Merchants were issued monthly statements that incorrectly disclosed certain transactions. As a result, merchants were provided with information that was unclear and potentially misleading.
Decision stemming from a Notice of non-compliance
By letter dated March 2, 2016, the Deputy Commissioner advised a payment card network operator (PCNO) that on February 10, 2016, she found the PCNO non-compliant with Element 1 of the Code of Conduct for the Credit and Debit Card Industry in Canada (Code) for incorrect disclosure to merchants of certain transaction types. The incorrect disclosure was contained in monthly statements issued to merchants by payment processors hired by acquirers.
By letter dated March 31, 2016, the PCNO confirmed that it did not dispute that a breach of Element 1 of the Code had occurred and stated that it diligently ensured its remedy. It also requested that I review this matter on two grounds: (i) accountability; and (ii) adequate controls.
In my view, both grounds relate to the same issue, namely the proper scope of the PCNO’s compliance obligations with the Code as they relate to the circumstances of this case.
The background against which I have considered this matter is as follows.
The PCNO has incorporated the Code into its contracts with its participants.
Between May 19, 2011 and February 14, 2014, merchants were issued monthly statements that incorrectly disclosed certain types of transactions, contrary to Element 1 of the Code.
The PCNO does not dispute that a breach of Element 1 has occurred and has taken corrective action against the acquirer and their third party processors relating to this breach. Starting in May 2015 and January 2016, merchants have been receiving compliant disclosure of transactions by payment processors.
Applicable provisions of the Code from April 2010 to April 2015Footnote 1
The portions of the Code relevant to my analysis are as follows:
The purpose of the Code is to demonstrate the industry’s commitment to:
Ensuring that merchants are fully aware of the costs associated with accepting credit and debit card payments thereby allowing merchants to reasonably forecast their monthly costs related to accepting such payments.
Providing merchants with increased pricing flexibility to encourage consumers to choose the lowest-cost payment option.
Allowing merchants to freely choose which payment options they will accept:
The Code applies to credit and debit card networks, (referred to herein as payment card networks), and their participants (e.g. card issuers and acquirers).
The payment card networks that choose to adopt the Code will abide by the policies outlined below and ensure compliance by their participants. The Code of Conduct will be incorporated, in its entirety, into the payment card networks’ contracts, governing rules and regulations.
The Code will apply within 90 days of being adopted by the card networks and their participants. Issuers will have up to one year to re-issue cards already in circulation that contravene Element 6 or 7.
Element 1: Increased Transparency and Disclosure by Payment Card Networks and Acquirers to Merchants
The payment card networks and their participants will work with merchants, either directly or through merchant associations, to ensure that merchant – acquirer agreements and monthly statements include a sufficient level of detail and are easy to understand. Payment card networks will make all applicable interchange rates easily available on their websites. In addition, payment card networks will post any upcoming changes to these fees once they have been provided to acquirers.
Payment card network rules will ensure that merchant statements include the following information:
- Effective merchant discount rate for each type of payment card from a payment card network;
- Interchange rates and, if applicable, all other rates charged to the merchants by the acquirer;
- The number and volume of transactions for each type of payment transaction;
- The total amount of fees applicable to each rate; and,
- Details of each fee and to which payment card network they relate.
This information must be presented in a manner that is clear, simple and not misleading.
Paragraph 6(e) and section 7 of the Payment Card Networks Act (PCNA) are also relevant, and read:
6. The Governor in Council may, on the recommendation of the Minister, make regulations [...]
(e) prescribing conditions that a payment card network operator must include in any agreement entered into with an acquirer; [...].
7. A payment card network operator that is a party to an agreement containing the conditions required by regulations made under paragraph 6(d) or (e) must take reasonable measures to enforce those conditions.
