scroll to explore

PSD3 – Through the lens of the European Banking Authority

Credit & Financial Institutions

PSD3 – Through the lens of the European Banking Authority

by Ganado Advocates

27th September 2022

The main objectives of the Payment Services Directive (EU) 2015/2366 (PSD2), transposed under Maltese law by inter alia the Financial Institutions Act, Chapter 376 of the Laws of Malta (FIA), were mainly to create a safer and more secure space for payments, to enhance protection for European Consumers and businesses and to contribute to an integrated and efficient European payments market. However, as Maired McGuinness, Commissioner for Financial Services, Financial Stability and Capital Markets Union stated: “The PSD2 has driven innovation in retail payments, to the benefit of consumers and financial service providers. It is now time to take stock with all stakeholders, and prepare our next steps. We want to boost innovation and increase consumer choice in payments and open finance, while keeping the companies and people who generate data in control”. With regards to this, the European Commission launched a public consultation to collect evidence regarding the application of the PSD2 together with any benefits and challenges which may have been encountered and any amendments which may be appropriate.

Background

In response to the European Commission’s call for advice, the European Banking Authority (EBA) published an Opinion and Report reviewing PSD2, in which more than two hundred proposals were put forward with the aim of enhancing competition, facilitating innovation, protecting consumers as well as ensuring a harmonised application of the legal requirements across the EU creating a single EU Payments market.

Scope and definitions

The EBA is insisting on clarifications which need to be made to key concepts and definitions encompassed within the PSD2. By way of example, EBA is toying with the concept of merging together a number of payment services in Annex 1 of PSD2, due to their similar nature, particularly services 1 and 2 which deal with the placement and withdrawal of cash from a payment account, and services 3 and 4 which deal with the execution of payment transactions. Cross-referring to recent judgements by the European Court of Justice, the EBA also calls for clarifications with regards to certain terms used under PSD2, such as “payment account” and “payment instrument”.

The EBA also flirts with the notion of potentially amalgamating PSD2 and the Electronic Money Directive (Directive 2009/110/EC or EMD2) to address the challenges currently faced by the industry and supervisory authorities due to confusingly similar definitions, such as:

payment accounts and electronic money accounts,
payment services and electronic money-related services; and
scriptural money and electronic money.

To tackle these dilemmas and to enhance harmonisation throughout the Member States, the EBA proposed that electronic money services are to be dealt with in the current payment services framework, due to their similar nature and risks. This will result in creating consistent and identical legal requirements for payment institutions (PIs) and e-money institutions (EMIs), particularly those obligations relating to safeguarding requirements, the initial capital and own funds.

Prudential requirements

The EBA concluded that amendments are needed to the current prudential requirements, in order to keep up with the ever-evolving business models:

Initial Capital Requirements – The EBA proposed that all PIs, to the exception of payment initiation service provider and account information service provider should be regulated by the same initial capital requirements with the competent authority having discretion to decide whether to apply the threshold for initial capital or the one for own funds. The EBA acknowledged that since the adoption of PSD1, the initial capital requirements have remained unchanged and as a result there is no reflection of inflation or any other potential adverse changes to the economic environment which may have affected the PIs. Thus, the EBA proposed a mechanism to be incorporated within the directive to take into consideration such changes.
Calculation of own funds – The EBA proposed the use of a single default method for the calculation of own funds to avoid regulatory arbitrage such as Method B, found under Article 9 of the PSD2, since it is the method mainly used across the EU and covers most of the applicable risks.
Use of professional indemnity insurances –the Opinion proposes a clarification on the application of profession indemnity insurance highlighting the risks, the possibility of use of excess and the thresholds.
Framework for recovery and wind-down – The EBA proposed the introduction of a simplified recovery and wind-down framework applicable to PIs and EMIs and the authorisation for competent authorities to have the power to manage the failures of these PIs and EMIs.

