The European Commission presented a study on the application and impact of the Second Payment Services Directive (PSD2) on 02.02.2023. This study goes back to Art. 108 of the PSD2. It was prepared for the European Commission by the Centre for European Policy Studies (CEPS) and the consulting firm VVA. The study addresses the questions of whether PSD2 has achieved the objectives pursued by the European Commission and what improvements should be made to PSD2. This blogpost is primarily concerned with the suggestions for improvement contained in the study. These suggestions are an important indication of what changes we can expect to see in an updated PSD2 under a Third Payment Services Directive (PSD3). The study divides the proposals into three topics, referred to as pillars.
Pillar I: recommendations on the PSD2 scope and exclusions
The study concludes that there are differences in the application of PSD2 and the supervision of companies under PSD2 within the European Union. It argues that this leads to fragmentation of the Single Market and regulatory arbitrage. As a remedy, the study suggests closer coordination between supervisors and central banks in the European Union. In this context, the study pays particular attention to platforms (e.g., Amazon and Apple). With regard to these companies, closer cooperation between national supervisory authorities is proposed to avoid divergent application of the PSD2 requirements.
In addition, in the area of strengthening competition, the study comes to the conclusion that the functioning of competition could be distorted due to the strong market position of Big Techs. In addition, the study finds that member states have different approaches to banning surcharges. To remedy these deficits, the study suggests closer cooperation between antitrust authorities in the European Union and optimization of information exchange. Furthermore, the proposal to address the operation of (retail) payment systems as a regulated business is remarkable.
The study concludes that the current definition of a payment service leads to legal uncertainty as to which activities are covered by PSD2 and which are not. As a solution, a definition of payment service is proposed that describes the core elements of a payment service in an abstract manner and thus differs from the current conclusive list of types of payment services.
The study identifies a need for a close interplay between PSD2, the Markets in Crypto Assets Regulation (MiCA) and the future regulation of CBDCs. According to the study, this goal should be reached by making certain parts of PSD2 also applicable to e-money tokens and asset-referenced tokens.
In the relationship between the PSD2 and the regulation of e-money, the study identifies legal uncertainty resulting from the fact that different requirements exist in some cases for payment services and the e-money business in the member states. To address this problem, the study proposes consolidting PSD2 and the Second E-Money Directive (EMD2) into a single directive. Within the framework of such a single directive, all regulations for payment services and e-money are to be bundled.
In addition, the study proposes several clarifications related to agent engagement and access to payment accounts by account information and payment initiation service providers.
Pillar II: Recommendations on Open Banking
The first proposal in the second pillar relates to improvements through more standardization and interoperability. It is proposed to define uniform standards for other payment-related mechanisms (e.g., QR codes, interfaces), as was done for the SEPA payment schemes. The European Payments Council (EPC) is to play a coordinating role here.
A three-stage model should be defined for payment services in order to regulate emerging payment service providers more precisely. The three stages should be subdivided into the transfer and custody of funds on the one hand, the transfer and custody of data on the other, and finally the management of payment platforms. This is to be supplemented by more intensive cooperation between national supervisory authorities via the European Banking Authority (EBA).
Existing barriers to account information services are to be reduced by requiring strong customer authentication only once per account (similar to a standing order), as long as the account holder does not revoke the “standing order.”
Pillar III: Recommendations on data protection and customer protection
To reduce legal uncertainty due to the tension between supervisory law and data protection law, the coordination between EBA and the competent data protection authorities is to be improved.
Finally, the study contains a list of proposals for improving customer protection. These include improved protection for people who are particularly vulnerable (e.g., due to their age), simplification of cross-border dispute resolution, and optimization of information requirements for payment service providers.
What comes, what stays?
Even though there is a long way to go from the study to a PSD3, some tendencies can be identified that we will certainly hear about in the context of the discussions on a PSD3. These include, above all, the uniform regulation of e-money and payment services as well as a clear definition of what is and what is not a payment service. The call for more practicality in Open Banking is also not surprising. However, the question whether European legislators will succeed in making big tech companies more accountable through a PSD3, remains one of the bigger open issues. Overall, a PSD3 is unlikely to revolutionize the regulation of payment services. However, this would also have been surprising, because regulation – apart from numerous individual problems – is working. In my view, PSD3 cannot solve the biggest problem in the regulation of payment services. In my view, this problem is the very different regulation by national supervisory authorities, which in some cases leads to serious distortions of competition. The road to a European payment regulator with a single authority that applies the same standards to all companies in the European Union is (unfortunately) still a long way off.
