Regulatory action impacting account-servicing payment service providers: the trend that payment services will no longer be services offered, primarily, by banks will be reinforced
As frequently pointed out in this newsletter, the Single Euro Payments Area ( ) is a European Union ( ) integration initiative pursued by the institutions. These are the European Commission, the European Parliament, the Council of the representing governments1 and the European Central Bank. With the introduction of the euro currency in 1999, these political drivers have focused on the integration of the euro payments market. To achieve this goal, the co-legislators, i.e. the European Parliament and the Council of the , adopted several legislative acts since the late 1990s. (For more information, refer to the infographic ‘ at a Glance’ and the Website page ‘ Legal and Regulatory Framework’ included in the ‘related links’ below.)
Related regulatory action also intended to address a perceived lack of innovation and competition in the European payments market. Summarising the efforts of the public authorities in this regard over the past two decades, it can be noted that these focused, among other things, on challenging the role of ‘traditional’ payment service providers ( ), i.e. the ‘incumbents’ (which, to date, have generally been banks). The Payment Services Directive (PSD)2 (see ‘related links’ below) illustrates this point:
In a 12 December 2007 press release following the publication of the PSD currently in effect in the Official Journal, the European Commission reiterated the expectation that this legislative act should, among other aims, “lead to lower prices and greater choice for users by fostering competition in the market and allowing non-banking institutions to enter the payment markets.” To that end, the PSD introduced a new category of as of 1 November 2009: the payment institution (PI). PIs are defined by the PSD Article 4 (4) as follows: “‘payment institution’ means a legal person that has been granted authorisation in accordance with Article 10 to provide and execute payment services throughout the Community”. In the Newsletter article, entitled ‘New Kids on the Block. An introduction to payment institutions’ published in April 2009 (see ‘related articles in previous issues’ below), Ruth Wandhöfer pointed out: “Whilst the definition alone does not provide sufficient background information on what such institutions actually are, the PSD goes on to describe such institutions in some detail as part of Title II of the original Directive text, which defines a comprehensive supervisory regime for PIs. (…) the existence of PIs is also in line with one of the ’s other regulatory objectives – namely that of enhancing competition in the payments industry, allowing for more consumer choice and the continued decrease in transaction pricing for this client segment via increased supply of harmonised payment services across the Single Market.”
The European Commission published its proposal for the revised PSD ( )3 (see ‘related links’ below) on 24 July 2013. This draft legislative act remains subject to review and adoption by the European Parliament and the Council of the . The Commission stated in its related ‘Frequently Asked Questions’ that its proposal for aims, among other things, to “take account of new types of payment services (such as payment initiation services offered in the context of e-commerce)” and to ensure “a high level of consumer protection and of payments security”.4 With its proposal for , the Commission introduces the concept of ‘third party payment service providers’ ( ) into European law. are described in the Commission’s proposal as pursuing business activities as referred to in point 7 of Annex I, i.e. services that are based on access to payment accounts provided by a who is not the ‘account-servicing’ , in the form of so-called (a) payment initiation services or (b) account information services, or both (a) and (b). (Following its review of the Commission’s proposal, the Council of the has suggested replacing the term by payment initiation service provider and account information service provider.)
These types of services are not new as such, but have largely been unregulated at the level. It is the task of the European Parliament and the Council of the to determine whether the new rules related to payment initiation or payment account information services proposed by the Commission indeed ensure a high level of consumer protection and payments security. (For more information, refer to the ‘related links’ and ‘related articles in previous issues’ below.)
As a result of these regulatory developments, the trend that payment services will no longer be services offered, primarily, by banks will be reinforced.
Technological developments impacting account-servicing expected to materialise in the next five years: payment accounts will no longer serve as a ‘stand-alone’ solution
however, will not mark the end of the process that impacts the role of account-servicing . The following developments also need to be considered:
- The standardisation of payments processing will further progress with the evolution of .
- Technological innovations will trigger additional solutions and business models based on the concept of access to accounts. In light of the fact that the regulatory response to new technological developments is generally delayed and behind the times once implemented, account-servicing will likely have to deal with future scenarios where such services are offered by unregulated entities. (As mentioned above, this is the case today with regard to payment initiation and account information services until is fully implemented in all Member States, which is not expected before 2017, at the earliest).
