Updated: October 2019
Harmonisation remains lacking between the various APIs (Application Programming Interfaces) or API initiatives.
This is one of the greatest challenges in the PSD2 implementation process. If this process continues forward
beyond PSD2 – and if it is to be envisaged as a suitable future-oriented way towards some form of wellunderstood open banking – then it is important that work in the ERPB SEPA API Access Scheme Working
Group be retaken. That work should aim to create a more standardized API environment in Europe. Creating
such a common API scheme would greatly reduce investments required for a PSP to connect to another PSP,
hence further strengthening the European payments ecosystem. It is important, however, that data sharing
can continue to be performed on commercial terms and reciprocity and with utmost respect to consumer
protection. It is also important to continue this stream of work as it gathers in the same forum participants from
all parts of the industry along with supervisors and regulators. Given the opportunity, ESBG will continue to
support further standardisation of European APIs and the interconnectivity throughout the industry. ESBG
supports as well a data-sharing economy based on mutual benefits and reciprocity.
Concerning instant payments, it is important that the industry continue to support the work done by European
market infrastructures such as the TIPS system of the ECB or other privately developed ones. This could be
done by building further applications based on these infrastructures, especially on a pan-European level.
Here it is especially relevant that the dialogue between policy makers, infrastructure providers and the industry
intensifies to reach the most optimal outcome that also should be based on a business model that is attractive
to all participants.
PSD2 and GDPR both cater for third party access to customer data. PSD2 is limited to data from payments accounts
and payments data, where this data should be made available for free based on a consent given by the
customer to other licensed Payment Service Providers (PSPs). Under GDPR, this process is somewhat different,
requiring an explicit consent and requiring access to data is on specific terms. The major challenge for access
to PSD2 data is to ensure that it is performed in a safe and secure manner, preferably through dedicated interfaces
so called APIs and with Secure Customer Authentication. These two factors together with the commercial terms
will be the next challenges in building a safe and fair European open banking ecosystem for all stakeholders.
To ensure this happens, the Euro Retail Payments Board (ERPB) has set up a Working Group on a Single Euro
Payments Area (SEPA) API Access Scheme that embraces a scope going beyond PSD2 and that recognises
the need for mutually beneficial agreements between third-party payment providers (TPPs) and Account
Servicing Payment Service Providers (ASPSPs, or de facto banks). The success of this scheme is vital to ensure
a quick transition into transfer of data through APIs as the main channel of transfer. This will provide customers
with a safe environment to use different types of financial products in a digitalized ecosystem. The Working
Group has published their report in June 2019, and several next steps were identified. A small set of
stakeholders (TPPs) did not agree on all the next steps, however, so the work has come to a standstill for the
time being. Banks consider it extremely critical to have a scheme – built upon mutual benefits – in place as a
critical building block towards open banking and a data sharing economy.
On instant payments and as solution to address a greater European sovereignty in the area of payments,
reachability and interoperability are key concerns, in particular in light of the political dimension of instant payments
as they could be an instrument to enhance European sovereignty in payments. Various market initiatives based
on instant payments already exist, most of them with local focus though. It should be noted though that different
consumer preferences exist across Europe when it comes to payments, and it is not likely to expect that one
instant payments “killer” solution will replace, in a predictable future, other widely popular payment products,
most notably cards and even cash. Further, whilst there is support for the ambition for pan-European payment
solutions, it is a key requirement that there is certainty about the underlying business models for such solutions.
We fully support the principles of PSD2 and GDPR, but certain factors need to be taken into
consideration. Those include:
Also, beyond PSD2 and on the road towards open banking and a data sharing economy, there is need
for a more fair foundation to be put be in place. An access scheme that clearly spells out rights and
obligations, based on mutual benefits, can provide the necessary building block safeguarding the
interests for all involved.
The payments industry already supports instant payments at pan-European level and instant
payments solutions exist at domestic level in many countries. At the same time, the industry stands
ready to support new pan European initiatives. But before compelling customer propositions can be
developed, there is need for certainty about a sustainable business model for instant payments, as
the massive investments required need to be offset by a proper business case. Previous attempts to
develop pan-European payment solutions – notably in the area of payment cards – failed due to the
lack of support from the policymakers for a proper business model. There is a sense of urgency to
develop European payment solutions to remain relevant. We ask policymakers provide support.
The Lisbon agenda back in 2000 provided the starting point for the creation of the ‘Single Euro Payments Area’
(SEPA) based on the euro common currency. A major objective was a harmonisation of existing legacy payment
schemes in the euro area, which led to the introduction of four pan-European payment schemes for credit
transfers and direct debits since 2008 with pan-European reach.
A next big step was the migration to the new payment schemes. One important legislative instrument was the
Payment Services Directive (PSD) published in 2007 that formed an important step towards a legally
harmonised payments area. The revised PSD2 (2015) objectives include making payments more secure and
contribute to a more integrated, innovative and efficient European Payments Market. PSD2 enables thirdparties to build financial services on top of banks’ data and infrastructure by accessing bank customers’
payment accounts through online interfaces. This allows both retail and corporate customers to use licensed
TPPs to support managing their payments services with their ASPSPs. In parallel, European policymakers are
particularly keen on ensuring that future developments in the field of instant payments lead to the emergence
of EU-wide cross-border instant payment solution(s) in euro. This chapter addresses both PSD2/open banking
and instant payments topics.
PSD2 was published in December 2015 in the Official Journal and is applicable from 13 January 2018.
However, the final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and
Common Secure Communications (CSC) – i.e. how TPPs are allowed to access customer payment accounts
– apply first on the 14th of September 2019. To this RTS, the European Banking Authority (EBA) has published
Guidelines that aim at specifying the conditions that need to be met in order for the bank to restrict access to
payment accounts exclusively through dedicated interfaces (APIs); this by obtaining an exemption from the
obligation to offer a fall-back solution (contingency method of access through screen scraping) from its National
Competent Authority (NCA). The EBA has also published an Opinion on this matter, and has also provided
clarifications via their Q&A process. This access to payment accounts is seen as one of the first building blocks
to European open banking.
With respect to instant payments (or real-time payments), as per the European policymakers, the need for
European instant payment providers is a question of ensuring “political sovereignty”, alluding to fears that
foreign governments could hold leverage over the EU if global companies from non-European countries – such
as the United States and China – become too prominent across the Continent. The experiences in the cards
world, where in fact American card schemes provide the only solutions that make card transactions work
across Europe, drive this fear.
>> Related: Remittances