding a strong level of security.

In particular the mobile domain allows for a wide array of additional capabilities to achieve the security levels that supervisors desire. It would therefore be wrong to make the low-value threshold of the PSD the dividing line between strong and alternative customer authentication measures. A better approach is to link the degree of authentication to the degree of risks and the further security measures that are in place. This will allow the market to develop solutions that achieve both ease of use to the consumer and the desired level of security.

A more future-proof approach
It is not unlikely that the envisaged inclusion of a detailed requirement on strong customer authentication may distort the current market developments rather than allow for further innovation and market development. A more future-proof approach is desirable.

In my view such an approach would be to allow for a broader 'multi-factor authentication' which includes authentication based on the user-interaction context. In addition it would be good to recognise that the quality of some of the security measures which are often labeled: 'fraud detection' may have become such that they achieve a similar level of security as the traditional authentication factors.

We should also allow alternative authentication mechanisms to be used, dependent on the risk involved, rather than a certain value threshold. It would then be up to the supervisors to make the context-based and risk-based assessments on the whole array of security measures as a part of their supervisor reviews.

This approach should ideally be complemented by excluding todays specific definitions of strong authentication from the wording of the Payment Services Directive and replacing them with a generic reference to the relevant security recommendations.

The result would then be that we will have a clear and flexible security requirements framework in Europe that sets the boundaries within which the market can futher innovate and develop.

Bitcoin legal classification in Germany: much ado about ... ?

These days I noticed an interesting discussion in my Twitter time line and on the web on the fact that the German government has 'recognized' Bitcoins (even as legal tender, as cnbc reported for some time). There were many reports on the matter, outlining that Bitcoin is apparently gaining further acceptance among regulators. But as the reports were a bit confusing I felt it would be good to track the sources.

German MP Schäfflers enquired about tax-treatment for Bitcoins
It turns out that a German MP, Frank Schäfflers, has been asking his Ministry of Finance how the taxation rules applies in situations where people use Bitcoin as an instrument of trade/payment. And later on he asked a follow up question whether or not the use of Bitcoins as a payment mechanism would be exempt from VAT (as is the case with German legal tender). Here is the link to the source documents.

The German Ministry of Finance outlined in its response that:
- commercial transactions where bitcoins are being used for payment, have the tax regime on the basis of the transactions' commercial nature; so the use of bitcoins doesn't disturb the regular taxation rules,
- goverment agencies are still discussing how to tax the value increase of bitcoin holdings over a year,
- bitcoins are not legal tender, nor e-money, but a form of private currency which classify as 'Devisen oder Rechnungseinheiten': under the German supervision law (article 11, sub 7).

The Rechnungseinheiten can be translated as unit of accounts, but the explanation of the German Ministry of Finance is that this definition covers - amongst others- all private currencies or units of accounts which are not based on legal tender. Essentially is a catch-all definition to capture any sort of privately agreed payment mechanism that can be used in multilateral clearing or settlement.

The regulatory logic: classification rather than recognition
While to the observer it may appear that the German regulator is leapfrogging into the modern world by outlining the status of bitcoin, the reality may be less exciting. The German Ministry of Finance merely outlined how, given the existing rules on taxation and payments, bitcoins qualify under their supervision law. This is rather a technical exercise and it can be seen that only for income tax issue (what to do with bitcoin holdings that change in value), they haven't yet got an answer.

So yes, the bitcoin has a legal status, but then again: any new development, instrument or technology already is subject to the law book. The fact that the Ministry has now pinpointed the article of the law book where they think the object fits, may therefore not be so spectacular.

If we look at the Netherlands, a similar situation appears. Anyone is free to determine whether to exchange services by paying for them or by using other forms of payment. . I could buy a bread in exchange for washing a car. And if the bakery would accept bitcoin rather than washing their car, it would work as well. The use of bitcoin can be considered payment in kind. Given this regulatory payment mode, our legal system is already recognising alternative forms of payments.

