Konsentus Powering Trust in Open Ecosystems

The connections between Third Party Providers and Financial Institutions under PSD2

Share This Post

Foreword

The EU’s revised Payment Services Directive – PSD2 – is probably one of the most ambitious and impactful pieces of legislation ever to be enforced in the European financial industry.

Not surprisingly, the implementation across Europe comes with a high degree of complexity and offers many challenges. Some of these challenges have to do with the introduction of new roles in the industry, others are due to the obligations and liabilities attached to some of these new roles. The remaining challenges result from the rather tricky new encounters between some of the players, notably the so-called Third Party Providers (TPPs) and the European Financial Institutions (i.e. Credit Institutions (banks), Payment Service Providers (PSPs) and Electronic Money Institutions (EMIs)), which, in PSD2 terms, are referred to as Account Servicing Payment Service Providers (ASPSPs).

The crux of the matter is that PSD2 allows a TPP to gain access to an ASPSP’s customers’ payment accounts – provided customer consent has been given. However, if something goes wrong, liability typically lies with the ASPSP. For instance, if it turns out that account access is given to a TPP who isn’t who it claims to be, and fraudulent transactions take place, the ASPSP would be liable.

PSD2 was adopted by the EU Parliament as early as October 2015 and entered into force in January 2016. The European Banking Authority (EBA) initiated discussions on The Regulatory Technical Standards (RTS) in December 2015. These continued to 2016 with the final draft of the RTS for Strong Customer Authentication and Common and Secure Communication1 (RTS for SCA and CSC) being released in February 2017 and approved by the EU in September the same year. Apart from some delays in implementation of SCA, all regulatory requirements put in place by PSD2 are now in effect. This means that the financial services market has moved beyond a general compliance race to a much more diverse situation where TPPs are now starting to deploy and grow their services on a much wider scale.

Around the time of the EBA market consultation on the draft standards in 2016, the founders of Konsentus started to wonder how the new directive would eventually cater for a completely new situation when – somewhere down the road – presumably thousands of new TPPs would knock on the doors of the c. 6,000 European banks asking for access to accounts – as granted to them by the new directive

Download the full report

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Talk with Our Team Today

Join us on the Journey

Protect your customers transacting in open ecosystems.

Get in Touch
Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.

Name(Required)

Opt-in

On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.

This field is for validation purposes and should be left unchanged.

Login to your account