The motive behind the proposed changes to the Payment Services Directive is entirely sensible: payments innovation has leapt ahead of payments regulation and this is the Commission’s attempt to catch up, but the devil is in the detail.
The Commission’s ambition to get this legislation adopted by Spring next year is way too optimistic – the original PSD was subject to about five hundred revisions before it was finally agreed, and this revision will probably attract a couple of hundred by
the time the consultations have finished. Given that there are European Parliamentary elections next summer it’s highly likely that this will grind on throughout next year and get adopted some time in 2015, which means that member states would have until
2017 to adopt the legislation (although the interchange regulation that accompanied PSD2 will come into effect immediately).
One of the biggest areas of concern about the proposals centres on mandating access to bank accounts by third party providers (TPP) for the purposes of providing information services or for initiating payments. This is a fine idea in principle, and is intended
to allow greater competition through innovative players delivering new services, but it opens up a large can of operational and legal worms.
As currently drafted, an account holding bank will be required to open up access to a customer’s account to a TPP so that it can tell if there are sufficient funds in the account to make a payment, and then to allow that TPP to initiate the transaction
without the bank being able to stop it. Everyone agrees that this will need the customer’s permission to do so, but one of the battle grounds will be whether the account holding bank will also have to give permission. The banks will say that it is vital
for them to understand who is dipping into the account; the TPPs will say that trying to get contracts signed with each bank in Europe (or even just their home country) will kill the proposition stone dead.
The other big issue is who carries the can when things go wrong. As currently drafted, it appears that the TPP will have to prove that it wasn’t at fault if there is an improperly executed transaction, but a separate clause says that the account holding
bank will remain liable for unauthorised transactions even if they were initiated by a TPP, which frankly seems a bit rough. There is a rather vague clause that says the bank could sue the TPP but it is woolly about how and when they could do so. Not a satisfactory
position for anyone.
This is only one of a raft of issues that will generate a great deal of debate over the coming months; the trick will be to keep the spirit of the legislation without introducing a host of unintended consequences.