The same holds for the taxation part. The VAT rules on services do not change if the payment leg of my transaction is different. And the income tax rules don not change either. The Dutch rules state that if you hold something which has value, it must be registered on the tax declaration. In this declaration, the bitcoins in a wallet thus show up as the money in my bank account does.

As for the legal tender part of the discussion: I view that as an overrated concept. While in earlier times, the concept of legal tender meant that the other entity in a transaction had to accept the notes and coins, this obligation has been struck out of our Dutch law book many years ago. But it still lingers in the mind of many people and may of course in some other countries still be more relevant.

Future developments
What I find most interesting about the news is the quick and fast coverage that new forms of payments and regulation get in the media and with the public. We can see that the developments are positioned as the story of the recognition of bitcoin by the regulator or as the coming of age for bitcoin. Regardless of the angle of these reports, it is clear that things are happening and moving in the area of private, digital, distributed currencies. And it will be interesting to see this area develop further.

The ECB-report on virtual currency schemes: some reflections

The last month, the ECB published a report on virtual currency schemes. I have been reading this with great interest as it signals the involvement of the central banks in a new area: virtual currrencies. The relevance of this report must therefore not be misunderstood. We should remember that in 1994, the EMI-report on pre-paid cards signalled the start of the regulation of prepaid-cards and electronic money products. And in a similar style, this report may become the starting point for regulation of virtual currencies.

In general, central banks are to be commended for monitoring the developments in the area of money, retail payments and near-money products. If you're a central bank, an institution that is responsible for true money, than it it always good to know what other forms of money are in circulation. And as such the report of the ECB demonstrates that the European central banks are alert.

Analytical basis could improve
I must say however that I was also somewhat disappointed. The analytical framework presented in the report is a bit shaky in my view.  It does not rest on the nature of the subject discussed (virtual tokens and currencies), but on how they are 'regulated'. As an approach, I find this little convincing. Furthermore I noted that 'unregulated' is not defined. Does it mean that central banks or supervisors are not involved or that no regulation applies at all?

As an alternative I would point out the possibility of using frameworks suchs as this one (taken from the American Law Review):

It is interesting to note that the empty box in this table can now be filled with: Bitcoin as an example of a system where money can circulate freely without returning to a central mint.

Which electronic tokens are currency of money and which are not?
The ECB distinghuishes between three virtual currency types, in terms of openness of the systems involved.

Type 1 is a closed link system in which the digital tokens are only usable in the system itself. The example the ECB provides is the World of Warcraft Gold. And although the picture suggests that there is no link to the real economy, the ECB notes: However, there seems to be a black market for buying and selling WoW Gold outside the virtual currency scheme. If Blizzard Entertainment discovers any illegal exchange, it can suspend or ban a player’s account. 

Type 2 contains systems where users pre-pay services of a supplier in the form of private issuer tokens such as facebook credits. And type 3 systems are open systems of privately issued tokens/currency that can be bought and sold. It is in this category that bitcoin and Linden dollars are placed.

What is lacking in this model, is the Type of model 1b where there is no formal buying or selling of tokens, but there is a relation to the physical world. It is the world of loyalty points and tokens, which can be earned and redeemed, but never exchanged for money itself. The ECB places these under the category II.

It appears to me that in doing so, the ECB doesn't distinguish sufficiently between loyalty tokens and payment tokens,which each have a different role to play in the business model of their issuer. An alternative table might have been:

	User cannot buy tokens at all (loyalty-type)	User earns tokens and can buy additional (hybrid of loyalty/payment)	User buys and sells  tokens (payment-type)
Tokens used in digital issuer-domain only		World of Warcraft	World of Warcraft Lynden Dollar
Tokens used in digital or physical issuer-domain only	Starbucks	Nintendo Points -Digital Payment loyalty schemes for single retailers
Tokens used at other entities than the issuer	Frequent Flyer Programmes	Frequent Flyer Programmes	Bitcoin, e-money on mobile phone's

The missing element: mobile money
What intrigues me is that the digital money on mobile phones is not a part of the discussion. It is by its definition (an exemption in the e-money directive) an unregulated form of digital money. Yet, the ECB has been so long accustomed to the strange sequence of events that made the European Commission decide that money on antenna's of MNO"s is not electronic money, that they forgot to include it in the analysis.

