The European Commission published several proposals in June 2023, including a document for the third version of the Payment Services Directive, or PSD3. The new Payment Services Directive will then be supplemented by a regulation on payment services, the Payment Services Regulation (PSR).
Why a PSR?
PSD1 (from 2007) and PSD2 (from 2015) are, like PSD3, so-called EU directives, i.e. the individual member states must first transpose them into national law. Both the exact legal text and the work of the national supervisory authority are not the same in all countries. If one looks at “payment players” in the SEPA area, a certain imbalance is noticeable. In some countries, for example, there are a disproportionate number of electronic money institutions (EMI). An exorbitant demand for this type of banking service in these countries may be doubted. Rather, it stands to reason that companies will selectively locate in those countries where obtaining a license appears easier than elsewhere. Thanks to EU law, however, business can be conducted from there throughout the EU. Such inequalities are of course contrary to the principles of the European Community, and with an EU regulation, i.e. the PSR, the same rules will henceforth apply in all EU states.
Three goals are always important to the EU Commission when it comes to SEPA payments:
- A level playing field in all countries (see above)
- Protection of consumers (from fraud, but also from dubious companies)
- Promotion of innovation and competition (no oligopolies, especially if they come from non-SEPA countries like Visa, Mastercard and PayPal).
PSD2, was introduced with the aim of virtually breaking up the SEPA payments market: banks, as guardians of euro accounts, were forced to give other companies access to these accounts. Innovative ideas and healthy competition for products in the financial services sector should no longer be hindered by the foreclosure strategy of the established banks. Account Information Services (AIS) and Payment Initiation Service Providers (PISP) were defined as “co-players”.
At the same time, the conditions for the disposition of payments were tightened through two-factor authentication (2FA) to improve fraud prevention.
The issues have obviously not yet been resolved to satisfaction, with PSD3 and PSR basically re-sharpening everything. The important proposals for a new regulations in keywords:
- Exchange of fraud-related information between payment service providers
- strengthening of Secure Customer Authentication (SCA) rules
- improved accessibility of SCA for users with disabilities
- expanded refund rights for fraud victims
- obligation to inform customers in case of fraud
- mandatory verification that IBAN and payee name match for SEPA credit transfers
- improvement of consumer rights, e.g. in the event of account blocking
- tightening of sanctions provisions
- mandatory “customer dashboards” for managing access rights to financial data
- clearer information on ATM fees
simplification of cash services for retailers
- new rules for independent ATM operators
- strengthening the rights of non-bank payment service providers vis-à-vis EU payment systems and banks
- improvement of “open banking” functionality
Changes for E-Money Institutions (EMI)
In the previous regulatory framework, a distinction was made between e-money institutions (may issue e-money, e.g. prepaid cards) and payment institutions (may manage credit balances). According to the current proposal, there will only be payment institutions that can additionally apply for an authorization for e-money services.
From proposal to PSD3 implementation
As mentioned, the published documents are proposals that have been reviewed by the EU Commission. In the next step, they will be reviewed by both the EU Council and the European Parliament. Once these bodies have agreed and adopted a final text, it will become enforceable. A special transition period of probably 18 months will apply to the PSR. The PSD3 itself, like its predecessors, will be converted into national law in the individual countries within the deadlines then set by the EU legislature.
Source: EU Commission