You can read the PDF version of our position here
Introduction
The European FinTech Association (EFA) welcomes the European Commission’s (Commission) review of the Payment Services Directive 2 (PSD2). PSD2 has delivered a more innovative, competitive payments landscape in Europe, allowing consumers to benefit from new products and services and more secure payments. However, challenges remain, including with diverging approaches across Member States in PSD2 implementation that are creating competitive challenges for e-money institutions (EMIs) and payment institutions (PIs), depending on where they happen to be licensed.
In its review of the Payment Services Directive, EFA encourages a review of these key areas.
Main points to address as part of the PSD2 Review:
- Revision of the scope.
The EFA believes that several adjustments should be made to the scope of application of rules within the PSD2. Notably, the transparency rules and requirements within the PSD2, as well as protection from unfair contracts should be extended to all businesses, including SMEs and corporates. Enhanced price transparency rules, particularly those aimed at including the currency conversion charge as part of the total cost, should also be extended to all one-leg out payments sent from the EU to a third country to ensure remittances are no longer subject to hidden fees. This type of “total cost disclosure” rule has already been recommended by the Financial Stability Board (FSB) and the Global Forum on Remittances, Investment and Development (GFRID).
Furthermore, the EFA suggests having more proportional requirements for Account Information Services Providers (AISPs) and Payment Initiation Service Providers (PISPs) where there is no fund handling involved, and therefore avoiding the imposition of cumbersome AML requirements. In addition, the EFA notes that under PSD2, the regulatory treatment of online marketplaces and payment facilitators (Payfacs) – increasingly important parts of the EU’s digital economy – is unclear and interpreted differently across Member States. In order for PSPs to better serve this market, a clearer and more consistent approach to regulating marketplaces and payfacs should be developed.
- Addressing the overlap of PSD2 with other legislation to improve regulatory coherence:
In view of simplifying compliance, unlock the potential for more growth-driven activities, as well as making the EU regulatory framework more coherent, the review should pay attention to the interplay of PSD2 with other legislative acts, such as the E-Money Directive (EMD), Markets in Crypto-Assets Regulation (MiCA), as well as the Settlement Finality Directive (SFD). Requirements should be proportionate to different types of business models and commensurate with the specific risk posed by different business activities. For example, where a licensed EMI is considering the provision of crypto-related services, their existing EMI authorisation should be taken into account through lighter touch application of MiCA requirements.
- Adjusting the requirements for Payment Institutions (PIs).
PSD3 should review its safeguarding requirements, as PIs are currently investing a lot of resources in their safeguarding arrangements. Existing provisions are outdated and no longer adapted to the changing needs and size of EMIs. Despite considerable resources invested in order to adapt to safeguarding requirements, EMIs suffer from the total lack of flexibility and the high management costs of segregated funds. Indeed, banks in which such funds are deposited charge fees for their maintenance, which, as the size – and therefore the volume of liquidity held – of EMIs increases, constitute a cost that could become unsustainable in the medium term, especially considering the negative interest rates that have been experienced in recent years. At the same time, EMIs face a total lack of guarantee in the case of depository bank failure, as has happened over the years in some countries.
The EFA believes that capital requirements should be adapted to reflect comparative risks, rather than be proportionate to volume. For example, capital requirements for fintechs offering acquiring services should be adapted to remove the double counting of transaction volumes that currently takes place. Requirements should be as harmonised as possible, leaving less room for Member States to gold plate. Consideration should be given to a potentially greater role for the European Banking Authority in respect of the convergence of national regimes. This could be achieved, for example, by the issuance of regulatory technical standards and through the conduct of annual peer reviews.
- Enabling direct access to payment systems for non-bank PSPs:
PSD2 intended to provide non-discriminatory and proportionate access criteria to payment systems, unless those payment systems were designated under the Settlement Finality Directive. That exemption is no longer fit for purpose in the absence of a review of the ‘participant’ criteria in the SFD and should be removed.
