In an effort to modernise and improve the current payment framework (PSD2), on 28 June 2023, the European Commission put forward a proposal for a revised framework (PSD3), as well as a proposal to enhance the rules around financial data access (Open finance).
The second Payment Services Directive (PSD2), adopted in 2015, sets out the rules for payments in the EU while aiming to ensure a level playing field between existing financial players and new payment providers.
Based on advice from the European Banking Authority (EBA), a general and targeted public consultation, and a report from an independent consultant, the European Commission has now proposed certain amendments to PSD2.
The main changes represent, in the European Commission’s own words, “an evolution not a revolution of the EU payments framework”. The aim of the amendments is to improve the functioning of the EU payment markets by:
- strengthening measures to combat payment fraud;
- allowing non-bank payment service providers (PSPs) access to all EU payment systems, with appropriate safeguards, and giving them a right to have a bank account;
- improving the functioning of open banking, especially as regards the performance of data interfaces, removing obstacles to open banking services and consumer control over their data access permissions;
- reinforcing the enforcement powers of national competent authorities and facilitating implementation of the rules clarifying various elements;
- further improving consumer information and rights;
- improving the availability of cash; and
- merging the legal frameworks applicable to electronic money and to payment services.
A further proposal has been published for a new framework for secure and open access to customer data across a wider range of financial services.
In relation to open banking services, we have seen a number of new providers emerge, both Swedish and non-Swedish, enabled by digital technologies in the payment services market. In the absence of rules specifically targeting “open finance” (i.e., data access not supported by the PSD2’s rules on open banking), innovation outside of the PSD2 area has been slower.
The proposed framework is based on the open banking concept enabling access to customer data held by account-servicing payment service providers. The proposal aims to ensure that all firms and consumers have effective control tools over their financial data (while also ensuring personal data protection in line with the General Data Protection Regulation (GDPR)).
The framework aims to establish clear rights and obligations to manage customer data sharing, including:
- the possibility, but not the obligation, for customers to share their data with data users;
- the obligation for customer data holders to make this data available to data users;
- full control for customers over who accesses their data and for what purpose;
- standardisation of customer data and the required technical interfaces; and
- additional incentives for data holders to put in place high-quality interfaces for data users.
PSD2 has been a game changer, but regulations can always be improved. There are certainly areas and provisions of PSD2 which would benefit from amendment and clarification. The proposed amendments include a large number of significant changes, for instance:
- a requirement for all PIs and EMIs to seek reauthorisation within 24 months of the new PSD3 coming into force – this may involve considerable work and costs for authorised entities;
- the merger of the Electronic Money Directive with PSD3 – we hope this will provide for much needed clarification of the EMI regime;
- establishing the right for fintech firms to hold a bank account, as well as providing for facilitated access;
- splitting the payments service framework into a directive and a regulation – this will hopefully lead to a more harmonised view within the EU;
- changes to the rules around e.g. the provision and performance of data interfaces which may be of great importance for ASPSPs, AISPs and PISPs; and
- the inclusion of PIs as possible participants in designated payment systems.
Although the final PSD3 framework and local implementation are still some time away, both the proposal and the advice from the EBA indicate the direction of travel for payment services and provide helpful guidance on certain grey areas within the current PSD2 regime.
If you would like to discuss any of the above proposals, you are welcome to contact our fintech experts.
Carl Johan Zimdahl | Partner, Fintech and Financial Regulation | firstname.lastname@example.org
Carolina Sandell | Senior Associate, Fintech and Financial Regulation | email@example.com