Updated 20/10/2023
According to a recent Thales Group Poll, 38% of users would leave their bank if another provider offered better rates or services. What’s the direct consequence? Banks, neobanks, and other services battle for user attention by offering new features, services, and products every year. As a result, the market has become very competitive.
However, for financial institutions to compete by offering in-demand services, such as short-term loans, buy now, pay later (BNPL), or digital wallets, they must have access to the client’s data.
European banks using client data must follow regulations to keep sensitive data safe and protected from potential fraudsters. This is where the Second Payment Services Directive (PSD2) comes into play.
One of the greatest benefits we’ve seen since the implementation of PSD2 is the open payments ecosystem. Thanks to this initiative that supports open banking, there was an increase in collaboration between banks and financial institutions that previously were not allowed to enter the market. This allowed for a number of new products and services to be introduced.
On the consumer side, PSD2 helped make payments easier as consumers can give their consent to their bank to share information with third-party providers. The direct result of this was the creation of third-party providers (TTPs). With strong customer authentication, all users can rest assured that their data won’t be misused and will remain safe.
We want to bring you a fresh perspective on what PSD3 might bring to the table, in particular, how it might affect your services, so you can strategically plan how to respond to changes ahead.
What Is PSD3?
PSD stands for the Payment Services Directive, and it's a framework that regulates electronic payments and the banking system in Europe and the EEA market area. The PSD3 still has yet to be approved, but it would be a continuation of the work put into PSD2, its predecessor.
PSD3 is set to regulate the provision of all electronic payments within a banking system in the European Union. While PSD2 has been governing all digital payments and open banking in the European Economic Area since 2019/2020, PSD3 will continue to do the same with the potential to expand its influence.
PSD1 was introduced in 2007 and updated in 2015 to become PSD2. The idea behind both standards was to have a retail payment strategy that would be open for updates. As legislation and the payments market change, it’s important to use a flexible framework that nurtures innovation and growth.
In a recent panel at Open Bank Expo Europe, called “The Open Journey to PSD3: A New Open Finance Framework,” participants agreed that the adoption of PSD2 had been too slow, causing it to lose out on its potential. Many concluded that while PSD2 was successful in some areas, it failed to give a standardized approach that PSD3 might be able to change.
Maria Palmieri, the Head of Policy at the Open Banking infrastructure provider, Yapily, said: “The European Commission has the opportunity to go one step further and resolve some of the systemic issues that have surfaced as the Open Banking ecosystem continues to grow at pace.”
New Initiatives for PSD3
The EU Commission issued its feedback on PSD2 and, on 28 June 2023, announced that they would be working on an updated EU retail payments strategy, or the Third Payments Service Directive (PSD3) and Payment Service Regulation (PSR).
Since PSD2 has been a game changer since its implementation three years ago, there are still a number of topics that should be addressed before new regulations are decided on. For example, some banks fear that the new standards will push them into building new APIs.
Here's the overview of some of the key initiatives that the commission is working on:
1. Improving the Availability of Cash
The proposal aims to increase access to cash by allowing retailers to offer cash provision services even without a purchase by a customer. It will also work on including a cap on withdrawals to ensure fair competition with ATMs and a requirement to disclose any fees charged.
2. Clarifying the Interaction Between Payments and General Data Protection Regulation (GDPR)
The proposal introduces clarifications to ensure that payment service providers access and process personal data only as necessary for specific payment services. It will strengthen data protection for payment service users in the context of Open Banking services and clarify the processing of personal data related to payment transactions.
3. Improvements to Open Banking
Open banking involves account information and payment initiation services. PSD2 provided a regulatory framework for open banking, including secure access to payment data for AISPs and PISPs.
The proposal for PSD3 makes targeted amendments to improve open banking while avoiding radical changes. The new regulation also introduces requirements for dedicated data access interfaces, a list of prohibited obstacles to data access, and clear liability and dispute resolution mechanisms.
4. Framework for Financial Data Access
The PSD3 framework aims to provide responsible access to customer data across various financial services, expanding beyond open banking. Customers will have the right to access their data and grant access to firms for innovative services.
However, the new standardization of data and access interfaces will be promoted with new and clear liability rules.
