7 Things Corporates Need To Know About PSD2 and Open Banking 5

PSD2 is a HOT topic at the moment, and will continue to dominate discussions for the foreseeable future. The revised European Payment Services Directive (PSD2) is multifaceted regulation with implications for banks, technology companies, financial institutions, regulators and most important of all, You and I – the end customers. At first glance, the PSD2 focus seems entirely on retail but there are some things that corporates need to know too!

What is PSD2?

In short, PSD2 (the revised Payment Services Directive) aims to:

• Simplify and harmonise the rules and regulations for payment services across the European Union
• Lower costs to the end customer and improve customer security
• Promote competition and innovation in payments and financial services
• Enable new players (TPPs – Third Party Providers) to enter financial services by allowing them to:
  • Initiate payments (Payment Initiation Services Providers – PISP)
  • Access bank account information (Account Information Service Providers – AISP)

Keep in mind that PSD2 – the revised Payment Services Directive – came into effect on 13-Jan-2018.

How will PSD2 and Open Banking Affect Corporates?

1. PSD2 Rules Apply to ALL Currencies into/out of the European Union

• Previously the Payment Services Directive (PSD) rule applied to European Economic Area (EEA) countries and their respective currencies (for example GBP, PLN and of course EUR) only
• Now the revised Payment services Directive (PSD2) rules apply across the board, to:
  • Payments within the EU/EEA country currencies where the Payment Sending and Beneficiary Banks are in the EU/EEA
  • Payments in any currency where the Payment Sending and Beneficiary Banks are in the EU/EEA
  • Payments in any currency where either the Payment sending OR Beneficiary Bank is in the EU/EEA
    • You may hear these payments referred to as “One Leg Out” transactions

2. All Payments, irrespective of currency, will use “SHA” Shared Payment Charges

• Previously the Payment Services Directive (PSD) rule mandated that all intra-EEA currency transactions used the SHA (shared the total cost of transaction) charges option
• Now the revised Payment Services Directive (PSD2) requires that all intra-EEA transactions use SHA charging option
  • The SHA charging option means that the Payment Originator pays their bank charges and the Payment Beneficiary pays their bank charges)
• Effectively if you were instructing payment fees or payment charges as:
  • BEN – Now along with the beneficiary,  the sender of the payment will incur payment charges
  • OUR – Now the beneficiary will not receive the full amount, they will incur payment fees
  • SHA – No change

You can read more about the difference between BEN, OUR and SHA to understand how these values are used today to determine who will bear the payment charges.

3. An Open Banking Revolution Through API’s

Most of the below unless otherwise stated will come into effect from September 2019 as part of the PSD2 RTS – Regulatory Technical Standards.

In short, banks must implement channels using API technology that will grant non-bank players (the so-called Fintech’s) open access to their customers bank accounts. Importantly these new entrants must be registered by local authorities and must have explicit authority by their customers/corporates to access their account details.  See further details below…

It is clear to see that the banks are worried because Fintech’s see the massive potential to disrupt banking. Fintech companies through their customer focused solutions utilise new technology, and they have an innovative outlook on longstanding problems in various areas across the financial services landscape. Many new players in financial services are focusing on specific customer pain-points and are not hampered by legacy systems, that are stifling many incumbent financial institutions.

This is revolutionary because it literally opens up banking to non-bank participants!

4. New Partners: Payment Initiation Service Providers (PISPs)

This gets to the heart of the PSD2 objective around promoting innovation and competition in financial services, and will allow new players (the Fintech’s) to sit between the traditional relationship between the bank and their corporate customers.

Where access is granted by the customer or corporate, PISPs have the ability to make a payment from their customers bank account.

With PSD2 the European Union is facilitating Payment Service Providers (PSPs) to offer new solutions and where access is granted offer non-bank entities “open access” to traditional banking operations.

5. New Partners: Account Information Service Providers (AISP’s)

This is second part of the “Open Banking” revolution, where non-bank entities will have the ability to access and aggregate balance and transactional account information from many banks into a single portal.

In the past corporates have worked with multiple banks to provide a bank statement (BAI2, MT940, CAMT.053) and manage any bank specific limitations. Now, with AISP’s you would like to think that the bank limitations are removed and you have an AISP partner that can deliver account statement in a timely, multiple formats and secure manner.

As above, Fintech providers will sit between the bank and corporate and have the ability to provide value added solutions to their customers.

6. Enhance Security through SCA – Strong Customer Authentication

This is all about implementing Two Factor Authentication, in order to validate yourself when accessing online portals you must have at least 2 of the following:

• Knowledge – something only the user knows, e.g a password
• Possession – something only the user possesses, e.g. a token
• Inherence – something the user is, e.g. a fingerprint

For further information, take a read of WTF does PSD2 say about 2FA?

7. Payment Dispute Resolution

These rules come into effect from 13th July, 2018.

In the past payment service providers (PSPs) were obligated to respond to payment complaints within 8 weeks. This has now been drastically reduced to just 15 business days, and in exceptional cases to 35 business days.

See further information provided by PwC on PSD2 Rules on Complaint Handling.

You can see why the banks are getting worried…!