The views expressed in this article are solely those of the author and should not be attributed to the European Payments Council or the European Commission.

On June 28, 2023, the European Commission (EC) published a set of new legislative proposals, notably for a Third Payment Services Directive (PSD3) and a Payment Services Regulation (PSR). It foresees changes to the foundational framework of the European payments market and is likely to have a material impact on the players subject to it, both from a legal and operational perspective.

We wanted to know more and interviewed Eric Ducoulombier, Head of Unit at the European Commission, Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA).

On June 28th, the DG FISMA of the EC published its long-awaited legislative proposals reviewing the revised Payment Services Directive (PSD2). Could you tell us what are the main novelties included in the PSR and PSD3 proposals and what this means for the payments sector?

These proposals are an evolution, not a revolution. Novelties such as open banking or strong customer identification were introduced years ago, by PSD2. PSD3 and PSR do not challenge the main ‘acquis’ of PSD2. They must be seen as the continuation of PSD2, not as a change of direction. Our review showed that PSD2 has, by and large, met its intended objectives. The market needs stability and PSD2 is not that old after all. That said, our proposals do contain important provisions. Let me highlight a few, but there are many more:

•   We propose to merge the payment and the e-money frameworks into one, even if some key e-money specificities are preserved. 

•   We propose to modify the Settlement Finality Directive (SFD) to enable non-banks to access payment systems. We also propose remedies to the recurring ‘de-risking’  problem faced by some Payment Institutions (PIs) and E-money Institutions (EMIs), which should substantially improve their capacity to open and maintain bank accounts. 

•   As regards open banking (OB), although we are not changing the fundamental principles introduced by PSD2 (no charging for the use of OB interfaces, no standard API etc.) we are determined to improve the framework which - as explained in our review report - is not yielding all its potential benefits. We provide a lot of clarifications as to what constitutes a regulated ‘baseline’ OB service, we identify a list of prohibited obstacles to the provision of payment initiation services and account information services, we streamline the complex system (dedicated interface, fallback, exemption to the fallback etc.) established by PSD2 etc.

We also explicitly recognise the possibility for a self-regulatory market space to exist in addition to the regulated sphere. This is a particularly important acknowledgement of on-going initiatives such as SEPA Payment Account Access (SPAA) scheme, in which the European Payments Council (EPC) is playing a leading role.

We are very confident that these improvements, which seem to have been well received by the market, have the potential to give a boost to open banking which we continue to identify as a significant source of innovation and competition, especially when combined with instant payments, which is another of our top priorities. 

•   We also identified payment fraud as a growing source of concern. The PSD2 provisions were quite substantial but they are no longer sufficient to tackle the new types of fraud, in particular fraud relying on manipulative techniques, like the so-called authorised push payment (‘APP’) fraud.

We are significantly stepping up the legal framework as regards both fraud prevention and redress. We give more tools to PSPs to prevent fraud, in particular by enabling them to safely share some fraud-related data. I know that this was particularly important for the EPC [note from the editor: safe fraud-related data sharing is important for frauds information sharing initiatives being discussed at PSP industry level].

We are also proposing to extend to regular credit transfers the compulsory IBAN/name checking service which we had initially proposed only for instant payments. But prevention is not enough. We are also opening redress rights to consumers in respect of fraudulent payments including, in certain cases, some authorised payments. For example in cases of ‘spoofing’, i.e. of fraud based on the impersonation of bank staff which, unfortunately, is becoming a serious problem for consumers and PSPs.

We are also clarifying and reinforcing Strong Customer Authentication (SCA) which, in spite of having only recently been introduced in the European Union (EU), is already producing spectacular results. But as regards fraud there is no silver bullet. Our proposed measures are to be seen as a panoply, a tool-kit, but obviously whatever the legal measures put in place, individual vigilance based on proper consumer awareness and education - which we are also reinforcing - remains the first line of defense.

These proposals were extensively debated during the three years of preparation and in particular during the numerous consultations which we carried out with all stakeholders. The payments sector as well as consumers who are, I believe, the main beneficiaries of our package, benefiting from many new or reinforced rights which would take me too long to describe here, should largely benefit from these improvements which were extensively debated during the three years of preparation of our proposals and in particular during the numerous consultations which we carried out with all stakeholders.

Open finance is a nascent market in contrast with open banking which has existed for more than a decade.

How do the PSR and PSD3 proposals relate to the EC’s proposal on the Financial Data Access (FIDA) framework?

They are different but complementary. They are complementary in the sense that FIDA covers financial services and accounts which were not covered by PSD2. They are different in the sense that they are based on different premises. Open finance is a nascent market in contrast with open banking which has existed for more than a decade.

FIDA, unlike PSD3, has no ‘legacy’ to take into account and no prior investments were made by the market. That explains the different choices made by the Commission in FIDA, such as the possibility to charge or the need for prior contractual arrangements. The differences between the two frameworks are not at all fortuitous - there are by the way also a lot of similar provisions in the two frameworks, for example as regards to ‘dashboards’. Legal differences between the proposals are justified by the differences between the two markets.

We also carefully examined the situation of Account Information Service Providers (AISPs) which could theoretically, given the nature of their business, have been transferred right away to the FIDA framework. We decided to proceed rather in stages in order to avoid any risk of disruption. Any future transfer of AISPs to the FIDA legal framework will have to depend on prior favorable market conditions.  

In which areas do you expect the EPC to play an active role, in order to facilitate the achievement of high-level objectives behind PSR and PSD3?

The EPC is a very original entity with - to the best of my knowledge - no equivalent in other financial services sectors. It is not an EU institution as such but its raison d’être, defined more than 20 years ago in the wake of the launch of the euro, is a quasi-public one. This role and situation makes the EPC an invaluable partner for the Commission.

Although it expresses the voice of the payments sector in its vast diversity, I do not at all consider the EPC as an industry group only expressing industry views. The EPC is also playing a leading role in important initiatives, such as SPAA, which are fully complementary to our legal framework. And I am not mentioning the EPC’s more traditional role as Single Euro Payment Area (SEPA) standards setter, which is indispensable and where our public-private cooperation is yielding very positive outcomes.

I will take into utmost consideration the views which will be expressed by the EPC during the negotiation phase which is beginning now. The EPC possesses an expertise that the Commission does not possess. And I know that we share the same objectives as regards the EU payments sector. 

This role and situation makes the EPC an invaluable partner for the Commission.

What are the next steps of the legislative process and the expected timeline?

Work has started in Council under the Spanish Presidency, which already held a first meeting in July. The European Parliament (EP) is also preparing itself and ‘rapporteurs’ have been recently appointed. Discussions will take time. We are talking of two texts, representing jointly about 150 articles. The two texts are on the table now, which means a shift of focus towards EP and Council.

As regards the timeline I don’t have a crystal ball and as Mark Twain said, “It is difficult to make predictions, especially about the future”. I think it is not unreasonable to foresee a possible final adoption of the texts during the first half of 2025.

But let’s not forget the EP elections in between, they bring an element of uncertainty into the timeline. But count on the Commission to play its full role to secure an early adoption. I know I can also count on the EPC, whose full dedication to our common cause is a huge support to the Commission.