.svg)
The debate has begun about the future of payments regulation following the recent consultation review of the revised Payment Services Directive (PSD2). VIXIO speaks to experts from around the payments industry who ponder whether the time has come for there to be a regulation instead of a directive.
On paper, PSD2 has arguable been one of the world's most innovative payments projects. Through making banks open up their data to challengers, it has ultimately helped enable the success of fintech that, previously, would not have been able to expand as easily.
Yet, it has not all been a success, as many readers will know.
Fragmentation has continued to be a headache for those in scope, whether that be because of the market for application programming interfaces (APIs) or due to regulators taking different stances or gold plating the directive.
"The two issues that come to mind when we discuss PSD3 are application protocol interfaces (APIs), and the potential gold plating and hurdles that some local regulators have introduced in order for payments institutions to obtain a licence,” Thibault de Barsy, chair of the Payments Association EU, told VIXIO.
The explanation is, more often than not, that the local regulator has required a local office and minimum staff, which is not a requirement in PSD2, he pointed out. “This is particularly the case with Southern countries."
Noting these issues, Andrea De Matteis, founder of De Matteis Law, claims “there are discussions about whether there should be a regulation instead of a directive. This would result in less arbitrage among the member states.”
A regulation is more prescriptive, providing a defined legislative act, while a directive is more objective based and, depending on the member state, allows some flexibility into how it is translated into national law.
He pointed out that transforming part of PSD2 into regulation will ensure full uniformity across Europe in terms of requirements and enforcements. “Newer entities could prefer regulation so that they could have more reach.”
The European Commission, however, could eventually decide not to resort to this option because the landscape of payments is also very different in terms of technical developments, so some specificities at the national level may need to remain, he pointed out.
Of course, the commission has recently done away with directive-based money laundering legislation, having become tired of different oversight among the 27 member states that has unleashed several scandals and allowed bad actors to game the system.
Regulation surrounding issues such as APIs, which the commission has previously acknowledged as a failure of PSD2, may therefore be appealing.
"The issue with PSD2 is not the regulation itself, but how it is being treated by the authorities,” said Niklas Sandqvist, vice president of Aera Payments.
The PSD2 mandate, to encourage competition and innovation, is not in the mandates of the regulators around Europe, he argued.
“One of the reasons that PSD2 failed in the implementation phase is because no one responsible for implementation is actually motivated, yet are obliged to push it forward."
It is inevitable that strong customer authentication (SCA) is still a contentious issue for payment players.
"The biggest issue that needs to be addressed is strong customer authentication, which has created immediate and very significant pains,” said Krzysztof Korus, founding partner of DLK.
Regulators need to address SCA, agreed de Barsy. “They believe it was right to introduce it in the way that they did. This is something that needs to be challenged, considering the practical experiences of players."
De Matteis was tentative about how much this part of the regulation may ultimately be revised.
“Minor things could be changed for SCA in PSD3. It has taken so much to get this infrastructure right, so the commission may be focused on just some adjustments, such as the introduction of new exemptions, or a fine-tuning of existing exemptions,” he suggested.
There is a debate, for example, around having SCA for vending machines considering the low risk, and there is a push for electric vehicle charger exemptions too.
His colleague, Simone Giordano, agreed. “The European Commission is adopting a very sensitive approach to the investment that the industry has done so far to deploy SCA compliant infrastructure. My general feeling is that there will be a sensible approach on SCA.”
“Shopping patterns of a cardholder and behaviour-based information could be used well for SCA,” he suggested. “This data provides a very big certainty that it is the same consumer making the payment, which is possible with EMV 3DS.”
Consultation in progress
In May, the European Commission launched its much-anticipated consultation review of PSD2, offering participants the chance to give feedback on what works well and what needs improving.
Stakeholders now have until July 5 to respond to the consultation, which is likely to be deliberated on in the autumn of this year.
In its request for feedback, the commission has not made specific proposals but does hint at where it will be looking to reform the legislation.
The consultation looks at the current transparency rules regarding payments and whether they are adequate, as well as whether there should be a common reporting template for rejecting applications to open an account.
