In the ever-evolving landscape of financial regulation, the Payment Services Regulations 2017 (PSRs) and the Second Payment Services Directive (PSD2) stand out as significant frameworks governing payment services across the United Kingdom and the European Economic Area (EEA). Enacted to enhance consumer protection, foster competition, promote innovation, and drive down the costs of payment services, these regulations play pivotal roles in shaping the way payment services are provided, regulated, and experienced. Let’s delve into the key aspects of the PSRs and PSD2 to understand their implications for businesses and consumers alike.
The Payment Services Regulations 2017 (PSRs)
The Payment Services Regulations 2017, often abbreviated as PSRs, are a set of regulations implemented by the UK government to transpose PSD2 into national law. The PSRs replace the previous Payment Services Regulations 2009 and introduce several key changes and updates to reflect the evolving nature of the payments landscape.
Key Provisions of the PSRs
Scope of Regulation: The PSRs apply to a wide range of payment services, including credit transfers, direct debits, payment cards, and money remittance services. They regulate both traditional payment service providers, such as banks and payment institutions, as well as new entrants in the market, including fintech startups and electronic money institutions.
Authorisation and Registration: The PSRs establish a framework for the authorisation and registration of payment service providers (PSPs) by the relevant regulatory authorities, such as the Financial Conduct Authority (FCA) in the UK. PSPs must meet certain criteria and comply with ongoing regulatory requirements to operate legally and ensure the safety and security of payment transactions.
Consumer Protection: One of the primary objectives of the PSRs is to enhance consumer protection in payment transactions. The regulations impose obligations on PSPs to provide clear and transparent information to consumers regarding fees, charges, and terms of service. PSPs are also required to implement strong customer authentication (SCA) measures to safeguard against fraud and unauthorised transactions.
Example: Under the PSRs, PSPs must implement strong customer authentication (SCA) for certain types of electronic payment transactions. SCA involves the use of two or more factors to verify the identity of the payer, such as something the payer knows (e.g., a password or PIN), something the payer possesses (e.g., a mobile phone or token), and something the payer is (e.g., biometric data like fingerprint or facial recognition). This requirement aims to enhance the security of online payments and reduce the risk of fraud.
Security and Risk Management: The PSRs mandate PSPs to implement robust security measures and risk management practices to protect against cyber threats, data breaches, and other security vulnerabilities. PSPs must adopt measures such as encryption, tokenisation, and multi-factor authentication to ensure the integrity and confidentiality of payment data.
Open Banking and Third-Party Access: In line with the objectives of PSD2, the PSRs promote open banking and facilitate third-party access to payment account information. PSPs are required to provide access to account information and payment initiation services to authorised third-party providers (TPPs) through secure application programming interfaces (APIs). This enables consumers to share their financial data securely and initiate payments through third-party apps and services.
Implications for Businesses and Consumers
For businesses operating in the payments industry, compliance with the PSRs is essential to ensure legal compliance, maintain consumer trust, and avoid regulatory sanctions. PSPs must invest in technology, infrastructure, and expertise to meet the requirements of the regulations, including implementing strong security measures, enhancing transparency, and facilitating open banking initiatives.
For consumers, the PSRs offer greater transparency, security, and choice in payment services. By promoting competition and innovation, the regulations encourage the development of new payment solutions, improved user experiences, and enhanced financial inclusion. Consumers benefit from access to a wider range of payment options, lower fees, and increased convenience in managing their finances.
PSD2 and Its Impact
PSD2 is an EU Directive that sets requirements for firms providing payment services, and it significantly affects banks, building societies, payment institutions, e-money institutions, and their customers. In addition to promoting innovation and enhancing consumer protection, PSD2 aims to make payments safer and more secure while driving down the costs of payment services. More services, such as account aggregation and alternative online payment methods, are brought within the FCA’s scope by PSD2, providing consumers with greater choice and convenience.
Christopher Woolard, Executive Director of Strategy and Competition at the FCA, emphasises the importance of competition and consumer protection in the retail banking and payments sector. PSD2 not only enhances consumer choice but also introduces important protections and security measures to safeguard payments and financial transactions.
Summary
The Payment Services Regulations 2017, implemented in alignment with PSD2, represent a significant step forward in regulating payment services and promoting innovation in the financial sector. By enhancing consumer protection, improving payment security, and fostering competition, the PSRs and PSD2 contribute to a more transparent, efficient, and consumer-friendly payments ecosystem. It’s imperative for firms to understand and adhere to the requirements of these regulations to ensure compliance and maintain consumer trust in an increasingly digital and interconnected financial landscape.
