.svg)
The Netherlands’ government has shared its wishlist for improvements to the revised Payment Services Directive (PSD2), pointing to setbacks with application programme interfaces (APIs) and data protection issues as priorities.
Sigrid Kaag, the Dutch finance minister, has outlined in a letter to lawmakers where the PSD2 is not working well for the Dutch payments market, following its implementation in the country in 2019.
Her predecessor, Wopke Hoekstra, had committed to carry out a review within three years of the legislation being in place.
“This evaluation looked very explicitly at the different consequences of this ability to share payment data,” said Kaag in her address to parliament.
In addition, the evaluation focuses on whether PSD2 has actually led to more competition and innovation, the security of payment traffic has been improved and if it has led to the creation of a more unified European payments market.
One of the key issues that the evaluation raises is that PSD2 does not provide a uniform standard for APIs.
This area has also garnered attention from the European Commission, which has hinted that it was a mistake.
EU regulators have previously stated that the reason no standard was developed was due to the desire to get PSD2 implemented faster.
Although some standardisation took place via the European Banking Authority's Regulatory Technical Standards and work within the Berlin Group, the lack of standardisation of APIs has resulted in banks developing different APIs, which has increased implementation costs.
This also made it more difficult for providers to offer comprehensive links, the evaluation warns, arguing that a standard for APIs could also have made a significant contribution to market clarity on how to reconcile the requirements of the General Data Protection Regulation (GDPR) and PSD2.
Looking forward, the evaluation, which was carried out by consultancy SEO Economic Knowledge, said that developing a uniform standard can still have advantages in that it leads to faster acceptance in the market, less discussion with the supervisor, and between banks and payment service providers.
Reconciling with GDPR
GDPR interplay with PSD2 is an area that stakeholders are struggling to navigate in particular, the report warns.
However, it does suggest that “this alleged ambiguity does not necessarily correspond to the supervisory reality that legally regulates responsibilities”.
It is a signal that supervisors are better able to communicate with each other and the outside world about this connection. Meanwhile, a large proportion of the stakeholders who were interviewed for the evaluation indicate that they need practical guidance in specific cases, such as designing data minimisation in the API interface.
The evaluation also found that due to longer payment chains and the rise of aggregators, some parties that do work with payment data are not under the supervision of PSD2.
For these firms, only the general GDPR supervision and the fact that they are contracted to a PSD2 supervised party provides any regulation of the payment data.
According to the evaluation, this means that the supervisor's lack of vision on the actual use of payment data is a risk.
At the same time, this is primarily a compliance question, the report suggests. “If all parties, both those inside and those outside the scope of PSD2, adhere to the combined standards of PSD2 and the GDPR, as well as the regulations for outsourcing under the financial services act, data protection is adequately guaranteed.”
A cost issue
Concern has been raised in the evaluation that banks are disincentivised to invest in their infrastructure by the regulation, “especially at a time when an increasing share of the benefits generated by the infrastructure leak to non-banking providers”.
The effect of this is still limited in the Netherlands, the evaluation concludes, due to the limited use of open banking.
However, from a competition and innovation point of view, although the choice of free access is currently justified, as the use of PSD2 services increases, it becomes more important to keep an eye on this disadvantage.
This is also something that the European Commission appears to have taken note of. For example, in its recent open finance consultation, it has hinted that access to payment infrastructure in this regard may come at a cost.
The ban on surcharging is beneficial to consumers because they do not bear the actual cost of all payment products, the evaluation says, although consumers ultimately indirectly bear the cost of payment.
For the payment system, this can have detrimental consequences if it eliminates the possibility of incentivising consumers to use efficient payment products.
According to stakeholders, this can lead to relatively expensive payment methods becoming commonplace — something which some have warned has become the case with instant payments for parts of the EU.
Fragmentation of PSD2 in Europe is also an area of concern for the Dutch government.
Due to passporting, Dutch supervisors have no view on the compliance processes from other EU countries.
“The possibility that regulators in other countries monitor the requirements of PSD2 less strictly is also seen by some interlocutors as a risk,” the report suggests.
Although the evaluation of the Dutch market is separate from the work currently being carried out by the European Commission, which could result in a PSD3, Kaag said that she will be feeding the information back to Brussels.
The outcomes of the evaluation also indicate where the Dutch government may look for change once co-legislators begin to develop revised payments legislation.