The reputation argument.....
Finally I noticed that the ECB finds, that if these virtual currency schemes (however defined) grow too much, they might give rise to a reputation issue for the central banks. Here again I think the analysis is a bit too strongly worded. Central banks can simply outline their scope of work and responsibility by stating that they  are not in any way responsible for money that they didn't issue and supervise. By clearly and repeatedly informing the public of this fact, the public can then choose to take a risk with the virtual currencies or stay out of them.

Yet, I wouldn't be surprised if this reputation argument (or a comparable public policy objective: transparancy) becomes the main angle from which future supervision of these schemes will be justified.

Google Wallet roll out.... without Google Bucks

It's about five years ago that I discovered, by accident and curiosity, that Google Payments Limited had applied for an e-money license at the FSA. Ever since, people have been wondering how Google would enter the payment space. Would they offer a wallet with virtual cards or would they issue their own new virtual worldwide currency (googles, googlets or gees)?

In good tradition, Google started out doing field tests with the wallet (which would sit in the mobile phone) and announced this in May 2011. The wallet was to contain your credit-card cards as well as a google-pre-paid card. And payment was possible with Paypass while the wallet would also facilitate the savings of loyalty-points. The card information was stored in the Secure-SIM-element in the phone and they experimented quite a bit since then.

So where do we stand now?

Well, the Google Wallet is now being rolled out and the Google development team sent out this video to further explain the wallet concept and roll-out. The most important change is that they decided to move the card-information to the cloud. This allows the Wallet to be used both via Phone and via the Web, with all your card details and important digital documents (ID's, transit pass etc) residing in a safe digital environment. So their distribution model for the application is now changing to making APIs available so that merchants and issuers can easily integrate the Wallet in their site/services.

As such, we can thus see Google moving into an integrators role, rather than a payment instrument issuer role. In fact, at some point in time, the company thought about issuing Google Bucks, according to Eric Schmidt, but abandoned the plan. The concept would consist of a “peer-to-peer” money system by which users seamlessly transfer cash to each other via a hypothetical application. However, various laws about currency and money laundering in different parts of the world made this too complicated to realize.

For now, the peer to peer payments in the Google Wallet are no longer on the agenda. And from a historical perspective (see my other blog) I think it is a good choice. Yet.... one of the developers did mention on this subject: it's impossible for now, but stay tuned for some announcements in the future.

So, are we still in for a surprise here?

Digital Money Forum 2012... 15th anniversary and lively as ever

The Digital Money Forum is an event that this year reached it's 15th anniversary. And a special event it is. My previous visit to the Forum was probably some ten years ago, when everyone was pretty much into the e-money way of life. But technology, money and society continue to develop and that's where Dave Birch and his team of Consult Hyperion come in. In setting up the forum they provide for a lively and thought-provoking event where money is dealth with from all different angles. And as before, it was a pleasure to participate.

So this years event was special in many ways. We all got a better look at the evolving phone payment landscape, delved into possible future scenario's for the world and money, we spoke about the future and death of cash, about social inclusion and lots, lots more. And, quite fascinating, I got to issue my own currency, PunkMoney, via Twitter, by promising the developer, Eli Gothill, two beers and a financial history tour in Amsterdam.

A bit more on the principles of Punkmoney (as I understand them). If we look at money it is an invention to facilitate transactions in society. But before the official money we had mutual obligations and trust relations in society. I would help my neighbours out with building their house, assuming they would do the same for me, in time. And so on. So there was this web of mutual obligations and promises that cemented the relations in society.

Now what Punkmoney does is to leave all the monetary issues and digital money aside and elegantly replicate this web of promises. With some rules as how to form proper messages, Twitter as the carrier and a software enige that scans twitter for any promises of Punkmoney. And when it finds one, it registers it and there you have it. Not the real money, but something even better: real promises. Just as trustworthy as... yourself.

