From PSD2 to PSD3
The European Commission acknowledges the achievements of PSD2 in certain areas. Notably, the implementation of Strong Customer Authentication (SCA) played a pivotal role in reducing fraud. Furthermore, PSD2 successfully improved the efficiency, transparency, and options available to users in terms of payment instruments, granting them greater control over their payments.
However, the Commission also recognizes PSD2’s struggles in achieving a level playing field for all PSPs. Non-bank PSPs often lack direct access to critical payment systems, creating an imbalance between bank and non-bank PSPs. This disparity adversely affects fair competition and innovation within the payment sector. Additional issues were noted with Open Banking, particularly concerning data access interfaces for these service providers. As cross-border payment services expand, the focus on national territories of EU Member States by payment systems results in regulatory inconsistencies and forum shopping. Addressing these concerns and establishing a level playing field became imperative.
How PSD3 and PSR are aimed to change this
- persistent fraud risks undermine payment users’ confidence in the payment industry, especially among consumers;
- the Open Banking framework faces obstacles, hindering data access for Open Banking service providers and stifling innovation;
- inconsistent powers and obligations among EU supervisors lead to a fragmented payment market due to varying regulations and costs across Member States. EU regulators lack the authority to establish a functioning level playing field;
- an uneven playing field exists between bank and non-bank PSPs due to uncertainties and regulatory disparities from PSD2 and national laws for non-bank PSPs.
The challenges have driven the following objectives within PSD3 and PSR:
Enhanced user protection and confidence through:
- further SCA enhancements;
- improved fraud information exchange between PSPs;
- customer education on fraud prevention;
- extended IBAN verification;
- enhanced accessibility of SCA for users with disabilities;
- measures to ensure cash availability and enhance payment service user rights.
Bolstered competitiveness of Open Banking by:
- introducing mandatory dedicated data access interfaces for Account Servicing Payment Service Providers (ASPSPs);
- providing permissions dashboards for users to manage Open Banking access;
- establishing detailed specifications for Open Banking data interfaces.
Strengthened enforcement and unified implementation involving:
- substituting unclear elements of PSD2 with the immediately applicable PSR;
- strengthening penalty provisions;
- incorporating the e-money framework into PSD3 and PSR.
Enabling non-bank PSPs entry through:
- expanding the reach to bank accounts for Payment Institution/Electronic Money Institution (PI/EMI);
- allowing direct participation in all payment systems.
PSD3 remains an EU Directive, outlining rules for payment institution authorization, necessitating adoption into national laws of EU Member States.
In contrast, PSR is an EU Regulation that applies directly in Member States without the need for national implementation. PSR covers transparency of conditions, information requirements for payment services, rights, and obligations related to payment service provision and usage. This includes provisions on Open Banking. The PSR offers PSPs a benefit by establishing a unified legal framework encompassing all operations within the EEA, leading to a decrease in uncertainty and disparity stemming from national legislation variations among Member States.
As per the Commission’s assessment, the provisions related to Open Banking involve several alterations when contrasted with PSD2, and these encompass the incorporation of distinct provisions that presently exist within a Regulatory Technical Standard.
Prominent shifts within Open Banking encompass the imposition of a dedicated interface for data access and the elimination of the obligation for ASPSPs to uphold a ‘fallback’ interface, except in extraordinary cases. To empower Open Banking users in overseeing their data transparently, ASPSPs must provide a « dashboard » that permits the withdrawal of data access from any Open Banking provider.
An additional noteworthy alteration is the elimination of the distinction between E-money institutions and payment institutions. According to the proposed legislation, only payment institutions will exist, and can be authorized to offer e-money services.
The published proposals are subject to review by both the European Parliament and the Council. The average length of the ordinary legislative procedure is around 18 months.