Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52023SC0232

    COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the documents Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services in the internal market and amending Regulation (EU) No 1093/2010 and Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC

    SWD/2023/232 final

    Brussels, 28.6.2023

    SWD(2023) 232 final

    COMMISSION STAFF WORKING DOCUMENT

    EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT

    Accompanying the documents

    Proposal for a

    REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

    on payment services in the internal market and amending Regulation (EU) No 1093/2010



    and



    Proposal for a

    DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

    on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC

    {COM(2023) 366 final} - {COM(2023) 367 final} - {SEC(2023) 256 final} - {SWD(2023) 231 final}


    Executive Summary Sheet

    Impact assessment on Commission proposal for: a regulation on payment services in the internal market, and a directive on payment services and electronic money services in the internal market

    A. Need for action

    Why? What is the problem being addressed?

    The Second Payment Services Directive of 2015 (PSD2, Directive 2015/2366) forms the legal framework for payments in the EU. An evaluation of PSD2, which is annexed to the Impact Assessment, found that, while significant improvements have been observed in the payments sector since PSD2 application, the objectives of PSD2 have been only partially achieved. The four issues around which the Impact Assessment is based are:

    ·Consumers remain at risk of fraud (especially social engineering fraud) and lack confidence in payments, despite the success of Strong Customer Authentication (SCA), introduced by PSD2, in eliminating fraud in payments subject to SCA.

    ·The Open Banking (OB) market functions imperfectly. OB is the process by which Third Party Providers provide value added services to users by accessing – with the user’s consent - their payment account data. This market has grown since PSD2, but there are many complaints about inadequate interfaces for data exchange, hindering market development.

    ·Supervisors have inconsistent powers and obligations and enforcement and implementation of PSD2 varies between Member States.

    ·There is an unlevel playing field between banks and non-bank Payment Service Providers (PSPs), especially as regards access to payment systems. Non-bank PSPs find it difficult to open an account with commercial banks (which is essential to obtain a license) and are barred from direct participation in some major EU payment systems by the Settlement Finality Directive (SFD, Directive 1998/26).

    The drivers of these problems (apart from constant evolution of payment fraud) are essentially regulatory in nature (gaps and imperfections in the legal framework).

    The consequences of the problems are:

    ·Payment service users (consumers merchants SMEs) face continuing fraud risk, limited choice of payment services and higher prices;

    ·PSPs which are Open Banking providers face obstacles to offering basic OB services and find it harder to innovate;

    ·PSPs in general face uncertainty about their obligations, and non-bank PSPs are at a competitive disadvantage compared with banks;

    ·The economy is hindered by inefficiencies in payments, causing higher costs of commercial operations;

    ·The single market is fragmented, with activities such as forum shopping.

    What is this initiative expected to achieve?

    This initiative has four specific objectives:

    1.    Strengthen user rights and protection against fraud; 

    2.    Enhance the competitiveness of Open Banking services;

    3.    Improve enforcement and implementation in Member States; 

    4.    Improve (direct or indirect) access to payment systems and bank accounts for non-bank PSPs.

    It will also contribute to administrative simplification by bringing together the regimes for the two types of non-bank PSP, Payment Institutions and E-Money Institutions, which hitherto have been contained in different pieces of legislation.

    The initiative also contains measures to improve consumer rights and information, financial inclusion of disabled persons and others who experience difficulties to use SCA, and to improve the availability of cash.

    What is the value added of action at the EU level? 

    The demand for cross-border payment activities has always been a key factor justifying EU legislation in the field of payments (PSD1 of 2007 and PSD2), both as regards cross-border payments, and cross-border provision of payment services in the single market. Companies are actively making use of both passporting and establishment in different national jurisdictions. Only EU level action can bring about a single payments market.

    B. Solutions

    What legislative and non-legislative policy options have been considered? Is there a preferred choice or not? Why? 

    Non-legislative options were not considered, bearing in mind that the problem drivers are essentially legislative. Options which would have caused significant costs or upheaval in the market, for uncertain benefit, were rejected. These included: a full liability on banks and other PSPs for fraudulent payments caused by social engineering; for Open Banking, requiring a standardised data access interface and removing the current requirement for OB operations to be possible without a contractual basis and without a charge being applied; creating a new EU agency for implementation of Open Banking rules.