5. Changes Regarding E-Money Institutions
The proposal merges the regulatory regimes for e-money institutions (EMIs) and payment institutions (PIs) into one single piece of legislation to enhance harmonization and simplification.
6. Addressing Competition Issues for Non-Bank Payment Service Providers
Non-bank payment service providers, such as payment institutions and e-money institutions, have faced challenges in accessing key payment infrastructures due to obstacles from commercial banks. The proposal will also aim to facilitate easier access to payment systems for non-bank institutions.
Overall, the new initiative aims to address all these issues to promote better access to consumer and business financial data, enhance data sharing, and provide customers with more control over their data.
"We are very confident that these improvements, which seem to have been well received by the market, have the potential to give a boost to open banking, which we continue to identify as a significant source of innovation and competition, especially when combined with instant payments, which is another of our top priorities," said Eric Ducoulombier, Head of Unit at the European Commission, Directorate-General for Financial Stability, Financial Services and Capital Markets Union in a recent interview.
As PSD2, PSD3 is part of a broader European strategy for data, data access, and data sharing in the financial sector and is in alignment with GDPR regulations.
What is Payment Services Directive Consultation?
It is common practice that before a new PSD standard is introduced, the European Commission organizes consultations where stakeholders can open new topics to ensure the standard takes into account everything that is happening on the market.
All consultations are designed to measure and review the impact of the PSD while taking into account how it has or will affect consumers and businesses across the EU.
Consultation is the process that includes three different initiatives:
- Technical consultation
- Public consultation
- Open banking consultation
With BNPL services, cryptocurrencies, and currency conversion questions, there’s a need for PSD2 to be updated so that it would offer all European countries a comprehensive guide on how to oversee their finances.
PSD3 is going specifically to focus on open banking protocols, Know Your Customer (KYC), and Strong Customer Authentication (SCA). Additionally, it should address how the communication between banks, customers, and merchants will work.
What Is PSD3 Implementation Timeline
The new standard was verified on June 28, 2023, and all EU member countries will have two years to add it to their national legislation.
As the proposals for both PSD3 and PSR are subject to review and debate in the European Council and European Parlament, it usually takes around 18 months for the new legislature to approve them. This means that they are likely to be active by the end of 2026.
Of course, there’s a good chance that this time around, the process will be much faster than what we saw for PSD2. However, both implementation and being written into legislation are not simple processes. But as soon as PSD3 becomes a part of the EU, companies around European Economic Areas (EEA) will be obliged to comply with it fully.
Banks, financial institutions, and payment processors are advised to start looking into ways to adapt their systems to be ready when the PSD3 goes through all the legislative processes within the member countries.
The appropriate bodies of the European Commission (EC) will review the answers from consultation sessions and additional findings before they draft PSD3, which is expected to be in early to mid-2023.
Magdalena Stoklosa, the Head of European Banks and Diversified Financials Research, stated: “Open Banking has been less disruptive to banks than feared, so far. But the clock is ticking for banks, with new entrants able to provide banking services up to 50% cheaper, in part thanks to legacy-free IT.”
How Can PSD3 Influence the Payments Industry?
The market couldn’t predict the COVID-19 pandemic, Brexit, mass layoffs, speedy digitalization, or any of the changes and challenges that the finance industry has faced in the last few years.
Surely, PSD2 contributed to the ongoing digitization in the payments sector, but since things are changing fast, it will need to be revised. With more players on the market, the greater the gaps in legislation are.
We still don’t know for sure whether PSD2 will be updated or will be completely rewritten as PSD3. There is a consensus that PSD2 was very successful in preventing fraud, but it still needs a lot of fine-tuning.
The framework we believe will be continued in a partial or complete rewrite would be:
- Streamlining the provision of financial payments
- Safeguarding operations and users from fraud
- Making a safe environment for transactions
- Keeping users safe with multi-factor authentication (MFA)
ISO 20022 was introduced to support the efforts of PSD2. It will simplify the processing language behind transactions and keep APIs more interoperable and standardized. We might witness possible regulations to currently unregulated or under-regulated activities such as:
- Crypto payments
- Buy-Now-Pay-Later (BNPL)
- Operating payment systems or payment schemes
- Digital wallet services (including mobile apps used for payments)
- Triangular passporting
- Feedback on digital payments
- Perceived trust around the use of AISPs and PISPs
- Increased transparency around cross-border payments and fees
Review the use of existing open finance services (i.e. PISPs/AISPs), understand what financial data respondents would also like to share via TPPs (mortgage, insurance, pensions, savings, and investments), and take into consideration how this data is protected.
