The European payment services market has changed significantly in recent years. More and more payments are being made electronically and new fintechs are springing up like mushrooms after the rain. In order to adapt the regulatory framework to the ongoing digital transformation, the European Commission (EC) undertook a comprehensive review of PSD2. To this end, the EC has gathered input from key stakeholders, including the European Banking Authority. Stakeholder responses already indicated that a review of PSD2 was to be expected.
Why a review of PSD2?
As expected, on 28 June 2023, the EC proposed a new set of rules to further modernise payment services and the financial sector. The aim of these rules is to:
- Improve consumer security;
- Promote competition in electronic payments; and
- Enable consumers to share their data securely, giving them access to a wider range of better and cheaper financial products and services.
These objectives rhyme with those of PSD1 and PSD2. Steps have therefore been taken in the right direction. However, not all the objectives have been met, not fully and not in all member states. As a result, a recurring ambition in European regulation is to further harmonise the rules that apply in different Member States.
A recurring ambition in European regulation is to further harmonise the rules that apply in different Member States.
For example, while PSD2 has led to a more uniform and unified market for payment services, there have been differences in implementation, application and enforcement between different EU member states. This is partly due to the 'D' in PSD2, which stands for 'directive'. As PSD2 is a directive, it needs to be transposed into national law before it can be enforced in different member states. This almost always leads to differences in national case law.
From Directive to Regulation
PSD2 allowed member states some flexibility in the implementation in a number of areas, such as the ban on surcharging. However, to achieve greater consistency in the legal framework, it is desirable to have more clarity on implementation and to minimise the scope for individual interpretation. The new rules are an important step in this direction. For example, the 'D' in PSD2 is partially replaced by an 'R'. This 'R' stands for 'Regulation' and is familiar from the GDPR, for example. Such a regulation is directly applicable and does not need to be transposed into national law, thus limiting differences between member states.
The European Commission's proposal, unlike PSD2, is therefore split into three parts:
- Directive on payment services and electronic money services in the internal market (PSD3)
- Regulation on payment services in the internal market (PSR)
- Regulation on a framework for financial data access (FIDA or FiDAR) - see below
At the same time as the PSD3 and PSR proposals, the EC also published a proposal on 'Open Finance', which focuses on sharing more financial data than just payment data.
FIDA provides a legal framework for the sharing of customer data between different entities operating in the financial services industry. This will enable them to create new business models based on the processing and analysis of data about customers' financial situation. FIDA builds on the current provisions of PSD2 on the sharing of payment account data between account servicing payment service providers (ASPSPs, often banks) and account information service providers (AISPs). For example, FIDA will also be able to enable the sharing of mortgage and other credit data or insurance product data.
FIDA provides a legal framework for the sharing of customer data between different entities operating in the financial services industry.
When will the new rules come into force?
We are now at the beginning of the EU legislative process. It is not yet clear exactly how long this legislative process will take, but the proposed package may not be adopted in final form until at least Q2 2025.
After final adoption, which may differ significantly from the drafts published by the EC, and publication in the EU Official Journal, the texts will enter into force 20 days later. Thereafter:
- Member States will have 18 months to implement PSD3 into their national financial laws and regulations;
- market participants will have 18 months to comply with the PSR, with the exception of the rules on confirmation of beneficiary (aka 'matching service'), for which PSPs will have 24 months to comply.
Want to know more?
Over the coming months, we will continue to guide you through the changes brought about by the newly proposed regulatory framework and the impact the new rules will have on EU financial institutions. If you would like to be kept informed of our publications, you can follow us on LinkedIn.
Do you have any questions about the forthcoming changes, or would you like advice on the impact on your business? If so, please do not hesitate to contact us.
Change is more than an option; it has become a necessity. The key to a successful digital transformation is the ability to translate technology to the human measure & connection.
ProjectiveGroup covers all aspects of transformation in the financial services sector. By combining the capabilities of expert companies, we have become an international end-to-end partner for those who want to excel in an ever-changing environment.
We shape businesses today to meet and exceed the challenges of tomorrow.