Saturday, November 23, 2024

European Union – Financial Services

Must read

The European Union (EU) is updating its regulatory framework
governing payment services by introducing the “Payments
Services Package”. In June 2023, the European Commission
published a set of legislative proposals designed to modernise and
enhance the digital financial landscape within the EU.

The Payments Services Package consists of Payment Services
Directive III (PSD3), to be adopted alongside the Payment Services
Regulation (PSR) and the Regulation on a Framework for Financial
Data Access (FIDAR).

PSD3 is an update to the existing Payment Services Directive
(PSD2), aimed at further refining and expanding the regulatory
framework for payment services. It will also repeal and replace the
Electronic Money Directive (EMD2), establishing a single regulatory
framework governing both payment services and e-money services.
There would be a single set of requirements for licensing, conduct
of business and prudential supervision, as e-money institutions
will be licensed as payment institutions under PSD3.

What are the key topics of PSD3/PSR?

Strengthening harmonisation and enforcement

The forthcoming PSD3 is anticipated to focus predominantly on
the regulation of licensing procedures and the functional aspects
of payment service providers (PSPs).

Nevertheless, other essential elements such as fraud prevention,
liability, transparency, open banking and Strong Customer
Authentication (SCA) will be addressed within the PSR. The
integration of these aspects into the PSR signifies the direct
applicability of these regulations across the EU.

Enhancing consumer rights

The new proposal includes the following propositions to
strengthen customers’ rights:

  • Increased protection of temporarily blocked funds
    – the proposed changes aim to ensure that the blocked amount
    will be proportionate to the expected final amount. Blocked funds
    should be released immediately after receipt of the information on
    the exact final amount of the payment transaction and no later than
    immediately after receipt of the payment order.

  • Enhanced transparency on credit transfers and money
    remittances from the EU to third countries
    – PSPs will
    be required to inform users of currency conversion charges as well
    as of the estimated time for the payee’s payment service
    provider in the third country to receive the funds.

  • Enhanced transparency for payment account statements
    – PSPs will be obliged to clearly identify payees, including
    stating their commercial trade name.

Mitigating payment fraud

The Payments Services Package should tackle new types of fraud
such as “spoofing” (i.e. cases where the fraudster
manipulates the customer into giving their consent to authorise the
transaction by pretending to be an employee of the payment
institution). This blurs the distinction between unauthorised and
authorised transactions, leaving current mechanisms insufficient to
addressing such frauds.

The new proposal includes the following fraud prevention
measures:

  • Extension of IBAN/name verification services to cover all
    credit transfers
    – this will require the PSPs to verify
    that the account name matches the International Bank Account Number
    (IBAN) associated with that name.

  • Enhancement of customer refund entitlements
    customers should be entitled to refunds in instances where
    consumers are deceived by spoofing scams. Additionally, if the
    system designed to verify the alignment between the IBAN and the
    account holder’s name malfunctions, customers will be eligible
    for a refund.

  • Introduction of extended transaction monitoring
    measures.

  • Provisions of legal framework for PSPs to share
    fraud-related information
    .

  • Further SCA enhancements – new rules will be
    established regarding SCA, including:

    • Liability shift – the new proposal aims to shift
      the liability for fraud to third-party systems and technical
      service providers, such as digital wallet providers and payment
      gateways, if they fail to apply SCA.

    • Exemptions from SCA – the proposal clarifies the
      circumstances in which certain types of transactions, such as
      Merchant-initiated transactions (MITs), are exempted from SCA.

Upgrading open banking

A landmark feature of PSD2 was the introduction of the open
banking regulation, allowing account information service providers
(AISPs) and payment initiation service providers (PISPs) to access
customers’ data with their consent in order to provide them
with services such as expense reports, budgeting tools and targeted
financial products. PSD3 is expected to bring the following changes
and improvements to open banking requirements:

  • Strict standards for data access interfaces
    the Payments Services Package specifically address the prohibited
    obstacles, such as the requirement for additional registration or
    additional checks of the permission, that cannot be integrated into
    the interfaces.

  • Customer dashboard – customers should be
    provided with a dashboard integrated into their user interface to
    monitor and manage permissions granted to AISPs. This tool should
    allow customers to see which companies have access to their data
    and enable them to revoke such access.

Levelling the playing field

The proposal aims to provide payment institutions (PIs) and
electronic money institutions (EMIs) better access to payment
systems. To obtain a licence, PIs and EMIs are required to have an
account with a commercial bank. Currently, however, commercial
banks often refuse to open accounts for them or close existing
accounts due to concerns related to issues such as anti-money
laundering controls. This creates an uneven playing field, as banks
compete with PIs and EMIs in providing payment services.

Under the new proposal, banks will be required to offer clear
reasons when refusing to open an account or when closing accounts
for payment institutions (PIs), considering the individual
circumstances of the PI. The decision not to open the account must
be based on serious suspicions of illegal activities conducted by
the PI or the risky nature of the PI’s business model or risk
profile. If the bank refuses to open the account, the proposal
offers the PI the opportunity to appeal to a national authority. In
addition to commercial banks, central banks will have the
discretion to offer opening of accounts to non-bank PSPs.

Improving the availability of cash

  • Purchase-free “cashback” at retailer shops
    – presently, retailers can provide cash-back services, but
    only as part of a purchase. The proposal aims to broaden access to
    cash by allowing retailers to offer cashback services outside of a
    purchase transaction, even without needing to obtain a licence or
    being an agent of a payment institution.

What is the timeline?

The precise dates for the implementation of PSD3 and the PSR
remain unclear. Industry experts project that the finalised
documents may be made public by the end of 2024 or at the beginning
of 2025.

Upon their release, it is customary for EU Member States to be
allotted a transitional period, typically extending to 18 months,
to align with the new legislation. Consequently, it is expected
that PSD3 and the PSR will come into effect over the course of
2026.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Latest article