Accès libre

Impact of PSD2 on The Payment Services Market – General Objectives and Evidence from Polish and UK Legal Systems

Krystian Sadowski
Krystian Sadowski
   | 26 oct. 2021
Wroclaw Review of Law, Administration & Economics's Cover Image
À propos de cet article
Article précédent
Article suivant
Citez
Publié en ligne: 26 oct. 2021
Pages: 89 - 102
DOI: https://doi.org/10.2478/wrlae-2021-0008
Mots clés
© 2021 Krystian Sadowski, published by Sciendo
This work is licensed under the Creative Commons Attribution 4.0 International License.
Introduction

Internet and mobile payments changed the way people are paying for goods and services significantly.

Stergios Leventis, Panagiotis Dimitropoulos and Stephen Owusu-Ansah, ‘Corporate Governance and Accounting Conservatism: Evidence from the Banking Industry’ (2013) 21 Corporate Governance: An International Review 264.

Not only by increasing their share in overall payments but also by changing our habits and preferences. These tendencies were reflected in the services offered by banks, the payment card industry and intermediaries

Justin Paul, Business Environment. Text and cases (3rd edn, McGraw-Hill 2010) 212.

. As the process continued, the Internet became an opportunity for new competitors to enter the previously conservative market. The payment services market, as an emerging market in financial services, has also caught the attention of technological companies.

Worldwide payment changes followed different patterns. This depended on the country, its development and fiscal politics.

Tomi Dahlberg and Anssi Öörni, ‘Understanding Changes in Consumer Payment Habits - Do Mobile Payments and Electronic Invoices Attract Consumers?’ (40th Annual Hawaii International Conference on System Sciences (HICSS’07), Waikoloa, January 2007).

In Europe, the proposal for changes originated within the European Union on the cross-border (supranational) level. The European Single Market, in order to guarantee the free movement of goods, capital, services and labour (known as the ‘four freedoms’)

See Catherine Barnard, The Substantive Law of the EU: The Four Freedoms (5th edn, Oxford University Press 2019).

 inside the EU, requires common rules in many areas. As the movement of capital meant transferring funds, the necessity of relevant legislation covering the scope of the Common Market grew. After more than 4 years of consultation period and preparation, the Payment Service Directive was adopted and became applicable from 25 December 2007.

Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (L 319/1).

The subsequent years brought a short relief for payment services in the European Single Market,

Ruth Wandhöfer, EU Payments Integration. The Tale of SEPA, PSD and Other Milestones Along the Road (Palgrave Macmillan 2010) 77.

but electronic payments were rapidly increasing their share in payment types available at the time. According to the European Central Bank (hereinafter ‘ECB’) data for 2009, the number of non-cash payment transactions in the European Union was 82 billion.

EBC, ‘Statistics on payments – Data for 2009’ (Press releases, 13 September 2010), <https://www.ecb.europa.eu/press/pr/date/2010/html/pr100913.en.html> accessed 17 December 2020.

 For comparison, according to the ECB report, in 2017 there were already 134 billion transactions.

EBC, ‘Statistics on payments – Data for 2017’ (Press releases, 13 September 2010), <https://www.ecb.europa.eu/press/pr/stats/paysec/html/ecb.pis2017.en.html> accessed 17 December 2020.

 The pace of these changes brought about a need for the introduction of new legislation that would support the growing demand and international money-transferring on a large scale. The solution to this was the harmonizing legislation aiming to integrate the EU payments market – Second Payment Service Directive (hereinafter ‘PSD2’ or ‘the Directive’).

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (L 337/35).

The article's objective is to explore the modern area of payment services in Europe and how it has been impacted by PSD2. For this purpose, the comparative research of the Directive implementation and its consequences was carried out. Section 1 explores reasoning and aims behind revising the Payment Services Directive. In Section 2, the overview of the implementation procedure can be found, and Section 3 indicates the most important changes introduced by the Directive. Section 4 analyses the legislations outcomes and reviews the payment services markets in the UK and Poland, comparing the effects with the assumptions from Section 2 and methods described in Section 3. Conclusions are included in the Summary.

