Following a period of public consultation in 2022, the European Commission at the end of June announced amendments to the current Payment Services Directive (PSD2), which will become PSD3 and establish a Payment Services Regulation (PSR).
Luxhub’s chief commercial officer, Anne-Sophie Morvan, had more details on the updated directive and the new open finance framework.
Review of PSD2
“You have, on the one hand, the PSD2 review--which is actually embedded now in PSD3, which is a directive and which is more regulating all the authorisation parts of payment institutions and electronic money institutions,” explained Morvan, who was also a member of the commission’s expert group on European financial data space. This relates more to applying for authorisations, supervision, or the role of Luxembourg’s Financial Sector Supervisory Commission (CSSF) and other national competent authorities.
“But all the content that is not related to that--so if I speak about the contracts, information, strong customer authentication requirements, open banking as such--it’s actually now in PSR, which is Payment Services Regulation.”
“It’s important to make the difference between both texts,” she added. When a regulation is adopted at the European level, it is directly applicable in member states. Directives, on the other hand, require local implementation--a national law must transpose the provisions of the directive.
“This is a choice of the European Commission to have two regimes,” said Morvan. “The idea behind this is to have strong requirements directly applying, since there have been some differences from one country to another in the past. Also, the strength of the directive was a bit less than the regulation, so now they want to go further and to have a stronger text for payment services.”
Data from mortgages, insurance sector now accessible
The Financial Data Access framework, or Fida, which was also announced at the end of June, is an open finance framework. Open banking, which allows users to see their bank accounts from different institutions in a single location, was covered by PSD2. This directive, however, was limited to payment accounts, or cash accounts.
The open finance framework goes “beyond just payment accounts,” said Morvan. It includes data such as mortgage data, securities accounts data or data from the insurance sector.
Fida--the Financial Data Access framework--this is, in my personal opinion, a real revolution.
“On the payment services side, it’s more an evolution of the rules,” said Morvan. The European Commission has learned from what has worked in the past and has adapted the framework to new problems, such as new kinds of frauds. On the other hand, “Fida--the Financial Data Access framework--this is, in my personal opinion, a real revolution. We are really going far beyond what was existing until now.”
“More and more, we are in a data economy. Until now, the financial sector was quite closed,” said Morvan. Now, the commission is “really pushing” so that all stakeholders in the value chain can benefit from the available data.
Can monetise access to data, but need customer’s permission
When financial institutions discover Fida, they may be hesitant to “open up” their data, noted Luxhub’s chief commercial officer. But it’s key to remember that these institutions will also be able to consume, or use, additional data. “They can also have access to far more data than what they’ve had until now,” she said. Fida will therefore benefit fintech firms, as well as traditional financial institutions.
“One huge difference between what we have under PSD2 with open banking and Fida is that now, financial institutions will be entitled to compensation to provide access to such data,” said Morvan. “Under the open finance framework, the access to the data can be monetised.”
Access to the data is always subject to the customer’s permission.
However, “access to the data is always subject to the customer’s permission,” she highlighted. “Nobody will sell data without your permission. This is something very, very important that the European Commission is really pushing a lot.”
The commission also wants to implement a “permission dashboard,” where a customer can decide who can access their data. Customers can, moreover, decide to “revoke” their permission, noted Morvan. “We call it a permission, and not a consent. That’s an important difference from a legal perspective.”
It’s going to be big for the banking sector, but this is going to be even bigger for the insurance sector.
“It’s going to be big for the banking sector, but this is going to be even bigger for the insurance sector. Until now, the insurance sector was really not impacted by open banking--they did not have to open up at all,” said Morvan. “Now there are quite a lot of data that will need to be provided to third parties, subject to the customer’s consent.”
Will a retiree be able to pay their mortgage?
Opening up different kinds of data will allow companies to develop a wider variety of services, argued Morvan. Say, for example, a 55-year-old goes to the bank and requests a mortgage. The question is: how will the bank know how much money the person is going to earn once they’ve retired?
“Of course, it is a problem for the bank, but it’s a problem for you and I,” said Morvan. The insurance sector has several pillars--the state pension or private pension schemes, for example--and there are several different sources of data.
“It is a problem for us all: we do not have the view on pension rights--or, at least, not in one place in an easy manner and automated manner. Fida will enable us as customers to have access to this data, but also to enable us to share this data with, for instance, our bank when we request a mortgage.”
“Going in the right direction”
For Morvan, the framework is a big step forward. “It’s going in the right direction for all stakeholders,” she said, not just for fintech firms like Luxhub. It will allow the development of more partnerships that centre around sharing data, offering products and providing better user experience.
As things stand today, it’s often the case that additional--and unnecessary--data is shared between financial institutions. “A few weeks ago, I had to be reimbursed for one single thing. And I had to provide a whole paper with all my transactions of one month to another bank,” Morvan said.
The GDPR, or General Data Protection Regulation, includes the data minimisation principle, in which data controllers should process the least amount of data necessary to achieve their goal. “But currently, as a customer, most of the time, we are forced to provide access to a very large number of data, because we do not have any tools that enable us to just provide the right [data],” she said. “That is something that will change in the coming years, which I believe is really in line with GDPR.”
The new rules will give data owners--or data subjects--more control over their information, argued Morvan. “It is important to give control back to the people and to enable them to actually do what they want with this data, to provide access as they want, in a secure manner.”
This article was published for the Delano Finance newsletter, the weekly source for financial news in Luxembourg. Subscribe using this link.