.svg)
The EU’s open banking progress has been slow, and even branded "disappointing" by some, but there is optimism that the new Payment Services Regulation (PSR) could deliver improvements with the introduction of tighter rules.
At Money 20/20 in Amsterdam this year, a senior official at De Nederlandsche Bank, the Dutch central bank, said what pretty much everyone has been thinking about open banking in the trading bloc.
“It is not really a game changer,” said Patrick De Neef, the central bank’s chief innovation officer.
“In all honesty, if you look back at what it really brought in terms of the kinds of offerings that are out there in the market, it has been a bit of a disappointment, right?” he said.
Shortly after, the European Commission released its much anticipated new payments package.
One element in the proposals that will stand out is the decision to put open banking requirements into a regulation, not a directive, which could ultimately solve the EU’s slow take-up.
Policymakers at the commission, who sources say have returned from their summer holidays “bullish” about the regulatory proposals, will be hoping that this finally brings about success for open banking throughout the trading bloc.
"Most of PSD2 is becoming a regulation and will be directly applicable,” said Andrei Cazacu, EU public policy lead at open banking firm TrueLayer.
Cazacu suggested that this could go quite a long way in fixing shortcomings in open banking today that come with different interpretations.
“Requirements for open banking have been expanded — there is now a dedicated chapter, and this should improve the situation in Europe," he said.
"The introduction of the PSR, alongside revisions to the directive, could play an important role in enhancing uptake of open banking by providing greater harmonisation across Europe," said Lisa Edström, compliance director at Brite Payments.
Edström told Vixio that this is an important first step, but only time will tell whether further measures are needed to ensure the optimal functioning of open banking.
"Services like open banking-based account-to-account payments are already incredibly convenient, but they haven’t yet gained wide-scale adoption. This means many people are still unaware of their benefits, which needs to change," she said.
"If the commission can generate more awareness around solutions like this it would create a ‘snowball effect’ around demand for open banking services, which would inevitably boost uptake across the board."
Data access
Pierre Paul Gauci, advisor at business consultancy Embark Malta, told Vixio that he was “enthusiastic about the changes”.
“Looking purely at the text, one thing that struck me most was the list of prohibited obstacles to data access,” he said.
“It gives the idea that the EU has learned a lesson and is taking a very pragmatic approach in trying to make these obstacles less easy by issuing prohibitions."
In Article 36 of the PSR, the commission has tightened up rules and requirements regarding the application programme interfaces (APIs) that are provided by account servicing payment service providers (ASPSPs) — known beyond the payments world simply as "banks".
ASPSPs will need to ensure that their dedicated interface allows payment initiation service providers (PISPs) to, at a minimum:
-
Place and revoke a standing payment order or a direct debit.
-
Initiate a single payment.
-
Initiate and revoke a future dated payment.
-
Initiate payments to multiple beneficiaries.
-
Initiate payments, regardless of whether the payee is on the payer’s beneficiaries list.
-
Communicate securely to place a payment order from the payer's payment account and receive all information on the initiation of the payment transaction, and all information accessible to the ASPSP regarding the execution of the payment transaction.
-
Verify the name of the account holder before the payment is initiated and regardless of whether the name of the account holder is available via the direct interface.
-
Initiate a payment with one single strong customer authentication, provided the PISP has provided the ASPSP with all of the following:
(i) The payer’s unique identifier.
(ii) The payee’s legal and commercial name and "unique identifier".
(iii) A transaction reference.
(iv) The payment amount and the currency of the payment, based on which the single strong customer authentication is triggered.
According to Cazacu, this is mainly the sum of Q&A responses and other documents issued by the European Banking Authority (EBA).
“This list, and better enforcement, should mean that problems are resolved quickly,” he said.
“However, it’s important that the list is not exhaustive so that new obstacles are addressed if and when they surface."
Gauci did, however, explain that laying down the rights and responsibilities of third-party providers gives status and clarity on what they should be doing.
He also noted that the regulation “places an onus” on national competent authorities (NCAs) to ensure that banks comply at all times with their obligations in relation to the dedicated interface, and that any identified obstacles are immediately removed.
“Above all, the proposal to legislate such requirements through the proposed PSR as opposed to a technical standard is a very concrete indicator of how importantly the commission views this."
Cazacu cited a lack of enforcement after PSD2 as something that has stood in the way of open banking.
Authorities going forward will need to exercise responsibilities and have the power to issue fines for non-compliance.
“These are very positive developments but it will depend on the national competent authorities being strict on the application,” said Cazacu.
According to Cazacu, national competent authorities have been focusing elsewhere at times. Now, they have extra powers and obligations in the PSR.
“Authorities will need to exercise responsibilities and have the power to issue fines for non-compliance,” he said.
“In an ideal world, we would have an open banking authority, and the commission did suggest that this was an option they considered, but ultimately, there is no will from member states and no budget,” said Cazacu.
“So, if this was required through regulation, the industry would need to fund it."
Throughout the autumn and into next year, legislators in the European Parliament and in member states will be digesting and scrutinising the new legislative proposals.
Although there is a chance that the proposals will be subject to change, fintech lobbyists have proven they have the ear of legislators in Brussels with the tightening of rules on dedicated interfaces.
They are also pleased by the push for payments and e-money institutions to be granted direct access to payment systems, whether it ends by way of an instant payments regulation or by PSD3.