After Punkmoney, we moved on to another kind of money. Monopoly money, sitting on a Samsung phone (with an application neatly developed by Easan).

Six teams on six tables started playing and as for me personally, I was literally quite lucky. I landed on 3 airports in the beginning of the game, won some lotteries and eventually turned into a big shot property owner. I turned out to be the winner of the competition, with an awesome price: this incredibly beautiful banknote (an official German forgery of a UK 20 pound note; part of the Bernhard operation):

Some more on that will follow on my financial history blog later.

Finnius conference on e-money

As some of you may know, I have had quite an interest in electronic money in the Netherlands in the past. And yesterday I had the pleasure of visiting the conference on e-money by Finnius. The conference was concise and clear with talks by Andries Doets on the regulation and a speech by the supervisor (DNB: De Nederlandsche Bank). This provided a good overview of rules, exemptions and clarified the role of DNB.

After the beautiful and energizing musical break (Duo Sottovoce) Casper Riekerk moderated a discussion that focussed on business models and the difference between paper-based and digital electronic money. The panel and audience agreed that the margins in the e-money/payments business are quite slim, certainly given the rule that the float cannot be used for other purposes (which happened when giftcards where still paper-based).

At the end, following a suggestion by DNB, the thought of setting up a representative organisation for e-money issuers in the Netherlands came up once again. So perhaps we will see a new organisation emerging as a result of this conference. Time will tell.

Personally I couldn't help thinking that quite a lot of effort by the supervisor is spent on values and amounts of e-money that are irrelevant, compared to the busloads of similar-type payments via mobile phones and Ov-chipcard (exempted from regulation). It is clear that both market and supervisors have digested and codified this exemption into their rules/system. So no one questions it (if anyone still remembers the history of this exemption).

But it remains a paradox for someone like me, who witnessed and joined the discussions on e-money dating from the rise of e-cash and Mondex. It was in particular the digital forms of pre-paid e-money that raised the awareness and need for legislation on e-money. Everyone got a head-ache when they thought of a situation in which money (and goods) were digital. Because this would create a situation in which central banks in the end will not know any more how much money is in circulation. And consumers might see their digital cash disappear if it was not secured properly.

So the headache lead to the legislation on e-money. And when introduced, supervisors decided to create an exemption for precisely that form of money that made us develop the legislation in the first place.

As such I think the whole e-money debate is quite an interesting casebook example of the Politics of the European Union.

E-money: an innovation revisited...

I think it is fair to say that technology and payment innovation occurs in several 'rounds'. It's sort of a boxing game where enterprises seek their niche in terms of consumer/company services but also in terms of regulatory niches. This holds true in particular for the domain of e-money.

Some fifteen years ago (I feel quite old when writing this) the buzz was all about Mondex and e-cash: two new e-money schemes. The development of these schemes coincided with the increased use of the Internet as well as the use of mobile phones. And there was a lot of debate on which rules to apply. Should e-money issues become banks or not. I remember setting up a specific branche-organisation (11a2: here's the old website) and conference on that specific issue.

While in this first round it appeared to be the case that anyone using digital coins for consumer payments needed to be regulated similarly, it turned out in a later round of regulation that some industries, notably telco's and transport companies, succeeded in convincing the regulator that their consumer money was not the same as the consumer money in banks. And this lead to a reshuffle of all kinds of regulations to allow for this.

The regulatory developments of 2011 essentially mark the conclusion of this second reshuffling round of regulation on e-money. And the industry has adapted in the meantime and is now looking forward to the new challenges, as we see the further development of mobile phone's, tablets and many other exciting new opportunities for e-money.

Should anyone be interested in the current state of affairs of the European e-money market or regulation I would warmly advise to sign up for the e-money conference of the Electronic Money Association (EMA). All players are there and all topics are on the table.

History (of e-money) repeats itself... central bank alert on crowd-funding.... and (still) missing the real issues in the market..

