Open Banking in Europe, driven by the legislative initiative that came into force in 2019, is at a turning point that should succeed in accelerating the utilisation of all the opportunities that have been expected in the payments market in recent years. Although we have previously witnessed the introduction of new payment services in Europe, thanks to the introduction of the Open Banking paradigm, one cannot hide the presence of critical issues that are still preventing the expected development.
On 28 June 2023, the European Commission published two new regulatory proposals to improve the current PSD2 framework. These are a directive (PSD3) and a regulation (PSR). The choice of these types of legal sources is not accidental; in fact, the first aim was to try to overcome the fragmentation in the transposition of the current PSD2, which has created quite a few difficulties in its application, and has also generated often conflicting relationships between Banks and Third Parties regarding the correct interpretation of the existing rules.
As soon as the new regulatory proposal was published, there was an immediate search to see whether the various comments coming from the market in recent years had been taken on board by the EU co-legislators. This was only partially the case, so much so that as the European Commission itself tried to point out when announcing this new regulatory package, we are in the presence of an evolution and not a revolution, unlike at the time of the release of PSD2. This means that at least for the Open Banking rules, now included in Chapter 3 of the PSR proposal , there seems to be no particularly disruptive or, in any case, decisive elements to overcome the critical issues that the market has had to face in recent years. The most significant novelties associated with the new regulatory proposal can be summarised in the following ‘new’ rights and obligations:
-
The ASPSPs, the Banks will have to make information about the status of the payment initiated by a PISP more readily available and provide a dashboard for the customer, who will thus be able to be aware of the consents they have issued to manage them more easily.
-
AISPs will no longer be ‘forced’ to apply the SCA after first obtaining consent to access customer data at the ASPSP. The extension of the duration of the consent given by the customer from 90 to 180 days, which was already introduced by the amendment to the RTS that came into force in July 2023, is then formalised.
-
Banks will be required to provide PISPs with the unique account identifier and the holder’s name as well as the currency available to the payer.
In other words, the EU legislator tries to ensure easier access by AISPs and PISPs by generating additional obligations for the Banks.
In addition, one can deduce the formal recognition of the Payment-as-a-Service model, in which essentially AISP is allowed to forward data to another third-party provider that can offer its services. What has instead remained unchanged, is the absence of incentives in the exchange of payment data covered by the regulation, unlike the new models proposed in other similar regulations (e.g. FIDA), aka Open Finance, where the possible sharing of further data relating to the relationship that the customer has with his bank becomes the subject of some form of remuneration in favor of the parties that hold the data, the so-called data holders.
Apparently, no new specific requirements aimed at improving the current communication standards adopted by the Banks for the operation of their APIs that would be useful to avoid the current market fragmentation.
However, it has been clarified which services must ‘mandatorily’ be made available on the APIs, which were previously only generically mentioned (same payment services as those offered on the direct channel), and among these is the emphasis on the obligation to offer bulk payments, which are mainly aimed at legal persons.
The new regulatory package is expected to see the light of day in its final version in 2024, although delays resulting from the European elections to be held next year cannot be ruled out, thus interrupting the already normally lengthy and complex EU legislative process. In the meantime, there will certainly be no shortage of discussions between the industry and the legislator to further improve the current proposal, and although it is always difficult to reconcile the interests of all parties involved, the hope is always that the will to ensure the evolution of the payments market will eventually prevail over the demands of the individual parties.
In conclusion, while appreciating the further efforts of the legislator to improve the existing regulatory framework in the EU, again to achieve greater competitiveness and innovation in the payments market, there remains some doubts as to the incisiveness of this approach, unlike others adopted in other geographies, to best promote the development of Open Banking. Experiences at a global level so far led us to believe that although legislation is undoubtedly useful, market initiatives are just as important, and in this sense an important contribution in Europe could be made by the EPC’s Sepa Payment Account Access Scheme (SPAA), aimed precisely at making available a scheme in which adhering participants will be able to offer new functions and new services beyond those strictly provided for by the standard.
This editorial piece was first published in the Open Finance Report 2023. We encourage you to download the report and find out the latest trends and developments in the world of Open Banking and Open Finance, as the road to Open Data continues.
About Gianluca D’Imperio
Gianluca has been working in the banking sector for 23 years. He is a Senior Compliance Officer, responsible to ensure the consistent implementation of EU rules on payment services at the Group level. He is a member of the Institute of International Finance (IIF) and the Association for Financial Markets in Europe (AFME) since 2016. Gianluca started working with the first internet-only bank in Italy, holding various roles and responsibilities. In 2003, he joined UniCredit where, in 2006, was appointed as Regulatory Compliance Specialist ensuring the bank remains up to date on banking services regulatory requirements following Italian and European laws.
About UniCredit
UniCredit is a pan-European Commercial Bank with a unique service offering in Italy, Germany, and Central and Eastern Europe. Its purpose is to empower communities to progress, delivering the best-in-class for all stakeholders, unlocking the potential of its clients, and its people across Europe. UniCredit is organised in four core regions and two product factories, Corporate and Individual Solutions. Digitalisation is one of the key enablers of its services.
