The revised Payment Services Directive (PSD2)

Similar documents
PSD2 is on top of our agenda

PSD2 TAS Open Banking

Turning the Revised Payment Services Directive into Digital Opportunity

Edgar, Dunn & Company A Closer Look at the Payment Regulations. Webinar 25 th June 2015

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

WHITE PAPER. Encouraging innovation in payments through the PSD2 initiative. Abstract

Dirk Haubrich, Nilixa Devlukia. Public Hearing, EBA, London, 25 July 2018

UK Finance welcome the clarity the EBA is giving on availability and performance of dedicated interfaces.

Market environment and implementation timeline PSD2 in a nutshell

WHITE PAPER. REVENUE OPPORTUNITIES CREATED BY OPEN APIs. Venkataraman Durghados IBS Open APIs Solution Architect

Nordea webinar 29/ : PSD2 Access to Accounts a game changer

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

The Second Payment Services Directive: Scoping out the impacts of the Regulatory Technical Standards

Market environment and implementation timeline PSD2 in a nutshell

The credit card industry: navigating an evolving environment. EY Advisory Services

WHITE PAPER. Revenue Opportunities Created by Open APIs

Challenges and solutions. related to Digital Transformation Training & workshop

Payment Services Directive 2: What it Means for Banks, Customers, and Payment Service Providers

PSD2 IMPLICATIONS OF THE REGULATION August 8, Regina Lau, Chief Strategy Officer, Ingenico epayments Zainab Mir, Counsel Payments, Netflix

Work stream 3 Implementation Plan Industry Landscape

PSD2: Igniting Digital Payment Innovation

Open Banking PSD2, GDPR and the American Merchant

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

PAYMENT SERVICES DIRECTIVE 2 WHAT IS ALL THE FUSS ABOUT ANYWAY?

Is your business transforming its technology or is technology transforming your business?

Review of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings

Getting the right robots Getting robots right

Payments the new player domain. How EY can assist

PSD2 - Second Payment Services Directive. Information Set

MiFID II Extraterritorial Impacts. Product Manufacturing and Distribution

Opinion of the European Banking Authority on the implementation of the

PSD2 & Instant Payment

Streamline your business processes for far-reaching results. EY s Business Process Management Services practice

Data integrity forensics Bring transparency and trust to third-party data use

CoE in a Box - Enablement and Controls. The key get rights vital to successful RPA CoE Program

The Open Banking PSD2 Implementation Strategies

Automotive finance. October 2014

Excellence in Operations. Getting the basics right in banking

Turning PSD2 Challenges into Business Opportunities.

117 shades of black within PSD2

The Payment Services Directive 2 Background and Content

Digital Passport. Transforming SME banking through customer-permissioned data exchange

PRETA and PSD2. Access to Accounts (XS2A) PRETA All rights reserved. PRETA All rights reserved.

Banking and Asset Management Club Program

Reducing fraud, bribery and corruption in your private business: 6 things you can do now

Finance for Non- Finance Executives

The communication between Third Party Providers and Banks. PSD2 in a nutshell

Complex contracting made simple

Leading-edge digital technology powering the EY audit

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

The communication between Third Party Providers and Banks. PSD2 in a nutshell

executives Using health insurance exchanges to gain competitive advantage

Unlocking the full business potential of PSD2

Technology Innovation Exchange 2017

PSD2 DATA FINTECH MARKETPLACE AISP CUSTOMER AWARENESS ALLIANCES MOBILE ECONOMY PISP API DIGITAL COMPLY REVENUE RTS SCORING BANKING STRATEGIC

How can you turn digital risk into a source of competitive advantage?

Easing the burden of data privacy compliance

The dawn of a new partnership

COMMISSION DELEGATED REGULATION (EU) No /.. of XXX

The compliance implications of valuebased. October 2017

Strategic Technology Advisory Services. Building a better working world from strategy through execution

Bringing patients into focus

Quali-Sign Banking. An example of how to meet the PSD2 segregation requirements. Michael Adams 3 rd November Quali-Sign Ltd

Challenges and solutions

Euro Retail Payments Board (ERPB) Final Report of the ERPB Working Group on Payment Initiation Services. ERPB Meeting 29 November 2017

Are you ready for a future outside of the European Union?

