The EU’s second Payment Services Directive
(PSD2), or Directive (EU) 2015/2366, was first passed by the EU
Council in November 2015. Just under four years later,
implementation has begun, but full compliance has been set back
by market delays.
PSD2 primarily exists to enhance customer rights, including
enhanced security through SCA [Strong Customer Authentication]
criteria, increased rights for consumers to launch complaints
and, crucially, the enablement of third parties to access
account information allowing for new payment services to
Fintech companies – from challenger banks to
payment service providers – are now able to access
data from traditional bank accounts. This move has helped newer
entrants such as Monzo reach over two million users.
Read more: Banks' solution to challengers could be
This has undoubtedly worried traditional banks, with one
speaker at IFLR’s Fintech Europe event in May
complaining of a "them and us mentality" between banks and
fintechs during the PSD2 negotiation period.
However, it was also acknowledged that across Europe, the
next step for financial services is open finance. This has
spurred traditional providers into action. Earlier this year,
NatWest launched an accounts with other banks feature,
which enables customers to view their current accounts with
How did it come about?
The EU has always wanted lead the way with its digital
market. In 2000, member states were keen to make Europe "the
most competitive and dynamic knowledge-based economy in the
world" as part of the Lisbon Strategy.
While not all has gone to plan – what with Brexit
and the rise of populism globally, which was not widely
predicted at the turn of the millennium – this
direction is still the ambition, and PSD2 has been part of
PSD1 was adopted in 2007 and provided the foundation for a
single market for payments within the EU. It pushed innovation
and competition. However, with technology moving faster than
regulation – particularly in the past decade
– this proved not to be the long term solution many
had hoped for.
"The whole point of PSD2 was to address the gap that
had become apparent from the implementation of PSD1, enhance
competition, encourage innovation and address security of
payments," says Nilixa Devlukia, CEO at Payments Solved and
former PSD2 lead at the Financial Conduct Authority (FCA).
Payment services such as payment initiation service
providers (PISP) have been welcomed by the market and opened up
opportunities for innovation though weren’t
regulated. With PSD2, the Commission was able to increase
transparency and create a level playing field between
Who does it affect?
PSD2 affects payment service providers – companies
like Paypal, Worldpay and Klarna, but arguably, its biggest
impact is on more traditional banks.
"The directive has the potential to revolutionise the
payments industry," says Gibson Dunn partner Michelle
Kirschner. "It can affect everything from the way we pay online
to the information we see when making a payment."
PSD2 aimed to break traditional banks’ monopoly
on customer data, enabling others to receive account data (with
consent) to facilitate payments. The directive also enables
account information service providers (AISP) to access account
dates across multiple accounts and provide combined data to
"PSD2 impacts all firms involved in payment services,
notably banks, but also provides opportunities to new entrants
via open banking," says Linklaters partner Harry Eddis.
What’s the connection to open banking?
Though not the same thing, the open banking initiative has a
number of similarities with PSD2’s objectives.
Whereas PSD2 is an EU directive, open banking is a broader
financial services initiative based on innovating for consumer
benefit. It has been particularly pushed by the UK government,
though banking bodies across Europe including
Germany’s DDK have been pushing for common
standards. Open banking hopes to improve transparency and make
the process more efficient for consumers when making choices as
simple as deciding on an energy provider.
"The open banking initiative has been received positively by
the market, although it has brought with it large
implementation costs," said Linklaters partner, Harry
These implementation costs are evident in the new systems
required to enable open banking and the secure sharing of
customer data, plus the high staffing costs – in
compliance, IT, and beyond.
"PSD2 has been and still is a fairly major implementation
exercise for banks," Hogan Lovells counsel James Black added.
"Many established banks use legacy systems in comparison to
digital-first challengers who can make infrastructure and
systems changes more rapidly."
Read more: Traditional banks warm to
Black pointed out that banks have no option but to take the
view of compliance first, innovation second.
"Innovation is both costly and time consuming, however it
isn’t mandatory," he continued. "There is
currently a huge focus on simply making sure that systems and
processes are compliant with the law. Innovation is in the
pipeline, but will necessarily lag behind the compliance work a
What else does it involve?
PSD2 introduces enhanced identity checks when paying online.
This element has been controversial as it is hard to implement,
especially in so-called card-not-present transactions, such as
"The difficult thing with regulation such as SCA is that
it’s always changing,"
Monzo’s legal vice-president James Sullivan told
IFLR in September. "The regulation is not fixed but in a
sense, the law is only part of the solution."
Delays to the implementation of these requirements in
certain circumstances has been agreed, though it differs for
the UK and other member states.
the FCA agreed to a phased process for the Strong Customer
Authentication (SCA) element of PSD2, showing just how much
strain it is having on those who are regulated. In addition,
the European Banking Authority (EBA) has pushed the transition
deadline for SCA standards to 31 December 2020.
"The biggest challenge for us, alongside our regulatory
obligations, is ensuring we deliver a great user experience,"
continued Sullivan. "Engineering time is incredibly precious.
There are always a million things that our engineers could be
doing, so we have to use their time wisely."
Read more: Monzo head of legal: don't call us a
What about beyond the European Union?
A key difference with PSD1 and PSD2 is that PSD1 only
applied to intra-EU payments. In line with other EU legislation
such as the General Data Protection Regulation (GDPR), PSD2
goes further afield.
Financial institutions now need to provide information on
international payments as well, and can be held liable for
their part of the transaction if something goes wrong.
This change means that the same rules apply even to
This should herald improved consumer protections for
What about Brexit?
While banks and fintechs may have their own differences,
they are generally united in a dislike of the endless
Brexit-related uncertainty, which has been a drain on resources
London has a reputation for fintech, and with that, a head
start in the race against other EU hotspots like Dublin,
Stockholm and Luxembourg.
More than 1,600 fintech firms call the UK home, with government
statistics anticipating this to double by 2030.
Prominent figures such as TransferWise founders Kristo
Käärmann and Taavet Hinrikus and Starling Bank CEO
Anne Boden all moved from elsewhere in the EU to set up sticks
So far it seems that the UK government and regulators alike
are keen to maintain the status quo, shown with level playing
field commitments in Boris Johnson’s revised
withdrawal agreement. In addition,
the FCA’s Andrew Bailey has repeatedly said that
equivalence is the best solution for both sides.
"Brexit should not affect the UK application of PSD2, as
existing legislation is effectively onshored post-Brexit,"
However, once the UK is a third country and the transition
period draws to a close, questions will undoubtedly intensify
around how the UK will continue to interact with banks and
fintechs in the EU27 with no single market access.
"As the hub for fintech and finance more generally in
Europe, it will remain a primary concern in the UK to retain
financial innovation and open finance in the post-Brexit
environment," summarised Kirschner.