On Wednesday 28 June, the European Commission presented its legislative package aimed at further digitalising the financial sector. To achieve this, the Commission is counting on a revision of the Payment Services Directive and new legislation on a framework for access to financial data.
In concrete terms, the future ‘PSD3 directive, which should eventually replace the current directive on payment services (‘PSD2’), plans to enable service providers to share information with each other on payment fraud, by strengthening authentication rules and making it compulsory for all transfers to verify that the beneficiaries’ IBAN numbers match the account names.
The right to reimbursement for victims of fraud would also be extended. “This will cover, in particular, identity theft or transfers made under false pretences”, explained Financial Services Commissioner Mairead McGuinness.
Provisions are also proposed to improve the transparency of consumers’ account statements and provide them with more detailed information on the charges levied when withdrawing money from cash dispensers.
With electronic payments in the EU reaching €240,000 billion in value in 2021 - up from €184,200 billion in 2017 - and more and more non-bank payment service providers entering the market, the Commission also intends to work on levelling the playing field. In this sense, non-banking institutions would be able to access all EU payment systems, subject to “appropriate safeguards” and guaranteeing their right to a bank account.
Measures relating to the availability of cash in shops and via ATMs are also included in the future ‘PSD3’ directive. On this point, says the Commission, the aim is to allow retailers to provide cash services to customers without requiring a purchase and to clarify the rules for independent ATM operators.
New requirements for data access
The Commission also presented its legislative proposal on the framework for access to financial data. As we revealed in our bulletin of 19 June (see EUROPE 13204/17), the Commission is keen to strike a balance between protecting customer data and sharing it with players in the financial sector so that consumers can be informed and receive more tailored offers of new financial products and services.
“We want to give consumers tailor-made products through data sharing, but it is important that the consumer remains in control of data sharing, while at the same time strengthening protection”, commented Ms McGuinness.
Holders of customer data would be obliged to make this data available to other financial institutions or companies via a technical infrastructure and subject to the customer’s authorisation.
Customers, for their part, should be able to know who is accessing their data and for what purpose. Authorisation dashboards would be introduced and the text would be aligned with the provisions of the General Data Protection Regulation (GDPR).
The text also sets out liability regimes in the event of a data breach and dispute resolution mechanisms for financial data sharing systems. In the Commission’s view, this should ensure that liability risks do not “deter data holders from making [their data] available”.
As well as making the process of comparing financial products or switching to a new product more fluid, the text also provides for the automation of the processing of certain applications, such as mortgages.
See the proposed revision of the PSD2 directive: https://aeur.eu/f/7sa
See the legislative proposal on financial data: https://aeur.eu/f/7s9 (Original version in French by Thomas Mangin)