The revised Payment Services Directive (PSD2) was adopted with payment innovation and safety to the fore. One of its purposes is to regulate at the European Union (EU) level practices and players currently unregulated in the EU. Among other things, PSD2 regulates the role of Payment Initiation Services (PIS) providers (PISPs). PISPs facilitate the use of online banking to make a payment.
A bit of background
However, PSD2 – which will enter into force in January 2018 – does not specify in detail how PIS will operate in the future. To help stakeholders prepare the implementation of PSD2, the Euro Retail Payments Board (ERPB) decided to set up a working group of ERPB members, Third Party Payment Service Providers (TPPs), standardisation and market initiatives. Its mandate is to identify conditions for the development of an integrated, innovative and competitive market for PIS in the EU.
The working group produced its first report for the June meeting of the ERPB. Because of the limited time available and regulatory uncertainties, it could not complete its mandate and will therefore submit its final report at the November ERPB meeting. The publication by the European Commission of the final Regulatory Technical Standards () on strong customer authentication () and secure and common communications is currently foreseen for late 2017. These were originally authored by the European Banking Authority () and will provide concrete information on the implementation of PSD2. Only when a degree of certainty about the final RTS is reached can the working group define meaningful recommendations.
In this interview, which first appeared in the EPC Monthly Digest, Alain Bénédetti, co-Chair of the ERPB working group on PIS in the name of the EPC, and software architect for retail banking at BNP Paribas, gives his views on the first phase of this project, the challenges met, and the next step.
Q. Could you summarise the main outcome of the work done by the ERPB working group on PIS in its first phase?
Firstly, the working group members recognised that today’s PIS are more complex than the PIS in PSD2. The working group managed to reach an agreement on nine recommendations for the first phase, but also found two major topics of disagreement: first, would the PISP be able to assess risk by sifting through Payment Service Users’ (PSUs) data, and second, who would provide the user interface to the PSU? These two features could be seen as belonging to Account Information Services (AIS), hence the working group’s proposal to resolve both issues by combining PIS and AIS through the same communication session between PISPs and Account Servicing Payment Service Providers (ASPSPs).
The other important outcome was the acknowledgement of the need for an operational register to include the elements that must be verified when a TPP connects to an ASPSP.
The working group also stressed in its report that clarification is needed on liabilities. Such clarification should be provided by the EBA.
Q. What was the biggest challenge the group faced when identifying the conditions required for an integrated and innovative market for PIS?
The biggest challenge was to create mutual understanding and trust between TPPs and ASPSPs in the limited period of time available (less than four months), especially given the complexity and controversial nature of the matters at stake.
It was also difficult to agree on a common interpretation of the still-evolving legal framework and to move away from the past to focus on the future.
This was unfortunate, because while many processes are already regulated and leave no room for innovation, if all the actors could understand that they are partners, PSD2 could trigger new modelsin the PSP industry! I also regret that the consumer side could not participate during the first phase.
We must not forget that we make all these changes to provide the consumer with more choice in a secure environment. Happily, consumers should be represented in the ERPB working group for the second phase.
Q. What steps will the working group take next to fulfil its initial mandate?
The working group will now follow up concretely on some of the recommendations of the first phase, taking into account the finalisation of the EBA RTS on SCA and secure and common communications, and the clarifications to be provided by both the EBA and European Commission. It will also fulfil the remainder of its mandate, in particular further developing the ‘what’ and the ‘how’for communication between the PISP and the ASPSP.
The final report will be presented at the November 2017 meeting of the ERPB.
Q. Once the final report is delivered, what do you personally think will be needed to create a fully integrated market for PIS?
To prepare for the phase following the final report, a realistic next step would be to put in place the Application Programming Interface (API) governance.