As of 28th June 2023, the European Commission unveiled a draft proposal for a comprehensive Payment Services package. This package comprises the third Payment Services Directive (PSD3) and a new Payment Services Regulation (PSR), which are set to supersede the existing PSD2 and Electronic Money Directive.
What’s PSD3
PSD3, the forthcoming legislation, specifically regulates electronic payments and the banking ecosystem within the European Union’s single market. The primary goal of PSD3 is to introduce updated rules that focus on improving consumer protection and promoting competition in electronic payments.
What’s PSR
The PSR will encompass regulations pertaining to all Payment Service Provider (PSP) activities, integrating certain provisions from the Regulatory Technical Standards for Strong Customer Authentication and Common and Secure open standards of Communication (RTS on SCA & CSC), as well as guidelines and opinions from the European Banking Authority.
Open banking opportunities in PSD2
PSD2 has opened up significant opportunities for open banking. In open banking, AISPs and PISPs provide or enable value-added services to users by accessing their account data from banks and other payment account providers upon user request.
Before PSD2, open banking operated in an unregulated environment, but the introduction of PSD2 brought a stable regulatory framework to this field.
Under PSD2, banks must facilitate access to payment data for AISPs and PISPs through a secure interface.
These value-added services encompass various offerings, such as providing consumers with a comprehensive view of their financial situation and analysing their spending patterns, expenses, and financial needs.
Additionally, PSD2 has played a significant role in enhancing efficiency, transparency, and the range of payment options available to consumers, as it has paved the way for the emergence of new payment methods since its implementation.
Main issues of PSD2 regarding open banking
- The existing technical infrastructure for data sharing needs to be improved, with significant variations in the quality and functionality of APIs leading to frequent failures in open banking operations.
- Potential customers express trust-related concerns, particularly regarding privacy. Consumers are cautious about the extent of information companies might gather about them.
- The rights and responsibilities of financial services companies and open banking participants lack clarity, creating ambiguity in the industry.
- Security is a significant concern, as increased access through open banking raises the risk of cyberattacks. The financial system faces numerous threats in this domain.
- The lack of standardised data poses a challenge in sharing consistent and compatible information across open banking platforms.
- There is also a concern about whether companies will manage consumers’ data in their best interests.
As part of revising the second Payment Services Directive, the European Commission’s objective was to address the challenges associated with open banking.
The European Commission evaluated PSD2, focusing on charges, scope, thresholds, and access to payment systems. The evaluation, which took place in 2022, involved input from the European Banking Authority (EBA), public consultations, both general and targeted, and a report from an independent consultant. Based on the evaluation findings, the Commission has proposed amendments to PSD2, accompanied by an impact assessment.
Main changes in open banking after entering PSD3/PSR
The amendments will improve the functioning of EU payment markets regarding open banking.
1. Simplify the application of SCA in respect of payment account information services.
According to new requirements, banks will only require SCA for the initial access to payment account data by open banking account information service providers unless there are valid reasons to suspect fraud. Subsequent data accesses will be the responsibility of the account information service providers to ensure SCA is applied.
2. Dedicated data access interfaces – performance of data interfaces, removing obstacles to open banking services
Proposed regulations include significant new requirements for dedicated data access interfaces. A list of prohibited barriers to data access is introduced, aiming to ensure smoother access to data. As part of these changes, banks will no longer be required to permanently maintain two data access interfaces (a dedicated one and a “fall-back”) unless exempted. However, open banking providers will still have access to contingency data access options in specific and temporary situations to safeguard their business continuity in the event of primary interface unavailability.
3. Dashboard – consumer control over their data access permissions
Under the proposal, banks and payment account providers must establish a user-friendly “dashboard” that enables consumers of open banking services to view and manage their granted data access rights easily. This dashboard will give users a clear overview of which entities have been granted access to their data and provide a convenient way to revoke access through this platform. By implementing this measure, the proposal enhances personal data protection following the General Data Protection Regulation (GDPR). It aligns with the principles of business-to-business data sharing outlined in the Data Act proposal.
4. Protect the business continuity of open banking providers
The European Commission recognises the critical importance of uninterrupted data access for open banking providers (AISPs and PISPs) who have been granted permission to access such data by their clients. In the event of a disruption in a bank’s open banking interface that could potentially harm data access for providers, and if the bank is unable to offer an effective alternative solution promptly, providers have the option to request permission from their national authority to temporarily use another interface, such as the one used by banks for their customers. The providers can utilise this temporary alternative interface until their dedicated interface is restored, ensuring uninterrupted business operations.
The authority may impose a deadline for the bank to restore the dedicated interface, and failure to meet this deadline may result in penalties. Following civil law, open banking providers also retain the right to seek compensation from the bank for any business losses incurred.
5. Standardisation of customer data and access interfaces
The proposal grants customers the right to access their data held by financial institutions (“data holders”) electronically and without additional charges. It introduces a general obligation for data holders to make customer data available to data users upon customer request.
The proposal mandates that data holders and users become members of a financial data-sharing scheme to facilitate this data sharing. This scheme will be responsible for developing standards for customer data and access interfaces, which all scheme members must implement. The proposal also includes eligibility criteria for data users to ensure that only authorised and supervised entities can access customer data.
Standardisation of customer data and sharing interfaces is crucial for enabling large-scale data aggregation and sharing across the EU’s financial sector. The proposal aims to achieve this standardisation. Additionally, it seeks to ensure that data holders comply with the established standards and have sufficient economic incentives to provide high-quality interfaces. The costs associated with implementing these standards and interfaces will be allocated between data holders and data users. Financial data-sharing schemes will also be required to establish a clear liability framework and dispute resolution mechanisms.
Sources: Payment services: revised rules to improve consumer protection and competition in electronic payments; Keynote speech by Commissioner McGuinness at event in European Parliament “From Open Banking to Open Finance: what does the future hold?”.
About Advapay
Advapay is a technology company providing the Digital Core Banking platform to empower fintech clients or digital banks to start their businesses and accelerate digital transformation. The platform delivers all essential functionalities, a front-to-back system and a set of tools to customise and bring new integrations. With Advapay, potential and existing customers can connect either to the cloud-based SaaS or on-premise software. Besides the technical infrastructure, the company provides business advisory and fintech licensing services. Interested to learn more, please drop us a message