- Payment and information services will be offered independently of where the account is held, i.e. the place of residence of the account will become irrelevant.
As a result of technological progress, in the future payment accounts will no longer serve as a ‘stand-alone’ solution, but provide a ‘plug-in’ for additional services linked, for example, to digital wallets and the cloud.
The new role of account-servicing : looking at the challenges
The bottom line is: as a result of the regulatory and technological developments detailed above, the traditional role of the account-servicing is obsolete.
From the perspective of a bank, the following has to be noted: on the one hand, the legislator will force account-servicing to maintain the infrastructure – and make the related investments – required to offer customers account services. will also continue to be responsible for safeguarding customers’ funds and data. On the other hand, the legislator will force account-servicing to grant third parties access to accounts so that these third parties can realise their business model. If and to what extent account-servicing will be remunerated for providing the infrastructure required by third parties to offer their services remains unclear. In addition, the proposed provides for a potential liability for account-servicing in the event of a payer’s decision to make use of a third party for payment initiation services. Or, as Commission representatives have called it on several occasions, the account-servicing would be the “first port of call” for the payment service user.
Considering the inherent risk to security posed by access to the account by third parties, account-servicing will also have to implement additional measures to protect the integrity of the accounts and the account data. This will be a challenge due to the following factors:
- Having recognised the risks associated with online payments, in December 2014, the European Banking Authority ( )5 published its finalised guidelines on the security of internet payments that in the will be expected to implement by 1 August 2015. The guidelines are based on recommendations first issued by the European Forum on the Security of Retail Payments (SecuRe Pay)6 in January 2013. Examining the guidelines, Director General Etienne Goosse commented in the January 2015 edition of the Newsletter (see ‘related articles in previous issues’ below): “In the last two decades many security solutions were implemented, only to have been rendered obsolete as technology evolves.” For example, since the issuance of the Secure Pay recommendations on the security of internet payments in 2013, “tokenisation has been picked up as one of the prevalent security solutions in any future e-payments system but, understandably, at the time of publication, the recommendations did not take tokenisation into much consideration.” This means account-servicing will be at risk of having to invest in security measures prescribed by the regulator that might quickly become outdated.
- Implementing additional security measures will translate into higher maintenance, connection and processing costs for account-servicing . This will be a burden, in particular, for smaller players among (and consequently, might adversely impact on the diversity of service providers supposedly desired by the regulators).
- Developing additional security measures without decreasing flexibility and convenience experienced by customers to date in their day-to-day management of their payment account will be a challenging task.
- There will be a clear distinction between, on the one hand, payment account deposits and the money and information flows related to these accounts on the other. Deposits should primarily remain under the account-holding banks’ custody, whereas the money flows and information derived from these flows will become business opportunities for any third party authorised under .
The new role of account-servicing : looking at the opportunities
In the Newsletter article, entitled ‘The Concept of an Open Standard Interface for Controlled Access to Payment Services (CAPS)’ published in January 2014 (see ‘related articles in previous issues’ below), Michael Salmony argued: “The access to accounts [by ] will be a reality in the not too distant future – the regulator will enforce this (although he still has to set some boundary conditions for success).” He also points out: “Open access to bank accounts has the potential to lead to an explosion of innovation, competition and new services. New revenue streams will evolve and the banks themselves could even be one of the main beneficiaries from this dynamic environment – if they position themselves in a timely and proactive manner.”
This author concurs that the concept of account-servicing, despite the challenges detailed above, remains a strategic opportunity for banks. The evolving payments landscape not only changes the role of account-servicing , but also the needs of account-holding customers. Banks, in their role as account-servicing as well as offering payment initiation and account information services, are uniquely positioned to meet those needs. Specifically, banks have the opportunity to combine the advantages of a reliable and trusted account infrastructure based on highest security standards with value-added features including, but not limited to, solutions relying on access to the account in the new environment.
The assumption is that designing and bringing to market related solutions is the order of the day in the competitive environment right now.