Growing opportunity, growing business. EY s financial services practice in ASEAN

Surveillance Program Design and Behavioral Analytics Implementation

Oil and Gas services

PSD2: An Open Banking Catalyst

Next-generation enterprise risk management

GDPR: what you need to know

Helping ASPSPs implement PSD2 and take advantage of Open Banking January 2019

Regulatory and supervisory landscape. November 2017

Open Banking / Future Banking. Kasper Sylvest, head of Financial Market Infrastructures, Transaction Banking Operations

RESPONSES TO CONSULTATION PAPER

When customers are the cure

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

PSD2 ACCELERATOR CAPTURE OPPORTUNITIES, ADDRESS CHALLENGES, AND DRIVE SUCCESS THROUGH PROVEN EXPERTISE

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

EY Center for Board Matters. Leading practices for audit committees

Model Risk Management (MRM)

EY Alumni Network Portal. How to register

Private company insights. Balancing the motivation for an IPO with the pros and cons

Governance and reporting. How can boards navigate their way through a changing regulatory landscape?

Public Hearing on the Draft EBA Guidelines on Authorisation and Registration under the PSD2. Public Hearing, EBA, London, 12 December 2016

Developing high performance teams. 2 3 October 2017

Launching a hedge fund building the operational foundation for success

Balanced Score Card and Performance Management January 2018

Implementing effective third-party frameworks in the life sciences industry leading practices and challenges

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

Trusted KYC Data Sharing Standards Scope and Governance Oversight

Transforming revenue cycle management. Partnerships for an industryleading

Payment Systems Developments and Fintech Payments

Big data strategy to support the CFO and governance agenda

Designing a finance function to meet tomorrow s challenges

Strengthening accountability in banking

Fintech: Assessment of Opportunities Created for Fintechs by PSD2. Valerio Mariani ( ) Axel Pillard ( ) Amanda Tan An Ping ( )

June Auditor regulation and oversight plan This report is for:

Transcription:

Regulatory agenda updates The revised Payment Services Directive (PSD2) What you need to know Revised Payment Services Directive (PSD2) to increase scope, obligations, and to offer business opportunities The revised Directive on Payment Services has been adopted by the European Parliament in October 2015 and by the European Council of Ministers in November 2015. The PSD2 aims at enhancing consumer protection, promoting innovation and improving the security of payment services within the EU. It was published in the Official Journal on 23 December 2015 and entered into force on 13 January 2016. EU member states had until 13 January 2018 to implement it into national laws.

All rights reserved Detail prepared by the EC To take into account new method of payments that have come to market 2014 Timeline PSD2 Effective 12 Jan Entry into force 8 Feb Deadline for EBA consultation Q2 Draft EBA RTS on security and strong auth 2016 PSD2 Live Deadline for national governments to transpose PSD2 into local legislation 13 Jan. 2018 Implementation timeline First proposed by EC As a replacement to the original payment service directive June 2013 PSD2 becomes official 8 October Adopted by European Parliament 8 Dec EBA begins industry consultation on security and strong auth 23 December PSD2 is published in the Official journal of EU 2015 EBA Security and Auth RTS EC adopted the RTS Nov. 2017 EBA Security and Auth RTS Entry into force Sept. 2019 Key aspects Extension of regulated transactions: Scope of regulated transaction has been extended to transactions in any currency and one leg out transactions. Stricter customer authentication: Payment Service Provider (PSP) are obliged to ensure a stricter customer authentication every time the payer accesses his payment account online, initiates electronic remote payment transactions or performs any other action through remote channels. Internal dispute resolution: Execution and application of adequate and effective complaint resolution procedures setting out maximum processing time for the resolution of customers complaints. Payment initiation services: PSD2 regulates payment initiation service providers (PISPs) and the initiation of payments. In this context, PSPs domiciled in the EU are obliged to provide secure communication facilities, inform PISPs about payment initiation, and treat all initiated payments equally. Account information services: The access to the payment service user s account has to be granted to third party providers for account information aggregation services. PSD2 regulates the duties of the account information service providers and those of the PSPs. Other aspects: Replacement of lost or stolen payment instruments only at attributable costs. Reduction of maximum liability for payer in case unauthorized transaction. Extension of registration requirements for PSPs (higher governance efforts).

The revised Payment Services Directive (PSD2) Regulatory agenda updates The revised Payment Services Directive (PSD2) improves the level of customer protection and increase competition in the EU payments market Main PSD2 objectives: Enhance the prerequisites for a single, efficient European payments market for retail payment transactions and contribute to a more integrated and efficient European payments market, reducing market deficiencies, exemptions and creating the prerequisites for the digitization of the payments industry. Improve the level playing field for all payment service providers (including new players) and, consequently, encourage competition as well as build the foundation for equal opportunities of all payment service providers. Increase scope of directive by including not yet regulated payment service providers, not yet regulated transactions and reducing exemptions. Increase customer protection as well as security and safety of payments by means of increasing transparency, efficiency and security of retail payments (e.g., stricter authentication mechanisms) as well as allocating obligations and liabilities to the involved stakeholders. Reduce the overall costs in the payments value chain, especially by increasing competition, encouraging lower prices for customers and setting baselines. The major changes to the existing payment services directive (2007/64/EG) are visualized in the figure below. These changes are not exhaustive and have been categorized for a better understanding. Scope Geographical & currency extension regarding regulated transactions Inclusion of third party providers Clarification and extension of definition Complaints management Standardization of internal complaints management processes Deadlines for complaints resolution PSD2 Consumer protection Obligation to inform on payment initiation service fees Liability with regard to unauthorized transactions Refund right with regard to SDD Security Security requirements (network and information security directive) Security mechanism and stricter consumer authentication Reporting of security incidents (EBA) Access to infrastructure Regulation of payment initiation services (provider) Regulation of account information services (provider) Transparency Central access point for payment services at EBA (information on registered payment services of PSP)