The analysis has been conducted to scrutinize what PSD2 does change and whether applied changes were significant or irrelevant. The hypothesis of the article is that PSD2, as a complex directive, has impacted the market significantly and it should be visible in the structure of payment services market participants. The market should be joined by new entrants including FinTech companies, implying more intense competition. The conclusions will assess the accuracy of the hypothesis. The paper should also contribute to legal research on the use of new technologies in payment services.
Purpose of undertaking work on a new payment services legislation

The existing legal regulations were becoming out-of-date when compared to the rapidly growing market of financial services and the European Commission (further also as ‘EC’) had to react. Otherwise, it would result in a gap between acts covering the scope of the payments market and new, technology-driven ideas introduced to the market.

Recital (7) notes: ‘The review of the Union legal framework on payment services (…) have shown that developments have given rise to significant challenges from a regulatory perspective’.

Preventing the emerging dangers such as uncovered branches of business activity in financial services and bringing the legislation arrears up to date were the main aims contained in the 2012 Green Paper on payment services.

Commission, ‘Towards an integrated European market for card, internet and mobile payments (Green Paper)’, COM (2011) 941 final.

 The European Commission noticed that the emerging market of online payments may cause difficulties if not properly regulated.

Niels Vandezande, ‘Between Bitcoins and mobile payments: will the European Commission's new proposal provide more legal certainty?’ (2014) 22 International Journal of Law and Information Technology 295.

The research made by the EC (targeted at introducing Single European Payment Area – ‘SEPA’) revealed difficulties arising from insufficiently integrated card or mobile and internet payments. The primary issue exposed was the lack of law relevant to the new techniques in electronic payment services.

The reasons were indicated in Recital (4) of PSD2, where authors stated that many innovative payment services products or services did not fall into the scope of the previous directive.

This issue was also highlighted in the infographic prepared by EPC (European Payment Council).

European Payment Council, ‘PSD2 Explained’ (Infographics, April 2018) <https://www.europeanpaymentscouncil.eu/sites/default/files/infographic/2018-04/EPC_Infographic_PSD2_April%202018.pdf> accessed 17 December 2020.

 The text stated that the digitalization powered the progression of the European economy, but the new services introduced by the new providers in online payments were outside the scope of existing legislation. To address this matter, the European Commission decided to revise the current Payment Service Directive with a modern legal act as a remedy.

PSD2 had to open payment services to a broader group of service providers, specifically to those excluded from the bank-privileged system (laws at that time tended to limit entrepreneurial activity of non-bank entities, favouring banks at the same time).

Alexander Kern, Principles of Banking Regulation (Cambridge University Press 2019) 333.

The reasoning was as follows: to facilitate an easy access to payment services for all EU citizens.

Chiristian Stiefmueller, ‘Open Banking and PSD 2: The Promise of Transforming Banking by ‘Empowering Customers’’ in Jim Spohrer and Christine Leitner (eds) Advances in the Human Side of Service Engineering (Springer 2020) 302.

 Therefore, the EU Commission decided to oblige banks to cooperate with authorized service providers (under article 67 of PSD2) and share the information necessary to provide services associated with payment facilitation. Authorization of service providers shall be performed by the relevant national authority, e.g. the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego) in Poland.

The aim set by the European Commission was meant to be achieved on two levels. First of all, by introducing new legal entities that are well adjusted to the developing market of payment services. A service provider permitted to the activity available only for banks earlier. Secondly, by putting an obligation on banks to cooperate with recognized third parties on terms of the Directive.
Changes in payment services: introducing new third-party providers by the Directive

PSD2, among many other solutions, introduced two legal entities dedicated to the companies working on processing payments or other software-related services in the area of payment services, like setting money aside. The EU Commission wanted to provide IT companies with all the regulatory tools necessary to enter the payment services market. To do so, under the category of third-party providers (hereinafter: TPP),

It's the common acronym for those entities, which provide services as third parties under the scope of PSD2.

PSD2 established two legal entities: AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider).

The idea of introducing TPP came with the intention of creating an empty space in the payment services market and enabling new companies to fill it. TPP were modelled as somewhat similar to intermediaries between banks and end-users.

