RegTech Intelligence

Payment Services Directive and third party involvement

The Payment Services Directive (PSD) was adopted in 2007 as a means for providing a legal foundation for establishing safer and easier electronic payment services throughout the European Union.  The goal was to make cross-border payments quick, efficient and secure.  In July 2013, the Commission decided to review PSD and modernise it to adapt to new innovative technology, such as payment initiation services.  With consumers demanding more options and cheaper alternatives for internet payments, PSD2 is easing the access for new market entrants and payment institutions, therefore offering more competition and choice.  These services were previously unregulated but, by bringing them inside the scope of this legislation, PSD2 is encouraging innovation within the payment market and has created a level playing field for the different types of payment service providers, which includes the new Third Party Players (TPP).

Third party involvement

TPPs can be broken down into two groups – Account Information Services Providers (AISP) and Payment Initiation Service Providers (PISP).  AISPs can connect to bank accounts and retrieve information from them for different reasons.  Consumers will most likely use AISPs to gather an overall view on their financial situation in order to analyse their spending patterns, expenses and financial needs in a user-friendly manner.  PISPs, on the other hand, initiate payments from a user account to a merchant account by creating a software ‘bridge’ between these accounts, filling in the necessary information for the transfer and informing the merchant that a transaction has begun.  PISPs make it simple and easy to take funds from one account and send them elsewhere without the use of a credit card.

AISPs will be useful for services such as investment tracking and recommendations, categorising spending and help with budgeting and financial planning. One AISP that operates in the US and Canada looks at a user’s bank account and information. Once the user has granted access, it can then help the user manage their money through creating personalised budgets, tracking investments, and by giving the user tailored advice and alerts. A comparable AISP that is available in the UK keeps track of spending habits, creates budgets and even reminds the user about upcoming bills.  These applications will become increasingly popular as more banks ‘open up’ and allow account access to third parties.

Unlike AISPs, that just have access to bank account information, PISPs can initiate payment transactions.  These services will allow consumers to make online credit transfers to merchants and other accounts, all without having a card on hand.  One type of PISP that operates in the US allows users to send and receive money from anyone – given that they have their user name or contact information – once the user grants access to their account. Right now, users can only use this specific PISP with other users of the same PISP, but it is predicted that businesses will start collaborating with PISPs and – soon – users will have no need to carry a card or wallet around in order to make payments.  Another type of PISP allows users to pool money together until a goal is met.  When users meet the goal, the money is transferred into a given account.  This application is popularly used for organising fundraisers, parties or group gifts or, more plainly, for just sending/receiving money for rent, dinner, drinks, etc.

These TPPs will gain the most from PSD2.  As they emerge as new competition in the electronic payments market, there will be lots of room for innovation and success.  This directive is stimulating competition and encouraging new mobile and internet payment methods.  Although third party involvement is new, TPPs must follow the same rules as traditional payment services providers, which includes registration, licensing and supervision by competent authorities.

How this will affect banks and consumers

Currently, banks do not grant access to information stored in their customers’ accounts.  However, with PSD2, banks must allow third party access if the third party has a licence to provide payment services and the customer explicitly consents to that access.  Banks must not place restrictions on TPPs’ access and are prohibited from treating payments that go through TPPs differently to those initiated by their customer – so banks cannot add charges for using TPPs.

PSD2 also introduces stricter security requirements for the initiation and processing of electronic payments and account access.  All payment service providers, including banks, payment institutions and TPPs, must prove they have certain security measures in place to ensure secure online payments.  Additionally, they will have to carry out, on a yearly basis, an assessment of the operational and security risks at stake and the measures needed to protect consumers from these risks.  These firmer security requirements will raise costs for banks, while the introduction of TPPs, as new competition, will likely reduce their existing revenue streams.

Consumers, on the other hand, will benefit from PSD2.  New methods will give them, not only more options, but also easier and more efficient choices of different payment services and service providers.  Another advantage for consumers is that, if they choose to use AISPs, they will have more knowledge and understanding of their finances and how their money is spent.

PSD2 was adopted by Parliament in October 2015 and entered into the Official Journal of the EU the following December.  Its entry into force occurred on 12 January 2016, and all members of the EU have two years to transpose it into national law.  PSD2 enables the FinTech future by allowing innovators and entrepreneurs to tap into a previously closed market.  Additionally, banks and technology providers are able to adapt their systems so that they are better able to compete effectively in the transition to open, digital and real-time banking.  Some banks have already begun strategically planning for January 2018 by discussing partnerships with FinTech companies, while others have requested funding for new digital initiatives and some have even funded whole new digital banks.  As of now, PSD2 is still going ahead as planned despite Britain’s vote to leave the EU.

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy