PSD2 has several, often conflicting objectives. These aim at strengthening payment transaction security and its associated
data, ensuring competition through Open Banking while facilitating innovation, ensuring technological and business model neutrality, and reinforcing consumer protection.
Also, Open Banking has been developed effectively, enabling EBA to register or authorise 2,700 payment institutions (PI) and electronic money institutions (EMI), including 400 non-bank Third Party Providers (TPP). The recent explosive growth demonstrates the increasing user demand and the maturity of many European markets, even if we note a discrepancy between countries.
However, transforming regulatory requirements into the process and operational efficiency is a real challenge for stakeholders.
Three main issues are raised.
Firstly, the multiplicity of guidance and their divergent local applications. PSD2 has been supplemented by subsequent regulations adopted by European Commission, in particular RTS SCA/SCC. However, this regulation lays down safety principles that remain subject to interpretation. To promote convergence of practices, EBA has issued guidelines, but local authorities apply them unevenly. Open Banking must therefore be ensured within a still developing and divergent regulatory framework. Moreover, actors must combine with other regulations, such as GDPR or AML directives which can also be contradictory.
The second difficulty encountered by Account Servicing Payment Service Providers (ASPSPs) was providing access to data and for TPP to access it. Indeed, the ‘technical standards’ issued by regulatory bodies remain insufficient to be implemented in a harmonised and identical way. TPPs wishing to interface with all ASPSPs must be able to manage the technical complexities associated with the variety of APIs and accessible data. Even if private groups have defined their own standards to achieve standardised APIs, these standards remain used at ASPSPs’ discretion, at a heterogeneous level.
Finally, the third difficulty is open access imposed by PSD2 and the controversial liability framework. ASPSPs have invested heavily in adapting their IT to allow access to data and enhance security, without any financial compensation and while retaining much of the responsibility for operations.
Meanwhile, new players depend on ASPSPs, their ability to provide access to quality data, and their willingness to provide the necessary functionality.
The lack of clear rules does not facilitate the meeting of interests.
Authorities are not deaf to the difficulties raised and provide support in understanding and applying regulatory requirements. Since 2018, EBA has supported the directive’s implementation by drafting six technical standards, eight sets of guidelines, eight opinions, and over 200 Q&As. In France, the recent publication of the FINTECH charter, which ACPR developed jointly with stakeholders, demonstrates this commitment.
Moreover, European Commission launched at the end of 2021 a comprehensive review of PSD2’s application and impact to determine whether the regulation remains fit for its purpose. Two consultations were organised, for the general public and professionals, to assess the effectiveness, efficiency, consistency, relevance, and added value of PSD2. Stakeholders were invited to share and justify their feedback, which will enable the Commission to ensure that future regulation fits with market needs and expectations.
EBA also responded in June 2022 to the European Commission’s request for a review of PSD2. The Authority considers that the scope of the directive, the regulatory approach adopted, and the main high-level requirements are still fit for purpose.
Nevertheless, the EBA is making 200 proposals to revise the Directive by clarifying terms and requirements, primarily to promote greater harmonisation, ensure a level playing field between different PSPs, increase customers’ transparency, and provide legal certainty for market participants.
Ending distortions of local interpretation and competition between European countries through a single regulatory framework is crucial. Adopting a Regulation rather than a new directive will contribute to ensuring that pan-European players are treated equally, with the same level of requirements, regardless of the country in which they are established.
Standardisation of data and technical standards must be ensured for effective interoperability and to achieve the emerging Open Banking or Open Finance. It would be unfortunate if the EU was left behind by the UKor Asian countries, which are accelerating their services in this area.
Cryptocurrencies activities’ supervision and the merging of the status of PI (Payment Institution) and EME(Electronic Money Institution) according to the principle of ‘same activity, same risk, same responsibility’ must also be addressed to ensure a single European payment market.
This interview has first been published in the Open Banking and Open Finance Report 2022. Click here to download the report.
About Géraldine Grandmougin-Maire
Géraldine is a Regulatory Compliance Practice Leader at Oaklen Consulting. She assists various PSPs, retailers, and manufacturers with payment-related regulatory compliance issues. Previously, Géraldine was Senior Manager at Deloitte and Director of Internal Control and Compliance at the Groupe Up.
About Oaklen Consulting
We imagine the future of payments with clients and have been doing so for 20 years. From strategy to operations, we support them with adapted and value-creating solutions for all payment projects. Our experts hybrid their skills to propose operational, secure, and compliant tailor-made solutions, while providing team training.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now