- Addressing ‘de-risking’ practices.
Requirements within the PSD2 should be further specified and strengthened to guarantee access of PSPs to bank accounts in a proportionate, objective and non-discriminatory basis. This should result in clear guidance to firms outlining conditions for access as well as when access is withdrawn.
In PSD3, the requirements within Article 36, on Access to accounts maintained with a credit institution, should be further specified and strengthened to guarantee PSPs’ access to bank accounts in a proportionate, objective and non-discriminatory basis. This would ensure that credit institutions are not using AML concerns as an excuse to off-board or refuse to serve PSPs without reviewing the controls/policies in place. Furthermore, no discrimination against PSPs registered in specific Member States should take place.
- Improving Strong Customer Authentication (SCA):
Further adjustments to the SCA rules could be made to foster innovation and customer convenience while keeping high standards of security. For example, additional exemptions for SCA should be looked into for specific cases, such as using the same gateways to make recurring payments. SMEs should also be subject to a more proportionate application of SCA requirements and could be allowed to use secure alternatives to SCA. Furthermore, clearer guidance is needed when it comes to Transaction Risk Analysis (TRA) and associated fraud ratio calculations. Ideally, protecting merchants and consumers from fraud is best done through technology-neutral regulation that focuses on outcomes rather than prescriptive rules.
More generally, PSD2 and the accompanying RTS on SCA and CSC leave too much room for interpretation from the counterparties, meaning that there is no agreed standard on what obligations TPPs have and what data need to be provided. PSD2 regulation can be simplified by taking an outcome-based approach.
- Fixing open banking:
A number of measures should be taken to ensure that the full potential of open banking in the EU is achieved. Notably, the PSD2 review should pay attention to the different implementation across Member States of the scope of ‘payment accounts’, the rules of access to payment accounts, as well as improving the transparency requirements of bank APIs and the conditions to access them in order to allow payment service providers to offer a compelling payment experience using Open Banking.
Also, the EFA believes that PSD3 should make variable recurring payments mandated for sweeping (automated money transfer between customer’s own accounts, e.g., to move any excess balance at the end of the month from a checking to a savings account). This would be a huge step forward in terms of delivering competition and innovation to consumers and has already been successfully implemented in the UK.
- Removing barriers to improve competition:
Termination costs can act as an unnecessary barrier for SMEs to switch PSPs and often they can face similar resource constraints or discrepancies in bargaining power vis-a-vis PSPs. Thus, the requirements for contract termination, as well as automatic renewal of fixed term contracts should be reviewed. Additionally, the framework contract protections should also capture POS Terminal contracts that are bundled with acquiring contracts, and can carry significant early termination costs, locking-in small businesses and making the current protections ineffective. Finally, measures related to surcharging should be revised in order to give merchants the right to steer their consumers towards more efficient and innovative payment methods Allowing merchants to send price signals to customers will help set a level playing field between dominant payment methods such as card payments and emerging one account solutions that leverage the SEPA Instant Credit Transfer (SCT Inst) scheme.
- Harmonising PSD2 implementation across Member States:
PSD2 has been interpreted and implemented inconsistently by individual Member States, and this is skewing competition and working against the creation of a single market for payment services. This can, for example, be seen in the inconsistent way different NCAs grant licences as well as Member States adopting different approaches to ‘local activities’ undertaken by PIs (such as treatment of marketing and sales operations) that fall outside of the PSD2 framework. Under the EU’s passporting regime, these inconsistencies have resulted in regulatory arbitrage and uneven growth opportunities. Thus, the PSD2 review should consider how regulatory approaches across Member States can be fully harmonised to remove these barriers to EU-wide competition and innovation. It should examine what role the European Banking Authority (EBA) could, in the near-term, play in bringing about more convergence of legal interpretations and regulatory frameworks across member states; and whether, over the longer-term, an EU Regulation may be necessary to overcome inconsistent implementation.