All rights reserved Key aspect Access to account (XS2A) Our research in the European financial sector suggests that most financial institutions consider the regulation of access to account to be the most critical aspect of the PSD2 in terms of expected implementation efforts, business as well as technical impacts and risk mitigation efforts that have to be borne by account servicing payment services providers (ASPSP). However, the provision of a regulated access to a payer s account for payment initiation services (PIS) as well as account information services (AIS) does offer business opportunities for established and new market participants to improve, enlarge, or even reengineer current product and service offerings. Access to account prior to PSD2 Payer (PSP s customer) Access to account with PSD2 Payer (PSP s customer) Online banking Mobile banking (App) Terminal Branch/ Phone Online banking Mobile banking (App) Terminal Branch/ Phone PISP AISP Payer s payment account Infrastructure of ASPSP Payer s payment account Infrastructure of ASPSP At the same time the regulation of XS2A represents threats to existing market participants in terms of: New market entrants (not being stuck to existing IT infrastructures and architectural or technical restrictions), Perceived increased security risks, Data protection regulation and requirements, Perceived increased fraud risks, and Liability in case of unauthorized transactions and data breaches. As a consequence, the regulation of XS2A represents the aspect of the PSD2 with the biggest impact on business, IT, risk and compliance departments and on the future digitization, product and services strategy of payment service providers. Therefore, immediate action on the market participants strategy with regard to XS2A is essential and indispensable and should be balanced with other regulatory (e.g., payments account directive, interchange fee directive, 4th AML directive) and market initiatives (e.g., instant payments, Blockchain).

The revised Payment Services Directive (PSD2) Regulatory agenda updates Payment initiation services Initiation of payments (credit transfers) by means of the IT infrastructure/applications of a third party provider Applicable to payment accounts accessible online Explicit payer s consent to initiation of payment required No dependence on a contractual relationship between PISP and account servicing payment service provider Account information services Initiation of retrieval of payment account information relevant to the payer by means of a third party provider application applicable to payment accounts accessible online Explicit account holder s consent required No dependence on a contractual relationship between AISP and account servicing payment service provider In order to mitigate potential risks and enable access to potential business opportunities and new revenue streams, payment service providers should consider the following actions: Actions Definition of XS2A strategy Alignment of XS2A strategy with IT Definition of XS2A product strategy Definition of internal XS2A policy Considerations XS2A going-to-market approach (third party provider for AIS or PIS) XS2A approach regarding third party providers (incl. competitors) Functionality, architecture, capabilities of existing IT application landscape Existing application programming interfaces (API) Products to be offered/ replaced/ invented and their relevant channels (mobile, online, phone, branch) Authentication and authorization Requirements to be met for external access to accounts of other PSP s Security aspects, authentication and authorization mechanisms Products to be offered (relevance from customer s and competitor s perspective) Future revenue and business models Security of communication channels, data, APIs, authentication mechanisms Partner for collaboration or cooperation Strategy on instant payments Strategy of FinTechs and competitors XS2A strategy and expected revenues Data protection Guidelines regarding development, Security and publication of API Definition of external XS2A policy Pricing strategy Participation in review phase of Regulatory technical standards (RTS) Definition of channels and APIs Requirements to be met by third party for external access to PSP s accounts Security aspects, authentication and authorization mechanisms XS2A strategy Competitive environment Additional value added for customers Account pricing model Security Data protection Own XS2A strategy Technology stack and regulatory technical standards of EBA Existing IT application landscape, ITarchitecture and capabilities of IT staff Functionalities to be offered Guidelines regarding development, Security and publication of API IT strategy and capabilities Relationships: bank-to-bank, bank-to third party provider, bank-to-psp Who does what with account information Own XS2A policy Applicability of technical standards to own target operating model Externally available APIs Accounts to be accessed (PSP s accounts or accounts of third party providers)

