On 11 May 2022, the European Commission issued both a public consultation, and a targeted consultation in relation to the revised payment services directive, as well as a targeted consultation on open finance. These consultations should not come as a huge surprise – PSD 2 has a review clause and the European Commission referred to a review of PSD2 in its September 2020 Retail Payments Strategy (see our briefing here) issued as part of its Digital Finance package (see our briefing here).
The Commission wants to get the views of different stakeholders on various aspects of PSD2, and so believes that both a targeted consultation and public consultation are necessary. Views are sought on everything from secure customer authentication to extending the list of payment services in the PSD2 to include payment transactions using cryptoassets and the issuance of e-money. PSD2 has certainly had some teething problems and many stakeholders – from payment service providers, merchants and third party payment service providers - will be eager to offer their two cents.
We take a look at the key details in the briefing below.
Background
Under PSD2, the Commission is required to report on the application and impact of PSD2. This review was mentioned in the Digital Finance Strategy and the Retail Payments Strategy. The Digital Finance Strategy also contained details of the Commission’s intention to introduce legislation on a broader "open finance" framework.
The Commission notes changes to the payments market since the implementation of PSD2, with new market players, as well as new payment solutions. It notes that the payment needs of payment service users have changed as a result of continuing digitalisation, bringing new challenges and new risks. The review of PSD2 therefore seeks to be backward looking (examining the impact and application of PSD2) and forward looking (assessing the need for possible legislative amendments). The purpose of the targeted consultation on the PSD2 review is get views on the more technical aspects from those with more in-depth knowledge in the field of payment services, while the public consultation on PSD2 includes questions for a broader audience that might not have specific knowledge of payment services.
In relation to open finance, the Commission is keen to gather views on the state of play. It notes that third party service providers currently rely on limited sources of customer data access rights in the financial sector (chiefly PSD2 in relation to payment accounts data of both retail and business customers). Recent EU initiatives, such as a Digital Services Act and the Digital Markets Act envisage a governance framework for common European data spaces, set rules for data intermediaries and other online intermediaries.
General questions on PSD2
Areas covered include:
- Whether PSD2 has been effective in reaching its main objectives (consumer protection, making payments safe and secure, increasing choice for payment service users in terms of PSPs).
- Whether the current PSD2 framework has achieved its objectives in terms of innovation.
- Whether the benefits stemming from the application of the PSD2 outweigh the costs of its implementation (e.g. views are sought on whether implementation of PSD2 has led to higher costs for merchants, for corporates, for individual consumers).
- Whether PSD2 needs to be amended in general (e.g. to cater for market developments; whether parts or all of PSD2 should be changed into an EU Regulation to avoid transposition differences).
- Whether the scope of PSD2 is still adequate (views are sought on a number of areas including whether the electronic communications network exclusion is still appropriate; and whether there are exclusions in PSD2 that should be changed or deleted).
- Whether the definitions in PSD2 are still adequate.
Measures and procedures
Areas covered include:
- Views on the application and enforcement of PSD2 rules by national competent authorities (e.g. whether sanctions under PSD2 are effective and whether PSD2 provisions enable sanctioning of cross-border breach of PSD2).
- Whether payment services that are set currently set out in Annex 1 of PSD2 need to be maintained or modified.
- Whether other services should be added to the list of payment services in Annex 1 of PSD2 (e.g. the issuance of e-money; payment transactions using cryptoassets, payment processing; operating payment systems; and Buy-Now-Pay-Later services).
Payment service providers
Areas covered include:
- Whether the provisions on authorisation (licensing) of providers of payment services in PSD2 are still adequate.
- Whether changes need to be made to the method for calculating own funds of a payment services provider.
- Whether requirements around safeguarding in article 10 of PSD2 need to be further adjusted.
- Whether activities in article 18 of PSD2 (e.g. closely related services ancillary to the provision of payment services) need to be revised to reflect any changes in the day-to-day business of payment institutions due to the developments in the payments market.
- Whether PSD2 framework is aligned and consistent with other policies and legislation (e.g. the Electronic Money Directive 2; the Single Euro Payments Area (SEPA) Regulation; the Anti Money Laundering Directive; and the Markets in Crypto Assets Regulation).
Transparency of conditions and information requirements for payment services
Areas covered include:
- The adequacy of transparency conditions and information requirements for payment services (for example, views are sought on introducing disclosure requirements in respect of currency conversion costs before and after a payment transaction in respect of one-leg transactions).
Rights and obligations in relation to the provision and use of payment services
Areas covered include:
- Whether the rules on the derogation of low-value payment instruments and electronic money in PSD2 are still adequate.
- Whether the rules concerning open banking in PSD2 are still adequate (e.g. rules on access to and use of payment accounts data; and whether PSD2 allows for a safe sharing of payments data).
- Whether access to payments data (currently via interfaces) should continue to be provided for free to third party providers.
- Whether the provisions on liability (e.g. allocation of liability when executing a payment transaction) and refunds in PSD2 are still adequate or whether any changes need to be made.
- Whether provisions concerning the execution of payments transactions are still fit for purpose.
- Whether requirements regarding operational and security risk in PSD2 are still adequate (e.g. provisions on major incident reporting, the clarity of provisions requiring PSPs to establish an operational and security risk framework).
- Whether requirements concerning fraud prevention in PSD2, especially in relation to strong customer authentication are still sufficient (the Commission is seeking views on areas such as the impact of SCA on the business of TPPs and other payment service providers, and whether the application of SCA should be extended to payee-initiated transactions e.g. merchant initiated transactions).
Open finance consultation questions
Areas covered include:
- Whether there is an adequate framework for data access rights in place in the financial sector beyond payment accounts.
- Whether customers of financial service providers would be willing to grant third parties access to the data they generate with their providers for certain purposes (e.g. getting an overview of financial situation based on data from all existing financial service providers).
- The types of open finance based products that would stand to benefit retail customers/corporate customers the most.
- Conditions required to ensure that the potential of open finance is maximised, while risks are minimised.
- Policy measures to ensure a level playing field in terms of access to consumer data.