The Payment Services Directive 2 (PSD2) aims to replace the Payment Services Directive (PSD), which has been in place since 2007. Since the first PSD, advancements in payment technology have continued at a rapid pace.
PSD2 has been developed to make certain provisions in PSD clearer, and puts emphasis on further opening up the payments industry for third party businesses and non-banks. It also focuses on improving transparency and reducing barriers to entry for cards, mobile and online payment services.
PSD2 is a major policy development, which is set to impact the entire payments industry across Europe. PSD2 has been published, and began to come into effect from January 2016.
This week, responses were closed on a discussion paper that invited input into the development of the draft Regulatory Technical Standards (RTS), which are focused on strong customer authentication and secure communication. Responses to this discussion paper will inform the development of the RTS that the European Banking Authority (EBA) is mandated to deliver in this area of PSD2. The EBA will assess the responses received, and will use them as input for the development of the draft RTS, which is due to be published in summer 2016. A number of discussion papers and consultations that will help shape PSD2 have already closed, with further consultations scheduled throughout 2016.
Whether the financial industry likes it or not, PSD2 is coming. Member States must adopt and publish the measures necessary to comply with the PSD2 by 13th January 2018. While this may seem a long way off, it is important that both banks and FinTechs understand the impact PSD2 will have on the payments landscape across Europe.
What are the major changes?
A major part of PSD2 includes new rules that have been designed to open up access to payment account information to third parties.
One such area of PSD2, known as Access to the Account (XS2A), is set to shake up the banking industry. Under the XS2A rule, banks will be forced to facilitate access via an API to their customer accounts and provide account information to third party apps if the account holder has given explicit consent to that access.
In addition to this, third party payment initiation service providers are able to initiate payments via internet-portals on behalf of the account holder, if the account holder gives permission. Banks will be obliged by law to enable this functionality once the roll out of PSD2 is complete.
Transparency of payment fees and charges are subject to change under the plans. This means that payment service users have a right to know what charges, if any, will be applied to payments before they are processed, including a right to view a breakdown of those charges.
According to the proposals, payment service providers (PSPs) would therefore be required to provide customers with “explicit information on the maximum execution time and the charges payable by the payer and, where applicable, a breakdown of the amounts of any charges”.
How will this impact banks and FinTechs?
Aside from the challenge of keeping up with the innovative and flexible FinTechs, one of the biggest changes for banks will be opening access across the industry to payment processing services, including the customer accounts held by banks.
Increased transparency around payment fees may see customers choosing to process transactions with FinTechs who are likely to be able to offer lower charges than incumbents.
Implementing technologies that comply with PSD2 on incumbent banking systems is also likely to be an issue, and the majority of banks will need to look to external partners for help with developing APIs, security layers and app stores as well as new processes, products, and services to stay ahead of the curve.
The impact of PSD2 is likely to be beneficial to FinTechs operating in the payment sector, and their customers, as improved transparency, greater innovation, and increased market competition become the standard across the EU. However, some FinTechs will need to be aware of increased regulation, particularly around customer security and authentication which will ultimately benefit all players in the industry.