The European Commission’s long-awaited review into the current Payment Services Directive (PSD2) has landed, and with it, the establishment of a new Payment Services Regulation (PSR).
Adopted seven years ago, the landscape in which PSD2 was first implemented has evolved and expanded significantly, in fact, the value of electronic payments reached €240 trillion in 2021, compared to €184.2 trillion in 2017. This considerable growth has
emphasised weaknesses and incompatibilities within the framework that require review. The Commission’s PSD3 proposals seek to do just that.
In a press conference announcing the
package, European Commission executive vice-president Valdis Dombrovskis and Mairead McGuinness, Commissioner for Financial Services, Financial Stability and Capital Markets Union, explained that the review is more an evolution than a revolution, and will
focus on delivering concerted efforts to strengthen protection against payments fraud.
The Commission’s two-pronged proposal consists of revising the Payment Services Directive, and, a legislative proposal for a framework for Financial Data Access. To contextualise the announcement, we’ve compiled views and reactions from across the industry.
The
Commission states that in keeping with its key commitments in the 2020 Retail Payments Strategy, the proposals seek to ensure that the EU’s financial sector is fit for purpose and capable of adapting to digital transformation, including the risks and opportunities
it presents – particularly for consumers.
Tom Burton, director of external affairs and public policy at GoCardless stated: “PSD2 was a watershed moment for payments, with the EU's ideas for open banking now being copied around the world. Whilst today marks the start of a long political process,
[we are] delighted to see an improved version take shape. The focus has to be on creating consistent, high-quality standards and infrastructure that will strengthen open banking’s foundations and having the right blend of regulatory obligations and commercial
incentives to create a genuinely sustainable framework. This will help European businesses reap the benefits of cheaper, faster, safer payments and innovative data services that can fuel their growth.”
Jan van Vonno, head of industry and wallets at Tink observed: “PSD2 was a milestone in payments regulations recognised all over the world. In creating a single market for payments and embracing more competition for financial services, it was a major step
forward for the EU. However, progress has arguably not been as quick as many had hoped, so the renewed drive that PSD3 and the PSR provides is a welcome addition to the development of open banking in Europe.
Andrei Cazacu, EU policy lead at Truelayer, pinpoints seven key changes
the proposed package in a blog, which include:
- Standardisation of payments across the EU
- Better APIs for improved open banking services
- Streamlined authentication to improve checkout processes
- Direct access to payment systems for fintechs
- IBAN and name matching for fraud prevention
- Merging E-money and payments institutions
- Reauthorisation for firms under PSD3
As the majority of PSD2 will become PSR1,
Cazacu breaks down the acronyms for clarity:
“PSD2 (the revised Payment Services Directive): the EU law that governs digital payments. It established open banking, including giving customers the right to access their payment accounts and initiate payments via third parties. It will be repealed
once PSR1 and PSD3 come into effect.
PSR1 (the Payment Services Regulation): the new Regulation that will replace PSD2. It includes specific proposals on API performance, streamlined authentication rules, risk-based fraud prevention and more.
PSD3 (the third Payment Services Directive): the new Directive from the EU Commission. This focuses specifically on the licensing and authorisation of payment and e-money institutions.”
Cazacu explains that as EU Directives require Member States to adapt them into national legislation, they can be interpreted in slightly different ways by each EU country. “Regulations, on the other hand, apply ‘as is’, which can ensure a more consistent
application across all 27 member states.”
How will API use be impacted?
Todd Clyde, CEO at Token.io spoke to the Commission’s review of API use in the proposals, stating that the firm is particularly pleased to see the European Commission’s proposal
include measures aimed at increasing the baseline adoption, functionality and performance of open banking APIs.
“API-based interfaces provide the most secure and performant way for Third Party Providers (TPPs) like Token.io to interface with banks, and ultimately support the delivery of innovative services and better outcomes for end users. Further, we believe formalising
the explicit minimum baseline functionality required from banks’ open banking interfaces will help level-up the overall performance of the ecosystem.”
Clyde also welcomes the European Commission’s statement that banks and TPPs are free to establish commercial arrangements for ‘premium’ APIs, through which enhanced functionality and value-added services beyond those required under regulation can be provided.
“Premium APIs, built on equitable commercial models, have the potential to enable the development of higher-quality and more innovative end-user propositions (such as dynamic recurring payments and payment guarantees) and will support the wider adoption
of open-banking based payment propositions.”
Also weighing in on the proposed new API standards, Lisa Edström, compliance director at Brite Payments, states: “We fully agree with the European Commission’s conclusion that open banking today is functioning in an imperfect manner and that additional support
is required to improve competitiveness and foster innovation.”
She says that in addition to further fine-tuning and clarifying the existing Payment Services Directive in the proposed PSD3, it is encouraging to see the creation of a Payment Services Regulation (PSR), which with its direct effect will help provide much-needed
harmonisation between member states.
Edström is also heartened by measures that address the imbalance between banks and non-bank PSPs, and the inclusion of E-Money Institutions under the same Directive: “One of the recommendations made by the EBA in 2022 was to set out open banking API standards
as part of the revision of the Directive. An initial review of the proposals suggests that this recommendation has not been fully followed. However, the good news is that more detailed minimum requirements on APIs are proposed. We strongly believe that any
standardisation measures that improve the reliability and stability of open banking-based payment services will benefit PSPs as well as consumers.”
Van Vonno adds that Tink is also encouraged by many aspects of the new proposals, such as the benefits in giving authorities the required tools to better evaluate the dedicated interfaces (APIs) provided by banks and other financial institutions. “To this
end, we hope that the PSR in particular, will resolve much of the controversy surrounding API quality that is present in the relevant Regulatory Technical Standards (RTS) under PSD2.”
The Financial Data Access Regulation
The Commission’s Financial Data Access Regulation aims to establish clear rights and obligations to manage customer data sharing in the financial sector beyond payments accounts. This includes:
- The option for customers to share their data with data users such as FIs or fintechs;
- The obligation for customer data holders (FIs) to make this data available to data users;
- Full customer control over who accesses their data and for what purpose to enhance trust and in line with GDPR rules;
- Standardisation of customer data and required technical interfaces;
- Liability regimes for data breaches and dispute resolution; and,
- Incentivisation for high quality interfaces to be implemented to benefit data users.
The Financial Data Access framework follows the commitments set out in the Commission’s 2020 Digital Finance Strategy, and the broader European data strategy and initiatives including the Data Governance Act, Digital Markets Act and the Data Act proposal.
The Commission expects that this proposal will lead to greater innovation and competition in the financial sector.
On the new Financial Data Access Regulation, Edström says that it marks “an exciting first step towards an open finance framework. It is as revolutionising as open banking was when it was introduced in PSD2. We believe it will be widely adopted by
the financial sector and consumers. In the coming months we will hear more about the new concepts of Financial Data Access (FDA) and Financial Information Service Providers (FISPs).”
Also commenting on the proposal, Clyde adds that both the PSR/PSD3 and Financial Data Access (FIDA) proposals are setting in motion a future for open finance in Europe by
unlocking possibilities for innovation across the financial services and other industries.”