Banking & Finance

PSD3 and open banking: What to expect from the new European directive

PSD3 and open banking: What to expect from the new European directive

On June 28, 2023, the European Commission published its proposal for the Third Payment Services Directive (PSD3), which aims to bring payment services into the digital age. PSD3 is part of the EU’s Digital Agenda, which aims to strengthen Europe’s competitiveness, innovation, and digital sovereignty.

What is PSD3, how is it different from PSD2, and what sort of progress can we expect? To make it easier to understand, here’s my attempt to summarize this lengthy regulatory text and draw out some key takeaways.

Read a French version of this article here / Découvrez une version française de l’article ici.

What is PSD3 and PSR?

In fact, the EC published a package of measures to modernize payment services and open financial services data: PSD3 and the new Payment Services Regulation (PSR).

As KPMG analysts describe it, PSD3 provides rules for the authorization of payment institutions, and PSR incorporates elements from PSD2. Together, they effectively replace PSD2 and introduce a number of revisions and improvements to it.

The proposals acknowledge problems in the current data flow process in the financial sector and seek to improve customer data flows through a stronger financial data access framework.

“In the EU’s growing data economy, every interaction in finance creates new data. It is therefore vital that European consumers remain the ones in control of their payments and they decide with whom to share this data so that they can avail of new and innovative products.”

– Mairead McGuinness, Commissioner for Financial Services, Financial Stability and Capital Markets Union.

PSD3 has four main objectives:

  • Enhance security and consumer protection, by imposing stricter requirements for strong authentication, risk management, transparency, and accountability.
  • Encourage innovation and competition, by opening up the market to new players such as Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs), who offer alternative solutions to traditional payment methods.
  • Harmonize rules across Europe, by creating a common legal framework for all payment services, whether national or cross-border, and by removing regulatory and technological obstacles to the digital single market.
  • Support the ecological transition, by encouraging the use of more sustainable means of payment, such as instant payments, mobile payments, or digital currencies.

PSD3 is an ambitious and complex text, which will have to be adopted by the European Parliament and the Council of the EU.

Download the infographic for a quick reference: 7 things to know about PSD3 and PSR

Directives (such as PSD3) need to be transposed into national laws of the member countries, while regulations (such as the new PSR) apply directly and consistently across the EU. These texts are expected to start coming into force around 2024-2025.

New in 2024: PSD3 and PSR, towards a revolution in European payment services

PSD2 vs PSD3

Much has changed since the European Payment Services Directive of 2007, followed by PSD2 in 2018. We have seen spectacular growth in electronic payments in the EU (30% in the 4 years to 2021 to reach 240,000 billion euros in value).

PSD2 introduced Strong Customer Authentication (SCA), which helped decrease fraudulent transactions across the EU from 2020 to 2021 by nearly half for card payment services providers. But criminals have also gotten more creative, coming up with more elaborate schemes to trick victims and using information from social media.

With new fintech players entering the market and new open banking use cases emerging (particularly around account information and payment initiation), innovations such as instant payments, contactless, and QR codes now occupy a central place in the daily lives of Europeans.

It was time to remedy the inefficiencies of PSD2.

One of the biggest changes PSD2 brought about was requiring banks to open up their payment services and access to payment account information to other companies, called Third Party Payment Services Providers (TPPs).

It forced banks to take an API-first approach to enabling customers to own their own financial data. But while the pioneering legislation was a solid intellectual model, it was a failure in reality.

The banking sector missed out on true open banking with PSD2.

“Balkanization of standards, inconsistent implementations, and tepid enthusiasm on the part of incumbent banks have led Europeans into Gartner’s Trough of Disillusionment,” said Eyal Sivan at the start of the year. “However, upon observing the successes of those that followed, notably in Brazil and the Middle East, they started to revisit their approaches.”

PSD2 succeeded in making APIs the norm in the finance sector, but there is still significant variation in the format, quality, and performance of APIs. They can be prone to excessive downtime and often lack support when issues arise.

PSR responds to this issue with new rules designed to harmonize the implementation of open banking. Among other things, they address API performance requirements and the minimum functionalities they must support.

“This new European regulation will clarify the liability regime between fintechs, banks and their customers, to the benefit of all,” says Fanny Rodriguez, General Secretary and COO of payments platform Fintecture.

“It’s a safe bet that this precise framework of responsibilities will strengthen the performance of existing APIs under PSD2, as banks will be required to communicate information even more fluidly to regulated players such as fintechs.”

Concretely: what changes can we expect?

How will PSD3 and PSR affect banks, fintechs, and consumers? As with any legislative text, the regulatory proposals are dense, and debate before formal adoption may bring more changes, but here are some major themes and takeaways.

