PSD2
Unlocking the Future of European Payments
Welcome to The Engineer Banker, a weekly newsletter dedicated to organizing and delivering insightful technical content on the payments domain, making it easy for you to follow and learn at your own pace
In this latest edition of our Payment Concepts series, we will briefly revisit the foundational elements of SEPA (Single Euro Payments Area) and refresh the PSD2 (Payment Services Directive 2) regulation. Both of these topics are essential for understanding the nuances of our forthcoming articles on Open banking in Europe.
Implemented by the European Payments Council, SEPA standardizes euro-denominated bank transfers, direct debits, and card payments among 36 participating countries, including all EU member states, along with a few non-EU countries. The overarching aim of SEPA is to break down barriers to cross-border transactions, making it as simple and cost-effective to transfer funds between two different countries as it is to conduct domestic transactions.
Before SEPA, varying standards and regulations among different countries led to inefficiencies, delays, and increased costs in cross-border transactions. The implementation of SEPA has harmonized these procedures through a set of common rules and standards, enabling seamless transactions across participating countries. Businesses benefit from the consolidation of multiple domestic accounts into a single SEPA account, simplifying account management and reducing operational costs. Consumers, on the other hand, enjoy greater convenience and potentially lower fees when making cross-border payments.
SEPA is a cornerstone of financial unity in Europe, promoting efficiency, competition, and consumer benefits.
Additionally, SEPA has paved the way for increased competition and innovation in the European financial landscape. By creating a level playing field, new entrants, such as fintech companies, have the opportunity to offer payment solutions that can easily compete with those of traditional banks. SEPA has also set the stage for further advancements in digital payments, including real-time transactions and mobile payment solutions.
PSD2, The Catalyst for Open Banking in Europe
Payment Services Directive 2 (PSD2) is a groundbreaking piece of European legislation that has far-reaching implications for the banking and payments industries. Implemented in January 2018, PSD2 aims to foster competition, drive innovation, and enhance consumer protection within the European Economic Area (EEA). This legislation has been the catalyst for a wave of disruptive change, revolutionizing the way financial services are consumed and delivered.
With the PSD2, there are clear regulations on the use of payment initiation services for initiating online credit transfers and on account information services for querying and evaluating account details. This means, for instance, that you do not need to additionally log in to your online banking account with your credit institution when making a purchase online, but can instead authorise the payment via a payment initiation service provided on the retailer’s website. Using an account information service enables you to have a complete overview of the balances and transactions on all of your accounts at different banks. Under the PSD2 framework, new roles have emerged, namely the Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs aggregate information from various accounts, giving consumers a comprehensive view of their financial situation. PISPs, on the other hand, enable direct payments between the payer and the payee's bank accounts, bypassing traditional payment networks. These new actors have introduced more efficient and user-friendly ways to manage and move money.
The Payment Services Directive 2 (PSD2) and Open Banking are closely intertwined initiatives that aim to reshape the financial services landscape, particularly in Europe. PSD2 is a European Union directive that mandates banks to open up their customer data and payment infrastructure to authorized third-party providers (TPPs) upon customer consent. Open Banking is a broader, global concept that encourages the sharing of financial data between banks and third-party developers to create a more competitive and innovative ecosystem.
PSD2 can be considered the regulatory framework that has catalyzed the Open Banking movement in Europe.
The relationship between PSD2 and Open Banking is symbiotic. PSD2 provides the legal foundation that compels banks to participate in data sharing and fosters an environment where Open Banking can thrive. It sets out the rules of engagement, covering areas like data protection, customer consent, and the types of services that can be offered by TPPs. Open Banking, on the other hand, extends beyond the regulatory requirements of PSD2 to explore innovative applications of this newfound data accessibility. While PSD2 focuses primarily on payments and account information services, Open Banking paves the way for an array of additional services such as personal financial management, more informed credit scoring, and seamless switching between different financial products. Open Banking initiatives have been adopted across various jurisdictions, each with its own unique regulatory framework and objectives. Here are some notable Open Banking initiatives from around the globe:
Europe: PSD2 (Payment Services Directive 2) - The European Union's flagship regulation that mandates financial institutions to open up their APIs to authorized third-party providers.
United Kingdom: UK Open Banking Standard - Developed by the Open Banking Implementation Entity (OBIE), this standard guides how financial data should be created, shared, and accessed in the UK.