Yves Eonnet and Herve Manceron, Fintech: The Banks Strike Back (Dunod 2018) 74.

While banks act as fiduciaries to consumers’ money, consumers are processing payments from bank accounts through the banking system. It sets some limits on the technology and scope of those payments, as the system is highly regulated and unwilling to take a risk on modern industrial science.

E.g. MasterCard's cooperation with banks. See Nicole Jonker, ‘Regulating Interchange Fees for Card Payments’ in Jakub Górka (ed) Transforming Payment Systems in Europe (Palgrave Macmillan 2016) 174.

 The EU Commission wanted to slightly loosen up a tight-buttoned sector dominated by banks by adding additional companies to the market.

These companies under a PSD2 might provide two types of services, classified on the interference depth. The first service is called AIS (Account Information Service) and enables providers that are allowed to participate in the market (AISP) to utilize consumers’ bank account information to perform their services. AISPs are able to retrieve information from the consumer's bank account about ordered and pending payments or account balance. The same applies if the customer has multiple bank accounts. Therefore, a provider is able to give a client consolidated data or render advisory services. The information, as a bank statement, might also be proof of ordered payments. Many companies see it as an opportunity to conduct their businesses based on a possibility of using the information of a customer's bank account.

E.g. Mint.com used as an example in Alan McIntyre and Andrew McFarlane, ‘The Brave New World of Open Banking’ (Accenture, 2018) 8 <https://www.accenture.com/_acnmedia/pdf-77/accenture-brave-new-world-open-banking.pdf> accessed 17 December 2020. Although this view is not shared by everyone. See: Alan Brener ‘Payment Service Directive II and Its Implications’ in Theo Lynn and others (eds), Disrupting Finance. FinTech and Strategy in the 21st Century (Palgrave Macmillan 2019) 117.

The second service is more intrusive in bank independence and autonomy. PIS (Payment Initiation Service) allows customers to pay directly through a TPP from a bank account. A client is able to process a payment using software external to the one offered by the bank, if he granted it an explicit consent and issued a process. The service accesses a payer's account and after authorization initiates the transfer. PIS ought to become an alternative to paying online with a credit or debit card.

Michał Nowakowski, ‘Dostawca usługi inicjowania płatności – wymogi regulacyjne w świetle ustawy o usługach płatniczych i Rozporządzenia 2018/389’ (LEX 2019).

Both of these services can be provided only by the authorized entities (TPP – as above mentioned PISPs and AISPs). Once granted an authorization or entered into the register, a provider is able to connect with the banks. The possibility of accessing relevant information from the bank to provide a service is enabled through an API (Application Programming Interface). API is a set of rules in computer programming indicating how the programs communicate with each other, simplifying coding for programmers developing software.

Sascha Preibisch, API development. A Practical Guide for Business Implementation Success (Richmond 2018) 2.

To illustrate the last remark, a little comparison should be made. API is to programmers what a menu is to restaurant customers. The menu provides a list of dishes a customer can order and the restaurant's kitchen is able to prepare. Although recipes for preparing dishes aren’t contained in a menu, a customer will be provided with a finished dish. Even though the last trope was simplified, an API analogously to a menu can be understood as it is written by developers on the other side.

For the purpose of creating a real opportunity for banks to cooperate with FinTech companies on the PSD2 legal ground, banks are obliged to share their API with the authorized TPP. An API should be programmed to ensure access to necessary data for payments. Consequently, a service provider is able to execute a transfer or provide a customer with the information he wanted to receive that was gathered on the bank account. In this way, TPPs are operating on the PSD2 legal ground.
PSD2 implementation process

The establishment of PSD2 was divided into two steps, each with its own period before it could be made fully exercised. The Directive entered into force on 12 January 2016, but its rules became applicable from 13 January 2018 for all correspondent states.

PSD2 was addressed not only to EU Member States but also to three Member States of European Economic Area (Iceland, Norway and Liechtenstein), enhancing its scope. See European Banking Federation, ‘Guidance for implementation of revised Payment Services Directive’ 8 (20 December 2019) <https://www.ebf.eu/wp-content/uploads/2019/12/EBF-PSD2-guidance-Final-December-2019.pdf> accessed 17 December 2020.

