The EU Commission recently published its proposals for Payment Services Directive 3 (PSD3), as a supplement to the previous PSD2. The proposals have implications for players in the payments sector and are controversially discussed. We would therefore like to briefly explain the most important points.

Regulation effective immediately

The PSD2 has been reviewed and the EU Commission has revised its contents. The result is a PSD3 and a PSR (Payment Service Regulation). While the PSD3 is a directive that the respective member states must transpose into national law, the PSR is "only" a regulation. It is effective immediately and does not require separate incorporation into the respective national laws.
Some of the contents of the PSD2 are migrated to the PSR. This should lead to a more uniform implementation within the EU. While there is additional room for interpretation in the case of a transposition into national laws, the same wording applies to all countries in the case of a regulation – with the restriction that this wording is also translated into 24 languages. The overall scope is nevertheless more limited.

No further accounts
The PSD3 as well as the PSR continue to be limited to payment accounts. The much discussed access to further accounts, such as savings accounts, was outsourced to another regulation (Regulation on a framework for financial data access, Open Finance).

Better sooner than later
PSD3, PSR and the Open Finance directive are available as proposal, i.e. draft. Following this draft by the EU Commission, the further legislative process will now take its course. The EU Parliament and the EU Council will be involved. A final draft is not expected until the end of 2023 at the earliest, more likely not until next year. With EU Parliament elections due in June 2024, publication could be further delayed. In addition, there is an implementation period of 18 months and for the directives also the transposition into national laws. The topic will therefore accompany our industry for some time to come. Irrespective of this, all those affected should already deal with the drafts and assess possible effects on their own business model.

It gets more extensive
While PSD3 takes care of payment service provider authorisation issues and their supervision, the requirements for the execution of payments are outsourced to the PSR. The latter is also twice as extensive in draft form as the PSD3 draft. At least going by the number of pages. 

The PSD3/PSR will be merged with the e-money regulation.
Payments made exclusively with cash are still not affected by this regulation.

Access to payment accounts, but how?
The PSR addresses information requirements for payment services, permissible fees, access to payment systems, rules for account information services (AIS) and payment initiation services (PIS) and how they can be accessed. The interface requirements for third-party service providers have also been clearly specified. But here, too, there will be a more far-reaching Regulatory Technical Standard (RTS), as we know from PSD2.
For account information services, access to data should be significantly facilitated and thus the customer journey offered by them optimised. So far, this has often been very cumbersome in practice, as a variety of authorisation procedures and deadlines are mixed when consolidating payment accounts at different financial institutions. These service providers also often combine information from payment accounts (regulated by the PSD2) and other financial information such as savings accounts, custody accounts and credit accounts. This is where the new regulation on Open Finance comes into play, which is also available as a draft. Access to payment accounts should continue to be regulated in the PSD or, more specifically, in the PSR.

Account check
A major change is likely to be the IBAN/name check for all payments, as it is currently being discussed for instant payments. The aim is to combat fraud. As surveys have repeatedly show, many consumers assume that such matching already takes place today. However, the IBAN/name check is different from the account number/name check known before the SEPA introduction in Germany. At that time, the recipient institution checked whether the account number and name matched for incoming payments (but not all of them).

Out with the new
The PSD2 introduced the role of third-party providers. It was one of the biggest novelties and was intended to regulate services that had already emerged on the market unregulated. Account information services and payment initiation services exist in practice and provide services to consumers. The ominous third-party card issuer or "payment service provider issuing card-based payment instruments" was described in Article 65 of the PSD2. The market spent a long time speculating about which service this could be. Now the legislator has provided clarity and completely deleted the article on confirming the availability of a sum of money.

About regulation
The German Banking Industry Committee (GBIC) generally welcomes the EU's proposals on PSD3 and the associated goal of strengthening consumer protection and improving security in payments. However, the GBIC expresses concerns about the more extensive scope of information to be shared via the third-party service provider interface and the planned extension of liability rules. According to the GBIC, too far-reaching liability for payment service providers could lead to higher costs for consumers. In addition, there is a danger that smaller payment service providers will be overburdened by the additional liability and forced out of the market.

The PSD3 is the next step towards a more regulated payments landscape. It aims to improve security and consumer protection while maintaining innovation and competitiveness in the payments sector. It remains exciting to see how the discussion will develop and which regulations will ultimately be adopted.

Author: Swaantje Anneke Völkel


Post a Comment