Payment Service Directive II – A glimpse at the EU’s FinTech regulation effort and its implications

Photo Tobias Pfuetze / FinTechs Entrepreneur, Senior Business Consultant, Mediaman Shanghai / March 17th, 2016

Regulating FinTech? Better say forcing their way into the market. Revolution ahead in the European banking business! Since the pressure on banks is high on different grounds, it is very likely that PSD II levels the field and FinTech will profit disproportionally over traditional payment stakeholders and potentially win the race.

The European Council recently ratified the PSD II and it has been in force since the 12th of January 2016. PSD II is about much more than giving new market entrants access to a more standardized, regulated financial ecosystem through access to accounts and defining the scope and role of these new payment service providers. PSD II might also be regarded as a well established regulatory framework to implement (self-)regulation in other markets, such as China, to avoid the risk of instability in the financial system caused by non-regulated FinTechs, like what recently happened in the P2P sector in China.

You may know about FinTechs. But the Directive deals with AISPs, PISPs and TPPs. The very presence of these acronyms illustrate that the scope of PSD I has been adapted. Account Information Service Providers (AISPs), as well as Payment Initiation Service Providers (PISPs), are all classified as Third Party Service Providers (TPPs) in PSD II. The diversity of traditional Payment Service Providers (PSPs), such as banks and financial institutions, has increased.

The new entrants are worth mentioning since they typically do NOT provide a payment account, but rather are software solutions aggregating and distributing information that will nevertheless be regulated under the PSD II framework.

Changes and major impacts due to PSD II

Banks
Need for increased security (online payments with strong customer authentication) and account access
Higher security risks (due to TPPs)
Lower card usage may prompt issuers to change business model
Additional IT development costs resulting in higher external competition
Real-time (push) payments need to be integrated into digital strategy

Third Party Providers (TPPs)
Non-discriminatory treatment and guaranteed technical access to payment systems
Need for regulatory approval
Regulated’ competition: rates imposed by banks cannot vary between initiation sources

Customers
Reduced costs through higher competition
Decreased dependency on cards
Broader range of available services and products of AISPs, PISPs

Merchants
Interoperable, bank-agnostic alternative to SWIFT for liquidity management, etc.
Opportunity to extend business model and engage directly as a Payment Institution with the client

The value retail banks payment revenue in 2015 was EUR128bn. Investement in FinTechs increased represented EUR10bn in 2014. Cash payments will have decreased by 30% in 2024. These numbers illustrate the overall state of the payment landscape, and PSD II will foster innovation and competition, such as in the area of credit granting (40). Keeping in mind that interest accounts for 44% of the 128bn Euro in revenue payments at the moment, P2P approaches to consumer credit on top of the direct access to bank accounts noted in Article (50ff.) seems likely, and will disrupt this traditional source of income for payment providers. In the proposal to adapt from PSD I to PSD II there has also been a proposal on the regulation of interchange fees for card-based transactions. It was drafted on the very same day in July 2013 in order to cap interchange fees in the EU. It came into force on December 9th 2015.

The second part of the 128bn Euro total revenue amounts to 44.8bn Euro and can be separated into income from interchange fees, bank transfer charges and FX spreads. Not only is the interchange fee capped at 0.3% credit and 0.2% for debit transactions, but also ‘sharing of charges between a payer and a payee is [advocated as] the most efficient system, since it facilitates the straight-through processing of payments’ in (65) PSD II. Business models charging a subscription fee for payment handling are encouraged in the same passage.

Finally, the third sector of payment revenue: the product. Accounting for 21% of the total, debit and credit cards, as well as fees for current accounts, are already being threatened by ‘Internet only’ banks. As predicted in (67): ‘Whilst today, most payments at the point of sale are card-based, the current degree of innovation in the field of payments might lead to the rapid emergence of new payment channels in the forthcoming years.’ An overall higher level of product innovation is expected and will force banks and other traditional stakeholders to innovate at a high speed.

Timeline and questions yet to be answered
The clock is already ticking and institutions in and around financial services in Europe must adapt their IT systems and implement solutions by the 13th of January 2018—the date when PSD II will be enforced by law throughout the EU.