Since then, each state was obliged to transpose the law into the domestic legal system or, in lieu of proper implementation, allow interested parties to apply the Directive directly due to the vertical direct effect.

The doctrine of direct effect of directives according to settled case-law of the European Court of Justice. See Paul Craig and Grainne de Burca G., EU LAW: Text, cases, materials (5th edn, Oxford University Press 2012) 194.

 However, this view still arouses controversy.

See Dorota Leszczykiewicz, ‘Effectiveness of EU Law Before National Courts: Direct Effect, Effective Judicial Protection, and State Liability’ in Anthony Arnull and Damian Chalmers (eds) Oxford Handbook of European Union Law (Oxford University Press 2015) 235.

 As an addition to PSD2, the EU Commission had foreseen security legislation on Strong Customer Authentication (SCA).

PFT Wolters and BPF Jacobs, ‘The security of access to accounts under the PSD2’ (2019) 35 Computer Law & Security Review 6.

 The following change was announced in PSD2 and is essential in providing safe transactions to all customers.

During the first step, the EC shaped new legal entities available to act under the scope of PSD2, under the category of payment services providers. It enabled all concerned to fit their services into the frames of newly enacted law under several different legal forms. A new legal framework not only provided rules adjusted to the market needs (which were also a factor in opening banking in Eastern Asia and Australia)

Countries like Japan, Singapore and Hong Kong had started with developing similar solutions within private sector. It was named market-driven approach. On the other hand, Australia introduced more specific regulation. For more information, see Basel Committee on Banking Supervision, Report on open banking and application programming interfaces (19 November 2019) <https://www.bis.org/bcbs/publ/d486.htm> accessed 17 December 2020.

but also set a target in protecting consumers’ rights.

Jan Byrski, ‘Consumer Protection under Directive 2015/2366 on Payment Services in the Internal Market – Selected Issues’, (2017) 8 Cracow Review of Economics and Management 25.

 Furthermore, the upcoming supplementary legislation should fully secure consumers using TPP while processing payments.

PSD2 implementation into UK domestic law was done through the 2017 Payment Services Regulations

The Payment Services Regulations 2017, SI 2017/752.

, which came into force on time.

Rory Copeland, ‘Regulatory revolution and new competition in the European Union payments industry’ (2018) 9 N. Ir. Legal Q. 215.

 The process was successful and UK withdrawal from the EU did not cause a delay.

In contrast to the UK, PSD2 implementation to Polish law was postponed. The Directive draft legal act was published in the Government Legislation Centre (Rządowe Centrum Legislacji) in May 2017,

Government Legislation Centre (Rządowe Centrum Legislacji), ‘Projekt ustawy o zmianie ustawy o usługach płatniczych oraz niektórych innych ustaw’ (Legislative procedure, 23 January 2018) <https://legislacja.rcl.gov.pl/projekt/12298151> accessed 17 December 2020.

but it was adopted in the parliamentary act from 10 May 2018, which entered into force on 20 June 2018.

Ustawa z dnia 10 maja 2018 r. o zmianie ustawy o usługach płatniczych oraz niektórych innych ustaw, Dz.U. 2018 poz. 1075.

 Due to the directive doctrine of direct effect mentioned above, an interested party could demand a chance on taking advantage of PSD2 provisions since the termination date of an implementation date. With that in mind, Polish Financial Supervisory Authority divided implementation into two periods:

First transitional period – from the 13 January 2018 up to the moment of adoption of parliamentary act implementing PSD2 changes to Polish domestic law.

Second transitional period – since the moment of adoption of parliamentary act implementing PSD2 changes to polish domestic law up to the introduction of Regulatory Technical Standards (RTS).

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, (C/2017/7782).

,

UKNF, ‘Komunikat Urzędu Komisji Nadzoru Finansowego dot. wybranych oczekiwań nadzorczych w odniesieniu do okresu przejściowego związanego z implementacją Dyrektywy PSD2’ (12 January 2018) <https://www.knf.gov.pl/o_nas/komunikaty?articleId=60679&p_id=18> accessed 17 December.

