As part of the review of the second Payment Services Directive (PSD2), the European Banking Authority (EBA) has given its advice on changes it would like to see. These include clarification of the scope, definitions and the regulatory approach to specific business models; merging PSD2 with the second Electronic Money Directive (EMD2); and a wide range of other proposals. We will update you on progress in revising PSD2 in due course. If you would like to know more about the details, please get in touch.

Definitions

The EBA suggests:

  • clarifying the place of provision of payment services provided online;
  • defining more clearly the nature of each specific payment service, to more clearly distinguish them;
  • merging the payment services enabling cash to be placed on and withdrawn from a payment account; 
  • merging the payment services involving the execution of payment transactions whether or not covered by a credit line; 
  • splitting issuing payment instruments and acquiring payment transactions; and
  • clarifying the meaning of key definitions including ‘payment account’, ‘payment instrument’, ‘electronic payment transaction’, ‘initiation of a payment transaction’, ‘remote payment transaction’ and ‘sensitive payment data’.

Business Models

To clarify the approach to different business models, the EBA would like to see:

  • specific requirements for payment card schemes, payment gateways and merchants relating to the implementation of security requirements, but without requiring them to be authorised;
  • greater clarity on exclusions relating to commercial agents, limited networks, and independent ATM providers; and
  • provisions addressing 'white-label' business models and cases where intermediaries act as merchants.

Merging PSD2 and EMD2

This merger will allow for greater harmonisation, simplicity and consistency in the application of PSD2 (particularly in the context of e-money and prepaid card issuance), help ensure level-playing field between EMIs and PIs and future-proof the regulatory framework. Specific EBA recommendations include:

  • add 'electronic money services' to the list of payment services;
  • apply identical  requirements for payment institutions (PIs) and e-money institutions (EMIs) in relation to the authorisation, safeguarding, initial capital and own funds; and
  • clarify the nature and status of e-money distributors to ensure a coherent approach to both agents and distributors.

Other Proposals:

The EBA sees the need to revise the capital framework, address issues relating to the recovery and wind-down of significant PIs and EMIs, distinguish the different passport rights for branches and cross-border services, consider consolidated group supervision, and address issues related to the authorisation process.

Changes are proposed in relation to blocking funds, the liability regime and related key terms, and accommodating 'instant payments'.

As to strong customer authentication (SCA), the EBA sees a need to clarify the regulatory treatment of merchant-initiated transactions and others excluded from the scope of SCA, mitigate risks of social engineering fraud, and ensure that nobody in society is excluded from using payment services.

The EBA proposes a range of provisions to address issues relating to the access to and use of payment accounts data in the context of payment initiation services (PIS) and account information services (AIS). These include supporting the potential move from 'Open Banking' to 'Open Finance' more generally, expanding access from merely payment accounts data to as savings, investments and insurance data, for example.

The EBA also wants a more transparent, objective regime for banks to provide accounts for PIs and EMIs.

There are proposals to aid enforcement of PSD2; and in the face of delay in implementing SCA, the EBA proposes:

  • specific requirements to actors in the payment chain that have an impact and influence on the implementation of security requirements; 
  • phased implementation of future wide-scale technical and complex projects; and
  • collaboration mechanisms for national regulators to ensure harmonised and consistent implementation.

We will keep you updated on the progress towards revising PSD2. If you would like to know more about the details, please get in touch