Updated Cookies Policy - you'll see this message only once.
On 13 January 2018, the second Payment Services Directive (PSD2) officially came into force across Europe. PSD2 follows on from PSD1, which went live in 2009, and in fact replaces it in its entirety. PSD2 is a broad-reaching piece of legislation and aims to bring about increased competition, greater transparency and security across the European payments landscape.
The key areas of change are as follows:
One of the fundamental changes is the increased scope in payments. Previously, PSD1 only regulated payments within the EEA and in member state currencies (e.g. GBP, EUR, PLN etc). This will change with PSD2 to cover any currency for payments within the EU/EEA, as well as payments both to and from non-EU/EEA countries.
Effectively, we will have three categories of payments for PSD2:
Each payment category has differing levels of requirements and obligations, which are reduced as you go down the levels.
One aspect for important consideration is the changes around the SHA charging option. All intra-EEA transactions can only use the SHA charging option (sender pays their bank’s charges and the beneficiary pays their bank’s charges), irrespective of the currency. Whilst this is already in place for certain intra-EEA payments today, the use of the OUR charging option (sender pays all bank charges) for FX-linked transactions will no longer be available. This has clear implications for certain payment types.
PSD2 looks to harmonise how complaints are processed and managed:
A key requirement for PSD2 is to ensure that there are adequate security protocols in place to authenticate clients when using online platforms and services). These requirements are specifically linked to the Regulatory Technical Standards on Strong Customer Authentication and Secure Communication, which are expected to go live by September 2019. At a high level, payments must be authorised by using at least 2 of the following authentication factors:
The area that is creating the most buzz is around the creation of the new Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) business models. These new models will allow new entrants to enter the market to provide value added services to corporates. Banks are obligated to provide open access to accounts for these new players (this is commonly called Open Banking). Of course, there is nothing preventing banks themselves becoming PISPs and AISPs (and, to a certain extent, some banks do this already).
This new business model allows a PISP to initiate payments from a client’s bank account. Effectively, PISPs will sit in between the traditional client/bank relationship to facilitate the movement of funds. For many years, banks have had the capability to act as a PISP for clients. This scenario is derived from the fact that larger corporate clients are usually multi-banked, and that banks utilise the SWIFT MT101 ‘Request for Transfer’ service. This service allows a corporate client to initiate a payment from their account held with another bank.
The introduction of PSD2 will allow non-bank entities to become a PISP and replicate this functionality. Of course, all this can only be implemented under the client’s explicit permission and consent.
A PISP may be a bank or another non-bank institution and both must be registered by the local regulatory body. A non- bank PISP will naturally act as an intermediary between the client and its bank. The type of organisations that will play in this space remains to be seen, but you can expect banks, FinTechs, online retailers, accounting platforms, challenger banks and other payment service providers to play in this field. The aim is to stimulate competition in the European community and allow clients to have a wider choice of provider when initiating payments.
This new business model allows an AISP to aggregate balance and transactional information from clients’ bank accounts. Again, an AISP will sit in between the traditional client/bank relationship in the provision of basic balance and statement information.
In the same way that banks have historically provided a PISP service, they have also provided AISP services for many years. Banks have been using SWIFT MT940/MT942 messages to exchange balance and transactional data between banks on behalf of their respective clients. PSD2 now allows non-bank institutions to replicate this functionality by becoming an AISP. As with the SWIFT service, this can only be implemented under the client’s explicit permission and consent.
Similar to a PISP, an AISP can be a bank or a non-bank institution and will be regulated accordingly. We will probably see the same types of organisations becoming AISPs and some will combine the services of both a PISP and an AISP. Of course, this may provide further stimulus to the European community as new ‘value added services’ will be created alongside these standard solutions.
These new models provide both a threat and an opportunity to the existing banking franchise. New entrants will relish the opportunity that PSD2 brings; we already have many organisations that operate in the PISP and AISP space today and this will only increase. All participants will be keeping a close eye on the European landscape to see how Open Banking evolves, identifying new opportunities and challenges.
Subscription lines: opportunities multiply as they are seized
Find out more about the benefits, concerns and views on the future usage of the subscription line.
Our report looks at some of the issues posed by the uncertainty of Brexit.
Your eligible deposits with Barclays Bank PLC are protected up to the FSCS compensation limit by the Financial Services Compensation Scheme, the UK's deposit guarantee scheme. This limit is applied to the total of any deposits you have with the following: Barclays, Barclays Corporate Banking, Barclays Investment Bank, Barclays Private Banking and Barclaycard. Any total deposits you hold above the limit between these brands are unlikely to be covered. For further information visit www.fscs.org.uk^ (opens in a new window).
Barclays Bank PLC is registered in England (Company No. 1026167) with its registered office at 1 Churchill Place, London E14 5HP. Barclays Bank PLC is authorised by the Prudential Regulation Authority, and regulated by the Financial Conduct Authority (Financial Services Register No. 122702) and the Prudential Regulation Authority. Barclays is a trading name and trade mark of Barclays PLC and its subsidiaries.
‡This link takes you to a Barclays Bank UK PLC website
*Lines are open Monday to Friday, 9am to 5pm. To maintain a quality service we may monitor or record phone calls. Call charges and information.
^You are about to link through to a non Barclays site. Please note that Barclays is not responsible for the accuracy or content of this website, and is not recommending it or giving any assurances as to its standing. Barclays does not accept any liability for any loss or damage suffered as a result of its use.