While a second transitional period was fully dependent on the EU authorities’ introduction of the supplementary legislation, the first one occurred because of a delay in implementation at the governmental level. With the moment of adoption changes in the parliamentary act, the main process of transition was over,

Marcin Olechowski, Wojciech Iwański, ‘Poland: open banking when will it start?’, (International Financial Law Review, 25 February 2019), <https://www.iflr.com/article/b1lmxcd7qpmbsq/poland-open-banking-when-will-it-start> accessed 17 December 2020.

since the RTS was introduced in the EU Commission Regulation.

UKNF (n 34).
PSD2 impact analysis: UK and Poland study

When the PSD2 was announced, as an upcoming legal act addressed to all Member States of the EU and three more EEA countries, it was seen as a game-changer. Many journalists in the financial newspapers predicted a revolution in the payment services market.

See The Economist, ‘Open plan’ (12 January 2019) 60.

The next part of the research is devoted to the United Kingdom and Poland market analysis after the PSD2 introduction.

United Kingdom

The United Kingdom, with London as a financial centre, is perceived as a European leader in banking and financial services.

Ronald C. Michie, British Banking. Continuity and Change from 1694 to the Present (Oxford University Press 2016) 164.

What is more, the United Kingdom started introducing similar domestic legislation even before PSD2 was adopted, under the working title ‘Open Banking’. The name revealed what is essential for a future act, bringing new providers to the payment services market.

Markos Zachariadis and Pinar Ozcan, ‘The Api Economy And Digital Transformation In Financial Services: The Case Of Open Banking’ (2017) 2016-001 SWIFT Institute Working Paper 3.

Open Banking targeted similar goals as PSD2, hence in the 2017 Budget, HM Treasury announced that Open Banking Standards would cover PSD2 solutions.

Jelena Madir, FinTech: Law and Regulation (Edward Elgar 2019) 37.

The Financial Conduct Authority, as an entity liable for introducing and overseeing changes to the financial market in the UK, continued the implementation process by creating an easy-accessible payment services register, which shows AISPs and PISPs.

Boumediene Ramdani, Ben Rothwell and Elias Boukrami, ‘Open Banking: The Emergence of New Digital Business Models’ (2020) 17 International Journal of Innovation and Technology Management (IJITM) 1.

In the register, one is able to find 219 entities authorized to provide AIS or PIS, with 92 of them registered within the first 12 months. Many of the registered are banks and well-recognized financial firms. However, start-ups and other small companies managed to enter the register.

FCA, ‘Financial Services Register’ <https://register.fca.org.uk/s/> accessed 15 June 2020.

A comparison of the number of above-mentioned companies with the overall number of start-ups and banks provides subsequent results. Britain's market contains over 1600 FinTech start-ups and 89 000 finance and insurance firms.

Tomas Helm, Alex Low and Joshua Townson, ‘UK FinTech State of the Nation’, (Department for International Trade, April 2019) <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/801277/UK-fintech-state-of-the-nation.pdf> accessed 17 December 2020.

Only a small proportion of these companies decided to exercise the possibility of providing payment services under PSD2.
Poland

Poland, besides a delay in implementing PSD2 in domestic legal order, perceived the Directive as a great opportunity for further development.

Kamil Leżoń, ‘Otwarta bankowość w świetle wymogów dyrektywy PSD2 – wyzwania i perspektywy rozwoju dla polskiego sektora FinTech’ (KNF, 2019) <https://www.knf.gov.pl/knf/pl/komponenty/img/Otwarta%20bankowość%20w%20świetle%20wymogów%20dyrektywy%20PSD2_68605.pdf> accessed 17 December 2020.

The domestic market in Poland is smaller than in the United Kingdom. The number of companies is estimated to consist of over 100 FinTech start-ups

Róża Milic-Czerniak, ‘Rola fintechów w rozwoju innowacji finansowych’ (2019) 57 Studia BAS 37.

 and over 1500 financial institutions (instytucje finansowe; companies allowed to conduct a regulated financial activity, e.g. banks, credit unions, insurance companies, etc.).