Analysis and conclusions
The PCNO disagrees with the findings of the Deputy Commissioner and submits that it is not responsible for the breach of Element 1 in this case. As I understand it, it is taking the position that it took measures to comply with the Code, including by incorporating it in its contracts with acquirers and other participants. As a result, it is of the view that it should bear no responsibility for the incorrect disclosure related to transactions in merchant statements.
To address the issue in dispute, I must first consider the proper scope of a PCNO’s compliance obligation under the Code as it relates to Element 1.
An ordinary reading of the relevant provisions of the Code leads me to consider that PCNOs play a key role in its proper application and effectiveness in ensuring, among other things, that merchants are fully aware of the costs associated with accepting credit and debit card paymentsFootnote 2. Importantly, the Code discusses the scope of PCNOs’ obligations expressly. It requires that they:
- incorporate it in its entirety into the payment card networks’ contracts, governing rules and regulations; and
- ensure compliance by their participantsFootnote 3 (i.e., issuers, acquirers, etc.).
Element 1 is fairly prescriptive. It sets out specific requirements that must be met to ensure increased transparency and disclosure for merchants and clear direction is provided on the desired outcome, namely that merchant statements include specific information and details that are presented in a manner that is clear, simple and not misleading.
It is also instructive that section 7 of the PCNA – which is not yet in force – speaks to an additional obligation for PCNOs to take reasonable measures to enforce any regulated conditions against parties under contract.
Put together, these provisions indicate a regulatory scheme for the industry where the compliance role of PCNOs is front and centre. This is coherent with the important role that PCNOs play in the proper operation of the payment card network system as a whole and in the context of the PCNA framework. As with similar regulatory schemes, perfection is not the standard. The measures for ensuring compliance need only be reasonable. In practice, I see this as requiring PCNOs to apply controls that are appropriate in the circumstances to ensure that merchants benefit fully from the protections in the Code. Given how the payment card network system works, the question of what is reasonable is informed by several factors, including the specific facts of the case, the elements of the Code engaged and the risks at play (e.g., external risks relating to the business relationships and operational ones internal to the parties).
With this in mind, the next step in the analysis is to consider the PCNO’s compliance approach as described in its letter of March 31, 2016. The PCNO submits that it includes the following:
- Initial and ongoing client wide communications reinforcing the Code’s incorporation in their governing Rules and compliance guidance including clarifications issued by the Commissioner;
- Proactive compliance measures [text omitted];
- Ad hoc escalations on specific Code compliance issues;
- Responding to compliance issues identified through a number of channels; and
- Leveraging the range of enforcement tools available including the ability to impose fines for violations and the ability to impose conditions on participants who violate Code requirements. Conditions include but are not limited to:
- Conducting an investigation or onsite review at the licensed client’s expense.
- Auditing the records and procedures of any licensed client with agents at the licensed client’s expense.
- Permanently prohibiting a Merchant, Payment Service Provider, Sponsored Merchant, or any other entity, or one of its principals, from participating in the Network for any reasons it deems appropriate, such as: activity that causes the Acquirer to repeatedly violate the Network’s terms or any other activity that may result in undue economic hardship or damage to the goodwill of the PCNO’s system.
I have considered all the evidence and note that the PCNO’s compliance approach is focused primarily on managing its risks relating to non-compliance by a third party, and appears to be lacking in its approach to preventative monitoring. That said, I appreciate this is the first case dealing with a PCNO’s obligation to ensure compliance with the Code by its participants and, consequently, I feel that a certain degree of latitude may be apposite. On this basis, I find that no further action is required in this case.
I caution, however, that this should not be considered a precedent for determining whether reasonable measures have been applied to ensure compliance with the Code. More will need to be done going forward. To assist the industry in this regard, I intend to issue Commissioner Guidance and will invite the PCNOs to provide me with input on preventative measures tailored to ensuring compliance with the specific requirements under the various Elements of the Code.
Ottawa, September 7, 2016
Lucie M.A. Tedesco
Financial Consumer Agency of Canada
Report a problem or mistake on this page
- Date modified: