EU Introduces Regulation to Modernise Payments and Enhance Consumer Protection

The comprehensive proposals aim to advance the financial sector into the digital era, fostering increased competition, enhanced security, and greater consumer empowerment. By addressing the market's evolving needs and the growing influence of digital technologies, the Commission seeks to create a more secure and innovative financial environment for both consumers and businesses.

Firms in scope of these new requirements include Credit institutions, Payment Service Providers, Fintech’s and Electronic Money Institutions.

The payment services market within the EU has experienced substantial growth, with electronic payments soaring to €240 trillion in 2021, up from €184.2 trillion in 2017, somewhat accelerated by the COVID-19 pandemic and the resulting shift towards digital transactions.

The emergence of new players, particularly fintech firms offering 'open banking' services, has transformed the landscape by using digital technologies to enable secure data sharing between banks and financial technology companies. This rapid evolution has also introduced sophisticated fraud risks, challenging consumer trust and security.

In response to these developments, the European Commission has proposed two key regulatory measures designed to address current challenges and prepare the financial sector for future demands.

Payment Services Regulation (PSR)

Firstly, the Commission's proposal includes an overhaul of the Payment Services Directive (PSD2), which will evolve into PSD3. This new directive will be complemented by the introduction of a Payment Services Regulation (PSR). The revised regulations aim to:

1. Combat Fraud: Enhance the ability of payment service providers to exchange information on fraud, develop additional processes to strengthen customer authentication, extend consumer refund rights, and mandate checks to align payees' IBANs with account names.
2. Improve Consumer Rights: Enhance transparency regarding account statements, clarify ATM charges, and provide clearer information when funds are temporarily blocked.
3. Level the Playing Field: Grant non-bank payment service providers access to EU payment systems with necessary safeguards and ensure their right to hold a bank account.
4. Enhance Open Banking: Remove barriers to open banking services, giving customers greater control over their payment data and facilitating the entry of innovative services.
5. Boost Cash Availability: Permit retailers to offer cash services without a purchase requirement and clarify regulations for independent ATM operators.
6. Strengthen Harmonisation and Enforcement: Implement most payment rules through a directly applicable regulation, with reinforced enforcement and penalty provisions.

Financial Data Access

Additionally, the Commission has introduced a legislative proposal for a framework for Financial Data Access. This proposal aims to establish:

1. Data Sharing Rights: Allow customers to share their data with financial institutions or fintechs in a secure format, enabling access to improved financial products and services.
2. Obligations for Data Holders: Require financial institutions to provide data to authorised users upon customer consent, with proper technical infrastructure.
3. Customer Control: Empower customers with full control over data access and usage through permission dashboards and stringent data protection measures in line with GDPR.
4. Standardisation: Establish standardized data formats and technical interfaces to ensure consistency and interoperability across different systems.
5. Liability and Incentives: Set clear liability regimes for data breaches and create incentives for high-quality data interfaces through reasonable compensation.

This proposal aims to foster innovation and competition in the financial sector by making financial data more accessible, ultimately benefiting consumers with enhanced financial management tools and streamlined processes. For example, improved comparison services and automated mortgage applications will simplify and reduce the cost of financial services. SMEs will also gain access to a broader range of financial products and more competitive loan options due to increased data accessibility.

Key actions to take

Financial institutions and fintech companies must prepare for these regulatory changes by undertaking several key actions:

1. Understand the Regulations: Familiarise themselves with the details of PSD3, PSR, and the Financial Data Access framework to ensure compliance with new requirements.
2. Enhance Security Measures: Implement robust security protocols to combat fraud and protect consumer data, adapting to the enhanced customer authentication and fraud mitigation rules.
3. Adapt Data Management Practices: Develop systems to manage customer data sharing in compliance with the new framework, ensuring secure and transparent data handling.
4. Review Business Models: Adjust business models and operations to leverage new opportunities provided by the regulations, such as offering innovative financial products and services.
5. Enhanced Communication and Fraud Prevention: Financial Data Access will require firms to boost customer communication and awareness by sharing fraud-related information, strengthening authentication rules, extending refund rights for fraud victims, and mandating verification of payees' IBAN numbers with account names for all credit transfers.

Conclusion

The European Commission's new regulatory proposals represent a pivotal step towards modernising the EU financial sector and enhancing consumer protection in the digital age. By revising PSD2, introducing the PSR, and establishing a new framework for financial data access, the Commission aims to create a secure, competitive, and innovative financial environment.

Grant Thornton is a recognised leader in the payments and regulatory change landscape, offering unparalleled expertise in navigating the complexities of Payment Services Regulation. Our dedicated team of specialists brings deep industry knowledge and years of experience to help businesses adapt to evolving regulatory demands.

Firms must proactively prepare for these changes to ensure compliance and take advantage of the new opportunities for growth and innovation. This will be essential for success in this dynamic sector.