Krzysztof Markowski and others, Rozwój systemu finansowego w Polsce w 2018 r. (NBP 2019) 21.

One of the first steps taken concerned creating a standardized API for all interested banks operating in Poland. The Union of Polish Banks (Związek Banków Polskich) decided to build PolishAPI. The initiative aimed to not only develop a standardized interface but also support improving new technical solutions and lower the costs of implementing PSD2. Under Polish API, entities could have the possibility to use a testing environment (sandbox) in which software and programs could be revamped. The latter was introduced in announcements as HUB PSD2.

KIR, ‘KIR dostarczy usługi wspieraj ące standard Polish API’ <https://www.kir.pl/o-nas/aktualnosci/kir-dostarczy-uslugi-wspierajace-standard-polish-api,217.html> (Announcement, 23 January 2018) accessed 17 December 2020.

Polish API is being used in almost the entire Polish banking sector.

The only two banks using their own systems are: Citi Handlowy and Volkswagen Financial Services. See ZBP, ‘Commercial banks’, <https://polishapi.org/en/commercial-banks/> accessed 17 December 2020.

It works as a first of two forecasted possibilities in the art. 31 of European Commission delegated regulation on RTS, dedicated interface for connecting AISP and PISP with banks. According to the Union of Polish Banks, Polish API is still being developed and improved.

Kamil Leżoń (n 44) 64.

 Authorized providers are required, in order to operate with the banks’ API, to have the recent certificates provided by the National Clearing House (Krajowa Izba Rozliczeniowa; KIR).

Michał Nowakowski, ‘PolishAPI, czyli unikalny specjalny interfejs dostępowy Związku Banków Polskich’ (LEX 2019).

Polish authorities decided to only reveal AISPs in the registry of authorized entities. In the registry, only four entities are listed (as of 17 December 2020).

KNF, ‘System ERUP KNF v 2.0’ <https://e-rup.knf.gov.pl/index.html?type=PSD_AISP> accessed 17 December 2020.

However, the information received from the Spokesperson shows that in Poland for AIS or PIS applied many more entities exist (see Table 1).

Email from KNF spokesperson Jacek Barszczewski to author (17 December 2020).

Number of AIS or PIS requests

Legal entities AIS PIS
Number of requests Number of granted requests Number of requests Number of granted requests
Banks 11 11 11 11
Only AISPs 12 4 X X

Source: own analysis based on the information received from KNF spokesperson.

The table shows that the acceptance rate of requests for banks is significantly higher and no bank's request for providing AIS or PIS services was rejected. For companies requesting for AISP, only a few requests were granted.
Summary

The repeal of the first Payment Service Directive and introduction of PSD2 tried to alter the current payment services market by providing a fresh regulatory framework corresponding to the market needs. The legislation has brought in tools allowing companies without a banking license to provide payment services if properly permitted by the domestic supervisory authority. It also made a change in terms of unifying payment services across the EEA through the rules transposed to the domestic legal systems. But was the market revolutionized?

The research reveals two things. In terms of numbers, the payment services market did not change considerably. On the one hand, only some companies operating within the payment services market used legal solutions to assess the new possibilities, the vast majority continued to run as they used to before PSD2 implementation. The EC indicated an increase in competition as one of the PSD2 objectives. While in Poland only a few non-bank companies were granted either AISP or PISP status, in the UK the number of such companies was much higher, with a higher share of non-bank companies, although given the number of firms in the sector it is also only small percentage. This objective has to be assessed only partially positively.

On the other hand, introduced changes have covered the entire payment services market with the complex regulation. Despite delayed implementation in a few countries like Poland, all correspondent states eventually implemented PSD2 into domestic law orders.

The Directive made a step forward towards a digitalized payment services market. The legislation in force is definitely more relevant to the existing market. By means like SCA, the general level of security in electronic payments has also increased. All the goals seem to be achieved except for the principal one, banks seem to be at the very place they were before the PSD2 and minor competitors have only slightly entered the market.
eISSN:
2084-1264
Langue:
Anglais
Périodicité:
2 fois par an
Sujets de la revue:
Law, Public Law, other
RSS Feed de la revue