The Revised Payment Services Directive (PSD2) is a regulatory framework introduced by the European Union (EU) to regulate payment services and promote innovation in the financial industry. It builds upon the original Payment Services Directive (PSD) that was implemented in 2007. PSD2 was officially adopted by the EU in 2015 and became effective on January 13, 2018. PSD2 is applicable to the 27 EU member states and 3 EEA states.
The overriding purpose of PSD2 was the introduction of Open Banking. Open Banking is a concept and practice that involves the secure sharing of financial data between different financial institutions and third-party providers (TPPs) through Application Programming Interfaces (APIs). It enables customers to grant authorized third parties access to their financial information held by banks and other financial institutions. PSD2 explicitly requires banks to provide access to customer data to authorized TPPs.
Other significant PSD2 directives include:
- Account Information Services (AIS): PSD2 enables AIS providers to access consumers’ bank account information with their explicit consent. This allows users to aggregate their financial data from multiple accounts into a single platform or application, providing a holistic view of their finances.
- Payment Initiation Services (PIS): PSD2 allows authorized PIS providers to initiate payments on behalf of consumers. This enables direct bank-to-bank payments without the need for intermediaries like card networks.
- Strong Customer Authentication (SCA): PSD2 introduced stricter security requirements through SCA. It mandates that certain electronic payments must undergo two-factor authentication to enhance security and protect customers from fraud.
Financial Institution Licensing
PSD2 does not specifically standardize the licensing process for financial institutions in the EU. The licensing process for financial institutions, such as banks, electronic money institutions (EMIs) or payment service providers (PSPs), remain primarily governed by national regulatory authorities within each EU member state. That is, while PSD2 sets out certain common rules and standards for payment services in the EU, individual member states still have specific national requirements and variations in their licensing processes.
However, PSD2 does introduce a passporting mechanism that allows licensed payment service providers to operate across EU member states without the need for separate licenses in each jurisdiction. Passporting eliminates the need for PSPs to undergo separate licensing procedures in each jurisdiction, reducing administrative burdens and promoting cross-border competition and innovation in the payment services sector.
While the procedure and documentation required for a financial institution does vary by EU member nation, the general process under PSD2 is as follows:
- Passport Notification: Once the financial institution is licensed in its home member state, it can exercise the right to passport its services to other EU member states. The financial institution submits a notification to its home member state’s regulatory authority, informing them of its intention to operate in another member state.
- Home Member State Communication: The home member state’s regulatory authority communicates the passport notification to the regulatory authorities of the target member state(s) where the financial institution intends to operate. The communication includes relevant information about the company, such as its regulatory status, services provided, and any other required documentation.
- Host Member State: The regulatory authority of the host member state, where the financial institution intends to provide its services, reviews the passport notification and assesses whether the company meets the necessary conditions and requirements for operating in their jurisdiction. The host member state’s regulatory authority has a limited period to raise any objections or request additional information.
The PSD2 passporting directive has spurred significant growth in the number of non-bank financial institutions such as PSPs and EMIs throughout the EU. Popular licensing hubs such as Lithuania and the Czech Republic have seen the number of applications dramatically increase with an eye towards EU-wide operations.
Notably, following Brexit, UK-based financial institutions, including PSPs and EMIs, lost their automatic passporting rights. However, the UK implemented a temporary permissions regime (TPR) that allows EU/EEA firms, including PSPs, to continue providing services in the UK while seeking permanent authorization. The TPR provides a grace period for these firms to obtain appropriate licenses or permissions from UK regulatory authorities. Conversely, the EU has the ability to grant “equivalence” status to non-EU countries if they meet certain criteria and regulatory standards comparable to those of the EU. Equivalence decisions could potentially enable UK financial institutions to access EU markets more easily in the future.
PSD2 & Cryptocurrency
While PSD2 does not directly regulate the cryptocurrency industry, it did create indirect implications for certain aspects of cryptocurrency-related activities. For example, if a cryptocurrency related business offers what is broadly defined as being a “payment service” under PSD2 such as credit transfers, direct debits, payment card issuance, and money remittance, it may be subject to PSD2 directives. Moreover, PSD2 directives regarding TPPs may apply to cryptocurrency service providers allowing them to integrate with traditional financial institutions and offer innovative payment services in compliance with PSD2 regulations.
Generally speaking, however, the licensing of crypto-related ventures such as exchanges remain subject to the laws of each member state.
Overall, PSD2 has spurred fintech innovation by opening up the payments market to new players and encouraging collaboration between traditional financial institutions and fintech firms. It has resulted in the development of new payment services, enhanced competition, lower costs, and improved customer experiences.
As always, be sure to reach out to me with any questions or book a meeting here.
About Adam Tracy
Adam Tracy is a payments expert and entrepreneur who specializes in payment systems, blockchain technology, digital currencies, and other emerging technologies. He is the founder of Blockrunner, LLC that provides consulting services to clients in the blockchain, payments and cryptocurrency arenas.
Tracy has been involved in the payments industry as an attorney, consultant and entrepreneur since 2005, while he was become an expert in blockchain and cryptocurrency since its advent in 2013. Tracy has worked with a wide range of clients, including startups, established businesses, and investor – both in the United States and worldwide. He has advised clients on a wide range of compliance, legal and operational issues related to payment transfer systems, crypto token generation and architecture, cryptocurrency exchanges, regulatory licensing, smart contracts, and other blockchain applications.
In addition to his consulting work, Tracy has founded several companies in the payments, blockchain and cryptocurrency space, including a digital asset hedge fund, licensed electronic money institution and a blockchain-based tokenization platform. He is also a proponent of decentralized finance (DeFi) and has been involved in various DeFi projects.
Tracy is also a frequent speaker and writer on blockchain and cryptocurrency topics. He has been featured in a wide range of publications, including Forbes, CoinDesk, and Bitcoin Magazine.
Find Adam: https://linktr.ee/adamtracy