June 28, 2023 – The European Commission has released the final draft of the financial data access and payments service regulation proposal. This package of proposals will expand upon and update the existing Payments Services Directive v2 (PSD2) which governs open banking services.

How will it impact open banking? Let's take a look!

When PSD2 was implemented, it provided much needed stability, which enabled the industry to make serious headway and gain significant market traction in the EU, UK and the Nordics.  

What PSD2 has done so far:

• Stabilised regulations
• Mandated banks provide access to payments data to AISP and PISPs via secure APIs
• Enabled providers to build value-added services on top of that data
• Allowed account-to-account payments to get traction in the market

Eight years on from its introduction, there is wide agreement in the industry that much can still be done from a regulatory perspective to help open banking to reach its full potential, as well as to update the regulations to keep pace with changes in market and to meet evolving consumer needs and expectations.

The new package of proposals, including version PSD3 and the new Payment Service Regulations (PSR1) will build upon the existing framework to improve and extend open banking services to promote competition, level the playing field, and further innovation. In addition, The Commission has put forth a new framework for responsible financial data access (FIDA) to enable “open finance”, the next generation of open banking services, which will make it possible for businesses and consumers to access personalized financial services tailored to meet their needs.

The new measures can be summarised as follows:

• AISP/PISP access to financial data will be extended beyond just payment account data.
  - This includes loans, savings, investments, occupational and personal pensions, and non-life insurance
  - Access to life, sickness and health insurance data will be excluded from the scope to reduce the risk of financial exclusion
• Banks and other payment account providers will be required to set up a “dashboard” that enables open banking consumers to see what data access they have granted, to who, and the ability to withdraw access via the tool.
• New requirements for dedicated data access APIs are proposed.
• A list of prohibited obstacles to data access is introduced.
• Banks will no longer need to maintain two data access interfaces (a dedicated one and a “fall-back”).
• Contingency data access options must be made available to open banking providers in the event the primary API is down.
  - For example, providers can request temporary access to the API banks use for their customers until the dedicated API is restored.
  - With the possibility of penalties if the bank fails to restore the dedicated interface by the deadline set by the authorities.
  - Open banking providers can claim damages from the bank for loss of business.
• Requirements on banks to provide bank account services to non-bank Payment Service Providers (PSPs) will be toughened.  
• Central banks will also be allowed to provide account services to non-bank PSPs, at their discretion.
• Non-bank Payment Institutions (PIs) are to be included as possible participants in designated payment systems.

Without a doubt, this new set of proposals will help bring data-enabled payments to the market. It will create more harmonisation across markets and mandate access to critical banking infrastructure that will enable even use cases to benefit from open banking. Already, under PSD2, open banking has made significant improvements to payments by reducing fraud making it one of the safest payment methods on the market for both consumers and merchants.  

With the introduction of FIDA, how data is accessed and used will be clearer and more regulated in a more consistent way which should bolster consumer confidence and the creation of next-gen financial services that support more personalised offers and greater financial inclusion. For a quick overview of the PSD3 and FIDA objectives, check out The next-gen of PSD2 regulations is here.

The next few years promise to be exciting for sure! 🚀

‍

‍

‍

‍