Skip to main content

Article (14): Obligations Towards Retail Payment Service Users

C 15/2021 Effective from 6/6/2021
  1. Payment Service Providers must be operated prudently and with competence in a manner that will not adversely affect the interests of the Retail Payment Service Users or potential Retail Payment Service Users. In addition, they must also observe and comply with the relevant regulatory requirements and standards on consumer protection of the Central Bank. For the avoidance of doubt, in case of discrepancies between this Regulation and the Central Bank’s requirements and standards on consumer protection, the respective provisions of this Regulation shall prevail.
     

Safeguarding of Funds In-Transit

  1. At no time shall Payment Service Providers hold funds of Retail Payment Service Users unless these are funds in transit.
     
  2. Payment Service Providers that settle Payment Transactions within twenty four (24) hours shall segregate Retail Payment Service Users’ funds in the following ways:
     
    1. 3.1. funds shall not be commingled at any time with the funds of any Person other than the Retail Payment Service Users on whose behalf the funds are held; and/or
       
    2. 3.2. funds shall be insulated in the interest of the Retail Payment Service Users against the claims of other creditors of the Payment Service Provider, in particular in the event of insolvency.
       
  3. Payment Service Providers that settle Payment Transactions after twenty-four (24) hours shall segregate Retail Payment Service Users’ funds in the following ways:
     
    1. 4.1. open a separate escrow account with a Bank and restrict any operations and transactions on this account save for the transfer of the deposited Retail Payment Service Users’ funds to the end beneficiary; and/or
       
    2. 4.2. funds shall be covered by an insurance policy or by a bank guarantee from a regulated insurance company or Bank which does not belong to the same Group as the Payment Service Provider.
       
    3. 4.3. While Banks, acting as Retail Payment Service Provider, are not required to establish a separate escrow account, an insurance policy or a bank guarantee to safeguard Retail Payment Service Users’ funds, a separate bank account under the name of the concerned Retail Payment Service Users must be set up for protecting the funds.
       

Transparency of Contractual Terms

  1. Payment Service Providers shall provide the terms and conditions governing their contractual relationship with:
     
    1. 5.1. each new Retail Payment Service User, sufficiently in advance of entering into the contractual relationship as to allow the Retail Payment Service User to make an informed decision; and
       
    2. 5.2. each existing Retail Payment Service User, at their request in writing and delivered as per the Retail Payment Service User’s preference, including through an e-mail, mobile application or any other electronic manner.
       
  2. The terms and conditions referred to in paragraph (5) shall be written in a clear, plain and understandable language, in a manner that is not misleading and shall be provided to the Retail Payment Service User in both Arabic and English, as may be requested by the Retail Payment Service User.
     
  3. Any changes to the terms and conditions referred to in paragraph (5) shall be communicated to the Retail Payment Service User by the Payment Service Provider sufficiently in advance and at least 30 calendar days prior to any such change becoming effective.
     
  4. A Retail Payment Service User shall be entitled to terminate its contractual relationship with a Payment Service Provider at no charge where it does not agree with the revised terms and conditions referred to in paragraph (7).
     

Single Retail Payment Service Agreements

  1. For transactions that are to be concluded under a Single Retail Payment Service Agreement, Payment Service Providers shall provide Retail Payment Service Users with the following information before the entry into a contractual relationship:
     
    1. 9.1. schedule of fees, charges and commissions, including conversion rates and withdrawal charges, where applicable;
       
    2. 9.2. contact details of the Payment Service Provider, including legal name and registered address, including the address of the agent or branch, where applicable;
       
    3. 9.3. the form and procedure for giving consent to the initiation of a Payment Order or execution of a Payment Transaction and for the withdrawal of consent;
       
    4. 9.4. the communication channel between the Payment Service Provider and the Retail Payment Service User;
       
    5. 9.5. the manner in safeguarding of funds as per Article 14(3) and (4) and Reserve of Assets as per Article 11(9);
       
    6. 9.6. the manner and timeline for notification by the Retail Payment Service User to the Payment Service Provider in case of Unauthorized or incorrectly initiated or executed Payment Transaction;
       
    7. 9.7. information on Payment Service Provider’s and Retail Payment Service User’s liability for Unauthorized Payment Transactions;
       
    8. 9.8. the service level for the provision of the Retail Payment Service;
       
    9. 9.9. information on the Payment Service Provider’s complaint procedure; and
       
    10. 9.10. the Payment Service Provider’s procedure for reporting of Unauthorized Payment Transactions.
       