One of the major challenges for central banks and supervisors is to appreciate new technologies and to decide their policy stance on the subject matter. Currently we are witnessing a case of 'history repeats itself' here in the Netherlands, as the central bank, DNB, has informed the public that it will look out for instances of crowd-sourcing. They mean the situation that a group of people pre-pays the production of a book (tenpages.com), film or anything else. And suggest that this is the equiuvalent of attracting deposits (a bank activity), which therefore warrants a closer look by the supervisor.

I dare to disagree and would suggest DNB to reflect on their policy stance and take a closer look in the mirror and in their own recent history (of electronic money). When the first instances of e-money occured (on chipcards: Mondex and in software: e-cash), central banks were keen to quickly state that this was needed to be subject to bank supervision. This resulted in a clash between supervisors and European Commission (that wanted to stimulate competition and that viewed the vision of supervisors as protective). With the Electronic Money directive as the result, that outlined that issuers of e-money (regardless of technology) needed to be subject to supervision.

Since then, we have seen a number of initiatives with respect to e-money, varying from Paypal (now a bank) to Wally, global payways and what have you. Here in the Netherlands (just as in the UK) a separate organisation was set up to represent those issuers of e-money: http://www.11a2.nl. And whoever takes the time to read through their website will find out that the central bank itself was inconsistent in their supervisory approach. In principle, anyone issuing electronic money, was to be subject to bank supervision. So that would also apply to the digital funds, used for mobile phones and digital mobile services. Yet, in response to the lobby of mobile operators, DNB (and later even the European Commission) created an unequality in the market by saying... e-money should be supervised, unless it's e-money for mobile operators. And some more years down the road, they also used tiny holes in the E-money directive to not supervise the Dutch public transport company Translink, with all the requirements of the e-money directive.

Let's review the developments and arguments once again. The main issue here is: who's paying for what? Is the transaction that I am doing a prepayment for a specific good, or is it the purchase of a digital amount of money (or coins, or beenz or what have you) with which I can purchase a wider variety of goods, even goods from someone else than the person to whom I made the prepayment. In the case of crowd-sourcing on tenpages.com, it is clear that the customer does not prepay for any book, but for a specific book. So to call this deposit taking would be silly and no banking laws should apply. Yet, the central bank/supervisor seriously wants to delve into this issue, by going for crowd-sourcing.

Now let's take a look at the situation that I purchase a digital fund: to use on the mobile phone or in public transport. It looks to me that this is so close to money, that you would want the supervisor to take a good look at it. And since 2000, there have been numerous incidents in the Netherlands with a whole range of providers and users of these digital tokens. Over and again, the mobile operators have developed codes of conduct, rules, call centre's and what have you, to make sure that the unasked  provision of paid sms's (reverse billing) would not lead to phone users who suddenly see their phone-money disappear. While the level of annoyance has changed over time, the essential bottom line is that if treated as regular payment mechanisms under the current European Payment Legislation (Payment Services Directive) these services could not exist in this form any more. And a similar thing holds true for the transport company translink. They made a technical system in which the security is insufficiently guaranteed and money is deducted too easily from consumer accounts and cards. So there is actually a real case for concern by the central bank/supervisor. Yet, the supervisor sticks to the old adagium that these do not fall within the definitions and are thus not subject to supervision.

If we further evaluate the role of De Nederlandsche Bank, as a supervisor, we can see they failed big time over the last years, as they didn't succeed in properly monitoring DSB Bank, De Hoop and Icesave (all banks failed). For that reason, parliament has been digging into the topic and the Ministry of Finance and DNB have promised it will organise a change in culture, a change in approach. At the core of this change, we should expect a more self-critical approach in which policy stances are not developed in line with the managerial group-think or in response to lobbying by important stakeholders in the market, but as a result of an assessment of what is at stake essentially; trust in payment systems and any entity providing payments or banking services to the public.

