How open banking will change after entering into force new PSR and PSD3

As of 28th June 2023, the European Commission unveiled a draft proposal for a comprehensive Payment Services package. This package comprises the third Payment Services Directive (PSD3) and a new Payment Services Regulation (PSR), which are set to supersede the existing PSD2 and Electronic Money Directive.

Open banking opportunities in PSD2

PSD2 has opened up significant opportunities for open banking. In open banking, AISPs and PISPs provide or enable value-added services to users by accessing their account data from banks and other payment account providers upon user request.

Before PSD2, open banking operated in an unregulated environment, but the introduction of PSD2 brought a stable regulatory framework to this field.

Under PSD2, banks must facilitate access to payment data for AISPs and PISPs through a secure interface.

These value-added services encompass various offerings, such as providing consumers with a comprehensive view of their financial situation and analysing their spending patterns, expenses, and financial needs.

Additionally, PSD2 has played a significant role in enhancing efficiency, transparency, and the range of payment options available to consumers, as it has paved the way for the emergence of new payment methods since its implementation.

Main issues of PSD2 regarding open banking

1. The existing technical infrastructure for data sharing needs to be improved, with significant variations in the quality and functionality of APIs leading to frequent failures in open banking operations.
2. Potential customers express trust-related concerns, particularly regarding privacy. Consumers are cautious about the extent of information companies might gather about them.
3. The rights and responsibilities of financial services companies and open banking participants lack clarity, creating ambiguity in the industry.
4. Security is a significant concern, as increased access through open banking raises the risk of cyberattacks. The financial system faces numerous threats in this domain.
5. The lack of standardised data poses a challenge in sharing consistent and compatible information across open banking platforms.
6. There is also a concern about whether companies will manage consumers’ data in their best interests.

As part of revising the second Payment Services Directive, the European Commission’s objective was to address the challenges associated with open banking.

The European Commission evaluated PSD2, focusing on charges, scope, thresholds, and access to payment systems. The evaluation, which took place in 2022, involved input from the European Banking Authority (EBA), public consultations, both general and targeted, and a report from an independent consultant. Based on the evaluation findings, the Commission has proposed amendments to PSD2, accompanied by an impact assessment.

Main changes in open banking after entering into the force the new PSR and PSD3

The amendments will improve the functioning of EU payment markets regarding open banking.

1. Simplify the application of SCA in respect of payment account information services.

According to new requirements, banks will only require SCA for the initial access to payment account data by open banking account information service providers unless there are valid reasons to suspect fraud. Subsequent data accesses will be the responsibility of the account information service providers to ensure SCA is applied.

2. Dashboard – consumer control over their data access permissions

Under the proposal, banks and payment account providers must establish a user-friendly “dashboard” that enables consumers of open banking services to view and manage their granted data access rights easily.

This dashboard will give users a clear overview of which entities have been granted access to their data and provide a convenient way to revoke access through this platform. By implementing this measure, the proposal enhances personal data protection following the General Data Protection Regulation (GDPR). It aligns with the principles of business-to-business data sharing outlined in the Data Act proposal.

3. Dedicated data access interfaces – performance of data interfaces, removing obstacles to open banking services

Proposed regulations include significant new requirements for dedicated data access interfaces. A list of prohibited barriers to data access is introduced, aiming to ensure smoother access to data. As part of these changes, banks will no longer be required to permanently maintain two data access interfaces (a dedicated one and a “fall-back”) unless exempted. However, open banking providers will still have access to contingency data access options in specific and temporary situations to safeguard their business continuity in the event of primary interface unavailability.

4. Protect the business continuity of open banking providers

The European Commission recognises the critical importance of uninterrupted data access for open banking providers (AISPs and PISPs) who have been granted permission to access such data by their clients. In the event of a disruption in a bank’s open banking interface that could potentially harm data access for providers, and if the bank is unable to offer an effective alternative solution promptly, providers have the option to request permission from their national authority to temporarily use another interface, such as the one used by banks for their customers. The providers can utilise this temporary alternative interface until their dedicated interface is restored, ensuring uninterrupted business operations.

The authority may impose a deadline for the bank to restore the dedicated interface, and failure to meet this deadline may result in penalties. Following civil law, open banking providers also retain the right to seek compensation from the bank for any business losses incurred.

5. Standardisation of customer data and access interfaces

The proposal grants customers the right to access their data held by financial institutions (“data holders”) electronically and without additional charges. It introduces a general obligation for data holders to make customer data available to data users upon customer request.

The proposal mandates that data holders and users become members of a financial data-sharing scheme to facilitate this data sharing. This scheme will be responsible for developing standards for customer data and access interfaces, which all scheme members must implement. The proposal also includes eligibility criteria for data users to ensure that only authorised and supervised entities can access customer data.

Standardisation of customer data and sharing interfaces is crucial for enabling large-scale data aggregation and sharing across the EU’s financial sector. The proposal aims to achieve this standardisation. Additionally, it seeks to ensure that data holders comply with the established standards and have sufficient economic incentives to provide high-quality interfaces. The costs associated with implementing these standards and interfaces will be allocated between data holders and data users. Financial data-sharing schemes will also be required to establish a clear liability framework and dispute resolution mechanisms.

Sources: Payment services: revised rules to improve consumer protection and competition in electronic payments; Keynote speech by Commissioner McGuinness at event in European Parliament “From Open Banking to Open Finance: what does the future hold?”.