Banks need to adapt their systems to comply with the new EU Directive on Payment Services (PSD2)

Banks and payment providers will need to adapt their systems and processes to comply with the requirements of the new EU Directive on Payment Services Directive 2 (PSD2), according to the latest white paper published by Deutsche Bank, in collaboration with PPI AG.

The white paper comprehensively explains the most important provisions of PSD2, as well as covering the directive’s impact on the operations of payment service providers and corporates. It is entitled “Payment Services Directive 2: Directive on Payment Services in the Internal Market “(EU) 2015/2366””.

PSD2 is a major update of the EU’s first Directive on Payment Services published in 2007 which laid the legal foundation for the creation of an EU-wide single market for payments. Applicable from January 13, 2018, PSD2 aims to bring EU regulation up-to-speed both with the step-change in technological development and the shake-up of the payments market that have occurred since the first directive came into force.

The European payments market has undergone a metamorphosis in recent years, thanks to several factors. For example, non-cash payments have consistently been increasing as a proportion of total payments, totalling 112.1 billion payments in the EU in 2015, an 8.5% rise from 2014.[1] At the same time, the market has seen the entry of new, non-bank, payment service providers which have brought greater choice and convenience to the consumer, and challenges and opportunities for existing providers. So far, however, these new entrants have remained largely unregulated.

In response, PSD2 introduces three major changes, alongside a number of smaller ones:

  • It extends the existing directive’s scope to cover transactions in all currencies where both the payer’s and payee’s payment service providers (PSP) are located in the EU/EEA (“two-leg-in”), as well as to transactions where only one PSP is located in the EU/EEA (“one-leg-out”). (However, certain provisions at the core of payment processing   ̶   such as those on payment transaction execution times,   ̶   continue to apply only within the scope of the first Directive.)
  • It introduces stricter safety requirements for accessing payment account information and for the initiation of payment transactions via online channels, mandating 2-factor authentication.
  • Finally, it extends market access to   ̶   and control over   ̶   third party providers of payment initiation and account information services.

“We welcome PSD2 as a further step in the development of the European payments market that will facilitate a completely new “innovation ecosystem” in payments in Europe. It widens the scope of the existing directive by covering new services and players, as well as by extending it geographically and by currency. PSD2 will strengthen consumer rights and security as well as encouraging competition in the payments space,” comments Shahrokh Moinian, Global Head of Cash Management Corporates and Programme Lead of the PSD2 Implementation Project at Deutsche Bank.

Extracts from the whitepaper:

“The clock is now ticking on implementation of an EU Directive of profound importance to Europe’s financial institutions, their corporate customers and consumers.”

 

”In introducing PSD2, the EU institutions expressly recognise that the retail payments market has experienced significant technical innovation since the introduction of PSD1. There has been rapid growth in the number of electronic and mobile payment channels as well as new types of providers and services.”

 

“While nothing in PSD2 fundamentally alters the activities of financial institutions offering payments and servicing customer accounts, its impact – and the work that will be required to implement it – will be considerable. Processes and systems will have to be adapted to take into account all the new rules, for example regarding currency conversion, value dating and availability of funds in international payments.”

 

“In response to the recent rise in volumes of digital payments across the EU/EEA employing a variety of authentication methods, one of PSD2’s major thrusts is strengthening security, as well as trying to introduce a minimum standard for authentication of all electronic payments. Concomitantly, the Directive aims to ensure that consumers enjoy increased protection of their financial data.”

 

“A major change made by PSD2 is to license and regulate the new market entrants or Third Party Providers (TPPs) – capturing the new payment channels and services that have emerged since PSD1 was adopted, especially in the areas of internet payments and online account services. Payment initiation services have evolved in e-commerce, while at the same time technology has enabled a range of complementary services such as account information services. As neither of these new types of provider were subject to PSD1, they have so far not been subject to supervision.”

Contributors: 

Shahrokh Moinian, Global Head of Cash Management Corporates, Deutsche Bank

Dr. Hubertus von Poser, Partner, PPI AG

To read the whitepaper in full, please go here.