What You Need to Know about PSD2 in 2017
Authored by: Joris Hillebrand, Managing Director, Synechron Business Consulting and Joost ter Welle, Managing Consultant, Synechron Business Consulting
On 12 August 2016 the European Banking Association (EBA) published a Consultation Paper including draft Regulatory Technical Standards (RTS) that propose a way to implement Access to Accounts in practice (XS2A) giving Third Party Players access to client account information. The purpose of the RTS is to ensure an appropriate level of security for consumers and Payment Service Providers (PSPs) by developing a harmonized framework. EBA intends to set out this framework through the adoption of risk-based requirements, securing and maintaining fair competition among all PSPs and allowing for the development of user-friendly, accessible and innovative means of payment.
EBA received 118 responses to the Discussion Paper published in December 2015 and the Consultation Paper including draft RTS EBA received a record 226 responses. This overwhelming feedback reflects the expected impact and sensitivity of the regulation. EBA is currently processing this market input and was aiming to publish the final RTS on 12 January 2017. However, in a statement delivered before the European Parliament’s Committee on Economic and Monetary Affairs (ECON), Andrea Enria said the publication is likely to publish “a month or so later”. After the final RTS is published, the market has 18 months to implement the requirements – making PSD2 a top priority to action in 2017.
1. Background PSD2 I
PSD2 entails major changes for banks and other payment service providers, now requiring players besides banks to gain access to (payment) accounts. This is referred to as XS2A. Although PSD2 covers more than XS2A, this is the most impactful requirement for banks. Banks will, upon the client’s request, need to (i) give third parties access to account information and (ii) give them the possibility to initiate a payment transaction. Given this, the market expects that third parties will become able to offer competitive and innovative payment and information services to clients since PSD2 gives them the opportunity to access the clients’ bank accounts. Meanwhile, ‘traditional’ parties will face both internal challenges in their payments-related (IT) infrastructure and external challenges in staying competitive, requiring them to make a number of strategic decisions. The European Commission argues that the account-holder, rather than the bank, owns the payment information. XS2A enables third parties to gain access to certain information regarding payment accounts held with banks. These third parties are referred to as Third Party Payment Service Providers (TPPs). Obviously, a TPP requires an account-holder’s prior consent before it can request such information. Under PSD2, banks are required to provide three types of services to facilitate a TPP’s access:
- Account Information Services (AIS), allowing a TPP to request account information.
- Payment Initiation Services (PIS), allowing a TPP to initiate payments.
- Confirmation on the Availability of Funds (CAF), allowing a TPP to perform an account balance check prior to a card payment.
The draft RTS are the first directions provided by the authorities that help to understand how XS2A will work in practice. Security, competition and future profitability seem to be the major concerns for banks.