  2. The information required in paragraph (9) shall be provided immediately after the execution of the Payment Transaction where it is concluded at a Payment Service User’s request using a Means of Distance Communication which does not allow for the provision of such information before the entry into a contractual relationship.
     

Framework Agreements

  1. For transactions that are concluded under a Framework Agreement, Payment Service Providers shall provide to Retail Payment Service Users the following information before the Retail Payment Service User consents to the entry into a Payment Transaction as well as at any other time the Retail Payment Service User requests this information, and within (5) Business Days of such request:
     
    1. 11.1. schedule of fees, charges and commissions, including conversion rates and withdrawal charges, where applicable;
       
    2. 11.2. contact details of the Payment Service Provider, including legal name and registered address, including address of the agent or branch, where applicable;
       
    3. 11.3. the form and procedure for giving consent to the initiation of a Payment Order or execution of a Payment Transaction and for the withdrawal of consent;
       
    4. 11.4. the communication channel between the Payment Service Provider and the Retail Payment Service User;
       
    5. 11.5. the manner in safeguarding of funds as per Article 14(3) and (4) and Reserve of Assets as per Article 11(9);
       
    6. 11.6. the manner and timeline for notification by the Retail Payment Service User to the Payment Service Provider in case of Unauthorized or incorrectly initiated or executed Payment Transaction;
       
    7. 11.7. information on Payment Service Provider’s and Retail Payment Service User’s liability for Unauthorized Payment Transactions;
       
    8. 11.8. information relating to terms under which a Payment Service User may be deemed to have accepted changes to the terms and conditions, the duration of the contract and the rights of the parties to terminate the Framework Agreement;
       
    9. 11.9. the service level for the execution of the Retail Payment Service;
       
    10. 11.10.information on the Payment Service Provider’s complaint procedure; and
       
    11. 11.11.the Payment Service Provider’s procedure for reporting of Unauthorized Payment Transactions.
       
  2. The information required in paragraph (11) shall be provided immediately after the execution of the Payment Transaction where it is concluded at a Payment Service User’s request using a Means of Distance Communication which does not allow for the provision of such information before the entry into a contractual relationship.
     
  3. Payment Service Providers shall provide Retail Payment Service Users with a written statement of the Payment Transactions under a Framework Agreement at least once per month free of charge, including details of the amounts, fees, charges and commissions, the dates and times of execution and the reference numbers for each Payment Transaction.
     

Information Requirements

  1. Immediately after the receipt of an order for a Payment Transaction, the Payment Service Provider of the Payer shall provide a receipt for Retail Payment Service Users with:
     
    1. 14.1. confirmation of the successful or unsuccessful initiation and execution of the Payment Transaction;
       
    2. 14.2. acknowledgement and reference number to track the status of the Payment Transaction, including:
       
      1. 14.2.1. the date and amount of the Payment Transaction; and
         
      2. 14.2.2. information relating to the Payee;
         
    3. 14.3. the amount of the Payment Transaction, any related fees or charges, including the actual currency and conversion rates used, and withdrawal charges, where applicable; and
       
    4. 14.4. the date on which the Payment Service Provider received the Payment Order.
       
  2. The Payee’s Payment Service Provider shall, immediately after the execution of the Payment Transaction, provide to the Payee with a statement with the following information:
     
    1. 15.1. reference enabling the Payee to identify the Payment Transaction and, where appropriate, the Payer and any information transferred with the Payment Transaction;
       
    2. 15.2. the amount of the Payment Transaction in the currency in which the funds are to be dispersed disbursed to the Payee;
       
    3. 15.3. the amount of any fees or charges for the Payment Transaction payable by the Payee;
       
    4. 15.4. where applicable, the currency exchange rate used in the Payment Transaction by the Payee’s Payment Service Provider; and
       
    5. 15.5. the date on which the amount of a Payment Transaction is credited to a Payee’s Payment Account.
       
