Open Finance is becoming a pivotal element in the evolution of the European Union’s regulatory framework for payment services, most notably embodied in the anticipated Third Payment Services Directive (“PSD3”). The European Banking Authority (“EBA”) has proposed significant revisions to the current legislation, many of which aim to further the objectives of enhancing competition, facilitating innovation, increasing payment transaction security, protecting consumers, and creating a unified EU retail payments market.
The second version of the Payment Services Directive1 (“PSD2”) was last updated in 2015 and came into force in 2018. PSD2 not only offers clear guidelines to the payment service providers (“PSPs”) but also increases the rights of customers from the first PSD. Lately, the EU Commission has been consulting stakeholders on amending PSD2. If a new text is approved, the next version of the PSD (i.e., “PSD3”) would likely take years to come into effect. The PSD2 was transposed in Malta through the Financial Institutions Act, Chapter 376 of the Laws of Malta and PSD3 would most likely follow suit.
One of the most influential replies to the EU Commission’s consultation on PSD3 is the European Banking Authority’s (“EBA”) “Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2).” 2
In paragraph 409 of its opinion, the EBA notes that “Open Finance, or the expansion from access to payment accounts data towards access to other types of financial data has the potential to further spur innovations in the financial sector, to the benefit of consumers and the overall financial ecosystem.” 3 This expanded access could span a multitude of financial services data, potentially including mortgages, savings, pension services, and insurance.
There are potential benefits for consumers and financial institutions alike. Open Finance could lead to increased competition among financial service providers, resulting in more innovative products and services for consumers. It could also provide a more comprehensive view of a consumer’s financial situation, allowing for more personalized advice and recommendations from financial institutions.
One of the key proposals under consideration in PSD3 relates to the standardisation of application programming interfaces (“APIs”) across the EU. The EBA suggests the development of a common API standard across the EU, maintained by the industry, to enable third party providers to have a dedicated interface for accessing customer data from account-servicing payment service providers (i.e., ASPSPs). This standardisation could facilitate broader implementation of open finance principles, fostering competition and innovation.
However, EBA’s proposed changes relating to Open Finance also bring with them numerous legal implications and potential challenges. One major legal consideration is the balance between increased access to data and the protection of customer privacy and data security. With more entities gaining access to sensitive financial data, there will be a pressing need to ensure robust safeguards are in place to prevent data breaches and misuse.
As the EBA explained, Open Finance refers to the expansion of access to customer data beyond payment accounts, towards other types of financial data such as savings, investments, and insurance data. PSD2 had introduced detailed security requirements, including strong customer authentication (“SCA”), for accessing payment accounts online and the EBA recommends that these SCAs should be further enhanced in PSD3.
The customer’s trust is crucial for a successful Open-Finance ecosystem. In fact, the EBA opines in paragraph 413 of its opinion that “any future legal framework on Open Finance would need to ensure that there are adequate security requirements in place to ensure the safety of customers’ data and reduce the risk of fraud and scams. This is essential in order to build customers’ trust in Open Finance.”4
A common ground is perhaps achieved by the European Commission’s Expert Group on European Financial Data which in a document titled ‘Report on Open Finance’ 5 explains that the legal basis of Open Finance can be determined either through a voluntary framework built upon contractual schemes, or a compulsory framework. Presently, both frameworks are present in specific sectors within the market: voluntary data sharing among financial firms is observed as a market-driven approach, on the other hand, specific regulatory obligations (such as the access to payments account data outlined in PSD2 and the requirement for data portability as stated in the General Data Protection Regulation) create obligations to make specific data available. Nevertheless, the EU Commission’s Expert Group refrains from picking the better framework.
Although there are potential challenges associated with expanding Open Finance in PSD3, this concept has significant potential to help in the ongoing transformation of the financial services industry. It will be important for legislators and supervisory authorities to consider the legal implications of Open Finance and ensure that any future legal framework addresses the data-protection risks while also promoting innovation and competition in the EU’s fintech industry.
- Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC < https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366 >
- European Banking Authority,  ‘Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2)’ < https://shorturl.at/fktN4 >
- Ibid para 409
- Ibid para 413
- European Commission, Report on Open Finance  < https://finance.ec.europa.eu/publications/report-open-finance_en > page 7
Disclaimer: This document does not purport to give legal, financial or tax advice. Should you require further information or legal assistance, please do not hesitate to contact Dr. Mario Mizzi