India: Unified Payments Interface (UPI) - An instant payment system developed by the National Payments Corporation of India, acting as a facilitator for open banking.
Australia: Consumer Data Right (CDR) - This allows consumers to securely share their data with authorized service providers, starting with the banking sector.
Singapore: SGFinDex - This is a financial data exchange platform backed by the government, allowing the sharing of financial information across different institutions
Driving Innovation Through Open APIs
One of the key elements of PSD2 is the mandated opening up of banks' data through Application Programming Interfaces (APIs). By compelling banks to allow third-party providers (TPPs) access to customer accounts (with the customer's permission), the legislation has democratized financial services. This open approach has led to the proliferation of various value-added services such as budgeting apps, financial dashboards, and more seamless payment experiences.
Enhanced Consumer Protection
Consumer protection is another significant aspect of PSD2. The legislation mandates stronger identity checks, often referred to as Strong Customer Authentication (SCA), for online payments. This requires at least two independent authentication factors—such as something you know (password), something you have (mobile phone), or something you are (biometric verification). The goal is to mitigate the risk of financial fraud and unauthorized transactions.
Competition and Collaboration
By leveling the playing field between traditional financial institutions and agile fintech startups, PSD2 fosters a more competitive environment. This is a win-win for consumers, who benefit from more choices, better services, and potentially lower costs. It's not just small fintechs taking advantage of this newfound openness; large technology companies like Apple and Google have also entered the payments landscape, leveraging their massive user bases.
API Fragmentation
The introduction of the Payment Services Directive 2 (PSD2) and the broader Open Banking movement aimed to create a more competitive and innovative financial ecosystem in Europe. However, a significant challenge that has emerged is API fragmentation. Unlike the Single Euro Payments Area (SEPA), which aimed to standardize payment methods, PSD2 has led to a splintering of API designs and implementations across various financial institutions. This fragmentation creates challenges for third-party providers (TPPs) who aim to offer services across multiple banks and countries, as they have to adapt to different API structures, protocols, and data formats.
Initially, the lack of standardization could be attributed to the absence of a governing body to oversee the creation of a uniform API design, unlike the role the European Payments Council (EPC) played in SEPA's implementation. Financial institutions had the liberty to design their APIs based on their understanding of the PSD2 regulation, often resulting in inconsistent APIs that offer varying levels of functionality and accessibility. Additionally, each institution might implement different security protocols, adding another layer of complexity for TPPs.
This API fragmentation adds operational overheads for TPPs in terms of development, testing, and ongoing maintenance. It elongates the go-to-market time for new services, as each integration can become a project in itself. Moreover, the inconsistency in API designs could also lead to fragmented user experiences, as the same service could behave differently depending on the underlying bank’s API. This goes against the very principle of PSD2 and Open Banking, which aim to foster an integrated, seamless financial services environment.
To tackle this, some industry consortiums like the Berlin Group and UK’s Open Banking Implementation Entity (OBIE) have taken steps to create standardized API frameworks. However, adherence to these frameworks is not mandated, and therefore many financial institutions continue to use their unique API implementations. The challenge of API fragmentation in the PSD2 and Open Banking landscape underlines the importance of not just regulation but also effective standardization efforts. The industry needs a coherent strategy to deal with fragmentation, perhaps learning from the success of SEPA, to ensure that the goals of competition, innovation, and seamless user experience are fully realized.
Regulatory Challenges and Future Outlook
While PSD2 has catalyzed innovation, it has also posed challenges in terms of compliance, data security, and customer education. Financial institutions have had to invest significantly in updating their systems, ensuring robust security protocols, and educating customers on the benefits and risks associated with sharing their financial data. As the industry adapts to this paradigm shift, the focus now turns to the implementation and potential expansion of these regulations. On June 28, 2023, the European Commission published a set of new legislative proposals aimed at ushering in the digital era for payments and the broader financial sector, with a particular focus on consumers. One of these proposals is an updated directive on payment services and electronic money services (“PSD3”). Furthermore, the Commission published a proposal for a Payment Services Regulation (“PSR”) and a proposal for a Regulation on a framework for financial data access (“FDA”).
PSD2 has been a transformative force in the European financial ecosystem, shaping the future of banking, payments, and consumer protection. Its long-term impact is still unfolding, but it's clear that the directive has set a precedent for the rest of the world to follow.