Everything you want to know about PSD2 but were too afraid to ask

By Alara Basul | 19 April 2017

The Second Payment Services Directive (PSD2) is a fundamental piece of payments legislation in Europe, which entered into force in January 2016. The regulation is set to drastically impact the infrastructure for banks, fintechs and businesses using payments data by opening up access to third party providers. The regulation requires that all member states implement these rules by 13 January 2018.

Whilst the regulation has been a popular topic over the past few months, is the industry as knowledgeable about PSD2 as perhaps we expect it to be? We’ve broken it down to the basics to explain what PSD2 really is, what it means for banks and who the regulation will primarily affect.

What is PSD2?

“From January 2018, banks will be forced to open their data vaults through mandated Application Programming Interfaces (APIs). As a result, third parties will be able access (anonymised) customer data to provide new products and services. The goal, beyond compliance, is to break the banks’ monopoly on data and open the market to new innovations,” says Bragi Fjalldal, CMO and VP Business Development, Meniga.

"The main goals of the new PSD2 is to contribute to a more integrated and efficient European payments market, improve the level playing field for payment service providers, make payments safer and more secure, protect consumers and encourage lower prices for payments. Furthermore the PSD2 will push the boundary of open banking across European Union and bring more control over personal financial data in favour of the consumers. At it’s core PSD2 will impact two things: the flow of payments and how we access our finances," he adds.

David Song, Payments UK’s Manager of European Developments adds: "The revised Payment Services Directive (PSD2) is a significant evolution of existing regulation for the payments industry. It aims to increase competition in an already competitive payments industry, bring into scope new types of payment services, enhance customer protection and security and extend the reach of the Directive."

Christian Schaefer, Head of Payments, Cash Management Corporates, Deutsche Bank says: "The simple answer is that Payment Services Directive 2 (PSD2) – adopted by the European Parliament on October 8 2015, and by the European Union (EU) Council of Ministers on November 16 2015 – is an updated version of the PSD1, implemented in 2007. It regulates European payments services – ensuring they are transparent, secure, and meet certain standards.

"In the long run, however, PSD2 has the potential to revolutionise payments: introducing innovation and enhanced flexibility. Certainly, PSD2 will encourage collaboration between the varied players across the financial landscape by recognising and regulating third-party providers – creating a secure and transparent environment for the creation of disruptive payments technology," he adds.

What are the main changes coming into effect?

"The revised European Payment Services Directive (PSD2) is driving European banks to a defining moment in 2018 and to fundamentally re-think how they can help customers derive value from their financial information. Banks will need to restructure their IT infrastructure and refocus part of their business model. They will be required to open up their IT systems to third parties who are instructed to make payments for account holders, and ensure a consolidated real-time view of account statements," adds Fjalldal. 

"How does it change the landscape for financial services? Once PSD2 has entered into force, banks will need to provide the data and functionality to their own applications through an internal API or Internal Service Bus, but they will need to expose payment capabilities and aggregated information in a so-called public API (Application Programming Interface, a technology that allows developers to access functions of different computer programs and make them work together). Banks will there not only need to have an internal API, they will also need to have a public API in a post PSD2 world," he continues.

David Song continues: "PSD2 will set out a common legal framework for businesses and consumers when making and receiving payments within the European Economic Area (EEA) – which comprises the 28 European Union Member States plus Norway, Iceland and Liechtenstein – and outside the EEA.

"The PSD2 text makes it clear that customers have a right to use what are termed Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs), where the payment account is accessible online and where they have given their explicit consent. These changes reflect the market growth in e-commerce activities and use of internet and mobile payments as well as the rise of new technological developments and a trend towards customers having relationships with multiple account providers. This will make internet and mobile payments easier and help customers to manage their accounts and make better comparisons between them."

Who does it affect?

Fjalldal says there are three main platforms that are affected: 

  • European banks
  • Banking customers
  • Third party provider interested in building solutions on top of banks’ data and infrastructure

David adds: "The new measures will also ensure that all PSPs active in the EU are subject to supervision and appropriate rules. PSD2 could help open up new markets and encourage new market entrants, with wide-reaching opportunities for a range of parties including banks, other PSPs, FinTechs and customers through the development of products and services that offer new ways to use account and transaction data."