Notions, articulated by some, anticipating the imminent demise of ‘traditional’ banks offering payment services are therefore premature. The belief that only ‘new’ players would command innovative capability or could design competitive payment initiation and account information services, is ‘old school’.
Jean-Yves Jacquelin represents Erste Bank Vienna in the European Payments Council.
EPC Website: SEPA at a Glance – the Infographic (this infographic provides an overview of the actors involved in the process at the European level and their interaction)
Related articles in this issue:
How to Use Blockchain Technology to Develop Faster and Cheaper Inter-banking Infrastructures. The blockchain protocol and the distributed ledger used by crypto currencies could provide banks with a competitive technological advantage, if adopted quickly
European Payments Council 2.0 Is Now Operational: Stakeholders Are Invited to Stay Engaged in the Evolution of the SEPA Credit Transfer and SEPA Direct Debit Schemes Going Forward. The EPC is ready and looks forward to making the next steps in the SEPA process
Related articles in previous issues:
The Future of Payments: European Commission Invited Exchange of Views at its Conference on Emerging Challenges in Retail Finance and Consumer Policy. Participants discussed latest developments, and ones to come, in terms of consumers' safety, accessibility and convenience ( Newsletter, Issue 25, January 2015)
Guidelines on the Security of Internet Payments Released by the European Banking Authority: a Two-Step Approach. EPC response to the consultation on guidelines on the security of internet payments launched by the European Banking Authority ( Newsletter, Issue 25, January 2015)
EU Payments Legislative Package: Strong Concerns of European Banks. The focus on innovation and competition issues should not be to the detriment of consumer protection ( Newsletter, Issue 25, January 2015)
Tensions in Cyberspace: Competing Priorities and Legislative Initiatives in the Online Payments World. Will the EU legal framework aimed at ensuring secure online payments amount to a series of harmonious provisions, or result in an uneasy compromise? ( Newsletter, Issue 24, October 2014)
PSD2: EPC Calls on EU Lawmakers to Maintain the Firewall Protecting Consumers Making Internet Payments. This Means: No Sharing of Any Personalised Security Credentials with Third Parties. Update on legislative process leading to the adoption of the revised Payment Services Directive ( Newsletter, Issue 23, July 2014)
The Concept of an Open Standard Interface for Controlled Access to Payment Services (CAPS). A commentary: “Access to accounts – why banks should embrace an open future.” ( Newsletter, Issue 21, January 2014)
The Future of Payments: Markers for Success. The six markers which payments incumbents and newcomers alike can use to define positioning and strategies for successful innovation ( Newsletter, Issue 17, January 2013)
New Kids on the Block. An introduction to payment institutions ( Newsletter, Issue 2, April 2009)
1 The Council of the is the institution where the Member States’ government representatives sit, i.e. the ministers of each Member State with responsibility for a given policy area.
2 The formal title of this legislative act is ‘Directive 2007/64/EC of the European Parliament and of the Council [of the ] of 13 November 2007 on payment services in the internal market’.
3 The formal title of this proposed legislative act is ‘Proposal for a Directive of the European Parliament and of the Council [of the ] on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/ and 2009/110/EC and repealing Directive 2007/64/EC’.
4 European Commission Memo (24 July 2013): ‘Payment Services Directive and Interchange fees Regulation: frequently asked questions’ http://europa.eu/rapid/press-release_MEMO-13-719_en.htm.
5 The European Banking Authority ( ) was created in 2011 to ensure “effective and consistent prudential regulation and supervision across the European banking sector”. http://www.eba.europa.eu/about-us;jsessionid=6B8E9354BA8070DD1850963DC72733CF.
6 The European Forum on the Security of Retail Payments (SecuRe Pay) was established in 2011 as a voluntary cooperative initiative between relevant authorities from the European Economic Area; supervisors of payment service providers (i.e. the European Banking Authority and its members) and overseers (i.e. the European System of Central Banks). The European System of Central Banks comprises the European Central Bank and the national central banks of all European Union Member States whether they have adopted the euro or not. https://www.ecb.europa.eu/pub/pdf/other/mandateeuropeanforumsecurityretailpayments201410.en.pdf.
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.