In June 2023, The European Commission announced its proposals on regulations governing the payment services industry within the union. The much-anticipated third Payment Services Directive (PSD3) represents the completion of the Commission's review of the second Payment Service Directive, released nine years ago and is slated for release in the first half of 2025.

Since 2016, when PSD2 was introduced, the payments landscape has undergone significant changes. The forthcoming PSD3 has not only brought about added responsibilities but also potential opportunities. This has spurred merchants, banks, fintech firms, card networks, and payment processors into action as they prepare to seize these opportunities and navigate the evolving regulatory environment.

PSD3, PSR and FiDA in a nutshell

The 3rd Payments Services Directive and Payment Service Regulation are necessary to establish a more balanced and competitive EU payments market. Though implementing PSD3 into national legislation may lead to differences in interpretation, the regulations outlined in PSR guarantee equal application throughout all member states. This will help to reduce discrepancies and disparities between member states, fostering a more unified payments market. Additionally, PSR presents an exciting opportunity for the evolution of open banking by enhancing APIs, defining minimum open banking functionality requirements, and granting non-banks legal access to payment settlement systems.

The PSR is a positive development for open banking in the EU. The proposed changes demonstrate that the European Commission recognises the challenges faced by open banking and is taking measures to address them. By establishing minimum standards for open banking functionality and creating a level playing field, PSR promotes a more unified and competitive market, encouraging innovation and competition in the payments industry.

The Financial Data Access is one more framework proposed by the European Commission last summer, and it represents another step towards creating a more efficient and accessible financial system in the EU. By opening up currently siloed financial information, FIDA will allow EU citizens to participate in a real data economy.

With detailed access permission dashboards, users will have full control over who has access to their data. This will create a host of new services and favourable conditions for cross-sector offerings, benefiting both the finance industry and end customers alike. Overall, the PSD3, PSR, and FIDA initiatives represent significant progress towards creating a more competitive, innovative, and accessible financial system in the EU.

What does the proposal for PSD3 and PSR aim to achieve?

The proposals for PSD3 and PSR pursue four specific objectives. These objectives include:

1. Strengthening user protection and confidence in payments

2. Improving the competitiveness of open banking services

3. Improving enforcement and implementation in Member States

4. Improving (direct or indirect) access to payment systems and bank accounts for non-banking Payment Service Providers (PSPs). 

The impact assessment suggests several measures to achieve these objectives. These measures include improvements to Strong Customer Authentication (SCA), extended IBAN verification to all credit transfers, user rights, and requirements for Account Servicing Payment Service Providers (ASPSPs) to create a dedicated data access interface and “permissions dashboards”. The initiative represents progress towards creating a more competitive, innovative, and accessible financial system in the EU, particularly in the Open Banking sector.

How do PSD3 and PSR address challenges in open banking, particularly regarding API deployment, account holder identification, and latency requirements?

Open banking faces an issue where some ASPSPs do not reveal the account holder's name that initiates a payment. This creates difficulties for PISPs (Payment Initiation Service Providers) in verifying the payer's identity. To address this challenge, the PSR mandate requires the ASPSPs  to share the unique identifier of the account, and the associated names of the account holder with the PISP before initiating the payment.

Furthermore, PSR has established requirements for Open Banking APIs (Application Programming Interfaces) regarding response times and availability. The APIs should respond with a latency rate that matches the speed of online or mobile banking applications.

What about the challenges related to SCA and customer experience?

The Instant Payments Regulation has extended the IBAN and name check requirements to all types of credit transfers under PSR due to the difficulty PISPs face verifying the payer's identity. As open banking gains momentum, the European Banking Authority (EBA) will incorporate changes into technical specifications, and banks will need to update their APIs and SCA requirements accordingly. This will allow customers to enjoy a more streamlined and convenient open banking experience, avoiding multiple app redirections, complex authentication steps, session timeouts, and inconsistent user interfaces. Payments will no longer be restricted to trusted beneficiaries lists or domestic beneficiaries, and the new regulation also seeks to improve payment status and error messaging.

To improve the user experience of open banking, ASPSPs must also offer customers a dashboard that allows them to easily revoke data access from any open banking provider. This feature will enable users to manage their open banking permissions in a more convenient and hassle-free manner.

What other significant changes will PSD3 and PSR bring to Open Banking?

Article 65 of PSD2 mandated the availability of funds confirmation as an open banking service. However, this service has gained minimal market interest, leading to few business models built around it. As a result, many businesses use Account Information Service (AIS) instead of this service to check fund availability; hence, recognising this trend, regulators have removed the obligation to offer this service as a standalone option in open banking.

In addition, I’d like to highlight that banks will no longer be mandated to support a fall-back channel permanently. This move is aimed at promoting the use of more robust and efficient API based access, reducing reliance on backup interfaces which were once compulsory.

How do we ensure compliance and enforcement within the open banking ecosystem?

National Competent Authorities (NCAs) must encourage open communication between the various actors in the open banking system on a national level. If ASPSPs and Account Information (AISP) and Payment Initiation (PISP) Service Providers fail to meet their obligations, they should face appropriate penalties. 

The European Banking Authority is tasked with regular monitoring of the open banking market across the EU. This includes coordinating with NCAs to ensure they can effectively enforce regulations. Gathering and analyzing data on open banking will help bridge existing information gaps and enable a better understanding of its adoption and impact across member states.

How does FiDA intend to regulate access to financial data and align with the proposed Data Act?

FiDA aims to regulate access to financial data besides payment account data and provide compensation to those who offer this data. This regulation will differ from the one governing payment account data access. FiDA is designed to ensure data access across industries and prevent any potential disruptions. In the financial market, it allows banks and fintechs to establish contractual relationships with possible compensation for access to payment account data and provision of open banking services. However, even in cases where a multilateral contractual arrangement is in place, access to payment account data under this regulation without a requirement of a contractual relationship should always be possible. Any compensation for value-added services, such as aggregated financial dashboards, budgeting and expense tracking, alternative credit scoring models, customised loan products, tailored investment advice, enhanced KYC, must be in line with the proposed Data Act after its date of application.

How soon can we expect to see PSD3 implemented, including the legislative process, national incorporation, and market compliance? What recommendations are provided for companies to prepare for these changes?

According to estimates, EU member states are usually granted an 18-month transition period. Therefore, the PSD3 directive and the PSR regulation will likely apply in 2026. Companies are advised to explore ways of adapting their systems as soon as PSD3 and PSR undergo all necessary legislative procedures within member countries.

In light of PSD3 and PSR proposals, what conclusions can be drawn?

The newly drafted regulation and directive aim to provide a better user experience throughout the EU, leading to greater user acceptance of open banking. Merchants, lenders, and banks themselves are showing a high level of interest in open banking due to its innovations, customer experience enhancements, and cost-effectiveness compared to cards. However, to encourage consumers to use open banking-enabled services on a larger scale, ensuring that the user experience is seamless and instils confidence is crucial. PSR is a step towards achieving this goal.