Editorial

PSD3: An evolution of the EU payments framework and enabling Open Finance

On 28th June 2023, the European Commission announced the proposal for modernising payment services and opening financial services data with the aim of bringing payments and the larger financial sector into ‘the digital age’.

Contributor

Supriya is a Principal Consultant with 20 years of experience operating at strategic, conceptual and execution levels across Banks, Fintechs and Consultancies.

Supriya Dahiwelkar
Principal Consultant - Payments

This is a key step in the transition of the industry from Open Banking to Open Finance. Not surprisingly, this coincides perfectly with this year’s Sibos theme of “Collaborative finance in a fragmented world” with Open Finance identified as a key trend to achieve this.

Understanding PSD3

The Payment Services Directive (PSD) framework has undergone significant revisions since its inception.

  • PSD1: Adopted in 2007, provides the legal foundation for an EU single market for payments.
  • PSD2: Implemented in 2018, introduced several groundbreaking changes, including strong customer authentication (SCA) and Open Banking requirements, to boost security and competition.


Now, PSD3 builds upon its predecessors, with a primary focus on further enhancing consumer protection, security, innovation and financial inclusion. The proposal by the European Commission consists of two legislative acts:

  • Payment Services Directive (PSD3) is a directive that requires EU Member States to adapt them into national legislation. This leaves room for interpretation and potential inconsistencies across EU member states.
  • Payment Services Regulation (PSR) on the other hand is a regulation which incorporates the rules governing the conduct of payment services in the EU. This strengthens harmonisation and enforcement of inconsistencies seen up to PSD2.


So who does it impact and what are the timelines? Firms providing, or planning to provide, electronic payment services in the EU or to EU customers will be impacted by the third Payment Services Directive. PSR will become mandatory once the scope has been decided and ratified in EU law. PSD3 will need to be transposed into national law by EU member states. Payment Service Providers (bank and non-banks) will then have to comply with the new legal authorisation regime introduced by PSD3 within 2-3 years after becoming local law hence by circa 2026 onwards.

Key features and benefits of PSD3

1. Fraud prevention: Although the evaluation of PSD2 concluded that it immensely improved fraud prevention, it is not fully equipped to combat the new types of fraud that have emerged since. PSD3/PSR proposals consist of further measures to help prevent fraud:

  • Implementing IBAN/name verification service for all credit transfers,  
  • Strong Customer Authentication (SCA), exemptions from the application of SCA, options other than SCA mechanisms based on smartphone (e.g., hardware tokens, smartcards),
  • Providing a legal basis for PSPs (Payment Service Providers) to share fraud-related information between themselves in respect of GDPR (General Data Protection Regulation), the strengthening of transaction monitoring,
  • Payment service providers (PSPs) obligation to carry out education awareness for their customers,
  • Additional anti-fraud measures regarding both fraud prevention and redress
  • Extension of refund rights


2. Improve consumer rights and information: More transparency for credit transfers and money remittances from the EU to third countries, More transparency for payment account statements and ATM charges and other charges for currency conversion and the likes.

3. Support Open Banking: Implementation of dedicated Application Programming Interfaces (APIs) for data access, eliminating the two data access interfaces (a dedicated one and its “fall-back”), ensuring contingency data access for uninterrupted business operations, establishing consumer dashboards for managing data access rights.

4. Level the playing field between banks and non-banks: By allowing non-bank payment service providers access to all EU payment systems, with appropriate safeguards, and securing those providers' rights to a bank account. Payment institutions are to be included as possible participants in designated payment systems. Given the urgency of introducing this indispensable level-playing-field measure, Member States are given 6 months to transpose it into their national law.

5. Improve the availability of cash: Measures will be implemented to enhance the availability of cash through shops and Automated Teller Machines (ATMs), enabling retailers to offer cash services without requiring a purchase, and providing clarity on regulations governing independent ATM operators.

6. Consolidation of e-money institutions and payment institutions: Under a unified regulatory regime, streamlining payment rules applicable to PSPs into a directly enforceable regulation, ensuring a more straightforward and consistent framework.


Enabling the transition from Open Banking to Open Finance

PSD2 kickstarted Open Banking where third-party service providers can gain secure and permissioned access to users’ bank account information. Open Finance is a step further where it’s not just the bank account data, but consumers can also share their non-banking data like mortgages, pensions, insurance, taxes, savings, etc, securely via APIs.

The European Commission announcement on 28th June 2023 also includes a legislative proposal on Financial Data Access (FIDA). This aims to provide secure access to a wide range of financial data beyond bank account data to transition the industry from Open Banking to Open Finance.

This move towards Open Finance with access to data from multiple sources beyond banking would empower customers and promote innovation by enabling third parties to provide value-added services to customers (and businesses).

PSD3 and Instant payments

The Retail Payments Strategy of the European Commission promotes the development of instant payments in the EU. PSD3 and PSR fulfil a key commitment to the Retail Payments Strategy by ensuring the rules applicable to the EU retail payments industry remain fit for purpose.

PSD3 will improve consumer protection, and ensure wide adoption of the highest security standards, including instant payments. The new directive will also help facilitate cross-border payment solutions by creating more choices and ensuring the legal framework covers all important market players in the payments ecosystem.  

Next steps

Payment Service Providers should understand the requirements of PSD3/PSR. They should consider its implications and perform an impact assessment of what changes are required to achieve timely compliance. Potential areas where PSD3/PSR will have an impact are:

  • IBAN/name verification service,
  • Reapplication for a PSP (Payment ServiceProvider) licence under PSD3 for PIs (payment institutions) and EMIs,
  • Provision of consumer dashboards for managing data access rights,
  • Implementation of new/revised requirements for SCA,
  • Creation of a dedicated interface for exchanging data with TPPs,
  • Implementation of financial data sharing schemes in line with FIDA, etc.
  • Collaboration between traditional banks and fintech companies is likely to increase, driving innovative solutions to meet regulatory/directive requirements but also to enable the development of new, customer-centric financial products and services.

Delta Capita has the capability to assist you in performing an impact assessment and review of your firm's current PSD3 readiness and identify areas that will be potentially impacted as well as assist in building a roadmap to be compliant.  To find out more about how we can help you, get in touch today.