Brief background and introduction
The PSD3, is an upcoming framework being proposed by the European Commission that aims to regulate electronic payments and the banking ecosystem within the European Union and the single market with a forward looking approach to cater for the digital age.
The proposed framework branches from a previous PSD3 consultation, which had three separate initiatives: a public consultation, a targeted consultation on the technical aspects of PSD2, and a targeted consultation on open finance including open banking which came to an end on August 3, 2022.
Following the latter consultations, the EU now has just laid out its new proposed PSD3 framework which intrinsically includes a proposed new payment services regulation (PSR), a separate draft directive consolidating e-money institutions rules with those applicable to payment services (PSD3) and a legislative proposal on a framework for financial data access, extending financial data access and use beyond payment accounts and which builds on existing data access rights that apply in the payment services market and, more generally, under existing data protection laws.
The new proposed framework quintessentially fulfils a pledge from the Commission's 2020 Retail Payments Strategy by ensuring that the regulations governing the EU retail payments industry remain fit for purpose, taking market changes into account, and fostering the growth of immediate payments in the EU.
Some salient elements of the proposed framework
The main aim of this new proposed framework can be briefly summarised as follows:
- Combat and mitigate fraud by allowing payment service providers to share fraud-related information and introducing new anti-fraud measures, extending refund rights to victims of fraud, mandating a system for checking the alignment of payees' IBAN numbers with their account names for all credit transfers and mandating stronger customer authentication rules.
- Improve consumer rights, improve transparency on their account statements, and offer more transparent information on ATM fees.
- Increase cash availability in outlets and through ATMs by allowing businesses to give cash services to clients without needing a purchase and clarifying the regulations for independent ATM operators.
- Simplify existing PSD and EMI regimes by consolidating payment institutions under one regime where all payment rules applicable to PSPs will be contained in a directly applicable regulation & where payment institutions would also be obliged to provide national regulators within the EU new information, including a description of their procedure for handling security incidents and a description of their ICT business continuity plans and ICT response and recovery plans.
- Augment safeguarding requirements in certain instances for better user protection.
- Introduce more clarity on passporting and an introduction of a provision on triangular passporting.
- Allow non-bank payment service providers access to all EU payment systems while ensuring their rights to a bank account.
- Ensure fairer competition between banks non-bank PSPs to align prices with market supply and demand.
- Extend the surcharging prohibition to credit transfers and direct debits in all currencies of the EU.
- Improve Open Banking functionality and client control over payment data, and allowing new creative services to join the EU single payment market.
- Introduce new powers for EBA including to temporarily prohibit the sale of certain payment products which would present certain risks, subject to certain criteria.
Tangibly, the proposed framework aims to achieve its objective by enforcing as well specific user rights particularly around their data, and thus it provides explicit rights and duties to regulate consumer data sharing namely trough :
- More exchange of customer data in a secure machine-readable manner with data users in order to obtain new financial and information goods and services.
- Enticing customer data holders to make available through a more transparent as well as consent driven mechanism more data to users.
- In line with the above and reminiscent from what is proposed under EIDAS2, allowing full and complete control by customers in line with GDPR, over who has access to their data and for what purpose, assisted by specialised permission dashboards and increased security of customers' personal data.
- Introducing incentives for data holders to implement high-quality interfaces for data users through acceptable payments from data users in accordance with the Data Act.
- Standardisation for data exchange schemes.
- Clear liability frameworks for data breaches and dispute resolution processes.
- Seamless electronic payments and transactions in the EU, whether they are domestic or cross-border.
The proposed framework also introduces new obligations on account servicing payment service provider (ASPSP) and new rights for 'payment initiation service providers' (PISPs). Some of the new obligations for the ASPSP and rights of PISPs include :
- Detailed requirements on the technical information to be provided by ASPSPs about their dedicated interfaces to AISPs and PISPs.
- ASPSP to make available to the PISPs, the unique identifier of the account, the associated names of the account holder and the currencies as available to the payment service user prior to initiation of a payment transaction.
- ASPSPs are to ensure that their dedicated interfaces use standards of communication which are issued by European or international standardisation organisations including the European Committee for Standardization (CEN) or the International Organization for Standardization (ISO).
The aim of this new proposed framework is very ambitious and it’s an important step to further consolidate the EU single payment market and imbue the proposed new payment regulations with the right elements to embrace the digital age.
This proposed framework however is still in early stages and has a long way to go as it still needs to pass through the EU Council and EU Parliament for the first agreed drafts to then proceed to trilogue procedure, where the Commission, Council and Parliament will have to agree on a compromised text and which most likely happen next year.
Article by Dr Ian Gauci.
For more information please contact Dr Ian Gauci or Dr Cherise Abela Grech.