Under the latest EU Payment Regulations, the European Union (EU) is introducing the Third Payment Services Directive (PSD3), First Payment Services Regulation (PSR1), and Financial Data Access Framework (FIDA) to refine its regulatory landscape for payment services.
These proposals aim to address the regulatory fragmentation caused by previous directives (PSD1, PSD2), which necessitated each EU member state to implement its own national laws, thereby introducing unique nuances that increased complexity. Thus, the key objective of these new proposals is to reduce regulatory fragmentation while increasing consumer fraud protections, promoting open banking adoption, and creating a level playing field between bank and non-bank payment platforms.
As currently proposed, PSD2 will effectively be replaced by PSR1, a regulation that will become law across the EU without requiring laws at the member state level. PSD3, while succeeding PSD2 in name, will have a limited scope focused on harmonizing licensing and regulatory treatment for non-bank payment providers under PSR1. On the other hand, FIDA aims to expand open banking by enhancing the initial requirements set by PSD2. At a glance, these key changes include:
- PSR1: This regulation effectively replaces PSD2, introducing changes like mandatory Strong Customer Authentication to bolster security and address issues in the current system.
- PSD3: It focuses on codifying and standardizing the licensing processes for payment providers, ensuring a more uniform approach across the European market.
- FIDA: This regulation establishes a new framework for Open Banking, expanding and organizing how financial data is handled and accessed.
These proposals aim to reduce regulatory fragmentation in the European payments sector and introduce more streamlined, practical enhancements to the existing regulatory structure.
Overview and Considerations:
The primary goal of the European Union’s new proposals is harmonization in the payments regulatory landscape. These proposals are designed to unify the regulatory framework, increase transparency and security in banking and payments, and streamline the regulatory process across the European Union. Critical aspects of these proposals include:
PSR1 (Payment Services Regulation 1): Acting as the true successor to PSD2, PSR1 replaces the PSD2 and E-Money directives with a unified set of regulations applicable across Europe. This eliminates the need for individual member states to enact their own laws, ensuring a consistent regulatory approach across the EU.
PSD3: Although a successor to PSD2 in name, PSD3 is limited in scope and primarily serves to cement the primacy of PSR1 in regulating payments across the EU. Primarily, PSD3 categorizes electronic funds transfer platforms as “payment institutions” to bring them under the purview of PSR1.
FIDA (Financial Data Access Framework): This regulation emphasizes open banking transparency, building upon PSD2’s success in promoting open banking. FIDA transforms the directive into a singular EU-wide regulation. Its provisions include mandatory consumer consent dashboards and formalizing data breach liability to incentivize open banking participation.
Key Provisions To Consider
The three EU Payment Regulations proposals are set to have a broad impact:
PSR1 (Payment Services Regulation 1)
- Modifications to SCA Requirements: PSR1 enhances accessibility by requiring Strong Customer Authentication (SCA) methods to accommodate users without smartphones. It mandates that card-issuing banks delegate SCA to third parties, such as Apple Pay, in compliance with European Banking Authority outsourcing regulations. Additionally, SCA now permits using two factors from the same authentication category (inherence, knowledge, or possession).
- New Anti-Fraud Initiatives: PSR1 introduces a shift in liability for fraud losses to payment gateways and technical service providers in cases of SCA non-use. It enables payers to request confirmation from receiving banks on the match of name and IBAN for wire transfers, aiming to reduce scam risks. Furthermore, it establishes a legal basis under GDPR for sharing transaction details, including personal data, exclusively for fraud detection and prevention.
PSD3 (Payment Services Directive 3)
Licensing Standardization and Directive Harmonization: PSD3 reclassifies Electronic Money Institutions as Payment Institutions, thus subjecting them to PSR1 regulations. It also repeals the Electronic Money Directive, which is now replaced by the combined provisions of PSD3 and PSR1.
FIDA (Financial Data Act)
Open Banking Guidelines: FIDA broadens the open banking mandate from PSD2 to encompass all data held by financial institutions, including mortgages, insurance, cryptocurrencies, and investments. It also establishes new rights for data holders to seek reasonable compensation from organizations accessing their data via open banking.
Proposed Customer Data Flow Under FIDA:
FIDA aims to enhance the current open banking framework established by PSD2, introducing more structured rights for consumers and institutions. This approach facilitates increased consumer and institutional data sharing while prioritizing data privacy and addressing enterprise risk considerations. To illustrate this proposed customer data flow, log in or sign up for Link and see page 5 in the Outside-In Report: PSD3, PSR1, and FIDA Harmonizing and refining Europe’s payment regulations
The advent of PSD3, PSR1, and FIDA is timely, targeting gaps in European payment services nearly a decade since PSD2’s introduction.
Leveling the Playing Field: Current regulations disproportionately favor banks, putting non-bank payment and E-Money platforms at a disadvantage with restricted access to payment systems and data. The proposed regulations aim to balance the scales between banks and non-bank platforms, fostering fair competition and enhancing consumer choice.
Boosting Open Banking Competitiveness: Consumer adoption of open banking is hindered by a need for more transparency and visibility into data sharing permissions. B2B data sharing is also impacted by unclear rules and liability guidance, with institutions hesitant to fully engage due to concerns around data breach liability and usage restrictions. Codifying open banking standards under a single EU-wide regulation is poised to accelerate open banking adoption by clarifying data-sharing rules and addressing liability concerns.
Strengthening Consumer Fraud Protections: PSD2’s stringent Strong Customer Authentication (SCA) requirements, though effective in reducing fraud, have resulted in higher false declines and limited transaction access for groups like the elderly and disabled due to reliance on smartphone-based methods. The new proposals aim to address these challenges, reducing false declines and improving accessibility for diverse consumer groups.
Anticipating the Changes
With PSD3, PSR1, and FIDA drafted primarily to refine PSD2 and address the pain points that surfaced after its implementation, we expect a largely positive impact across the landscape due to expected payments ecosystem growth. The landscape is expected to witness significant shifts:
- Robust SCA Mandate: Despite stringent SCA requirements, the demand for innovative solutions to reduce false declines is anticipated to grow.
- Open Banking Surge: FIDA’s focus on addressing data access challenges and legal liability will likely spur open banking adoption.
- FinTechs on a Level Playing Field: The harmonization of regulatory standards promises new opportunities for FinTechs, potentially boosting market competition.
- Improved SCA Requirements: Enhanced data sharing and accessibility under PSR1 will lead to higher SCA pass rates, benefiting both merchants and consumers.
For a full view of the impacts of these headwinds and tailwinds, log in or sign up for Link and view page 7 of the Outside-In Report: PSD3, PSR1, and FIDA Harmonizing and refining Europe’s payment regulations.
The introduction of PSD3, PSR1, and FIDA marks a significant milestone in the evolution of the EU’s payment services landscape. These initiatives streamline the regulatory framework and address critical issues like fraud prevention, open banking adoption, and fair competition. As these directives and regulations take effect, they promise to transform how payment services operate, bringing more security, transparency, and efficiency to the European market. The financial sector, including consumers, merchants, and service providers, should brace for a new era of enhanced, harmonized payment services.
- Outside-In Report: PSD3, PSR1, and FIDA Harmonizing and Refining Europe’s Payment Regulations
- Outside-In Report: Open Banking & the Convergence of Identity Verification
- Redefining Account Verification for Secure Digital Transactions
- Understanding the Proposed CFPB Rule on Digital Wallets and Payments