Improving open banking functionality. These elements focus on technological requirements such as the implementation of new data access interfaces, emergency data access, consent management dashboards, opening up access to financial data beyond only payment account data, etc.

Fraud mitigation. Per the European Commission, the proposals will reduce fraud by:

  • Making widely available a service to check whether the name of the payee and bank account number match each other, before a transfer is confirmed
  • Giving victims of fraud a right of refund by their bank or other Payment Service Providers (PSP), in specific circumstances
  • Helping banks and other PSPs cooperate against fraud through more fraud-related information sharing
  • Obliging banks to improve customers’ awareness about fraud

Fairer competition between banks and non-bank PSPs.

The proposals toughen requirements for banks to provide bank account services to non-bank PSP, and the latter would be able to directly participate in payment systems throughout the EU. The hope is that leveraging fairer competition would help drive down prices.

Simplification and efficiency. Electronic money institutions (EMIs) are merged with payment institutions (PIs) under a single regime, and all payment rules applicable to PSPs will be contained in a directly applicable regulation.

Strengthened consumer rights through enhanced account statement transparency, clear and transparent information regarding ATM charges, steps to rectify problems associated with blocked funds.

Improved payments experiences for consumers.

The proposal ensures consumers can make electronic payments and transactions in the EU, domestically or cross-border, in euro and non-euro.

To enhance cash accessibility in stores and via ATMs, businesses would be permitted to offer cash services to clients independent of any purchase requirements. Clearer guidelines are also provided for independent ATM operators.

Finally, instant transfers become mandatory. Banks in the EU will have to offer it to their customers, retail and professional, at the same price as a conventional transfer.

Instant transfers and payments consume less energy and make it possible to transfer funds in only 10 seconds, improving customer service and cash flow for merchants. Its adoption will certainly energize payments and stimulate fintech innovation, and we have yet to discover new use cases.

EY’s Sigrid Hansen offers an in-depth analysis of PSD3 here and PSR here.

For a graphical overview, see the EU’s fact sheet: Electronic payments in the EU and financial data access.

Towards a more holistic realization of open banking

We predicted in January that impending updates to legislation would more than likely have a broader focus on generalized data sharing, open finance, and even open data.

This set of proposals from the EC certainly represents a step forward towards enhancing competitiveness and fostering innovation. And, as Fanny Rodriguez pointed out above, it also raises issues of European sovereignty.

“These regulatory developments in Europe aim to foster competition between banks and fintechs… against a backdrop of strong political will: to boost innovation via a European infrastructure and players. In a tense geopolitical context, it’s a safe bet that this trend will only be confirmed.”

One thing that is clear is that to truly bring European payment services into the digital age, companies will need to look beyond compliance with these new regulatory and technical requirements.

We cannot allow ourselves to fall into the same trap as with PSD2; rather, we must seize the opportunity to innovate and offer consumers better experiences.

As I often say, if financial institutions are to survive in this ecosystem, they have to accept disintermediation and become digital service providers. The controlled, secure opening up of their core systems this requires is possible via APIs.

We’re no longer talking about the APIzation of banks, but rather the transformation of technical APIs into digital products using marketplace tools. These marketplaces for digital services act as showcases for developers, facilitating their consumption of the exposed services.

See also Banking as a Service: What will happen to our banks if ChatGPT becomes my bank advisor?

Increased adoption of their APIs will enable banks to derive real benefit from this new ecosystem – through the acquisition of better customer intelligence, more agile participation in innovation, and many other benefits of open banking – rather than suffering through new regulation.

It remains to be seen whether these proposals can overcome the fragmentation arising from national legislation to create a more coherent legal framework across the EU, enabling the opening up and free exchange of these API products in an expanding ecosystem.

In the meantime, it is clearly time to “Open Everything” in the financial system.

Still struggling with API adoption? Join this 30-minute demo to learn how to leverage your APIs through a turnkey Marketplace.

Key Takeaways

  • PSD3 aims to bring payment services into the digital age by enhancing security and consumer protection, encouraging innovation and competition, harmonizing rules across Europe, and supporting the ecological transition.
  • PSD3 and the new Payment Services Regulation (PSR) will replace PSD2 and introduce revisions and improvements to open banking, including improved open banking functionality, fraud mitigation measures, fairer competition between banks and non-bank PSPs, simplification and efficiency, and strengthened consumer rights.
  • The proposals seek to enhance the payments experience by mandating instant transfers, improving cash accessibility, and promoting clearer guidelines for ATM operators.
  • Companies need to go beyond compliance and embrace innovation to offer better experiences to consumers, embracing disintermediation and becoming digital service providers through the use of APIs and marketplace tools.
  • For a quick summary, download the infographic: 7 things to know about PSD3 and PSR.