The European Commission is finalizing its review of current PSD2 regulations and the various proposals it received for amending those regulations during last year’s consultation period. So knowing that the arrival of a potential new directive, dare we say PSD3, may very well be on the horizon, there’s no better time than now to remind ourselves of the ongoing fiasco of PSD2—including its regulatory technical standards (RTS) and implementation nightmares—to avoid making the same mistakes in the future. 

 

PSD2, an example not to be followed

The great thing about PSD2 is that it taught us a lot about what not to do ever again.

Before going there, however, let’s quickly take a walk down memory lane. As you may remember, when PSD2 was first introduced, it came with the promise of fostering innovation in the financial services industry while also going a step further to protect consumers. Unfortunately, the reality of PSD2 has been quite different.

For starters, the PSD2 text was drafted in reaction to the growing presence of digital-first Third Party Providers (TPP) that emerged to address evolving marketing needs and create new kinds of value and innovate the banking and financial services sectors. The simple fact that this regulation was developed as a knee-jerk reaction to such players shows that innovation, in its purest form, really wasn’t at the heart of the PSD2 regulations.

Going one step further, while PSD2, in theory, was not intended to be overly restrictive and actually provide the regulatory legitimacy that TPPs needed to provide valuable services, the level 1 RTS published by the European Banking Authority (EBA) were poorly conceived, especially as it relates to communication and authentication between TPPs and banks. In many ways, these RTS have jeopardized—and still continue to do so—the ability for TPPs to deliver on a variety of use cases for which the sole purpose was to simplify, streamline, and, more generally speaking, improve the end-to-end customer journey.

Because the detriments of these “obligations” far outweighed the benefits, the EBA was forced to publish an opinion in June 2020, more than two and a half years after PSD2 went into effect, addressing head-on the obstacles that TPPs faced when attempting to continue providing their services within the framework of these regulations. While this helped smooth over a few pain points, a few issues still remain “sticky” today:

• Many banks still require strong customer authentication (SCA) every 24 hours for both individual and business checking accounts. For services relying on PSD2 APIs to function properly, it’s critical for TPPs to be able to refresh this data without having to remind the customer to reauthenticate every day.
• The app-to-app pathways have not been standardized across banks, which ultimately means that any “redirects” during the customer experience can often feel like an obstacle course for end users. This has been shown to reduce conversion rates, especially around payment initiation, time and time again.
• Even though SCA renewal regulations have now been extended from 90 to 180 days, thereby permitting a more seamless experience for end users, the SCA is still in the hands of the banks. This doesn’t help with conversion rates either. However, it’s important to note that licensed payment institutions, like Powens, have put all the necessary precautions in place to ease a bank’s worries and “carry the risk” associated with SCA renewal.

This explains why, more than five years later, PSD2 still leaves a bitter taste in the mouths of pretty much every player in the financial services industry, banks and fintechs included.

 

4 regulatory pitfalls to avoid in the future

If new payment services directive regulations are on their way, this is our chance to make sure that whatever happens in the future is not a repeat of the past. Here are a few pitfalls that the entire industry should avoid if we want to make this a smooth transition.

 

1. Don’t be hasty

If we’ve learned from any of our mistakes, it’s that rushing to publish an “empty” directive—followed by successive RTSs and clarifying opinions from the EBA—is not a winning strategy for any player within the industry. To make both Open Banking and Open Finance revolutions in their own right, we must take a thoughtful, iterative approach to the next phase of the payment services directive. This is the only way to ensure the regulations put in place actually foster innovation and continued industry-wide digital transformation.

 

2. Don’t do this in a vacuum 

There is a wealth of Open Banking and Open Finance use cases in the market today that can guide the development of this next-gen regulatory framework. So instead of creating regulations haphazardly—and then forcing key industry players to reconfigure their products and services to fit within the framework—let’s actually learn from what’s already working well to build regulations that can truly fuel continued innovation. Remember, there are a lot of individuals and businesses that rely on existing Open Banking and Open Finance solutions every day; let’s not go out of our way to break the chain needlessly.

 

3. Don’t do this unsupervised

As the saying goes, “If you build it, they will come.” We learned with PSD2 that this is not the case. In order to make the implementation of any new regulations as seamless as possible, it’s critical to get all the right players involved—including banks, fintechs, and industry regulators—to create a governance body that could minimize any unnecessary hiccups. Simply getting all sides of this ecosystem around the table would make a huge difference.

 

4. Don’t make exemptions

Any new regulations need to be applicable across the board. With PSD2, for example, Italian banks were somehow exempted from the fallback mechanism even though their APIs are among the most problematic in Europe. Making these kinds of exceptions renders it nearly impossible to maintain a universal set of standards. We live in a much more connected world than when PSD2 first went into effect. If we want all systems to be able to function and communicate with each other effectively, everyone needs to follow the same rules. (If you can’t tell, this is still a big point of contention for us…)

 

Let’s get ready for a PSD3 future

Although nothing is set in stone quite yet, we might as well start thinking about the potential of a new payment services directive coming our way. That’s why the team at Powens is following the discussion closely to ensure that we can not only guide the conversation in a positive direction but also be better prepared to execute flawlessly when the time comes.

 

Don’t let any new regulations catch you off guard?