Proposals for new rules on payment services and for financial data access across the European Union (EU) have been put forward by the European Commission.
The two sets of measures aim to ‘further improve’ consumer protection and competition in the quick-growing world of electronic payments and ‘empower consumers to share their data in a secure way so that they can get a wider range of better and cheaper financial products and services’, according to the Commission’s announcement on 28 June.
The move comes as electronic payments in the 27-member bloc continue to increase, reaching €240 trillion (about £205 trillion) in value in 2021 compared with €184.2 trillion (about £158 trillion) four years prior – a trend towards digital money that has been accelerated, as has been the case worldwide, by the Covid-19 pandemic.
New providers enabled by digital technologies have entered the market, in particular providing open banking services, the Commission notes in its announcement, adding that ‘more sophisticated’ types of fraud have also emerged ‘putting consumers at risk and affecting trust’.
The package ‘seeks to ensure the EU’s financial sector is fit for purpose and capable of adapting to the ongoing digital transformation, and the risks and opportunities it presents – in particular for consumers’, the Commission states.
OPEN BANKING / OPEN FINANCE: EXPLAINED Open banking, and its sibling concept ‘open finance’, are being encouraged by governments worldwide, in different ways and at different speeds, as a means of boosting innovation and competition in financial services. It is a reference to users sharing their data with third-parties (for example, fintech companies). ‘Open’ refers to open application programming interfaces (APIs): software intermediaries that allow two machines to interact. ‘Open APIs’ are APIs made publicly available to software developers.
PSD2 to become PSD3 – plus regulation
The first set of measures will evolve the high-profile payment services directive (PSD2) into a new PSD3 and also establish a payment services regulation (PSR) – the former would need to be transposed into EU states’ national laws, while the latter would apply directly (after entering into force).
The proposals aim to ‘combat and mitigate’ payment fraud by enabling payment service providers to share fraud-related information between themselves, increasing consumers’ awareness, strengthening customer authentication rules, extending refund rights of consumers who fall victim to fraud and making a system for checking alignment of payees’ IBAN (international bank account) numbers with their account names mandatory for all credit transfers.
It also aims to boost consumer rights in cases, for example, where funds are temporarily blocked, improve transparency on account statements and provide more transparent information on ATM charges.
Also planned is what is described as ‘further levelling of the playing field’ between banks and non-banks, in particular by allowing non-bank payment service providers access to all EU payment systems, ‘with appropriate safeguards’, and securing those providers’ rights to a bank account.
Improve the functioning of open banking is also on the cards, with the Commission proposing to remove ‘remaining obstacles’ to providing open banking services and improve customers’ control over their payment data, ‘enabling new innovative services to enter the market’.
There is an overall objective of ‘strengthening harmonisation and enforcement’, by enacting most payment rules in a directly applicable regulation and reinforcing provisions on implementation and penalties.
*** JOIN GLOBAL GOVERNMENT FINTECH’S LINKEDIN COMMUNITY ***
Financial data access framework
The proposal for a framework for financial data access (dubbed ‘FIDA’) would formally bring open finance to the bloc by establishing clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts.
It includes the possibility ‘but no obligation’ for customers to share their data with data users (for example, established banks or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (such as financial product comparison tools and personalised online advice).
At the other end, it includes the obligation for customer data holders (for example, banks) to make this data available to data users (for example, other banks or fintech firms) by putting in place the required technical infrastructure (and subject to customer permission).
It includes ‘full control’ by customers over who accesses their data and for what purpose ‘to enhance trust in data sharing’, facilitated by a requirement for dedicated ‘permission dashboards’ and strengthened protection of customers’ personal data in line with the EU’s General Data Protection Regulation (GDPR); and standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users ‘must become members’.
The Commission also refers to ‘clear liability regimes’ for data breaches and dispute resolution mechanisms as part of financial data-sharing schemes ‘so that liability risks do not act as a disincentive for data holders to make data available’. It also mentions ‘additional incentives’ for data holders to put in place ‘high-quality’ interfaces for data users through ‘reasonable compensation’ from data users in line with the general principles of business-to-business (B2B) data-sharing laid down in Europe’s Data Act proposal. Smaller firms would only have to pay compensation ‘at cost’.
*** RECEIVE OUR FREE EDITORIAL NEWSLETTER ***
‘Every interaction creates new data’
“More sharing of personal data, while retaining full control over it, will allow people to access tailored products and services that suit their needs, and also create room for the financial industry to innovate,” said Valdis Dombrovskis, the Commission’s executive vice-president for an economy that works for people.
Mairead McGuinness, who is commissioner for financial services, financial stability and capital markets union, spoke of “concrete steps to modernise not only the EU’s retail payments industry but the financial service sector as a whole”.
“In the EU’s growing data economy, every interaction in finance creates new data. It is therefore vital that European consumers remain the ones in control of their payments and they decide with whom to share this data so that they can avail of new and innovative products,” she said.
The first payment services directive was adopted in 2007 and established a harmonised legal framework for the creation of an integrated EU payments market. PSD2 was adopted in 2015. The Commission undertook an evaluation of PSD2 last year, including advice from the European Banking Authority (EBA), a general and targeted public consultation, and a 188-page report from an independent consultant.
The evaluation concluded that PSD2 has had varying degrees of success in meeting its objectives. It highlighted positive impact in respect of fraud prevention via the introduction of Strong Customer Authentication (SCA). But described ‘mixed success’ in the uptake of open banking.
RELATED ARTICLE Open banking: UK leads Europe amid “jungle of APIs” – an article (14 September 2020) about an event and report (‘The European Payments Landscape in Perspective’) focused on topics including PSD2 and open banking/open finance
‘Diverging’ implementation across EU
Although open banking existed before PSD2, the Commission points out that this took place in a largely unregulated environment. PSD2 sought to give open banking a stable regulatory framework.
The newly released proposals make numerous amendments to the open banking framework to improve its functioning, ‘while avoiding radical changes which might destabilise the market or generate significant further implementation costs’, the Commission states.
The European Fintech Association has welcomed the Commission’s proposals, describing them as ‘another step for the EU to lead the revolution towards tech-driven, fully digital financial services, providing consumers and businesses with new and innovative ways to manage their finances safely and securely.’
The association said that PSD2 had been an ‘important step’ towards increasing competition and innovation in European payments but that challenges remain.
‘Due to diverging implementation approaches across member states, as well as the multiple obstacles fintechs still face such as poor or limited data access and unmodifiable customer journeys, we have not been able to fully unlock the benefits of innovations such as open banking,’ it said in a statement.
*** The Commission on 28 June also presented legislative proposals establishing the legal framework for a possible digital euro and to safeguard the role of cash. It will ultimately be for the European Central Bank to decide if and when to issue the digital euro.