  3. The Payer’s Payment Service Provider shall ensure that Payment Orders are accompanied by the necessary information so that they can be processed accurately and completely, and also, be easily identified, verified, reviewed, audited and for any subsequent investigation if needed.
     
  4. The Payee’s Payment Service Provider shall implement procedures to detect when any necessary information is missing or inaccurate for a Payment Transaction.
     

Protection of Payment and Personal Data

  1. Payment Service Providers shall have in place and maintain adequate policies and procedures to protect:
     
    1. 18.1. Payment Data and identify, prevent and resolve any data security breaches; and
       
    2. 18.2. Personal Data.
       
  2. Payment Service Providers may disclose Payment and Personal Data to:
     
    1. 19.1. a third party where the disclosure is made with the prior written consent of the Retail Payment Service User or is required pursuant to applicable laws;
       
    2. 19.2. to the Central Bank;
       
    3. 19.3. other regulatory authorities upon request/following prior approval of the Central Bank;
       
    4. 19.4. a court of law; and
       
    5. 19.5. other government bodies who have lawfully authorized rights of access.
       
  3. In addition to the envisaged in paragraph (19), Payment Service Providers may also disclose Personal Data to its corresponding Data Subject.
     
  4. Payment Service Providers shall have in place and maintain Payment and Personal Data protection controls.
     
  5. Personal and Payment Data shall be stored and maintained in the State. Payment Service Providers must also establish a safe and secure backup of all Personal and Payment Data in a separate location for the required period of retention of (5) years.
     
  6. Payment Service Providers shall comply with applicable regulatory requirements and standards on data protection. They shall control, process and retain only Personal Data that is necessary for the provision of Retail Payment Services and upon obtaining the explicit consent of the Retail Payment Service User.
     

Liability for Unauthorized Payment Transactions and Refunds

  1. Payment Service Providers shall be fully liable for any fraudulent or Unauthorized Payment Transaction, whether before or after the Payer informs the Payment Service Provider of any potential or suspected fraud, except where there is evidence that:
     
    1. 24.1. the Payer acts fraudulently; or
       
    2. 24.2. the Payer acted with gross negligence and did not take reasonable steps to keep its personalized security credentials safe.
       

Refunds

  1. The Payment Service Provider shall refund the amount of the Unauthorized Payment Transaction to the Payer and, where applicable, restore the debited Payment Account to the state it would have been in had the Unauthorized Payment Transaction not taken place.
     
  2. The Payment Service Provider shall provide a refund under paragraph (25) as soon as practicable and in any event no later than the end of the Business Day following the day on which it becomes aware of the Unauthorized Payment Transaction.
     
  3. Paragraphs (25), (26) and (30) do not apply where the Payment Service Provider has reasonable grounds to suspect fraudulent behavior by the Retail Payment Service User and notifies the Central Bank of those grounds in writing.
     
  4. When crediting a Payment Account under paragraph (30), a Payment Service Provider shall ensure that the date on which the amount of a Payment Transaction is credited to a Payee’s Payment Account is no later than the date on which the amount of the Unauthorized Payment Transaction was debited.
     
  5. Where an Unauthorized Payment Transaction was initiated through a Payment Initiation Service Provider, the Payment Service Provider providing Payment Account Issuance Services shall comply with paragraph (30). In addition, if the Payment Initiation Service Provider is liable for the Unauthorized Payment Transaction, it shall, on the request of the Payment Service Provider providing Payment Account Issuing Services, compensate the Payment Service Provider providing Payment Account Issuing Services immediately for the losses incurred or sums paid as a result of complying with paragraph (30), including the amount of the Unauthorized Payment Transaction.
     
  6. Other than in relation to the circumstances contemplated in paragraphs (25) to (29), on conclusion of an investigation by a Payment Service Provider into an error or Complaint, a Payment Service Provider shall pay any refund or monetary compensation due to a customer within (7) calendar days of such conclusion or instruction. In case of a delay in payment of any refund or compensation, the Payment Service Provider shall update the customer with the expected time for crediting the amount due, along with a justification for the delay.