Strong Customer Authentication (SCA)

The supranational banking authority also put forward proposals for the clarification regarding application of SCA, specifically its role in the regulatory treatment of merchant-initiated transactions and transactions excluded from the scope of SCA, the mitigation of social engineering fraud and the ensuring of non-exclusion of certain groups of society. SCA is a requirement put forward by PSD2 on payment service providers within the European Economic Area (EEA) to ensure a multi-factor authentication is used when any electronic transaction is made, to certify maximum security on electronic payments. The EBA focused inter alia on the following points:

The reliance of SCA on third party technology (TPP) – third party technology is when for instance, the authentication approach is integrated within a smartphone such as a fingerprint reader. The EBA acknowledges that often there is no contractual relationship between the PIs and smartphone manufacturer, and it may be the case that the control of the SCA falls in the hands of the latter. Therefore, there may be certain concerns if the PI does not carry out checks with regards to compliance with the PSD2. The EBA requests clarification on whether an outsourcing agreement is needed between the PI and the smartphone manufacturer and if this is not the case whether certain conditions need to be applied;
The delegation of SCA to TSPs – The PI has no control over any credentials provided by the TSP and therefore cannot ensure compliance with the directive. Therefore, the EBA put forward that the delegation of SCA to TSPs such as digital wallet providers, should require an outsourcing agreement between the PI and TSP; and
Whether the application of SCA should be considered a corrective and preventive measure, therefore offered free of charge.

Apart from dealing with the clarification of SCA, the Opinion also deals with the short-comings of the implementation of SCA for e-commerce card-payment transactions. The lack of readiness on the part of the actors in the payment chain and the need for competent authorities not to enforce the SCA requirements to avoid a negative impact on PSUs and the economy, led to a delay in the implementation of SCA for card-based e-commerce. The EBA put forward proposals in order to tackle this situation in the future:

The imposition of certain requirements on the actors in the payment chain which in turn impacts the implementation of security requirements.
The consideration of implementing such a project in stages so that the competent authority may guarantee consistent and harmonised implementation.

Open banking

The EBA also addressed the move from open banking (i.e. the secure practice of granting access to third-party payment services to banking transactions and other data from financial institutions) to open finance (which is the next step in the Open Banking journey involving a person’s entire financial footprint being opened to trusted third parties APIs). The EBA put forth several recommendations to the European Commission with regards to this move including:

A proposed legal framework on Open Finance which would incorporate adequate security requirements to ensure that the customer’s data is secure, and the risk of fraud is minimised. The legal framework would include expectations of the scope of the data to be shared and the interfaces to be used by the firms to access data. When dealing with the legal framework the interplay of such with the PSD2 should be considered to ensure that no grey areas are created with regards to provisions relating to AISPs.
Assessing the viability of a single EU API standard – the development of such a standard should take into consideration the industry itself and the market initiatives already in place and ensure that there is equal representation of all parties.
Addressing any uncertainties regarding the General Data Protection Regulation (GDPR) within the PSD2 in future Open Finance regulatory framework such as compliance with GDPR in the accessing of data and the application of the data minimisation principle.
High Quality APIs – the EBA proposed to the European Commission that the decision regarding the suitable compensation for the use of APIs by third parties should be left up to the market.

De-risking

In this opinion, the EBA also addressed unwarranted de-risking practices by banks affecting PIs and EMIs. The EBA proposed that the Directive puts forth ‘duly justified reasons’ for refusing access or terminating an existing account such as lack of information and documents, breach of contract, shortcomings of money laundering/terrorist financing controls etc. The EBA also stated that a mandate should be developed which could be used by supervisors in assessing whether the refusal or termination of such accounts for PIs/EMIs are justified.

Conclusion

The EBA through its Opinion not only exposes some unsafe potholes in PSD2 but also proposes several potential avenues on the evolution of the payment regulatory canvas in Europe. The Opinion gives a clear indication of what will be expected in the revamped PSD3, as well as how the new European legislative instrument will interplay with other acts such as the Markets in Crypto Assets Regulation (MICA), General Data Protection Regulation (GDPR), and the Digital Operational Resilience Act (DORA).

The author would like to thank Maegan Grech currently a legal intern at Ganado Advocates, for her support during the preparation of this article.

Credit & Financial Institutions

PSD3 – Through the lens of the European Banking Authority

'Credit & Financial Institutions' Related News Articles

BOV TALKS ARTIFICIAL INTELLIGENCE IN THE BANKING WORLD

The MFSA consults on a draft Conduct of Business Rulebook for Banks

MFSA Shifts to Outcomes-Based Supervision in 2024

AIFMD II – A step closer to entry into force

The European Union Global Minimum Level of Taxation for Multinational Enterprise Groups and Large-Scale Domestic Groups Regulations 2024

BOV EXPERTS DISCUSS ECONOMY AND INVESTMENT BASICS WITH RETAIL CLIENTS

Bank of Valletta has supported this year’s opera by Gioachino Rossini – ‘Armida’

