This is the second in a series of four articles about Open Banking and the Regulatory Landscape
By Ibtihaj Hassan.
The Directive 2007/64/EC, also known as the Payment Services Directive (1), was introduced to establish a comprehensive regulatory framework for payment services within the European Union (EU). This was done in light of factors such as irregularities between national regulations, new payment methods being introduced, enhancing competition and need for improved customer protection. The PSD1 along with regulations for cross-border payments, e-payments and others were meant to harmonise the payment services in the EU. However, with the retail payments market undergoing significant innovation and growth over the years, the PSD1 began to fail to fulfil the purpose it was set to.
Card, internet and mobile payments in particular seemed to remain fragmented across borders and were not comprehensively integrated under the PSD1 guidelines. Furthermore, new modes of payment continued to be introduced and failed to fall under the purview of the directive and these included digital wallets, P2P payments, cryptocurrency and others. This caused legal uncertainty and ambiguity and raised concerns regarding customer security. A rising need was felt for new rules to introduce more certainty, increase consumer confidence, enable new modes of payment and ensure a high standard of customer protection. This led to the introduction of the new and revised Payment Services Directive 2 (Directive (EU) 2015/2366) repealing the former and bringing new rules into place.
Building upon this foundation of PSD1, PSD2 aims to further streamline payment services, stimulate innovation, and safeguard consumers' financial data. In an era where digital transactions have become the norm, PSD2's influence on online payments is profound. The directive mandates a more secure and user-friendly payment environment by enforcing Strong Customer Authentication (SCA). SCA requires two or more forms of authentication, such as passwords and biometric data, significantly reducing the risk of unauthorised access and fraudulent activities. This translates into increased trust and confidence in online payment systems.
Moreover, PSD2 has paved the way for Open Banking, encouraging collaboration between traditional financial institutions and third-party providers. By mandating banks to provide authorised third parties access to customer account information through standardised APIs, Open Banking promotes competition and encourages the development of innovative financial products and services. This dynamic shift benefits consumers with a plethora of choices and tailor-made solutions for their financial needs.
PSD2's impact reverberates across both fintech startups and established financial institutions. By enabling third-party providers to access customer data, PSD2 fuels innovation. Fintechs can leverage this data to create innovative payment solutions, budgeting tools, financial management apps and other use cases. At the same time, traditional banks are prompted to revamp their offerings to stay competitive in the evolving financial landscape.
Innovation does not merely extend to products but also to the overall customer experience. With Open Banking, consumers gain a holistic view of their financial activities, more information and thus allowing for better management and planning of their finances.
As with any significant regulatory change, PSD2 has faced criticism and concerns. One of the primary challenges of PSD2 lies in its complex implementation process. While SCA enhances security, its implementation can be cumbersome for both consumers and businesses. Adapting existing systems and processes to accommodate SCA can be a resource-intensive task, particularly for smaller businesses and fintech startups.
PSD2 is applied across the EU member states, but the interpretation and enforcement of its provisions can vary. This fragmentation can create a lack of consistency in how the directive is applied, leading to confusion for both payment service providers (PSPs) and consumers. Different countries might prioritise certain aspects of the directive differently, leading to a disjointed experience for cross-border transactions and compliance.
While the introduction of SCA is aimed at enhancing security, it can inadvertently lead to a trade-off with user experience. Requiring multiple authentication factors for each transaction can prove arduous to consumers, potentially leading to transaction abandonment. Striking the right balance between security and a seamless user experience remains a challenge.
Smaller businesses and fintech startups often lack the resources and infrastructure to implement the necessary changes to comply with PSD2 requirements. The costs associated with updating systems to accommodate SCA and API integration can be significant, potentially creating a barrier to entry for innovative newcomers in the payment services sector. This could stifle competition and hinder the growth of new, customer-centric solutions.
While PSD2 aims to provide consumers with more control over their financial data through Open Banking, concerns about data privacy and consent do still persist. Sharing sensitive financial information with third-party providers can raise questions about data security and potential misuse. Ensuring that consumers fully understand the implications of granting access to their data and have the means to revoke access when needed is crucial to addressing these concerns.
The European Commission in June 2023 has published the draft proposal for a new payment services package to replace the PSD2. The proposition contains two parts; The Payment Services Regulations (PSR) which will address PSP activities and set customer authentication standards and PSD3, which will incorporate Electronic Money Institutions (EMIs) and therefore repeal the existing Electronic Money Directive (Directive 2009/110/EC). The merits of this move towards a new regulation will unravel in time to show if it improves adoption of Open Banking and helps move towards Open Finance or not.
About the Author Ibtihaj Hassan is a professional working at the intersection of law and technology. With a background in business and law as well as a keen interest in the fintech and legaltech sectors, he has been working in partnerships, strategy, legal/regulatory affairs and operations within tech startups. He also works on consultancy projects with law firms. Ibtihaj is passionately committed to using tech-driven innovation to enhance efficiency and increasing access within the financial and legal sectors.