The European Association of Co-operative Banks (EACB) welcomes the opportunity to contribute to the review of the revised Payment Services Directive (PSD2) by the European Commission.
EACB’s key messages are as follows:
PSD2 has brought benefits for payment users by making payments safer and more secure through the implementation of strong customer authentication, although new kinds of fraud have developed, and the methods used by fraudsters changed after the implementation of PSD2. Besides that, PSD2 has created a market for third-party providers, created more trust with consumers in sharing customer data, and has proliferated APIs.
There is an unlevel playing field: PSD2 does not ensure equal treatment of the interests of Account Servicing Payment Service Providers (ASPSPs), in particular credit institutions, and other providers, and has in effect established an uneven level-playing field. ASPSPs were forced to establish an expensive infrastructure without the possibility of recovering the costs incurred and regardless of their respective clients’ needs and whether they use the services of Third-Party Providers (TPPs). At the same time, the full economic opportunities are to the sole benefit of the TPP.
PSD2 impact should be assessed not only from a content perspective but from a cost-benefit and process perspective. In terms of process: the division of the legislative process in different levels and stages (level 1, level 2, additional guidance from multiple supervisors) has created inefficiencies and additional cost to the implementation process. In terms of cost-benefit: all the efforts put in place, notably to facilitate AIS services, have not generated much demand. The implementation of PSD2 has generated considerable costs, without the possibility for ASPSP to generate income from account access by third parties.
PSD2 revision is not needed at this stage: Payments are well regulated by a broad range of EU legislative acts, including the Payment Services Directive, Payment Accounts Directive, Regulation on cross-border payments, SEPA Regulation, Regulation on interchange fees for card-based payment transactions, that seem to address all societal and legal needs in the area of payments at this moment in time. Therefore, there is a need for a legislative breathing space.
The future of European payments landscape should support market-driven initiatives. It is the right point in time to develop new solutions and services that provide a sustainable revenue base and hence innovative capabilities by market participants. In our view, the success of market driven initiatives depends on a broad agreement and involvement of all stakeholders, e.g. SEPA Payment Account Access Scheme which is currently under development.
Should the Commission decide to revise the PSD2, we would be in favour of a targeted revision focusing only on certain aspects. One such targeted aspect is access to payment accounts. There should be a sustainable business model for access to payments data by TPPs. Inspiration could be taken from the ongoing work on the SEPA Payment Account Access Scheme led by the European Payments Council. Also, it should be clarified how to handle in practice the liability for unauthorized transactions involving TPPs, i.e., a framework is necessary for recovering ASPSP funds where TPP is responsible for non-executed, defective, or fraudulent transactions. Besides that, the Confirmation of Funds service should be removed from the directive or should at least be made non-mandatory or open to Member State option, as it seems to be a very niche service, used only in a few markets/countries.
API standards should not be regulated: EU legislation should not include a common API standard. The EACB supports a market-driven approach. We believe that the regulatory framework should provide incentives to implement good APIs and promote standardisation, and not impose them.
Better interplay between PSD2 and GDPR is needed: The guidance on the interplay of PSD2 and GDPR issued by the EDPB was late, contained important surprises for market actors and seemed to have been developed with little to no alignment with e.g. the EBA work. A joint industry letter on the interplay of PSD2 and GDPR addressed to the EDPB on 31 January 2022 sets out our concerns in that respect.
Lessons learned from PSD2 should be taken into account in the context of the Open Finance Framework: The outcome of the PSD2 review will need to be strongly considered when designing and proposing legislation, if any, on Open Finance. The lessons learned from the PSD2 review must be the basis upon which further development of an Open Finance Framework shall proceed, taking into account and assessing the variety of possible economic, operational and security risks for consumers and data holders resulting from a possible mandatory access to their data. Furthermore, it is strongly advisable to assess benefits and risks related from both Open Finance options, as consulted by the European Commission, namely voluntary data sharing versus mandatory data access, and align outcome of the latter assessment with already existing European Union strategies and values regarding data (Data Strategy, Digital Finance Strategy, Data Governance Act, Data Act, AI Act Proposal, etc.).
Read EACB's answers to the consultation questions here.