BELGIUM Law and Practice Contributed by: Joan Carette, Philippe De Prez and Thomas Derval, Simont Braun
PSD3 and the PSR, which have not yet been formally approved, aim to enhance and clarify the open banking framework established under PSD2. They are designed to deepen and improve open banking by specifying technical and operational requirements, strengthening customer control over data sharing, broadening access to payment infrastructure, and enhancing protections and harmonisation across the EU. 11.2 Concerns Raised by Open Banking Certain concerns have been raised due to the open banking requirement, regarding data protection risks, security measures and the risk of cyber-attacks on third-party applications and/or APIs, for example. These concerns have also raised the question of liability should something go wrong regarding any of the above aspects (liability of the PSP or of the relevant TPP). Regarding data privacy and data security concerns, it is generally agreed that PSD2 and GDPR are jointly applicable. Furthermore, a high level of security of financial and operational systems has become a key element. Regulation has also placed some liability with the PISPs, which are subject to an obligation to insure themselves. PSD3 and the PSR are expected to strengthen this framework by clarifying technical and operational requirements, providing a clearer liability framework between PSPs and TPPs, enhancing oversight of third-party providers, harmonising rules across mem - ber states and reinforcing customer control and con - sent. Together, these measures aim to make open banking safer, more transparent and more reliable.
Depending on the facts, fraudulent conduct can be prosecuted under technology- and payment-specific offences, including computer fraud (Article 504quater) and the offences relating to fraud and counterfeiting of non-cash means of payment, as clarified/updated by the Act of 12 July 2023 transposing Directive (EU) 2019/713. Generally, victims of fraud press charges with the police but scammers and fraudsters are rarely identi - fied, which leads many victims to bring civil claims against the financial institutions that were somewhat involved in the fraudulent transactions (eg, payer’s and payee’s institution(s)). 12.2 Areas of Regulatory Focus In general, the FSMA focuses primarily on authorised- pushed payment fraud, tackling fraudulent investment offers or trading platforms, identity theft, boiler room scams, or fake credit offers. Nearly half of the reports to the FSMA involve online trading platforms, which are the main type of investment fraud in Belgium. The FSMA, along with the FPS Economy, regularly launches campaigns to combat investment fraud. 12.3 Responsibility for Losses In Belgium, the responsibility of a fintech service provider for losses arising from fraud is determined primarily by compliance with PSD2 and whether neg - ligence or misconduct can be demonstrated. Provid - ers are required to authenticate transactions securely, ensure accurate processing, and prevent technical errors. Failure to meet these obligations, such as insufficient fraud detection or inadequate security measures, may result in liability.
12. Fraud 12.1 Elements of Fraud
There is no specific criminal legislation on fraud in financial services. Most frauds within the financial sector fall under the definition of generic offences, such as fraud within the definition of Article 496 of the Belgian Criminal Code. The constitutive elements of a fraud are threefold: (i) the intention to appropriate one’s belongings; and (ii) the voluntary delivery of said belongings; (iii) which is induced by the use of false identities or fraudulent tactics.
96 CHAMBERS.COM
Powered by FlippingBook