Why is API Standardization So Important?
In the PSD2 context, the purpose of APIs is to technically enable the sharing of payment account information between third-party providers (TPPs), which are commonly referred to as fintech companies and account servicing payment service providers (ASPSP).
APIs underpin integral integrations, as they are expected to integrate and intersect with a number of different tools seamlessly. Basically, APIs are essential for any bank or financial institution to move into the digital age.
However, due to different payment systems and methods used across Europe, it soon became obvious that the lack of API standardization within PSD2 intensified the fragmentation of the payments market.
As this is seen as a big obstacle for further development, PSD3 will likely focus on developing some kind of API standardization system that will help the market become more unified. The European Banking Authority is also asking the Commission working on PSD3 to consider standardization across Europe to be introduced as it will bring everyone closer to open banking goals.
In the EU, there are many financial institutions and fintechs that are currently setting up their APIs so they can offer better and improved services.
However, even if we look at the EU as a single market, there are a lot of differences between how different countries regulate payments due to a lack of standardization. While the UK has shown a more structural approach, across Europe, there has been progress, but it's been much slower than anticipated.
Even when the standardization for APIs was introduced, it took a lot of time for banks to develop them and have them up and running. It’s clear that further standardization of APIs will help the European Commission develop a centralized model that will unite banks and TPPs.
Examples of Collaboration between Banks and TPPs that Drive Innovation
Digitalization of financial institutions is reaching a high point. More and more financial institutions are turning to third-party fintechs to help them offer new services to their customers. Legacy banks are largely benefiting from the explosion of open banking innovation as they are often unable to quickly develop features that younger generations of bank users now expect.
There’s been a significant increase in the number of TPPs registering in Europe, and this trend is likely to continue throughout 2023. The following are use cases of banks collaborating with TPPs to provide their clients with more and better services.
Examples:
Caixa Geral de Depositos + Backbase
The largest bank in Portugal is working with Backbase to accelerate its digital innovation. This partnership will enable Caixa to improve its business with SME customers and launch a range of new initiatives.
By replacing legacy systems with a new siloed banking approach, they will improve customer experience and ultimately help SMEs request loans and support their businesses in all development phases.
Deutsche Bank + Traxpay
Deutsche Bank wanted to invest in supply chain financing. Their goal was to create a partnership where they could integrate these supply chain solutions and technologies within the bank’s services. That’s why the bank decided to partner with Traxpay – a German fintech company that offers discounts and reversed factoring solutions for its corporate clients.
This collaboration puts Deutsche Bank at the forefront of supply chain financing across Europe and worldwide.
ABN AMRO + Subaio
ABN AMRO, the third-largest bank in the Netherlands, is focused on providing its users with a convenient way to manage their recurring payments. This is why, when ABN AMRO signed a collaboration with a Danish fintech company, Subaio, it achieved massively successful results.
The partnership contributed to the innovative success of the Grip app since the platform where the bank launched the white-label recurring payment management feature, which was provided by Subaio. This digital platform offers its users a one-stop shop to manage their recurring payments online.
N26 + Wise
Berlin-based bank N26 joined forces with Wise (formerly TransferWise), a London-based P2P payments company. This alliance introduced an API platform that allows its users to send money abroad fast, easily, and reliably using only their N26 bank account, without any hassle or hidden fees.
What Does The Future Hold?
Turning a blind eye to the future is not an option for banks. The financial institutions that are progressive and embrace innovation, including being open to working with other fintechs and TPPs, will likely be the most competitive.
Embracing innovation is hard without reliable tech partners who have experience in fintech and are able to provide advice on how to develop exciting products .
By working with progressive solutions, financial and non-financial institutions will prepare themselves for market changes and discover new directions in which they can develop.
PSD3 is therefore significant as it will help fix some of the burning issues and offer more support for institutions in the EU financial landscape. It will take time to see the actuall changes, PSD3 opens a chance to resolve current issues and create a more flexible system for everything that’s coming.