Since PSD II has great technical specifications, stakeholders eagerly await the drafts from the European Banking Authority (EBA) to clarify processes and data structures of the communication between the parties (the draft is likely to be available in Q4 2016; finalized guidelines will be handed over to the European Commission by July 13th 2017). This information will give answers to Access (APIs / TPPs), Interoperability and Security(Article 98). Overall, we can expect to receive insights from the EBA in the form of draft regulatory technical standards covering:
. Information being provided by a Financial Service institute upon registration, including a business plan and others. Art. 5(6)
. Development—going-live and maintenance of the yet to be established central registration of payment institutes by the EBA. Art. 15(4)
. Method, means and details of cooperation in the notification of payment institutions operating on a cross-border basis and, in particular, the scope and treatment of information to be submitted. Art. 28(5)
. Volume of transactions, number of payment services provided, and total number of agents to determine if the application of a single point of contact is appropriate for payment service institutions that operate in Member States other than their home Member State. Art. 29(5)
. Standards on the criteria and on the conditions for establishment and monitoring of security measures. Art. 95(4)
. Regulatory technical standards on authentication and communication. Art. 98(1)

Besides those regulatory technical standards, the EBA has to deliver and issue guidelines in relation to topics such as major security, fraud and other incidents.

Stop complaining, start changing
How to capitalize on PSD II from a bank’s perspective?

As stated in (68), ‘The use of a card or card-based payment instrument for making a payment often triggers the generation of a message confirming availability of funds and two resulting payment transactions. The first transaction takes place between the issuer and the merchant’s account servicing payment service provider, while the second, usually a direct debit, takes place between the payer’s account servicing payment service provider and the issuer. Both transactions should be treated in the same way as any other equivalent transactions.’

A real-time payment infrastructure within the EU seems to be a little more within reach. That seems trivial for customers of Chinese banks, where real-time bank-to-bank account transactions have already been present for a long time. It’s much harder to realize within a region consisting of various highly heterogeneous banking systems, such as in the EU.

Making the banks’ IT ready for the 21st century should therefore be a common goal to strive for and is additionally ‘forced’ onto the stakeholders by PSD II.

Besides the stated implications for the various parties involved in payments and the concerns and risks associated with those, a wide range of opportunities arise, including for banks. Every bank is in the position to establish themselves as the ‘one-stop’ bank for already multi-banked customers to leverage on additional cross-selling opportunities. To position the bank or a spin-off as a technical intermediary comes with the chance to attract customers through a new channel, since the IT platforms that have to be established for PSD II are multi-bank ones, where a user of the bank IT platform does not necessarily need to hold a current account with the bank providing that platform. Innovation driven banks will also be able to test and iterate on processes, products and services with those other than traditional payment stakeholders (banks, card schemes, issuers, acquirers etc.) such as retailers, telecommunication operators, FinTechs and other digital players. Opening up and making bank IT systems accessible through APIs is therefore a huge opportunity, not only for new entrants, but also for well-established incumbents to innovate around the customer purchasing experience.

*

As presented, the regulatory framework drafted and agreed upon by the European Commission comes at a time when overall investment in FinTech companies is high and the market environment is favorable. PSD II will certainly drive innovation and increase competition among existing stakeholders along the payment value chain and provides a framework for new players to enter the market with solutions that focus on the customer to deliver better user experiences. The regulation comes at a time where European banks are still overcoming the financial crisis and political uncertainties, as recently manifested by the poor performance of Deutsche Bank in 2015, followed by a massive decline of its stock price thereafter. Since the pressure on banks is high on different grounds, it is very likely that PSD II levels the field and FinTechs will profit disproportionally over traditional payment stakeholders and potentially ‘win the race’—a development that has already taken place in the music industry, media industry and can currently partially be witnessed in the automotive sector. Internet banks founded by Chinese tech giants Baidu, Alibaba, Tencent (BAT) could, should and might become a phenomenon to be witnessed in Europe as well – Atom bank is the most prominent example so far. Might we soon see why 2016 won’t be like 2015?

Note from the editors. This article was originally published in our Chinese edition, developed with Shanghai Jiao Tong University, SJTU ParisTech Review.

 

More on paristech review

By the author

  • Payment Service Directive II – A glimpse at the EU’s FinTech regulation effort and its implicationson March 17th, 2016