To what extent are you compliant?
Compliance remains a moving target in a continually changing regulatory environment. In the complex web of constantly evolving regulations, diversified service offerings, growing competition in markets that have grown to be a level playing field, Deloitte addresses a critical compliance topic for financial institutions.
Payment Services Directive (EU) 2015/2366 (PSD2) - enforceable 13 January 2018
Payment services, such as card, Internet and mobile payments, were perceived as fragmented along national borders, which is why there was a need to create an EU-wide single market for payments. Since its creation, the retail payments market has experienced significant technical innovation and rapid growth in the number of electronic and mobile payment channels as well as new types of providers and services, which lead to a lack of consumer protection in certain areas. The revised Directive on Payment Services (PSD2) is an answer to these recent market changes and will have significant impact on the operations of Financial Institutions.
PSD2 will specifically affect the processing of transactions in consequence of PSD2’s scope extension, the customer authentication requirements, and services offerings in the EU payments market in consequence of the introduction of licensed third party providers.
Payment Services Directive (EU) 2015/2366 (PSD2) came into force on 13 January 2016, and is applicable from 13 January 2018. The EU Directive 2015/2366 on Payment Services (PSD2) revises the first EU Payment Services Directive published in 2007 (PSD1), which laid the legal foundation for the creation of an EU-wide single market for payments.
PSD2 recognizes that the retail payments market has experienced significant technical innovation and rapid growth in the number of electronic and mobile payment channels as well as new types of providers and services, which lead to a lack of consumer protection in certain areas.
PSD2 is therefore extending the scope in the following manner:
- Covering payments in all currencies, and to payments where only one provider is located in the EU/European Economic Area (EEA)
- Introducing strict security requirements for the initiation and processing of electronic payments, and for the protection of consumers’ financial data
- Introducing so-called Third Party Providers (TPPs) that are permitted to provide certain types of services connected to payments.
The three key changes from PSD1 to PSD2 extend the Directive’s scope to strengthen security and customer authentication requirements for mobile and Internet payments, and to introduce TPPs to the EU payments market – as well as to license and supervise them.
This means that PSD2 covers the relationship between a Payment Service Provider (PSP) and its corporate and retail customers.
Deloitte helps clients understand the regulation and its impact on specific processes related to payment services within Financial Institutions.