The Second Payment Services Directive (PSD2) is a fundamental piece of payments related legislation in Europe, which entered into force in January 2016. PSD2 is the product of a review of the original Payment Services Directive and requires payment service providers (PSPs) to make a significant number of changes to existing operations. The Directive requires that all Member States implement these rules as national law by 13 January 2018, with the exception of certain rules around strong customer authentication and secure communication, implementation of which will run to a different timetable.

PSD2 is a significant evolution of existing regulation for the payments industry. It aims to increase competition in an already competitive payments industry, bring into scope new types of payment services, enhance customer protection and security and extend the reach of the Directive.

Why is PSD2 important?

PSD2 is an important step towards a Digital Single Market in Europe, which aims to make the EU’s single market fit for the digital age. The new measures will also ensure that all PSPs active in the EU are subject to supervision and appropriate rules. There will be wide-reaching implications for a range of parties including banks, other PSPs, FinTechs and customers.

What changes does PSD2 make?

PSD2 will set out a common legal framework for businesses and consumers when making and receiving payments within the European Economic Area (EEA) – which comprises the 28 European Union Member States plus Norway, Iceland and Liechtenstein – and outside the EEA.

The PSD2 text makes it clear that customers have a right to use what are termed Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs) where the payment account is accessible online and where they have given their explicit consent. These changes reflect the market growth in e-commerce activities and use of internet and mobile payments as well as the rise of new technological developments and a trend towards customers having relationships with multiple account providers. This will make internet and mobile payments easier and help customers to manage their accounts and make better comparisons of deals.

The other key changes introduced by PSD2 can be grouped into four main but overlapping themes: market efficiency and integration; consumer protection; competition and choice; and security. Some more specific changes include:

• Extension of scope to all currencies and one-leg payment transactions
• Changes to the scope of the exclusions
• Passporting, authorisation rules and supervision of payment institutions
• Consumer protection
• New providers and new payment services
• Operational and security risk management and incident reporting
• Requirements for strong customer authentication and secure communication

What are the timelines?

PSD2 must be transposed into national law by Member States by 13 January 2018, which means that the majority of the legal provisions will apply from that date.

However, PSD2 empowers the European Banking Authority (EBA) to develop a number of guidelines and technical standards, including a mandate (under Article 98) to deliver regulatory technical standards (RTS) on strong customer authentication and secure communication, implementation of which will run to a different timetable.

Where is UK Finance involved?

PSD2 is a major piece of legislation for the UK and it is important that it is considered alongside all the other regulatory and strategic initiatives in play. Many of the requirements and changes in the evolving landscape interrelate; the end result needs to be an efficient, competitive and safe payments market for customers and PSPs alike. UK Finance is well placed to support the industry as it embarks on the implementation of PSD2.

UK Finance will continue to lead the critical work to ensure a coordinated approach to implement PSD2 requirements and secure the best outcomes for UK customers and the market. This is being achieved by working closely with our members, the wider industry and key stakeholders – both domestically and European wide.

Background to Open Banking

In August 2016, the Competition and Markets Authority (CMA) published the final report for its retail banking Market Investigation. The CMA has set out a package of remedies aimed at increasing innovation and improving competition.

This included a requirement for the nine largest current account providers to make available to authorised third parties:

• Standardised product and reference data (by 31 March 2017);
• With customer consent, secure access to specific current accounts in order to read the transaction data and initiate payments (by January 2018).

This information will be shared through an open Application Programming Interface (API) framework which will prioritise customer protection. The Open Banking Implementation Entity will develop API Standards allowing two different pieces of software from different financial institutions to interact and exchange data.

What is Open Banking?

The introduction of ‘open banking’ in the UK will transform banking as we know it. Customers will have the option to share information about how they operate their bank account with organisations that will work to deliver an enhanced banking experience, for example  by offering comparison and switching services to help customers identify the best financial products for them.