All rights reserved Challenges Challenges regarding the regulation: Definition of required IT changes and interface adaptations to ensure compliance with new regulatory requirements (e.g., with regard to AISPs, PISPs). Ensuring systems are compliant with security requirements and technical standards defined by regulatory bodies. Start of internal implementation projects while the definition of the RTS (EBA) as well as the transition of PSD2 into local legislation is in an early stage. Ensure compliance with SEPA, interchange fee regulation (EU 2015/751), the fourth AML directive and the Payments Account Directive. Communication of changes to the customer base and amendments to existing terms and conditions. Challenges regarding the business model: The proposed changes of the PSD2 impact products, services, operations, collaborations and customer facing units of PSPs. Hence, the overall business strategy is affected and it will require a strong alignment of the business, risk, compliance and IT departments to adapt to the required changes in an effective, timely and coordinated way. Definition of a future-oriented business strategy that caters for the needs of customers, regulatory authorities, third party providers, competitors as well as internal requirements and enables the PSP to adapt to upcoming regulatory requirements (e.g., instant payments ) easily. Identification of reliable collaboration and cooperation partners for technical, business and invention purposes. Integration of (external) APIs into the existing IT applications landscape of the PSPs. Performing the shift from static, remote-oriented to fast, onlineoriented processes. Identify business opportunities and key differentiators to profit from the proposed regulatory changes. Recommendations Perform an early analysis of affected business areas to determine impacts, prioritize change activities as well as evaluate strategic business chances and define the future business and IT strategy (mutually: business and IT). Allocate resources from different backgrounds to the related PSD2 compliance projects: business, retail banking, commercial banking, IT, compliance, risk as well as resources from nonbank related areas (online affine resources). Perform an IT due diligence to match the defined future business and IT strategy with the existing infrastructural capabilities and identify gaps as well as areas for collaborations and cooperation. Perform a market analysis on potential collaboration/ cooperation areas and collaborators/ cooperators and calculate business cases on critical business and technical services and products. Identify areas of improvement and processes that can be easily replaced by robotics. Ensure relevant departments such as risk, legal and compliance are involved early in the process. Review existing security mechanisms and supporting processes and assess their validity against the security standards to be published by EBA. Ensure that the two-factor authentication for card-not present transactions is implemented accordingly. Review and update relevant control frameworks to embed new controls that will address new regulatory requirements. Definition and development of supporting management information to evidence compliance with PSD2 to regulators. Implement a centralized governance process to ensure the consistency of responses across all business units that are affected by the regulation.

The revised Payment Services Directive (PSD2) Regulatory agenda updates Industry Expertise Analytics & Data Data management strategy & architecture Customer data analytics Fee and cost management Data governance & data quality Technology Architecture/application assessment & design Technology vendor assessment/selection Solution architecture/integration planning Solution enablement Become compliant with PSD2 requirements EY Global Competencies Risk & Compliance Licensing support Compliance/controls Client communication Account agreements and Third party agreements amendements Client reimbursement Operations Thought Leadership Operating model analysis Target operating model and customer experience design Fee schedule analysis and update Business process redesign EY has a strong track record with leading global and local payment service providers and a deep understanding of the complex range of factors which will enable informed decisions on all aspects related to your future payments strategy. Through our extensive payment service industry expertise we are ideally positioned to support you with: The definition of a robust and future-oriented payments strategy that caters for both, regulatory compliance with PSD2 and exploration of new markets. The transition of the defined strategy into your target operating model. The implementation of the set out payments strategy.

All rights reserved Our significant knowledge around the payment services industry and its regulators will be a decisive factor in driving progress and minimizing delivery risk towards the deadline of PSD2 implementation. We offer you: A multi-disciplinary and multi-lingual team based in different European markets that can work collaboratively with your team wherever needed. Access to deep expertise on local, European and international payment markets, both digital and traditional. Perspectives on digitization in the payment service industry. A track record of delivering successful payment operating model change and crossborder implementations as an independent advisor. A proven, flexible approach to deliver on your expectations for your PSD2 project. Our team includes payment experts who have ensured compliance of local, European and international PSPs with the Payment Services Directive as well as with SEPA regulations, We are keen to continue the journey towards a more sophisticated market practice with you and hope that our ideas demonstrate our commitment to continuing our partnership with the payment service industry. For information, please contact: Patrice Fritsch Executive Director, Advisory +352 42 124 8950 patrice.fritsch@lu.ey.com Anton Christov Manager, Advisory +352 42 124 7090 anton.christov@lu.ey.com Olivier Marechal Partner, Financial Services Advisory Leader +352 42 124 8948 olivier.marechal@lu.ey.com EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2018 Ernst & Young S.A. All Rights Reserved. EDnone This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com/lu

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback