What does PSD3 mean for the Europe of payments?
On February 28th, our Chief Commercial Officer, Anne-Sophie Morvan, took part in a webinar organized by France Innovation in collaboration with Partelya Consulting. The discussion revolved around the upcoming PSD3/PSR (Third Payment Services Directive / Payment Services Regulation) and how it will impact and boost the payments ecosystem in Europe. The discussion was moderated by Andrea Toucinho (Director at Partelya Consulting) and also featured Emmanuelle Choukroun (Deputy Head of Interbank Relationship at Société Générale), David Roche (Partner at Aramis) and Thibault de Barsy (Vice-Chairman & General Manager at The Payments Association EU).
Finding the right balance between innovation, security and harmonization
Andrea Toucinho first took the digital stage to introduce the topic, highlighting that “in terms of payments, the regulation is complex. It is composed of several texts. If the Payment Services Directive (PSD) is the foundation, there are many other regulations to consider”. The European Commission is more than ever pushing for the evolution of the payments ecosystem and aims at finding the right balance between security, innovation and harmonization, by reducing the different fragmentations that can be observed in the ecosystem.
The expert went through the different regulations that are to be taken into consideration when discussing payments in Europe, namely GDPR (notably with the notion of consent), AML, and in the future, regulations centered around emerging tech. Andrea Toucinho then focused on PSD1, which was all about innovation and security, with new players entering the market, and on PSD2 with the need to reinforce and harmonize previous rules. “PSR is no revolution, it is rather a natural evolution. It is about fighting fraud and bringing Open Banking to the next level. It will also unify the rules, especially between banks and non-banks, to level the playing field,” she said.
David Roche then highlighted that it was only natural to see PSD2 evolve into PSD3 as the EC keeps on amending its legislations to better suit market needs and evolutions. “It notably levels the playing field between PSPs and brings more clarifications as some aspects were until then interpreted differently. It also tackles fraud, aims at improving Open Banking through more harmonization and by protecting users,” added the Partner at Aramis.
Then, Emmanuelle Choukroun insisted on bringing the right responsibilities to the right players, by considering the entire transaction chains, and not just focusing on the merchant and the bank. She added: “Also, everyone is not at ease with digital, which highlights the need for more digital inclusion. We need to put measures in place to help these people and make sure that they can pay in good conditions”.
New measures to tackle fraud
The security aspect was also discussed by Thibault de Barsy explaining that generally speaking PSD2 helped decrease fraud. He then shared the comments made by some members of The Payments Association EU. “Verification of Payee (VoP) will be helpful to tackle fraud even more, but we must also make sure that there will be no IBAN discrimination to avoid long and painful European payment journeys,” added the expert, before explaining that other elements could potentially be used to identify a payee (email, mobile number, etc.). On the SCA topic, the PA EU members underline that some behavioural authentication means, such as encoding speed for instance, could also be envisaged to reinforce authentication processes. He then explained that more SCA exemption scenarios could be envisaged.
Emmanuelle Choukroun also welcomed the VoP obligation especially in the context of Instant Payments, and then discussed the case of manipulation, that is to say when a fraudster acts like an employee of the bank/EMI/PI and manages to “steal” money from the PSU. “The EC’s proposal to extend the responsibilities still needs to be matured, as we need to put the right people in front of the right responsibilities. We need to make sure that banks will not support the price of fraud without any action possible. Moreover, they are more actions that could be taken in terms of cyberfraud”, highlighted the Deputy Head of Interbank Relationship at Société Générale.
Anne-Sophie Morvan shared her thoughts on the VoP topic, which makes even more sense in Luxembourg since many workers live in neighbouring countries. This means that a lot of cross border transactions are processed, making IPs and VoP a key challenge for the country and also for LUXHUB.
Improving Open Banking and moving to Open Finance
Anne-Sophie Morvan then switched to Open Banking and the need for banks and Third Party Providers (TPPs) to collaborate. “LUXHUB was born in the wake of PSD2 to help banks with these regulatory – and operational – challenges, and launched its compliant PSD2 API platform. Today, it hosts other types of APIs which really opens the door for Open Finance. PSD2 was just the first step, and FiDA means that the financial services industry will have to open up, with the permission of the user of course,” underlined the CCO of LUXHUB. She also listed some of the current challenges faced by Open Banking companies, revolving around user experience and SCA, for instance: “the review of PSD2 brings more clarifications and the fact that it will be a regulation rather than a directive means more uniformity. Moreover, the lessons learned from Open Banking will benefit the development of Open Finance, as more use cases will emerge in sectors such as private banking or insurance, notably”. The LUXHUB CCO then highlighted the importance of the definition of financial data sharing schemes. In fact, data holders and users are expected to define rules on how to “share” data and how the different players will be “compensated”.
According to Emmanuelle Choukroun, “clients must be in control of their data and also understand how and who can access it. In this context, the introduction of the permission dashboard is very positive”. She also explained that for Open Banking – and in the future Open Finance – to skyrocket, frustration on both sides (banks and TPPs) needs to be limited/avoided, and finally highlighted that several interesting and added value use cases will be developed.
David Roche then explained that “data-driven finance was one of the priorities of the European Commission since 2020”. FiDA will be voted in 2024, and should be applicable within 24 months, but several key points remain open to this day, notably the inclusion or not of certain types of players, as the scope is much larger than Open Banking. Two different work streams will then be necessary for most players, one focusing on legal (ie. the creation of the FISP status) and the other on technology (as guidelines and several RTS are expected in the months to come).
What does the (near) future hold?
As highlighted by David Roche, there are still mark ups and discussions around the PSR and PSD3 texts, which should be voted by mid-2024. According to him, “European elections should not delay votes as these future regulations are not politically strategic”. PSR/PSD3 should therefore enter into application at the end of 2025. In the next months, most players will have to focus on RTS and guidelines, on several topics such as licenses, SCA, fraud, and more.
For Emmanuelle Choukroun and Société Générale, it is key to ensure the smooth transition of all payments players into the digital era. “Of course, it has already started, but it will go much further with Open Finance, with fraud and responsibilities being some of the main focuses. There are many things to create and opportunities to seize,” she added.
On the Payments Association EU side, Thibault de Barsy will continue to discuss with the European Commission, the Parliament, European Central Bank, EBA and more, to transfer the feedback gained from the members of the PA EU, with the goal to share potential scenarios and questions raised. The association will also tour Europe to meet the different local regulators.
Anne-Sophie Morvan concluded by explaining that LUXHUB will be working, in the months to come, on supporting its clients in their ¨PSR and FiDA compliance. The Fintech/Regtech will also follow with great interest the implementation of permission dashboards and the definition of financial data sharing schemes. “We are convinced that we can contribute by taking advantage of the many lessons learned over the past years and by leveraging our Open Banking knowledge,” she added.