Feature: The journey from PSD2 to PSD3

Ellie Duncan,
30 Mar 2022

Since the European Commission’s Second Payment Services Directive (PSD2) came into force in 2016, Open Banking in Europe has come a long way.

While the regulation created an Open Banking ecosystem many other regions and countries seek to emulate, it has also created the need for unified API standards across Europe.

Maria Palmieri, head of policy at Open Banking infrastructure provider Yapily, says there is “no doubt” PSD2 has fostered innovation in the European payments landscape, “encouraging more competition and the development of new services and products for consumers and businesses”.

Now with PSD3 on the horizon, many in the industry feel that Europe can improve on PSD2, including in areas such as fraud, API standards and Strong Customer Authentication (SCA).

“The European Commission has the opportunity to go one step further and resolve some of the systemic issues that have surfaced as the Open Banking ecosystem continues to grow at pace,” she adds.

Top of the agenda

Ana Climente Alarcón, head of Open Banking at digital bank BBVA Spain, believes there are several issues that need to be addressed by PSD3, starting with the strengthening of fraud prevention.

“Regulating the possibility of quick recovery of funds in case of fraud/suspected fraud is a must,” she says.

In addition, Climente Alarcón would like to see the directive establish filtering and anti-money laundering measures “appropriate to the new reality that immediate payments require, with the possibility to reduce measures in intra-EU payments”.

She also sees it as an opportunity to “redefine” SCA for users to “reduce the current friction” for customers and welcomes measures like the European Banking Authority’s (EBA’s) proposal to extend the 90-day period to 180 days.

Ghela Boskovich, head of UK, FDATA Europe, agrees that the current 90-day re-authentication requirement “hinders the end-consumer’s ability to stay connected to services, move their data and their money, and leverage innovative services and products to maximise the economic value of their money”.

She says: “Getting the re-authentication changed to a consent model will transform the way consumers can access open banking services, as well as smooth the way for TPPs to provide value.”

Tackling fragmentation in Europe

The main criticism of PSD2 is it has failed to solve the issue of fragmentation in Europe. Therefore, many in the industry hope the next iteration of the directive could tackle this.

In February 2019, Accenture published a blog titled ‘How instant payments and PSD2 could pave the way to PSD3’, in which it suggested PSD3 could “eliminate fragmentation by including a more precise and concrete specification of API standards, directory services and infrastructure”.

Yapily’s Palmieri says: “As we embark on the journey from Open Banking towards Open Finance, a regulatory framework for the future will need to unite the fragmented approaches currently adopted by different EU member states, recast the net for those captured by anti-money laundering requirements, and take on a broader scope to include more than just payments accounts.”

Climente Alarcón believes there are three ways in which PSD3 can unify Europe. The first of which is API standardisation, to “foster innovation and make the market grow faster”, and she suggests the use of common API standards, such as those from the Berlin Group, could “fill this gap”.

She adds: “Expand the concept of open APIs and open data to other sectors, following the paradigm that the end-customer owns its data, wherever it is processed/stored during his customer journeys.

“[Thirdly], define pan-European complaints management and dispute mechanisms.”

Harmonisation may not be as simple as a new regulation, according to some. The Berlin Group is a pan-European payments interoperability standards initiative, comprising participants from 10 different eurozone countries and from Bulgaria, Denmark, Hungary, Iceland, Norway, Russia, Serbia, Sweden, Switzerland, Turkey and the UK. Combined, they represent more than 25 billion card-originated transactions annually within the Single Euro Payments Area (SEPA), according to its website.

The group’s open finance moderator, Wijnand Machielse, says the Berlin Group is evidence of harmonisation as it has been adopted by over 75% of European banks: “Europe is, in our view, not as fragmented as many people might think.

“Fragmentation exists in implementations, due to the regulatory requirement to mirror the existing online banking interfaces and due to differences in national legislations – since PSD2 is a directive, it is required to be transposed in national legislation, with obvious differences between the countries.”

Next stop: Open Finance

It follows that with Open Banking having been implemented across Europe, PSD3 must get those same countries on the road to Open Finance.

How can the next directive ensure the region and its member countries progress from Open Banking to Open Finance?

The Berlin Group announced in October 2020 it had begun work on an Open Finance API framework that will “offer a modern, harmonised and interoperable set of APIs as the safest and most efficient way to provide data securely”, it stated in a press release at the time.

Machielse says: “This is mainly a market-driven effort where the API access schemes will have to provide for clear scheme rules.

“[The] Berlin Group has already advanced from Open Banking to Open Finance and is delivering the technical bits and pieces to make Open Finance work.”

Climente Alarcón suggests that before moving forward, the industry needs to assess the true impact of the PSD2 Open Banking obligations in the market.

However, she says any progress towards Open Finance should be based on a few principles, including the creation of a “true level playing field” based on a global data portability regulatory framework, with “common rules between regions and sectors that encourage a greater exchange of all the data that each user consents to share, in a standardised way and in real time to solve the current asymmetry in data access/sharing”.

She also calls for a “balance” between industry commitment and the involvement of public authorities when it comes to Open Finance.

“Consumers’ needs are the main driving force of innovation in payments in the EU. Regulators have a key role in defining the regulatory framework but without imposing rules that prevent innovation,” she says.

“In this era marked by user needs evolving at enormous speed, sustainable business models will encourage PSPs to respond to these challenges and boost innovation.”

There are clearly a lot of stakeholders for PSD3 to satisfy when it does come to fruition. What any advancement of the directive comes down to is the consumer and ensuring they are at the heart of an Open Finance ecosystem.