The regulation that paved the way for the PSD2
PSD2 is the directive with which the European authorities seek to achieve the definitive opening of the European Union's financial and banking sector through the total standardization of services. This is a key standard, but by no means recent, as its first version dates from 2007.
The acronym PSD2 stands for "Second Payment Services Directive" and originated in 2007. At that time the European authorities were starting to see the need to foster the domestic payment services market, specifically what is known as the single European payment area (SEPA), which includes banking institutions, companies in the financial sector and customers.
Under the name PSD (Payment Services Directive), this first movement opened the door to the processes of innovation and free competition within the European Union's financial sector.
Any change in European financial legislation requires moving a vast and cumbersome structure, and involves some truly jaw-dropping numbers. According to data from the European Central Bank and the report "Think. Act. Beyond mainstream. Successfully navigating changes to payments regulations" by the consultants Roland Berger, 2.9 billion euros' worth of card transactions were made in the European Union in 2016, representing 49% of the 122 billion transactions in instruments other than cash.
Before the PSD, all the analysis by the European Commission on the deficiencies in the single payments markets revolved around three very clear pillars:
- The high cost of the payment system in the European economy before 2007 due to its extreme inefficiency. Consumers were reluctant to use electronic payments, so cash payments were more common, a system that is clearly costlier than the others.
- Payment systems were essentially domestic. All transnational transactions were much more expensive due to the lack of infrastructure.
- The domestic markets had their own legal frameworks for their payment systems. To implement a single payments market like SEPA required moving toward greater integration and standardization.
One of the European Commission's most notable early moves to impose community regulation on domestic markets was its decision to adopt measures against six EU member countries in June 2010. Cyprus, Greece, Spain, Poland, Romania and Sweden were handed down rulings compelling them to apply the requirements of the PSD in their national legislation. The idea was that these countries should take steps to ensure that transfers, debts and card payments within the European market (SEPA) were as easy, efficient and secure for customers as any similar transaction within the domestic market.
In 2010 the European Commission identified the need for three member states to implement complementary legislation to apply every single one of the rules specified in the PSD: in Romania this involved payment institutions; in Spain, information and data requirements; and in Cyprus, money-laundering. In the others –Greece, Poland and Sweden–, none of the elements in the PSD directive were fulfilled and the Commission set November 2009 as the deadline.
Section I of the PSD defined a series of banking operation activities that would come under its control in any EU country. These activities include:
- Cash deposited or withdrawn from payment accounts.
- Execution of payment transactions
- Credit transfers, including standing orders.
- Direct debit transactions.
- Payment card transactions.
- Issuing and/or acquiring payment instruments.
- Execution of payment transactions with an intermediary such as a telecommunications operator, IT company or a company in the digital sector.
PSD2, the definitive move toward the opening of third-party services
This was the first step in everything that would follow. The arrival of the PSD2 represents a more far-reaching phase in terms of the elements regulated by the PSD, but the legislation is also adapted to the new factors that have emerged with the changes in the financial and digital sector. This adaptation specifically affects the requirement that traditional banks should open up their payment services to third companies.
Within the PSD2, these providers are known as third-party payment service providers or TPPs, and their right to access the data and products of banks' customers is recognized if the owners have previously given their consent. This agreed surrender of banking information applies not only in the case of traditional banks to companies in the fintech sector –the term payment service providers also refers to other banks.
The basic principle on which the "Second Payment Services Directive" is founded is that the bank customers' personal and financial information does not belong to the banks or to third companies that may offer new services, but that are exclusively the property of the users. And they are the ones who must decide how this information is used and manage it with the companies.
This opening-up needed to be regulated and correctly coordinated between the different countries in the European Union and the European institutions, as access to the banks' payment services by third providers is largely transversal to all member states.
This is a new scenario that goes beyond national borders. The same provider may have access to account holder services in Spanish, British, Dutch, German, French banks, among many others.
Sign up to the BBVAOPEN4U newsletter and receive tips, tools and the most innovative events directly in your inbox.