.svg)
The Payment Services Directive (PSD2) has become a worldwide reference point, according to the European Commission’s financial services chief, but the time has come for reform.
EU global leadership on payments also means making sure that rules in the trading bloc are up to scratch, and fit for the digital age, said Mairead McGuinness, the financial services commissioner, during a keynote speech to Conférence Europe des Services Bancaires et Financiers.
PSD2 has been a success, according to McGuinness. “New business models have emerged, including those based on the sharing of payment account data, so-called open banking.”
“Europe is a pioneer in open banking,” she said, pointing out that hundreds of fintechs are now offering payment services to customers alongside banks.
However, although the Irish commissioner insisted that PSD2 has been a “worldwide reference point” for retail payments, big changes in the market need to be accounted for.
“A wide array of new players, in particular technical service providers, have become key actors in the payments ecosystem, and they are not all effectively supervised,” she said.
With the increase of digitalisation and e-commerce, social engineering and scams pose a growing threat to payment security and consumer confidence, McGuinness pointed out, echoing her peers in the UK who have been grappling with the rise of authorised push payment (APP) fraud.
“As new types of fraud emerge, we must be ready to improve both fraud detection and prevention measures.”
Account access
There are still obstacles in the market, she continued, a point that was echoed by Denis Beau, the deputy governor of the Banque de France.
According to Beau: “The framework established for open banking has its limitations.”
In terms of the openness of the market, new service providers remain dependent on traditional institutions and, in particular, for the opening of a segregated account, according to Beau.
This raises questions given the difficulties that many fintechs encounter in practice in accessing accounts, he continued, noting that there are also a number of technical limitations.
“While the use of APIs [application programing interfaces] makes account access more secure, these interfaces must also ensure that new entrants are able to provide their services at a level of quality that is consistent with their business model.”
In particular, Beau appeared to call for a regulatory mandate for APIs. This has been an area of contention that both the European Commission and European Banking Authority (EBA) encountered during the PSD2 implementation.
APIs have become fragmented and a challenge for financial institutions both new and old to deal with effectively.
Regulators had previously opted not to create standards.
Officials from both the European Commission and the EBA have previously expressed concerns about the success of the status quo, with the commission’s payments chief, Eric Ducoulombier, having said at a conference in April last year that “maybe now, five years down the line, there is some regret that there isn’t any standardised API and maybe some believe that such absence is causing the obstacles”.
The deployment of the APIs proved to be more complex than expected due to heterogeneous applications, late developments and the lack of an underlying business model, Beau said.
“Should there be an extension of sharing to other financial data, the PSD2 directive calls for a more explicit definition of shareable data, a clearer allocation of responsibilities for authentication, and the promotion of the use of standardised APIs.”
Two key principles could guide public and private institutions on this, he suggested.
“On the one hand, institutional players can act as a catalyst for private initiatives on standardisation,” he said, referring in particular to the mandate given to the European Payments Council for the creation of a new scheme to facilitate open finance, the SEPA Payment Account Access Scheme (SPAA).
In addition, the debate on open finance should be an opportunity to push for an improvement in the quality of APIs, such as premium APIs, by openly addressing the issue of financial compensation for data providers.
Open finance
Open finance was a key theme of both Beau and McGuinness’ speeches.
Open finance involves extending open banking-esque data sharing and third-party access to a wider range of financial sectors and products.
It is often talked up by its advocates as a way to iron out inefficiencies in money management, for example, allowing service providers to develop platforms that enable applications to make financial decisions based on consumer information and preferences.
Alongside the review of PSD2, the European Commission will also develop legislation on the issue, said McGuinness. “Given the rapid pace of digitalisation, we need to consider whether and how open banking should become ‘open finance'.”
“Open finance has the potential to spark new, innovative products personalised to individual consumers, while those consumers keep control over their data,” she said.
Open finance is a development that must be addressed with caution, said Beau. “While it promises to open up the financial market to new players, it could paradoxically increase its concentration, and compromise our strategic autonomy.”
Indeed, with the platformisation of the digital economy, Beau continued, companies today aim to rapidly increase their market share in a specific segment and then extend the range of their services to build a captive customer base.
“Open finance could accelerate this trend, which can already be seen in the payments market, by allowing the exchange and cross-referencing of an ever-increasing volume of data,” he continued.
This may ultimately prove detrimental to competition, Beau cautioned. “This challenge is particularly acute with the development of bigtech companies in the financial services markets, which already have significant market power in the areas of cloud computing, mobile payments or digital identification.”
“Open finance also poses challenges in terms of sovereignty to which we must be attentive,” he said.
“They primarily occur at the individual level. The increasing volume of data in circulation and its cross-referencing is a considerable challenge for the protection of personal data. Cross-border data flows also complicate the enforcement of regulations and make it more difficult for authorities to act.”
And at the industrial level, mastering artificial intelligence technologies is now contingent on the quantity and quality of accessible data, he said. “It is therefore essential that access to data should not be monopolised by non-European players alone.”
Going forward, McGuinness and the European Commission are due to release their PSD2 review consultation before the year ends. Although it should be noted that in the EU’s retail payments strategy, this was due to be undertaken by the end of last year.
Meanwhile, legislation to develop an open finance framework is due, according to the strategy, by mid-2022.
