On 10 May 2022, the European Commission (EC) published a public consultation and two targeted consultations, which cover the PSD2 review and a future Open Finance Legal Framework for Europe. The two targeted consultations close on the 5 of July, the non-targeted consultation closes on the 2 August.
As announced in the EC Retail Payments Strategy of 24 September 2020, a PSD2 review has been launched to evaluate whether the PSD2 has achieved its objectives in terms of market integration, enhancing competition and making electronic payments safer than before PSD2 and if the PSD2 content is still adequate, as the payments market has continued to evolve since the implementation of the PSD2.
As far as the scope and the exclusions from the scope of the PSD2 are concerned, the consultation asks whether they are still appropriate or whether some of the exemptions from the scope must be reviewed. Moreover, the consultation suggests that new payment service types could be added to the list of payment services in Annex I, notably the issuance of e-money, payment transactions using crypto-assets (including stablecoins), digital wallet services (e.g. mobile apps for payments), payment processing services, operating payment systems and schemes, Buy-Now-Pay-Later (BNPL) services and other specific services in the payment chain provided by a technical service provider. Such payment services – if added to Annex I – will be within the scope of the PSD3 and the consultation hints at whether they would be covered by the PSD3 only in terms of supervision (Title II of the PSD2) or also in terms of norms about the relationship between the payment service provider (PSP) and the customer (Title III and IV).
The consultation also suggests that the authorisation (licensing) of both payments institutions (PIs) and third-party payment providers (TPPs) are to be reviewed, as well as the own funds and safeguarding-related requirements. Furthermore, the review of the provision on liability in case a PSP uses third parties to provide services is also under consideration, as is triangular passporting.
As for the transparency of conditions and information requirements for payment services in Title III of the PSD2, the consultation asks whether these should be reviewed and adapted for one-leg transactions so that currency conversion costs are disclosed before and after a payment transaction also for these transactions, and whether the execution time must be disclosed for one-leg transactions before the payment is initiated.
Finally, with regard to the rights and obligations in relation to the provision and use of payment services in Title IV of the PSD2, the consultation questions whether the requirements regarding open banking in PSD2 are still adequate, or whether the way in which consent is provided to a third party to access payment data – and the liabilities attached to such an access – are clear or need to be clarified further. Also being considered is the question as to whether such access to payments data via interfaces must continue to be provided for free to third party providers.
As for the execution time of payment transactions, the consultation asks whether the current maximum execution time allowed for payments within the EU is to be adjusted, and whether for “one-leg” transactions 1) the maximum execution time for the payment must be limited, and 2) a unique identifier is sufficient to determine the payment account of the payee or should, for example, the name of the payee be required too before a payment is executed.
Finally, as far as strong customer authentication (SCA) is concerned, the consultation looks at whether SCA must be performed in a different way, whether SCA application should be extended to payee-initiated transactions too (for example merchant-initiated transactions) and whether limits for contactless payments without SCA must be reviewed.
We understand that a draft PSD3 could be published in early 2023.
Monica is founder and managing director of Trust EU Affairs and can be reached at [email protected]
Triangular passporting occurs where an authorised service provider in a Member State A makes use of the services of a service provider (e.g. an agent) in a Member State B in order to provide payment services in a Member State C.