Bulgaria introduces more detailed rules for provision of remote and online payment services
July 2019 – The Bulgarian National Bank (the “BNB”) has recently adopted amendments to its Ordinance No. 3 on the Terms for the Opening of Payment Accounts, Execution of Payment Transactions and Use of Payment Instruments (the “Ordinance”). The new amendments bring the Ordinance in line with the provisions of Commission Delegated Regulation (EU) 2018/389 (the “Regulation”).
Among other issues, the amendments address the implications of concluding a framework agreement for remote payment services by virtue of an electronic act or with an electronic signature. In such cases, the payment service provider must conduct customer due diligence in compliance with the Bulgarian Anti-Money Laundering Act.
Customer due diligence essentially entails the identification of the customer, their ownership structure and beneficial owners (if applicable) by collecting the necessary information and documents. It may also include on-going monitoring of the respective business relationship, where necessary. In certain cases, as part of the customer due diligence the payment service provider may also need to obtain information about the source of funds and source of wealth of a particular customer and of its beneficial owners (if applicable). It is worth mentioning that the Bulgarian Parliament is currently reviewing a draft law for amendments to Anti-Money Laundering Act, which, among other things, would make possible identification of clients and verification of identification data to be done through electronic identification and trust services, as provided for in Regulation (EU) No. 910/2014.
The amended Ordinance now allows the use of a qualified electronic signature (instead of specimen signature) for the conclusion of a framework agreement for the provision of remote payment services in cases where third parties are authorised to dispose of funds from the respective payment account on behalf of the payment account holder.
The amendments also introduce a new chapter to the Ordinance dedicated to the technical standards with which the interface provided by payment service providers must comply. Payment service providers are required to maintain a dedicated interface that meets the requirements imposed by the Regulation. Payment service providers must also ensure that the dedicated interface contains a strategy and plans for contingency measures in the event that the interface does not perform as required, if there is an unexpected unavailability of the interface, or if there is a system breakdown.
The BNB can relieve a payment service provider from the obligation to maintain a contingency mechanism following consultation with the European Banking Authority if the following requirements are met:
the dedicated interface offers at all times the same level of availability and performance, including support, as the interfaces made available to the payment service user to directly access its payment account online;
the payment service provider has defined transparent key performance indicators and service-level targets for the dedicated interface;
the dedicated interface does not create obstacles to the provision of payment initiation and account information services;
the interface has been designed and tested in accordance with the provisions of the Regulation to the satisfaction of the payment service providers referred to therein;
the interface has been widely used for at least three months by other payment service providers to offer account information and payment initiation services and to provide confirmation on the availability of funds for card-based payments;
any problem related to the dedicated interface has been resolved without undue delay.
Other newly introduced changes to the Ordinance brought by the amendments include:
the obligation for payment service providers to provide statistical data to the BNB regarding payment-related frauds;
the unified obligation for all payment services providers (banks, payment service providers other than banks) to indicate the payment accounts kept by them with their respective IBANs (international bank account number);
the personalisation of payment cards.
For further information please contact Svilen Issaev, at , or Denitsa Kuzeva, at
 Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.
 Anti-Money Laundering Act, promulgated in State Gazette No. 27 of 27 March 2018, last amendments promulgated in State Gazette No. 42 of 28 May 2019.
 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
 Only payments executed from one payment account to another payment account that are both kept by the same payment service provider can be identified with unique identification numbers other than their IBANs.
By using our Website, you agree that we can place these types of cookies on your device.
If you want to restrict or block any of the above cookies, you should do this through the web browser settings for each browser you use and on each device you use to access the internet. Please be aware that some of areas of our Website may not function if your web browser does not accept cookies. However, you can allow cookies from specific websites by making them "trusted websites" in your web browser. The "Help" function within your web browser should tell you how to make these changes. Alternatively you can visit https://www.attacat.co.uk/resources/cookies/how-to-ban on how to manage cookies.