*** Be aware!!! This article is a result of a natural intelligence activity and can not be as comprehensive as such performed by artificial intelligence and can be subject to additional improvements...
The long-awaited change in the European payment legislation is a fact, as the European Commission presented it's proposal for the new payment directive PSD3. The legislative act has its background of two years of consultation and research amongst all participants in the payments business and especially the Open Banking ecosystem. IRIS Solutions was engaged in this process and is happy to see that a lot of the suggestions made by the European Digital Finance Association working group on open banking are reflected.
The main two changes in the legislation are that the proposal pack consists of a set of two separate legislative acts:
A proposal for a Directive, containing in particular rules concerning licensing and supervision of payment institutions (PSD3);
A proposal for a Regulation, containing the rules for payment service providers providing payment and electronic money services.
As the second big change is the merger of e-money and payment services regimes into one single piece of legislation.
As part of the legislative package, the Commission has also published a proposal on a framework for the financial data access (FIDA framework), extending financial data access beyond payment accounts to more financial services and introducing the next step in the Open Data evolution - Open Finance. Expect our opinion on the subject in the coming days...
In the next few lines, we will try to bring out the opinion of Iris Solutions on the key points in the updated legislation not only in the focus of open banking.
The overall payments topics:
New or updated definitions for payment accounts, payment instruments, Strong Customer Authentication (SCA), and remote initiation of a payment transaction
Updated understanding on the limited network and specific-purpose instruments and transactions
An amendment is made to the Settlement Finality Directive (98/26/EC) to add payment institutions to the list of institutions that have the possibility to participate directly in payment systems designated by a Member State
New regime and requirements when SCA is outsourced to tech vendors
Provisions to improve the accessibility of SCA, in particular, to ensure that all customers, including persons with disabilities, older persons, persons with low digital skills, and those who do not have access to digital channels or a smartphone
A new provision requiring PSPs to have transaction monitoring mechanisms in place to provide for the application of SCA and to improve the prevention and detection of fraudulent transactions
Clarification on dynamic linking obligation - applies to electronic payment transactions for which a payment order is placed through a payer’s device using proximity technology for the exchange of information with the payee’s infrastructure, and for which the performance of strong customer authentication requires the use of internet on the payer’s device
NFC should therefore rather be considered as a functionality of a payment instrument and not as a payment instrument as such.
Member States may extend the prohibition or limit the right of the payee to request charges for the use of payment instruments other than for which interchange fees are regulated (for example credit transfers and direct debits).
In case of credit transfers, the payment service provider of the payee shall, free of charge, at the request of the payment service provider of the payer, verify whether or not the unique identifier and the name of the payee as provided by the payer match, and communicate the outcome of this verification to the payment service provider of the payer. Where the unique identifier and the name of the payee do not match, the payment service provider of the payer shall notify the payer of any such discrepancy detected and inform the payer of the degree of that discrepancy.
The rules for merchant-initiated transactions (MITs) and direct debits are aligned, applying the same consumer protection measures, such as refunds, to direct debits and MITs as both are transactions initiated by the payee
and Open Banking specific:
ASPSPs can not charge for data access
License as a service - a modification of the definition of account information services, to clarify that the information aggregated by the authorized account information service provider may be transmitted to a third party to enable that third party to provide another service to the end-user, with the end-users permission
The response time of the dedicated interface to account information service providers and payment initiation service providers’ access requests shall not be longer than the response time of the interface that the account servicing payment service provider makes available to its payment service users for directly accessing their payment account online
ASPSPs shall not be obliged to also maintain permanently another interface as a fall-back for the purpose of data exchange with account information and payment initiation service providers
Secured screen-scraping is permitted under exceptional conditions - in case of unavailability of a dedicated interface, open banking service providers should be able to request to a national competent authority to make direct use, under some conditions and subject to duly identifying themselves, of the customer interface until the dedicated interface is again available.
Explicit description of transaction types covered - with regard to payment initiation services, the dedicated interface should allow not only the initiation of single payments but standing orders and direct debits.
Requirement for Account Information Service Providers to conduct their own subsequent authentications of the PSU, once the initial authentication has expired, namely after 180 days
Removal of the provision on confirmation on the availability of funds as a stand-alone service due to lack of market demand.
New regime for funds confirmation - the immediate confirmation, upon request, in a simple ‘yes’ or ‘no’ format, of whether the amount necessary for the execution of a payment transaction is available on the payment account of the payer;
The account servicing payment service provider shall provide the payment service user with a dashboard, integrated into its user interface, to monitor and manage the permissions he or she has given for the purpose of account information services or payment initiation services covering multiple or recurrent payments
Explicit list of prohibited obstacles to data access introduced
The proposals will be reviewed by the European Parliament and Counsel.
PSD3, as an EU directive, will need to be transposed into national laws.
The PSR, as an EU regulation, will directly apply in EU member states after entering into force.
The PSR will become applicable 18 months after publication in the Official Journal of the EU and EBA should update the RTS within a period of 12 months.
Comments from IRIS Solutions
Our first impressions of the PSD3/PSR texts are that they are quite balanced - the balance between the interest of the ASPSPs and TPPs/Fintechs.
During the consultation period, the TPPs required improvements in the tech specification, and certain clarifications in the legislation of PSD2 as they were subjective interpretations and distorted in one direction or another. And we can confirm that most of them found realization in the acts.
We firmly welcome the changes we have been waiting for so long. We believe that, in their entirety, they will take Open Banking to a new level and it will be an ever-increasing factor in the banking reality. They further strengthen its position and are in response to the numerous attempts to indicate that Open Banking has no future, on the contrary, PSD3 opens up even more opportunities for the future.
Something we are missing in the document is the regulation for a global EU standard for the APIs, as for us this is the best and fastest way for improving the performance of the ASPSPs dedicated interface. We understand and accept the European Commission's reasons for not undertaking such a radical change.
Another topic on which we can express our doubts is the fact that the new regulation is introducing a hidden approval for screenscraping if the dedicated interface is not available for two days. We will expect EBA’s guidelines on this topic, as this can lead to an act of lower monitoring of the interface performance from the TPPs and the effective execution will require the active role and engagement of the National Competent Authorities.
The new legislative acts empower us in our goal to be the Open Banking ambassador in the SEE and we will continue to search for devoted partners. The last five years set the stage for the Open Banking ecosystem, and the next five will mark its intense growth.
We will be more than happy to answer your all questions or address your need for assistance, as you can reach out to us by writing to firstname.lastname@example.org