EU AML-CTF Package taking shape: Compromise text for AMLR and 6AMLD published

Changing the terms of a credit agreement and forbearance policies and measures: new obligations on lenders in consumer and residential property credit agreements

BOV launches revamped cutting-edge website

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT

Bank Of Valletta extends Partnership Agreement with Heritage Malta

BOV RETROSPECTIVE EXHIBITION FEATURING WORKS BY NOEL GALEA BASON OFFICIALLY INAUGURATED

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)

FIAU Thematic Review on Company Service Providers when providing Company Formation Services

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts

2023 SEES 151 BOV EMPLOYEES GRADUATING

BOV SELLS PORTFOLIO OF NON-PERFORMING LOANS

MALTA Nomad Residence Permit, New Tax Rules.

BOV Boosting Employee Retention through Occupational Pension Schemes

Keeping Tabs on Market Perception and Knowledge about Investments

BOV Announces Profit Before Tax of €163.5 million as at September 2023

Proposed amendments to the Exclusive Economic Zone Act and ancillary laws

MFSA Circular regarding various amendments to the Investment Services Rulebooks

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition

BOV keeps up momentum in educating customers about scams

Auditing iGaming Entities

Malta: a state-of-the-art regulatory framework for cryptocurrencies

ESMA issues Second Consultation Package under MiCA

Standard and Poor’s (S&P) upgrades Bank of Valletta’s rating to stable

BOV Asset Management Seminar Discusses Best Practices in Investments

BANK OF VALLETTA ACQUIRES NEW FUNDING TO RELAUNCH THE BOV SME INVEST PACKAGE

BOV Introduces New Digital Portal to Update Customer Records

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing

ESMA and EBA issue Inaugural Consultation Packages under MICA

ESMA issues public statement in relation to sustainability disclosures in prospectuses

FIAU publishes its AML / CFT Supervisory Plan for 2023 – 2024

Reforming Digital Payments – Introducing the new Payment Services proposals

APS Bank delivers best-ever half-yearly results, to pay interim dividend

New Digital Experience For BNF Bank Customers

Proposals for an improved European Banking Union framework – Part II

Proposals for an improved European Banking Union framework – Part I

Opposing trade mark registrations in the realm of financial institutions

Over 24,000 customers respond to BOV’s call for feedback

BOV puts Mobility in the Spotlight on World Bicycle Day

BOV Goes Green for Mental Health

BOV Volunteers at GSSE 2023

The new notified PIFs framework: MFSA publishes consultation document on regulatory changes

MiCA obtains green light from European Council

ESMA postpones annual IFRS amendment of ESEF to 2024

BOV Launches Investor Education Sessions

MiCA – Landmark crypto regulation approved by EU Parliament

BOV ISSUES WARNING ON SCAM CALLS

BOV Asset Management Limited launches the Global Multi-Asset Thematic 60 Fund managed by Fidelity International

MALTA COUNTRY ANALYSIS REPORT

INFOCREDIT GROUP AMONG THE SPONSORS OF MALTA FINANCIAL CRIME COMPLIANCE CONFERENCE 2023

Business Decisions that undermine the Compliance Culture – Part 5

BOV Offers MAPFRE MSV Life Capital Guaranteed Product

Business Decisions that undermine the Compliance Culture – Part 4

Becoming a Data Driven Organisation

Business Decisions that undermine the Compliance Culture – Part 3

BANK OF VALLETTA PROMOTES HEALTHY LIFESTYLES AND ROTA INITIATIVE

Business Decisions that undermine the Compliance Culture – Part 2

ELTIF 2.0 published in the Official Journal of the European Union

The INSIGHT Interview: David Power, CEO of BNF Bank

Sustainable Finance and the Impact on the Financial Services Sector in Malta

Bank of Valletta commemorates International Women’s Day

EU’s Green Taxation: Tackling Climate Change through Tax

The classification of cryptoassets under the new Markets in Crypto-Assets Regulation

Business Decisions that undermine the Compliance Culture – The MLRO Reporting Lines

Welcome to “Enterprise Innovation” ¦ 23 February 2023 at Salini Resort Hotel

Brussels forecasts 3.1% economic growth for Malta, second-highest in EU

BOV Managers Discuss Customer-Driven Strategies

More ATMs For BNF Bank Customers

Digital Operational Resilience for the Financial Sector