While DNB tries to convince the public over and again that times have now changed and they have reinvented themselves with a new organisational culture, their unchanged policy stance on e-money issuers demonstrates that this is far from true. And although none of the exempted e-money issuers have caused a failure, big enough to worry parliament and society, one might view the current troubles at the OV-chipkaart company, as another demonstration of the failure of the current (failing) supervisory approach by DNB. It is stunning to see that DNB seeks to further investigate legally irrelevant crumbs of crowd-sourcing while missing the leaking boat of OV-Chipkaart/Translink company that is in everyones face nowadays and while ignoring the undermining spinoff that is created by phone companies that handle money (and customer complaints) with a different quality level than justified.

So this leaves us with a public opinion, parliament and Ministry of Finance believing things are now proceeding nicely and on track with DNB as a re-invented, more focused and less obedient supervisor, with the evidence of the opposite being ignored. It is interesting to see when this will further evolve. My guess is that eventually we will see a white washing scam where an actual terrorist attack appears to have been funded by money which has been transferred by mobile phone services (using anonymous top-up cards in country A to demand empty 'premium services' from country B). Yet, by that time, there will be no one around who is politically relevant today, so that means our future politicians can then blame the former politicians, ministries of finance, and supervisors.

And the world keeps on spinning.

Back to the future with peer to peer coinsystem for the internet... or merely a scam?

It's not clear to me whether BitCoin is a serious system or merely an interesting way to create money with people who still believe in these kinds of systems. Non-centralized payment systems with digital coins in my view have a tendency to not be possible/workable. So I'll leave it at this pointer only to find out in some 15 years time that I may have misjudged the new paypal here... ;-)

Dutch contactless chip (OV Chipkaart) in trouble

Hello there again.

As you can see from the dates on the blog. I have been out for a while, taking a good number of sabattical years off and enjoying myself with other stuff than payments. But developments here in the Netherlands remain entertaining enough to take up some blogging. No too much, because I shouldn't overdo it.

Hottest news here in the Netherlands is that last week the OV-Chipkaart once again became the subject of media attraction as a tv program explained how to crack the card. A free program to increase the credit on the card became available and known through Geenstijl. And contactless card readers got sold out, even via the Internet.

So discussions in parliament and media once again occured and the province of Zuid-Holland decided to not completely migrate to the OV-Chipkaart but allow the old Strippenkaart to be used. And the Dutch Parliament did not wish to discard the whole project yet. Still, we should note that this is all not really new: already since 2008 the dutch newspaper Trouw decided to open a separate corner in their website for the 'Drama' of the OV-chipkaart.

Translink systems formally claim they can handle the frauds and point to the fact that also bank cards are prone to attack/fraud (forgetting to mention the differences in financial and technical impact). So thay play it all down. But we keep on discovering unintended or hidden consequences. For example: the sigar/tobacco shops that used to sell the strippenkaart found out sme serious financial impact of decreased visitors to their shops. And the new OV-chipkaart loading machines that some install in their shops, don't give as much kick-back as the strippenkaart.

Now, this is quite a nice time to have a renewed look at the cost benefit analysis of the OV-chipcard. Effectively the business case gets a bit worse, because there will not remain a lot left of the 'income' made by the reduction of fraud or 'grey' travel (possible with the Strippenkaart and assumed to be non-existent with the OV-chip). This is calculated as a benefit of between 380-500 million euro. Also the re-use of OV-chipkaart in other applications would give benefits of 100 million euro. So we'll be seeing a slow meltdown of the business case of the OV-chipkaart.

So while the business case is slowly fading into the sea, what in the end may make or break the card is the consumer-side of things. For example, right now, the handling of consumer complaints in case of forgetting to check-out, is near to disastrous. So there is not much of a warm feeling with the Dutch citizens with respect to this card. Also, in practical terms, the card doesn't completely do what its predecessor can. Try taking a group of people (of a school class of 14) to the ZOO and you'll discover the hassle soon enough.

It's a matter of time before we'll move on to the next generation or next system. And with this experience of a non-bank issuer/provider of payments means, perhaps the public will now more appreciate the quality of service that they are used to from their bank-issuer provided system.