In May 2022, the EU Commission launched three consultations on changes to the Second Payment Services Directive, also known as PSD2, and a planned regulatory framework for Open Finance.
PSD2 was implemented in January 2016, and the payments industry has undergone substantial changes since then. The COVID-19 pandemic has increased the speed of financial sector digitalization, resulting in a significant shift to online and digital payment systems. For example, Banca d'Italia's recent report revealed a 260% growth in open banking customers from 113k in 2020 to 407k in 2022, and a tremendous increase in the value transferred via Payment Initiation Services (PIS) from € 500k in 2020 to over € 183 million in 2022. These trends indicate that Open Banking is reaching maturity.
So, Why Is a Consultation Required?
The consultation is the first stage of the European Commission's examination of PSD2. This might lead to changes that result in the establishment of new legislation, perhaps dubbed PSD3, or major upgrades and additions to PSD2. The European Commission has received 169 submissions from users, FinTechs, and banks alike.
Interesting conclusion: the majority felt that PSD2 has given Payment Service Users (PSUs) a larger range of payment service providers to choose from. They also agree that PSD2 has aided payment innovation.
Questions from the consultation on the scope may shed light on the path to PSD2 advancement. For example, could the current PSD2 regulations create an uneven playing field between payment service providers who offer payment accounts, which must be accessible to TPPs, and other participants who do not offer payment accounts and are therefore not required to share their users' data?
Many said yes, which could indicate a potential area for improvement. Other questions received conflicting responses, which makes predicting PSD2 adjustments difficult.
But we'll give it a shot.
There Are Two Primary Things on Our List of PSD3 Expectations
We believe that PSD3 will address some of the concerns around Open Banking and Open Finance. Two areas we expect the EC to investigate are:
- Expanding the scope of Open Banking to include more Payment Service Providers (PSPs) and financial institutions; and
- Standardization and interoperability. Open Banking, for example, is now only required for a select group of payment service providers. Account Servicing Payment Service Providers (ASPSPs) are only required to provide Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs) access to the accounts they supply if those accounts are payment accounts. The EC could confirm an interpretation that results in a greater range of accounts being treated as payment accounts. This could lead to an expansion of the application of requirements for TPP payment account access. Additionally, the EC may clarify the concept of "online access" to payment accounts, specially if this includes secure corporate protocols and machine-to-machine connections. This might have serious consequences for B2B payment systems including payment accounts.
All of this could be excellent news for TPPs, but not for ASPSPs.
1. Expanding the Scope of Open Finance
The EBA (European Banking Authority, author of the Regulation Technical Standards) supports the idea of broadening the scope of account access regulations to cover non-payment accounts and other banking products, but proposes doing so gradually. The EBA advises that the EU include AISPs in any future Open Finance legal framework, eliminating them from PSD3. This proposal would be a key step toward a broader regulatory framework for AISPs, also known as Open Finance. It would include more than the existing TPP access rules required under PSD2, such as loans, investments, or even insurance.
2. Greater Standardization: The Berlin Group Is Paving the Way
The second major feature that we anticipate to be included in a future PSD2 is standardization. The industry is also paying attention to this topic. There have been previous efforts to promote uniformity in PSD2-facilitated APIs, with projects from the Berlin Group and STET, but the truth is that the API landscape is far from standardized today. Banks still have their own interpretation, their own data dictionary, and, perhaps more importantly, their own flows. This all adds up to a confusing user experience.
In its answer to the EU consultations, the EBA recommends a uniform API standard for TPPs to access payment accounts maintained by ASPSPs. It's easier said than done, but a unified API standard might also serve as a foundation for the future growth of Open Finance beyond the constraints of PSD2.
The recently announced EPC scheme SEPA Payment Account Access (SPAA) and the Open Finance Framework produced by the Berlin Group are two notable industry initiatives that are already working on this problem. Both efforts supplement the mandated PSD2 services with premium services and data. This includes Account Details on non-payment accounts, push notifications, and expanded payment choices. This includes deferred payments, payment guarantees, SDD eMandates and dynamic recurring payments. Because these are positioned as premium APIs, ASPSPs can offer a variety of permission options. For example, foregoing the 90, soon to be 180 days reauthorization requirement.
The EBA made another suggestion, which was partly connected to the reauthorization component. In its response, the EBA suggests that PSD3 clarify the allocation of liability between TPPs and ASPSPs. The EBA recommends allowing AISPs to apply their own SCA using security credentials issued by the AISP to the PSU rather than those issued by the ASPSP. Although PSUs would still need to authenticate themselves to their ASPSP for the initial connection to their payment account. This would undoubtedly improve the user journey for the AISP, but it could have repercussions for the division of culpability between ASPSPs and AISPs.
Why Is It Significant, and How Will It Affect Existing Open Banking?
At this point, we don't know if these subjects will be included in the next iteration of Europe's Open Banking regulation, but the substance of the EC consultations and replies from the industry, particularly the EBA, hint at this happening in the (near?) future.
Extending the scope with other types of accounts, either required or premium, would eventually benefit the end-user because it would improve the level of service they receive from AISPs and PISPs.
Accounting and reconciliation for corporations would be enhanced if data from corporate credit cards and PSPs such as Adyen, Mollie, Stripe, and others were generally available.
Further standardization would be advantageous, as TPPs no longer need to build solutions based on the 'weakest link'.
Allowing AISPs to implement reauthorization using their own SCA credentials would eliminate a barrier that undoubtedly exists today.
We do not expect PSD3 to be the industry-changing revolution that PSD2 was, but it is a significant step forward on our path to real Open Banking and Open Finance.
Our Open Banking Solutions: Setting You up for Success
Isabel Group has been empowering the financial industry for over 25 years with our multibanking system Isabel 6. Through Ponto, we provide top-in-class Open Banking APIs to 200 partners and over 2,000 banks.
Financial institutions such as payments, credit cards, and PSPs like Mollie, PayPal, and Stripe are also available.
If you'd like to learn more about what we can do for you, please contact us.