The Payment Services Directive regulation, regarded as one of the most disruptive in Europe’s financial services sector, will begin to make an impact in January 2018. It aims to give greater access to competitor banks and third party payment service providers. This focus looks at how PSD2 is likely to transform the banking landscape and asks whether the current players are ready for the fundamental changes.
Why use one word when 47,803 will do? The revised Directive on Payment Services – popularly referred to as PSD2 – is a publication long on detail but short on excitement. In 105 dull pages of legislative minutiae, the European Union (EU) sets out changes to the existing PSD framework so that it remains relevant to market conditions.
PSD2 requires payment service providers (PSPs) to make substantial changes to existing operational practices, and decrees that all member states must implement the new rules as national laws by 13 January 2018. It remains to be seen if this date will be revised – let’s not forget that the Markets in Financial Instruments Directive (MiFID) II, another major brick in the regulatory wall, has been delayed by ‘exceptional technical implementation challenges faced by regulators and market participants’ – but the likelihood of any slippage is actually a moot point.
The seismic effects of PSD2 will be felt at some point within the next 24 months, and if one word is used to summarise the magnitude and importance of the updated framework, ‘revolutionary’ is apposite. PSD2 lays the foundations for a new era of openness in financial services, and will disturb the comfortable status quo in a number of different – and dramatic – ways. Change is most definitely in the air, so let’s understand a) what this involves, b) why this matters, c) whether players are ready, willing and able to transform and d) what will happen if they fail to adapt.
Four key features
What is PSD2 seeking to change? The revised directive has four main aims:
Help make the European payments market behave in a more integrated and efficient way. On the excitement scale, this ambition rates as a generous 3 out of 10. While it has roots, will anything really take hold?
Reduce fraudulent payments activity to better protect customers through the use of stronger methods of authentication for electronic transactions. This is more like it, and deserves 8 out of 10 on the aforementioned scale.
Encourage competition and choice through the emergence and growth of innovative fintechs and the enhancement of digital transaction methods. On the surface, this is somewhat prosaic. But beyond the mundane objective lies THE most transformative development to hit Europe for decades. The needle reaches all the way to 10 on the excitement scale, for reasons that will become clear momentarily.
Encourage lower prices for payments. Whoop! Whoop! Always a bonus to pay less for a service that is [theoretically] improved. Doesn’t make it exciting though. 5 out of 10.
Why does any of this matter? For the purpose of brevity, we can have a discussion about the future behaviour of the European payments market and the prices paid by users at another point in time. Instead, let’s concentrate on the truly transformative – and most impactful – elements, starting with the desire to improve competition and choice. Achieving this will be accomplished by allowing new payment providers to offer entirely new payment services. By way of illustration, PSD2 will regulate payment initiation services (PIS) and account information services (AIS).
PIS is ‘a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another service’ – PSD2 Article 4(15).
AIS is ‘an online service to provide consolidated information on one or more payment accounts held with either another payment service provider or with more than one payment service provider’ – PSD2 Article 4(16).
The provision of such services will result in changes to the competitive landscape, as the payments environment is (re)energised by the arrival of new players emboldened by new legislation which represents a step-change in regulatory thinking. Opening-up third party access to customer data is one of PSD2’s biggest pieces of radicality, as it fundamentally alters how the industry functions. Coupled to – and prompted by – the inexorable rise of digitalisation and consumer-driven e-commerce activities via online and mobile transaction mechanisms, disruptors will be eyeing the rump of payments with lascivious eyes. Frankly, the prospect of gaining a decent share of a highly lucrative market – payments globally is a trillion dollar industry – is a temptation that’s impossible to resist.
We must look beyond payments, and consider a banking environment where openness is both mandated and encouraged. Where customers, finally, get the high standards of care which have been promised; where regulators can oversee the market with reduced risk(s) and visibility of any issues; where investors can see a healthy return on equity substantially higher than the cost of equity; and where institutions can co-exist in an ecosystem which helps them derive revenue through the provision of new products and services. The financial services sector is about to experience its ‘glasnost moment’. PSD2 is the beginning of a hitherto unseen level of openness. And that’s no bad thing.
Reactive or proactive?
Whether or not the industry is ready is another question entirely. Progressive banks and PSPs will be viewing PSD2 as an opportunity rather than an encumbrance. Teams will already be mobilised, not just to follow the framework and achieve compliance, but with instructions to think creatively about what the future of banking will look like and how the organisation can make a successful transition and achieve a leading position.
Making wide-reaching changes to the way the financial services sector functions hasn’t always been performed enthusiastically by market participants. Any reticence or resistance needs to be exorcised pronto, as failure to embrace PSD2 – and its wider implications – could conceivably consign existing players on a journey to industry marginalisation at best or oblivion at worst. PSD2 is obviously going to have a major operational impact on existing IT systems and processes, as will the other legislative elephant perched on a stool in the corner of the room (the EU General Data Protection Regulation).
If players want to succeed in the future, changes need to be made. The clock is ticking ever-louder towards January 2018, and the stakes are rising ever-higher, all thanks to a boring sounding piece of legislation which is going to have a seismic effect.
Africa presents the ideal environment for new cash and payments services architecture by linking rapidly changing customer expectations with new technologies. This puts banks at the centre of the creative clash of trends and technology as Africa’s financial institutions harness disruption for innovation and growth.
PSD2 heralds a new dawn for mobile payments, as the regulatory technical standards around the upcoming European open banking regulations are expected to put mobile devices at the heart of new payment techniques. But despite the regulatory environment nudging markets towards certain payment types, it is not easy to predict exactly how consumers will adopt the technology.
Only a month ago the FBI announced that fake eBay sales were being used to mask payments from the US to the Islamic State (ISIS). Terrorists and criminals are becoming more sophisticated in terror financing and money laundering, so businesses must be too.
Studies show that many organisations are not aware of the fines they could face after GDPR comes into effect, or lack the technology to allow for compliance. The penalties for non-compliance are high: any breaches incur a maximum penalty of 4% of the organisation’s global annual turnover, or €20m, whichever is more.