PSD2 will supersede PSD1 on 13 January 2018, retaining key benefits from PSD1 such as increased competition with facilitated market entrance for regulated non-bank players, improved economies of scale, enhanced transparency, but also incorporating technological innovation, enhancements and protection into law. This will ensure that a competitive playing field continues to develop, without exposing individuals, consumers or businesses to undue risks. In the UK, the FCA will have primary responsibility under PSD2 for monitoring compliance and enforcement, whilst the Payment Systems Regulator (PSR) will be responsible for legal provisions relating to access to payment services.
Key changes introduced by PSD2 and impacts
The introduction of PSD2 requires financial institutions’ IT architectures to be open, pluggable and flexible. Financial institutions need to step away from closed legacy systems to more open standards and software.
Overall the key changes are as follows:
• Greater information provision.
• A new market for innovators who want to use existing bank and payment
• Significant operational changes for all Payment Service Providers (PSPs).
Key considerations for payment institutions
FCA reauthorisation requirements
PSD2 transitional provisions allow existing authorised PSD1 payment institutions, authorised e-money institutions and small e-money institutions to continue to provide payment services until 12 July 2018. If these firms want to
carry on providing payment services after this date, they must provide the FCA with required additional information before 13 April 2018.
Business model and strategy
Firms need to explain their strategy to the regulator. The range of possible strategies goes from minimum compliance with PSD2 to proactive digital
transformation, leveraging the new opportunities introduced. Firms could for example consider setting up, or collaborating with, AISPs or PISPs. The introduction of PSD2 will incentivise firms to revisit their payment strategy and design partnerships with actors previously not considered within the payments industry (e.g. telecommunications). Firms should consider preparing an impact assessment on P&L to assess a potential threat to revenues.
Like many compliance topics, PSD2 affects multiple stakeholder groups (strategy, IT and operations) and the governance might prove difficult to define. When looking at possible governance structures, firms should see PSD2 as a catalyst for a wider payments modernisation programme. In formulating the governance framework and strategy, firms need to consider the potential impacts on the following IT and operational aspects:
• IT systems, architecture and customer interfaces;
• products and services including possible enhancements or new opportunities;
• marketing materials, customer terms & conditions and education needs;
• complaint handling and alternative dispute resolution procedures;
• reporting requirements;
• fraud, security and risk management; and
• resources, budgets and staff training requirements.
PSD2 is a significant piece of legislation designed for the future to promote competition, increase customer protection, bring existing and new players such as Fintech firms, regulation and compliance and harmonise payment standards throughout the EEA. And for the avoidance of any doubt, Brexit does not stop the implementation of PSD2 in the UK.