Geopolitical uncertainties and macroeconomic challenges have resulted in increased innovation that have ensured that RTGS and Faster Payments rails are superseded by instant payments and paved the way for ISO20022. This could not have been possible without legislation and support from regulators. October 2022 saw the European Commission announce a proposal to make instant payments in Euros available to all citizens with a bank account in the European Union or European Economic Area.

This is an excerpt from Future of Payments 2023.

The aim of this endeavour was to increase the number of instant payments, eradicate fees for instant payments, ease the sanction screening process and boost security and confidence in real-time transactions. By mandating that banks and payments services providers (PSPs) provide instant payments, uptake of the SEPA-wide instant payment scheme should see major uptake across all countries in Europe, not only regional pockets where payments innovation has flourished.

The Cecabank spokesperson agrees with this and says that making instant payments mandatory “has the objective of accelerating the adoption of this said payments while making them more secure with the incorporation of elements such as beneficiary verification. This objective should not collide with competition in terms of service offerings and pricing strategies among PSPs, considering also that any new payment infrastructure has its costs for intermediaries, and these costs may vary between instant and non-instant payments.”

High time for a review of PSD2, open banking and open finance

In addition to further developing the payments framework with proposals for instant credit transfers in Euros, the Payment Services Directive (PSD2) is under review. Gaps in the legislation and grey areas need to be clarified now that open banking has evolved to open finance, creating new opportunities for new industry entrants. Further data protection and API standardisation is also required.

It is still to be determined what a potential PSD3 will incorporate, but a number of recommendations were made last year. For example, the new regulation will call into question some of the newer, yet successful payment methods in the landscape, such as digital wallets, transactions involving cryptocurrency assets or Buy Now Pay Later.

A new legislation, as with all mandated change, could have substantial implications for the payments ecosystem, especially for those organisations that rely on APIs. In Cecabank’s view, we must keep this potential shift front of mind.

“We must also not forget the anticipated modification of the second Payment Services Directive (PSD2) and the need for upcoming changes aimed at contributing to a faster extension of payments innovation. These changes should improve the usability for consumers in cases where the PSD2 has shown room for improvement.”

Open finance refers to the sharing, access, and reuse of personal and non-personal data for the purposes of providing a range of financial services, moving towards data-driven innovation. This initiative should also seek to provide customers with broader choice, as well as increased personalisation.

With personalisation comes improved access for all segments of customers and organisations, such as SMEs, the underserved and the unbanked. Furthermore, giving consumers meaningful control over how their data is shared and reused helps facilitate interoperability of data in open finance. AI and ML models are also being utilised to build these tailored products, but also ensuring financial institutions focus on more accurate prudential risk management.

However, some believe that the industry has not and must get open banking right before we move on to bigger and better things. The UK, arguably the birthplace of open banking, or at least, where it was first regulated, has more recently outlined a review to the mandated open banking rules. The Joint Regulatory Oversight Committee (JROC) has proposed its aims and timeline for moving forward this initiative, to lay the foundations for open finance.

MiCA and DORA policies still need to be established

As part of its Work Programme, the EBA’s priorities for 2023 to 2025 include delivering both the Markets in Cryptoassets (MiCA) regulation and the Digital Operational Resilience Act (DORA), and depending on the outcome of the legislative process, the policy work will need to be developed in advance of the application date. Innovation and the effective use of data also come into play here, as the market prepares for the implementation of these regulations.

Regarding MiCA, the volatility of the cryptocurrency market in 2022 confirmed the need for greater regulatory clarity across this area of financial services and this standard is expected to come into force by the end of 2024. The legislation’s intention is to create a single market as well as one regulatory and operating environment across Europe by including registration and authorisation requirements for crypto issuers, exchanges, and wallet providers.

The new rules will force stablecoin issuers and cryptocurrency custody services to comply with risk mitigation, security and safety measures and address cybersecurity and operational failures. A framework that prevents market abuse, insider trading and manipulative behaviour will also be provided.

It is important to remember that this comes at a time when the Securities and Exchange Commission (SEC) have acted against exchanges Binance and Coinbase for failing to register as licensed brokers and offering unregistered securities.

DORA, formally adopted in early 2023, will come into effect in 2025. The legislation will apply to a plethora of institutions such as payment services providers, credit unions, investment firms, asset managers, market infrastructures, insurance firms and crypto-assets providers. It will also manage IT risk by overseeing third party providers, reporting incidents and auditing systems and processes.

Similar and complementary to the General Data Protection Regulation (GDPR), DORA will also empower data controllers and processors to ensure the resilience of their IT systems and protect personal data. By implementing gap analysis, financial institutions will find that DORA will enable a holistic approach that in a way, covers all bases when it comes to security requirements.

ESG in abundance: too many regulations, too little time

Also part of the key priorities outlined in the European Commission, EU Council and European Parliament’s Work Programme, is the development of ESG legislation, which includes the Corporate Sustainability Due Diligence Directive (CSDDD) and the European Green Bonds Regulation (EU GBS).

Alongside this, the European Markets Authority will also focus on developing remaining technical standards under the Sustainable Finance Disclosure Regulation (SFDR) and understanding how to combat greenwashing in its strategy for 2023 – 2028. Within this same strategic blueprint, the ESMA has also mentioned coordination of a Common Supervisory Action (CSA) across sustainability to address greenwashing risk in sustainable investment products.