Mind your IBANS, says CJEU

At the end of March this year, the European Court of Justice (CJEU or the Court) explained the principles behind Articles 74 and 75 of Directive 2007/64 (Payment Services Directive or PSDI) which provisions relate to payment orders effected by means of a bank transfer following the input of the incorrect unique identifier (such as an international bank account number or IBAN) by the payer. PSDI defines a ‘unique identifier’ as a combination of letters, numbers or symbols specified to the payment service user by the payment service provider and to be provided by the payment service user to identify unambiguously the other payment service user and/or his payment account for a payment transaction.

This case C-245/18 developed from a preliminary ruling request from the Tribunale Ordinario di Udine (District Court, Udine, Italy) which was made in the proceedings between Tecnoservice Int. SRL, in liquidation (“Tecnoservice”) and Poste Italiane SPA (“Poste Italiane”).

By way of background, Article 74 (which article was superseded by an identical Article 88 of Directive 2015/2366 or PSDII, which in turn has been reflected in Article 63 of the Central Bank of Malta Directive No. 1) states that:

1. If a payment order is executed in accordance with the unique identifier, the payment order shall be deemed to have been executed correctly with regard to the payee specified by the unique identifier.

2. If the unique identifier provided by the payment service user is incorrect, the payment service provider shall not be liable under Article 75 for non-execution or defective execution of the payment transaction.

3. However, the payer’s payment service provider shall make reasonable efforts to recover the funds involved in the payment transaction.

[…omissis…]

5. If the payment service user provides information additional to that specified in Articles 37(1)(a) or 42(2)(b), the payment service provider shall be liable only for the execution of payment transactions in accordance with the unique identifier provided by the payment service user.’

In a nutshell, the applicant’s debtor made an order for payment to Tecnoservice of a sum to be credited to an account with Poste Italiane. The payment order was identified by means of a unique IBAN and further included the name of the applicant company, as payee. As a matter of fact, the payor entered into the payment order the wrong IBAN, which did not correspond to payee’s account, and therefore the money was received by a third party, which was obviously the wrong recipient. The applicant filed a case against Poste Italiane, claiming that it did not check whether the IBAN matched with the payee’s name and that there was enough information for the defendant company to note that the unique identifier was not the correct one. Concurrently, Poste Italiane defended its position by claiming that it was not liable since it credited the account which corresponded to the unique identifier which was indicated on the order and that it was not obliged to perform any other checks.

The Italian referring court enquired as to what is the correct interpretation of Articles 74 and 75 of PSDI. One interpretation deems these provisions as applicable only to the relationship between the payer and its credit institution, and not to other relationships such as the relationships between the payer’s bank, the payer, the payee and/or the incorrect recipient of the money. Applying this interpretation, it follows that these alternative relationships would only be subject to national law (in this case Italian Law), which usually entails liability principles which are far wider in scope than those underlined in PSDI.

Alternatively, the PSDI articles may be understood as to apply to the payment transactions all together, in which case, the liability of the payee’s payment service provider would also be strictly linked to simple check of the IBAN indicated by the payer. In order words, the Court wanted to ascertain whether the provisions must be interpreted as meaning that, when a payment order is executed in accordance with the unique identifier provided by the payment service user, which does not correspond to the payee name indicated by that user, payment service provider liability is limited to the payer’s payment service provider alone or that such liability extends to the payee’s payment service provider.

Primarily, the CJEU outlined that, in light of settled case-law such as the Surmačs Case (C-127/14) and the DHL Express (Austria) Case (C-2/15), when interpreting an EU law provision, one must bear in mind not only its wording but also the context and the ultimate goals pursued by the rules of which it is part. The Court further noted that from the wording of Article 74(2) does not discriminate between different types of payment service providers and that in the light of that wording, the limitation of liability provided for by that article therefore applies to each of the providers involved in the transaction, not to only one of them.

Furthermore, the Court hammered home the notion that from the definition of a ‘payment transaction’ under PSDI, it becomes evident that the term ‘payment transaction’ refers to a single act as a whole between the payer and payee. It therefore follows that the provisions are not to be interpreted in a siloed manner solely referring to the individual and separate relationships of the payer and the payee and their payment service providers.

Secondly, the CJEU alluded to the latin maxim ubi lex voluit dixit (when the law wills, it speaks; when it does not will, it is silent) when referring to Article 74(2) of PSDI. The Court held that if PSDI’s objective was to limit the effects of Article 74(2) solely to the payer’s payment service provider, the relative provision would have clearly reflected this intention. Furthermore, in light of the PSDI preambles, it is evident that the overall objective of the directive is to facilitate efficient and fast processing of payments. Therefore, this tallies with an interpretation of which does not impose on payment service providers a cumbersome obligation to confirm every time there is a payment order whether the IBAN corresponds to full name of the payee.

Hence, the Court ruled that Article 74(2) must be interpreted as meaning that, when a payment order is executed in accordance with the unique identifier provided by the payment service user, which does not correspond to the payee name indicated by that user, the limitation of payment service provider liability, provided for by that article, applies to both the payer’s and the payee’s payment service provider. Therefore, to sum up, it is essential that whenever you are transferring funds from an account to another, we all make sure that we double check each and every symbol from all the 32 alphanumeric characters of our payee’s IBAN (or other unique identifier, as the case may be).

This article was first published in The Malta Independent on 4 December 2019