Do we know what will happen after the 13th of January 2018?

"PSD2 must be transposed into national law by Member States by 13 January 2018, which means that the majority of the legal provisions will apply from that date. However, PSD2 empowers the European Banking Authority (EBA) to develop a number of guidelines and technical standards, including a mandate to deliver regulatory technical standards (RTS) on strong customer authentication and secure communication, implementation of which will run to a different timetable," says David Song.

Fjalldal continues: "The revised payments services directive (PSD2) was first proposed by the European Commission in June 2013, adopted by the Parliament in October 2015 and entered into the Official Journal of the EU on 23rd December of that year, making it legally binding in all member states. Its ‘entry into force’ was the 12 January 2016 giving all member states two years to transpose it into national law."

Who is the regulation in favour of?

Bragi Fjalldal says PSD2 is primarily aimed at protecting and giving more control the consumer. However, the regulation will be create vast opportunities for 3rd party providers as well as the banks themselves. According to the European Commission the main objectives are to:

  • Contribute to a more integrated and efficient European payments market
  • Improve the level playing field for payment service providers (including new players)
  • Make payments safer and more secure
  • Protect consumers
  • Encourage lower prices for payments

Will it unify European financial services?

"PSD2 is an important step towards a Digital Single Market in Europe, which aims to make the EU's single market fit for the digital age," says David Song, Payments UK.

"The death of banks has been predicted many times over the past few decades — Bill Gates famously noted that “we need banking, not banks” back in 1994. Yet, here we are 22 years later and people are still (by and large) banking with the very same banks. While bottom-line impact remains limited, as noted above, customer disintermediation is becoming a serious issue for banks. The provision of financial services is gradually becoming more fragmented, and PSD2 is likely to substantially accelerate this trend," adds Fjalldal.

"For example, peer-to-peer money transfer is starting to take place where it is most convenient (e.g. in social media channels) and loans and credit facilities are being granted exactly when they are needed (e.g. at time of purchase). This means banks are starting to lose valuable customer touch-points."

What should banks attitude be?

Christian Schaefer says: "Perhaps the biggest challenge to the success of PSD2 is arguably the differing attitudes towards third-party providers, and the fact that PSD2 opens a completely new innovation ecosystem, which encourages competition and collaboration. PSD2 will be met with two main attitudes: those that seize the opportunity to collaborate across the industry, and those that focus on compliance only.

"Banks must needs embrace the changes, but will also need to develop a tight legal framework around new players, with clarity around the partnership model – including strong transparency around their insurance coverage, responsibilities, and so on – to ensure the stability of the system (including for corporate users)," Schaefer adds.

"Ultimately, third-party providers are aggregators, competitors, complementors, disruptors and innovators at the same time. They are game-changers – offering diversification and innovation. Clients – both retail and corporate – benefit from and desire their services, and we, as banks, need to find ways to help our clients access such solutions securely. Similarly, third-party providers are able to offer innovation, but are still new entrants to the financial landscape, and could greatly benefit from the expertise, global reputation, and resources of incumbents. Co-opetition is the answer, and PSD2 provides the framework that allows us to do so while ensuring we meet set standards. PSD2 will likely be a catalyst to innovation in the European Payment market and lead to further progress; banks across Europe can choose to either be at the forefront of that progress, or, perhaps, left behind by it."

"Banks should not only view PSD2 as a directive with which they must comply but rather embrace PSD2 as a huge opportunity to upgrade inefficient legacy systems and identify new ways to add value to their customers and the community as a whole," Fjalldal continues.

"As PSD2 draws closer, banks are beginning to plan for compliance. API level access to account data & payment initiation requires banks to rethink IT architecture and it opens commercial opportunities that can benefit end users and create new revenue streams for all players in the financial services industry.

"With all the noise about disruption and competitive threats, banks need to remember that they still have a competitive edge , most notably due to access to customers and financial data at scale. This advantage is slowly eroding, so the time to utilise it is now. No matter what, PSD2 will be a significant investment for banks and it is important to make that investment count," Fjalldal concludes.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development