The PSD2 (Second Payment Services Directive) is a European regulation which came into force in Spain on November 24 2018 and stipulates that traditional financial institutions are required to open up their payment services to third parties, with the aim of encouraging competition and improving the services available to citizens in Europe.
This directive affects the banking industry, companies in the financial sector, service providers, regulatory institutions in Europe and customers, among other players. The roles of each of the protagonists are described below:
Payment service providers
- Account Servicing Payment Service Providers
ASPSP (Account Servicing Payment Service Providers) are service providers in possession of the account details of end customers, on which the new financial business in Europe is built.
As per the PSD2, this information must be shared with the new players, Account Information Service Providers and Payment Initiating Service Providers contingent on the customers’ consent. However, this also opens up a new world of possibilities of monetization of this information thanks to third-party products.
- Account Information Service Providers
Under the PSD2, AISP (Account Information Service Providers) supply aggregate information about the payment accounts held by a customer with one or more providers. With the user’s consent, the Account Information Service Provider enables the customer to check his/her financial information in different banks from a single interface without having to log in to the separate accounts.
In Spain and Europe, there are several examples of bank information aggregators, under Personal Financial Management (PFM): Afterbanks, Fintonic, Cuéntica, Eurobits, Albert, MYValue…
- Payment Initiating Service Providers
These services make it possible to initiate a payment order at the customer’s request against a payment account the customer has opened with another provider, usually a traditional banking entity. In this way, the customer of a banking entity would be able to pay at a retailer without the involvement of his/her bank, with no intermediary. The customer would not need to sign or use his/her bank’s credit or debit card. The transaction would only involve the customer, the Payment Initiating Service Provider to connect with the banking entity, and the retailer to receive the final payment.
In Europe there are some interesting examples of Payment Initiating Service Providers: Trustly in Scandinavia, Sofort in Germany and Ideal in the Netherlands. These are three of the main competitors from the fintech sector.
- EBA (European Banking Authority)
The European Banking Authority is the guardian of the principles laid down in the Second Payment Services Directive (PSD2). The EBA was created on January 1 2011 during the international financial crisis triggered by subprime mortgages in the USA. The EBA took over the duties, powers and responsibilities of the Committee of European Banking Supervisors. It is located in London and its duties include performing stress testing on European banks to assess their possible capital weaknesses and ensuring the conditions for greater bank transparency and innovation.
The PSD2 is at the center of the second goal. Having the EBA’s head office in the UK after Brexit is a complex, somewhat anomalous situation which the European bureaucracy may have to resolve over time.
The European Commission has assigned EBA the power to draw up some sections of EU regulation albeit Brussels will have final say. For example, the Regulatory Technical Standards (RTS), documents specifying aspects of any EU legislative text (a directive or a regulation), legally binding and applicable to EU Member States.
In February 2017, the EBA submitted the final draft of the Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and common and secure communication (CSC), which was hardly changed by Brussels.
The technical requirements set by the EBA to ensure privacy and security in service provider operations remain unchanged as regards aspects such as two-factor authentication and dynamic linking.
In addition to five RTS, the EBA has also drawn up another six more legally binding documents for Member States subject to the PSD2: five Guides (GL) and one Implementation Technical Standard (ITS), which guarantees the right conditions for equal competition between business groups in the sector.
European institutional framework
The EBA is an independent European institution. However, it falls within the EU hierarchical structure. The EBA is a member of the European System of Financial Supervision (ESFS), which was created as a decentralized system of authorities with several levels to ensure consistent supervision across the EU.
The ESFS consists of the EBA, the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA). This system also includes other supervisory authorities such as the domestic supervision authorities of Member States (in Spain, this is the Bank of Spain).
Within the structure of the ESFS, the European Banking Authority must inform the three most important EU institutions of its progress: the European Parliament, the European Council and the European Commission.
The main goal of the PSD2 is to ensure that the customers benefit the most. This article explains how the European directive affects the digital identity of bank customers and their role in this new context.