PSD2 applies from 13 January 2018. flow summarises how this affects your business and transaction flows
Payments in Europe have come a long way since Payment Services Directive 2 (PSD2)’s predecessor established a modern and comprehensive set of rules for all payment services in the European Union (EU) and the European Economic Area (EEA).
PSD1 brought faster, more convenient and safer payments to millions of payment service users (PSUs) and is the foundation and legal basis for the Single European Payments Area (SEPA). As we enter 2018, however, we are on the cusp of a second, potentially even more significant, revolution that will ultimately affect not just payments, but banking services in general. This article outlines the top 10 things you need to know about the incoming PSD2, the core of which is applicable from 13 January 2018.
Further value is to be expected from 2019 onwards as a result of the innovation ecosystem flourishing around third party access and the related provisions coming into play in the second half of next year (see item 5 below).
What does it mean for you?
1. PSD2 increases consumer rights and the security of internet payments, while also fostering innovation
PSD2 aims to better align payment regulation with the current state of the market and technology, and introduces strict security requirements for the initiation and processing of electronic payments, and for the protection of consumers’ financial data.
This affects financial institutions processing payments and corporate entities sending and receiving payments. While PSD1 was only applicable to payments made within the European Economic Area (EEA) and in an EEA currency, PSD2 enhances the scope of its predecessor to include payments in any currency and those where only one of the ordering bank or beneficiary bank is domiciled within the EEA. While some PSD1 provisions have been excluded from the scope extension PSUs will for example benefit from better value dating of incoming payments in non-EEA currencies.
Crucially, it also introduces so-called Third Party Providers (TPPs) that are permitted to provide certain types of services connected to payments. This will shake up the payments market, particularly in the ecommerce space, by encouraging greater competition, transparency and innovation in payment services.
2. How PSD2 affects corporates
The most obvious beneficiaries of the regulation will be retail consumers. Yet, that is not to say that corporates will not be impacted. Corporate PSUs will also experience immediate benefits as of 13 January 2018. While corporates will not be required to make significant changes to comply (differentiating PSD2 from other payments initiatives, such as SEPA), those that plan ahead will inevitably be best placed to make the most of new innovation and services.
3. What this means for financial institutions in terms of change and opportunities
The focus of PSD2 is the bank-to-customer relationship and hence has only a very limited impact on the interbank payment space. The main impact of PSD2 on financial institutions is with regard to PSD2 compliance and their positioning for the changes due to Third Party Access.
For financial institutions there are three major milestones in terms of successful compliance with PSD2:
- The first is to ensure compliance with the bulk of PSD2, and as far as is possible with all its Guidelines, by 13 January 2018.
- The second milestone relates to the implementation of stricter requirements for payment processing, as required by the related European Banking Authority (EBA) Guidelines, and has to be accomplished in the first half of 2018.
- The third milestone will involve compliance with the provisions surrounding the establishment of a third party interface as well as strong customer authentication, which are likely to become applicable around September 2019.
Financial institutions can establish a third party interface either by means of a dedicated interface – mostly likely through using open Application Programming Interfaces (APIs) – or by allowing TPPs direct access. Clearly, building (or buying in) a third party interface requires substantial investment in time and resources. But the long-term returns in terms of new revenue streams, innovation and customer retention should make this worthwhile.
How ready is the payments ecosystem for PSD2?
4. PSD2 is still to be transposed into national law by many member states
PSD2 came into force on 13 January 2016, and member states’ national legislatures are obliged to transpose it into national law by 13 January 2018.
However, while many member states such as Czech Republic, France, Germany, Hungary, and the UK have already done so, and a number of others have draft legislation in place, not all member states will be transposed given that the related contractual changes require a two-month notice period. This will hold up integrated implementation.
Deutsche Bank has chosen to adjust its payments processing in all its booking locations across Europe as per the 13 January 2018 deadline, and will make the related PSD2 benefits available to its customers even if transposition has not been completed. Required changes to legal documentation and related operational changes will be made once transposition has been completed.
5. PSD2 will be heavily shaped by the regulation surrounding the third party interface, applicable from 2019
While the regulation as a whole comes into force on 13 January 2018, the provisions surrounding the introduction of a third party interface, as well as strong customer authentication, have been delayed by discussions between the EBA and the European Commission over its content.
However, the final version of the EBA’s Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common Standards of Communication (CSC) were provided by the European Commission on 27 November 2017 – a solution that should address the interests of all market participants. Once adopted, the RTS have an 18-month implementation period, so the relevant provisions of PSD2 are likely to become applicable around September 2019. It is advisable to become compliant with the provisions as early as possible, and Deutsche Bank plans to make the related changes well ahead of the deadline.
6. PSD2 requires the wider ecosystem to develop
For PSD2 to deliver on its promise of revolutionising the payments industry in 2019, the whole ecosystem will need to develop further. This is especially pertinent with respect to common standards around APIs, which will be essential for compliance confirmation and take-up by TPPs. A crucial initiative in this respect is the interface implementation standards of the Berlin Group, the only pan-European payments interoperability standards and harmonisation initiative.
7. PSD2 requires TPPs to be licensed and available in an online repository
PSD2 requires TPPs to be licensed and available in an online repository. In this respect, PRETA, a subsidiary of EBA CLEARING, is heading up an initiative to provide a common, reliable, up-to-date directory to the market with shared information on TPPs.
What are we doing at Deutsche Bank?
8. We are already ready for the go-live
Deutsche Bank will provide the commercial benefits of PSD2 to clients on 13 January 2018 irrespective of member states’ transpositions. We will arrange briefing sessions for all employees affected to provide further details on the immediate changes and the milestones and developments lying ahead of us.
9. We are focused on furthering our existing TPP positioning in order to benefit clients
Our preparations for all parts of PSD2 – including those around the third party interface – are advancing at full speed. First, this is because a number of important provisions in PSD2 that are closely bound up with third party access to online accounts will be mandatory from 13 January 2018, irrespective of whether an organisation has a live interface or not. In addition to these considerations, however, getting the interface and strong customer authentication up and running will benefit customers immediately and ensure readiness and functionality when it is required.
10. Seize the opportunity to drive the API-fication of banking services
We predict this is just the first step in a broader sweep of regulatory requirements demanding banks to open up their infrastructure to TPPs, via APIs. This technology could also be exploited to offer bank customers a range of other services including: accessing their stock portfolios; monitoring their online securities transactions; and managing their borrowings. The providers that will thrive will be those that exploit the power of APIs – initially to provide TPPs access to their customers’ accounts as part of PSD2, but more broadly thereafter to create innovative and convenient products and services tailored to users’ changing requirements
Tell us about your interests and we’ll email you relevant news, insights and information as soon as they’re published