The European Commission releases PSD3 proposal

The European Commission has today put forward proposals to bring payments and the wider financial sector into the digital age. „Today’s new rules will further improve consumer protection and competition in electronic payments, and will empower consumers to share their data in a secure way so that they can get a wider range of better and cheaper financial products and services. These proposals place consumers’ interests, competition, security and trust at their centre.” according to the press release.

The payment services market has changed significantly in recent years. Electronic payments in the EU have been constantly growing, reaching €240 trillion in value in 2021 (compared with €184.2 trillion in 2017). This trend was accelerated by the COVID-19 pandemic. New providers, enabled by digital technologies, have entered the market, in particular providing ‘open banking’ services – i.e. securely sharing financial data between banks and financial technology firms (‘fintechs’). More sophisticated types of fraud have also emerged, putting consumers at risk and affecting trust.

In response to these developments, today’s package seeks to ensure the EU’s financial sector is fit for purpose and capable of adapting to the ongoing digital transformation, and the risks and opportunities it presents – in particular for consumers.

That is why the Commission has today proposed two sets of measures:

Revising the Payment Services Directive:

Today’s proposal will amend and modernise the current Payment Services Directive (PSD2) which will become PSD3 and establish, in addition, a Payment Services Regulation (PSR). It consists of a package of measures which:

Combat and mitigate payment fraud, by enabling payment service providers to share fraud-related information between themselves, increasing consumers’ awareness, strengthening customer authentication rules, extending refund rights of consumers who fall victim to fraud and making a system for checking alignment of payees’ IBAN numbers with their account names mandatory for all credit transfers.

Improve consumer rights, in cases for example where their funds are temporarily blocked, improve transparency on their account statements and provide more transparent information on ATM charges.

Further levelling the playing field between banks and non-banks, in particular by allowing non-bank payment service providers access to all EU payment systems, with appropriate safeguards, and securing those providers’ rights to a bank account.

Improve the functioning of open banking, by removing remaining obstacles to providing open banking services and improving customers’ control over their payment data, enabling new innovative services to enter the market.

Improve the availability of cash in shops and via ATMs, by allowing retailers to provide cash services to customers without requiring a purchase and clarifying the rules for independent ATM operators.

Strengthen harmonisation and enforcement, by enacting most payment rules in a directly applicable regulation and reinforcing provisions on implementation and penalties.

This proposal ensures consumers can continue to safely and securely make electronic payments and transactions in the EU, domestically or cross-border, in euro and non-euro. Whilst safeguarding the rights of customers, it also aims to provide greater choice of payment service providers on the market.

Legislative proposal for a framework for Financial Data Access:

This proposal will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:

Possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice)

Obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions of fintech firms) by putting in place the required technical infrastructure and subject to customer permission.

Full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers’ personal data in line with the General Data Protection Regulation (GDPR).

Standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members.

Clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available.

Additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act proposal (and smaller firms will only have to pay compensation at cost).  

In practice, this proposal will lead to more innovative financial products and services for users and it will stimulate competition in the financial sector. For example, consumers will benefit from improved personal finance management and advice. Previously burdensome processes such as comparison services or switching to a new product will become smoother and cheaper, including for example, automated processing of mortgage applications. SMEs would also be able to access a wider range of financial services and products, such as more competitive loans resulting from their creditworthiness data being more easily accessible.

Quote(s)

„As Europe moves towards a true digital economy, we can make more from all the opportunities offered by data and data-driven innovation in the financial sector. More sharing of personal data, while retaining full control over it, will allow people to access tailored products and services that suit their needs, and also create room for the financial industry to innovate. Today’s proposals set strict conditions on rights and obligations for open data-sharing to protect privacy, and to give full control to customers over access to their data and how it is used. The same principles apply to new data technology developments in payment services, where we intend to reinforce consumer protection – including by improving fraud prevention – and make sure that consumers are offered the best and cheapest payment service.” – Valdis Dombrovskis, Executive Vice-President for an Economy that Works for People.

„Today we are taking concrete steps to modernise not only the EU’s retail payments industry but the financial service sector as a whole. In doing so, we are putting the best interests of citizens and consumers at the heart of financial services. In the EU’s growing data economy, every interaction in finance creates new data. It is therefore vital that European consumers remain the ones in control of their payments and they decide with whom to share this data so that they can avail of new and innovative products. Today we are proposing a set of measures including enhanced protection for consumers making electronic payments in the EU and improved criteria to prevent and remedy payment fraud. This proposal will ensure customers and businesses benefit from more innovative payment and financial service options, whilst being confident that these are offered in a safe, transparent and secure way.” – Mairead McGuinness, Commissioner for Financial Services, Financial Stability and Capital Markets Union.

Background and next steps

Today’s proposal fulfils a key commitment in the Commission’s 2020 Retail Payments Strategy, by ensuring the rules applicable to the EU retail payments industry remain fit for purpose, taking in account market developments, as well as promoting the development of instant payments in the EU. On that front, it complements the Commission’s proposal from 2022 for a Regulation to make instant payments in euro available to all citizens and businesses holding a bank account in the EU and in EEA countries.

In parallel, the Financial Data Access proposal contributes to the commitment set out in the 2020 Digital Finance Strategy to put in place a European financial data space. Overall, this financial sector initiative fits into the broader European data strategy and builds upon the key principles for data access and processing set out in its accompanying initiatives, such as the Data Governance Act, the Digital Markets Act and the Data Act proposal.