Bovill’s Colin Darby discusses PSD2 in CityAM
5 December 2017
PSD2 – which takes effect in the UK on 13 January 2018, courtesy of the Payment Services Regulations 2017 – has been described as “game changing”. Rather than restricting the behaviour of firms and individuals, it seeks to enable competition and support innovation. In a PSD2 world, customers should have more choice over how to pay for goods and services, move funds, and manage their payment accounts.
PSD2 brings a range of compliance challenges. Several hundred UK firms will become regulated for the first time, such as aggregated account management portals, payment initiators, and certain e-commerce platforms. Existing regulated payment and e-money firms must re-apply in order to continue business under PSD2. With a broader geographic scope, more transactions will be subject to the customer information and transparency requirements. PSD2 has touch-points with data protection, market conduct, antimony laundering, consumer credit and consumer rights regulations that need to be carefully managed to avoid internal inefficiencies, customer detriment and regulatory breaches. Save for where there is evidence of unauthorised or fraudulent access, firms operating payment accounts for customers must provide regulated third party providers (which have the customer’s consent) with secure access to payment account data, even if there is no contract between themselves and the third party.
The regulations recognise the criticality of access to bank accounts and payment systems for non-bank Payment Service Providers (PSPs). Although the extent of service provided to PSPs remains a commercial decision, banks must treat applications from PSPs on a proportionate, objective and non-discriminatory basis (including the consistent application of internally set criteria), and report denials of access to the FCA. Some banks may need to re-visit their approach to the sector.
PSD2 also refers to various detailed Regulatory Technical Standards (RTS) and Guidelines. Although the RTS on secure customer authentication will not take effect until 18 months after they are formally adopted by the European Commission, HMT and the FCA expect firms to comply with the PSD2 security principles from 13 January 2018.
Regulatory changes are just part of a rapidly evolving payments landscape. SEPA Instant Credit Transfers and phase one of SWIFT global payment innovation are now live and the use of distributed ledger technology to expedite value transfer increases. In the UK, the Bank of England plans to grant direct Real Time Gross Settlement access to some non-bank PSPs and the Payment Strategy Forum will soon publish its blueprint for the future of UK payments. Innovative firms are disrupting traditional payments business and existing providers are responding – all PSPs face the challenge of marrying innovation with regulatory compliance.
PSD2 Q&A Panel session
Colin also answered questions as part of an expert industry panel:
What is the biggest impact that PSD2 will have on your industry?
The main industry impact is likely to be greater collaboration between credit institutions and payment service providers which should result in broader customer choice on how to make payments and manage payment accounts. In combination with other changes, such as Open Banking, the re-launch of RTGS and the re-design of the UK payments architecture, payment value chains may feature less actors, making payments cheaper, faster and more secure. From a regulatory consulting perspective, PSD2 has driven increased demand from payment service providers and will likely continue to do so in the short to medium term.
PSD2 – Opportunity or threat?
From an industry perspective, PSD2 is both an opportunity and a threat. Third Party Providers will have enshrined rights to access payment account data held by banks and other payment service providers. Established service providers are reinvigorating their service offering to stay relevant to their customers. Implementation brings change and development costs but ongoing operational costs and payment fraud losses should decrease. Some existing payment firms may find that they are denied re-authorisation given the heightened regulatory requirements. For customers, some may use online payment initiation in favour of card-based payments whilst some will be concerned that increased digitalisation will put their data at greater risk.
Download the full article and all the questions Colin answered in the Q&A panel discussion in the CityAM PSD2 Supplement.