A7.2 Guidance

This table sets out the requirements that must be complied with by an Authorised Firm under COB section 13.5.

A7.2.1
Charges
(1) An Authorised Firm must ensure that fees and charges imposed on a User are reasonable.
(2) An Authorised Firm must ensure that the quoted currency rate, fees and charges accurately reflect the rates, fees and charges expected to be applied when the Payment Transaction is executed.
(3) The Authorised Firm must ensure, except where the payer and payee have agreed otherwise, that:
(a) the payee pays any charges levied by the payee’s Money Services Provider; and
(b) the payer pays any charges levied by the payer’s Money Services Provider.
(4) An Authorised Firm may impose a charge where a User has failed to fulfil its obligations only where the charge relates to:
(a) refusal of a Payment Order (see Rule A7.2.9);
(b) revoking a Payment Order (see Rule A7.2.10); or
(c) liability arising from the use of incorrect unique identifiers by the User (see Rule A7.2.13).
(5) An Authorised Firm may impose a charge or fee for a Stored Value redemption only where the relevant charge or fee:
(a) is agreed in the Client Agreement; and
(b) relates to early termination or late redemption (that is, a redemption that occurs more than one year after the Client Agreement is terminated).
(6) An Authorised Firm must ensure that any changes to the exchange rate are communicated to the User as soon as possible and implemented in a manner which ensures priority is given to the interests of the User.
(7) An Authorised Firm, other than a Stored Value Issuer, must ensure:
(a) any charges payable by the User on termination are:
(i) proportionate to the cost and time of terminating the relevant services; and
(ii) not imposed where the termination occurs after 6 months from the date of the Client Agreement; and
(b) any amounts prepaid by a User are reimbursed on termination.
A7.2.2
Consent and withdrawal of consent
An Authorised Firm must:
(a) recognise a Payment Transaction as a duly authorised transaction by the User only if the User has given its consent to the execution of that transaction;
(b) allow a User’s consent to be given in any form as agreed between the User and the Money Service Provider executing the Payment Transaction; and
(c) not allow the User to withdraw consent to a Payment Transaction except where:
(i) the consent relates to a future scheduled Payment Transaction; and
(ii) the withdrawal of consent is in accordance with the terms and conditions agreed between the User and the Authorised Firm.
A7.2.3
Authorised Firm’s access to Payment Accounts and information
An Authorised Firm must:
(a) access a User’s Payment Account for Payment Transactions or information only as agreed with, or with the explicit consent of, the User;
(b) ensure that access to a Payment Account is restricted to information essential to provide services requested by the relevant User and only for the time needed to provide that service;
(c) not use, access or store a User’s information or data for any purpose, except to provide the services explicitly requested by the User;
(d) ensure that a User’s security credentials are not accessible to other parties; and
(e) ensure that a contract with a Payment Account Provider includes sufficient obligations on the provider to adequately protect customer information and security credentials in accordance with this Rule.
A7.2.4
User’s access to the services
(1) An Authorised Firm may only restrict or stop a User’s access to its service:
(a) as explicitly set out in the Client Agreement; and
(b) on reasonable grounds, limited to:
(i) specific limits agreed with the User;
(ii) valid security reasons or suspected unauthorised or fraudulent use; or
(iii) a significant increased risk that the User may be unable to meet its liability to repay, where a credit line is used.
(2) An Authorised Firm must inform the User that it intends to restrict or stop access to its service and of its reasons for doing so:
(a) before restricting or stopping access to the service; or
(b) where prior notice is not possible, immediately after restricting or stopping access to the service,
unless it is unlawful to do so or there is a valid security reason for not doing so.
(3) An Authorised Firm must restore access to the service, or offer another service, as soon as practicable after the reasons for restricting or stopping use of the service cease to be valid.
A7.2.5
Obligations in relation to Payment Instruments
(1) An Authorised Firm issuing a Payment Instrument must ensure that:
(a) a User to whom a Payment Instrument is issued notifies the firm in the agreed manner and without delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the Payment Instrument;
(b) a User’s security credentials are not accessible to any Person except the User to whom the Payment Instrument is issued;
(c) no Payment Instrument is issued on an unsolicited basis except to replace an existing instrument as agreed with the User; and
(d) the User is provided with an appropriate means to notify the firm of loss or unauthorised use of a Payment Instrument issued to the User.
(2) An Authorised Firm is responsible for the loss of the Payment Instrument or of the User’s security credentials if that occurs within its control.
A7.2.6
Unauthorised or incorrectly executed Payment Transactions
(1) If an Authorised Firm is responsible for an unauthorised or incorrectly executed Payment Transaction, or for the non-execution of a Payment Transaction, and the User’s Payment Account has been incorrectly debited, it must promptly and within 3 business days put the User's Payment Account to the state it would have been had the Payment Transaction been correctly executed.
