BT-REQ-3972 PSD3 Impacts v6(without crop marks) RL - Flipbook - Page 3
3
HL | PSD3 Impacts
Who is impacted?
The proposals affect different parties in
different ways:
EMIs will need to consider their approach to
safeguarding due to the merging of the money
and payments regimes and will have to register
their distributors with regulatory authorities.
Consumer facing PSPs will need to grapple
with an increased liability regime that will
encompass authorised push payment fraud
(the extent of which is “TBD”) alongside
the existing regime for unauthorised
and defective transactions, and remain liable
to the consumer potentially for longer than the
13- month protection first introduced under PSD1.
Corporate facing ASPSPs may have much less
discretion when it comes to the requirement to
provide banking services to other PSPs.
1. Introduction
Given the sea change of PSD2, one might expect the
prospect of the proposed PSD3 and PSR to have PSPs
groaning at the thought of yet more root and branch
reg change projects. However, whilst the proposals
are certainly wide-ranging and will require PSPs
to make further changes, this latest chapter in the
ongoing saga of payments regulation is slightly more
“evolution” than the “revolution” of its predecessor.
That is not to say the changes required will be
insignificant or unchallenging (not least in terms
of the tech and ops projects the proposed changes
appear to require). However, the legislative package
is less all encompassing in its vision, building on
various aspects of the PSD2 regime.
Following the publication of the Council Text,
this briefing has been updated and summarises
the impact of the draft proposals in all three texts
thematically, highlighting the areas where the
trilogue process might shift the dial further, and
flagging where changes might need to be reflected in
PSPs’ businesses. See our “at a glance” table mapping
these changes.
ASPSPs will have to review their SCA solutions –
with an increased focus on ensuring non-tech
savvy PSUs are not left behind - as well as TPP
access solutions, which are expected to be
dedicated interface solutions rather than modified
customer interfaces. Additionally, ASPSPs will
be required to enable PSUs to manage the various
consents they have given to TPPs centrally, within
the ASPSP domain via a “dashboard”.
“Big Tech” will face the challenge of indirect
regulation as legislators seek to expand the scope
of payment regulations.
ASPSPs will need to share details of accounts/
customers that are suspected of operating
fraudulently.
Online platforms that have made use of
the commercial agent exemption will need to
consider if they can still operate without needing
to be authorised or at least partner with a PSP to
continue their operations.
PSPs will need to provide the additional
information they are required to provide to
the regulatory authorities within the two-year
transitional period.
CASPs may need to become dual authorised to
provide payment services in EMTs.