(2) An Authorised Firm may charge the User for unauthorised transactions from lost or stolen Payment Instruments up to $50, except where the User did not detect the loss prior to the Payment Transaction or the loss is caused by the negligence or wilful misconduct of the Authorised Firm’s employees or agents.
A7.2.7
Refunds and funds block for Payment Transactions initiated by third parties
(1) Where a Payment Transaction is initiated by or through a payee or a third party, the Authorised Firm must:
(a) not block funds in the User's Payment Account unless the payer has authorised the exact amount of funds to be blocked;
(b) release the blocked funds without undue delay after receipt of the Payment Order with the exact amount; and
(c) if the amount of the Payment Transaction is unreasonable, taking into account the User's previous spending pattern and the conditions in the Client Agreement, refund the User, or justify not providing a refund, within 10 business days.
(2) The right to a refund referred to in (1)(c) does not apply if the User:
(a) received information about the proposed Payment Transaction at least 4 weeks before its execution;
(b) gave consent directly to the Money Service Provider for the Payment Transaction; or
(c) requests a refund more than 8 weeks from the date the funds were debited from the User’s account.
A7.2.8
Debiting account only on receipt of Payment Orders
An Authorised Firm must not debit the User's Payment Account before receipt of a Payment Order.
A7.2.9
Grounds for refusal of Payment Orders
(1) An Authorised Firm that refuses to execute or initiate a Payment Order must, except where it is unlawful to do so, notify the User of the refusal:
(a) in the agreed manner;
(b) no later than on the next business day; and
(c) if possible, with the reasons for the refusal.
(2) An Authorised Firm, must notify the User, if applicable, of the procedure for rectifying any factual errors that led to the refusal.
(3) An Authorised Firm may not refuse to execute an authorised Payment Order except in the circumstances specified in the Client Agreement, or where execution is unlawful.
(4) Where the execution of a Payment Order is refused, the Payment Order is deemed not to be received.
A7.2.10
Revocation of a Payment Order
An Authorised Firm must allow the User to revoke a Payment Order once received by the Authorised Firm if it relates to a future transaction to be executed at least one business day after the order is received.
A7.2.11
Amounts transferred and amounts received
An Authorised Firm acting for a payer or a payee must ensure that the full amount of a Payment Transaction is transferred and received and that no charges are deducted from the amount transferred unless such charges are agreed with the payer and payee (as applicable).
A7.2.12
Value date and availability of funds
An Authorised Firm must:
(a) ensure that the date on which an amount is credited to the Payment Account of the User is not later than the business day on which the amount is received by the Payment Services Provider acting for the User;
(b) ensure that the date on which an amount is recorded as debited to the Payment Account of a payer is not earlier than the actual time at which the amount of the Payment Transaction is debited to that Payment Account; and
(c) in the case of a Payment Transaction initiated by the payee, take reasonable steps to ensure that the firm acting for the payee submits the Payment Instruction to the Authorised Firm in time to allow for the settlement to occur on the agreed date.
A7.2.13
Liability for the use of incorrect unique identifiers
(1) Where an Authorised Firm executes a Payment Order in accordance with a unique identifier provided by the User, the Payment Order is deemed to be correctly executed by the firm irrespective of any other information provided by the User.
(2) Where a unique identifier provided by the User is incorrect, the Authorised Firm is not liable for non-execution or defective execution of the Payment Transaction but must take reasonable steps to recover the funds involved in the Payment Transaction.
A7.2.14
Right of recourse
Nothing in this section restricts or prevents an Authorised Firm’s or User’s right of recourse against another person who is at fault.
A7.2.15
Incident Reporting
If an Authorised Firm becomes aware of a major operational or security incident, the firm must, without undue delay:
(a) inform its Users of the incident and of all measures that it is taking to limit the adverse effects of the incident; and
(b) notify the DFSA in accordance with the requirements in GEN Rules 4.2.10 and 11.10.7.
A7.2.16
No interest or other return permitted
An Authorised Firm must not pay any interest or other return on amounts in a Payment Account.
A7.2.17
Payment Accounts only to be used for Payment Transactions
An Authorised Firm must not permit a Payment Account to be used for a purpose other than making Payment Transactions.
1. The references to a “unique identifier” in Rule A7.2.13 are to letters, combination of letters, numbers or symbols that identify unambiguously a specific Payment Account or User.
2. A credit line under Rule A7.2.4(1)(b)(iii) can only be provided if the Authorised Firm or the other person providing the credit line has the appropriate authorisation to Provide Credit, or it is incidental to, and in connection with, a Financial Service referred to in GEN Rule 2.5.2.
3. In relation to User security credentials referred to in Rule A7.2.5, PIB Rule 6.13.3 sets out systems and controls an Authorised Firm must implement to maintain the integrity of User security credentials.
Derived from DFSA RMI267/2020 (Made 26th February 2020). [VER36/04-20]