    The retained options were as follows:

    1.To strengthen consumer protection against payment fraud: measures to increase the use of SCA, a legal basis for exchange of information between PSPs on fraud, extension of IBAN/name of payee verification systems to all credit transfers (currently only envisaged for instant payments), and conditional reversal of liability – from users to PSP - for social engineering fraud in specific cases of inadequacies by PSPs (IBAN/name check not functioning and fraud involving impersonation of bank employees).

    2.To enhance the functioning of Open Banking, requirement for a dedicated data access interface; permission dashboards” for consumers to control better their data, new requirements on OB data access interfaces, specifying in more detail minimum requirements for interfaces by which data is made available.

    3.To improve enforcement and implementation in Member States: replacing the greater part of PSD2 with a directly-applicable Regulation clarifying aspects of PSD2 which are unclear or ambiguous; strengthening provisions on penalties.

    4.To ensure a level playing field for all PSPs regarding access to payment systems: strengthen non-bank PSPs’ rights to indirect access via a bank account; granting the possibility of direct participation of non-bank PSPs to all payment systems, including those designated by Member States pursuant to the SFD, with clarifications on admission and risk assessment procedures.

    Who supports which option? 

    Regarding fraud prevention, there was a broad desire for clarifications on the use of SCA, to prevent certain payments being incorrectly exempted from SCA. Consumer bodies supported measures to facilitate the use of SCA for persons with disabilities and other persons experiencing difficulties with SCA. Consumer representatives would have preferred a more far-reaching liability on banks for authorised fraudulent payments.

    In Open Banking, banks broadly desired the right to charge data users for access to customer data; some data users desired a specific enforcement body. There was little support for imposing standardised data interfaces, given the large sunk costs for existing interfaces.

    There was broad support for enacting many provisions of PSD2 in a Regulation, although certain Member States were reluctant. Strengthening penalties in PSD2 was supported mainly by consumer organisations and non-bank PSPs.

    Regarding access to payment systems, non-banks broadly supported allowing them direct access to systems designated under SFD, while banks broadly considered the present situation satisfactory. Public authorities had varying positions.

    C. Impacts of the preferred option

    What are the benefits of the preferred option (if any, otherwise main ones)? 

    The main benefits will be: a reduction in social engineering fraud (estimated at €323 million per year); increased development of Open Banking, involving more innovation and new services offered; greater competition between banks and non-banks in payment services leading to downward pressure on prices; better functioning of the single market for payments, due to improved enforcement and implementation.

    What are the costs of the preferred option (if any, otherwise main ones)? 

    The most costly options having been rejected, the retained options with notable implementation costs are:

    ·Extension of IBAN/name of payee verification to payments and PSPs not already covered by the Commission’s proposal on instant payments. This will cover 1200-1300 PSPs (largely in non-eurozone Member States) at a cost averaging a few hundred thousand euros one-off cost and a few tens of thousands of euros annual maintenance cost. However, charging customers for the use of this service will be allowed, permitting some cost recovery.

    ·In Open Banking, the creation of permissions dashboards will cost up to €47 million in one-off costs for banks and other payment account providers. Upgrading data interfaces to the new minimum requirements should have a one-off cost around €185 million, offset by the removal of a current requirement for a “fallback interface” and other savings.

    ·Major payment systems, to which non-bank PSPs will henceforth have potential access, will have to deal with applications for participation from non-bank PSPs, with administrative consequences.

    ·Other measures in the initiative will have real but limited costs for PSPs, for example measures to facilitate the use of SCA and anti-fraud awareness campaigns.

    How will businesses, SMEs and micro-enterprises be affected?

    SMEs are concerned by this initiative in two capacities, as users of payment services (such as merchants or business users) and as PSPs, including payment fintechs (smaller PSPs, start-ups etc.). They are thus on both the supply and demand side of the payments market. Benefits for SMEs as merchants and other corporate users of payment systems will be access to a greater range of payment services at more competitive prices. SMEs which are payment fintechs (Open Banking TPPs or non-bank PSPs) will benefit from the improved functioning of OB interfaces or better access to payment systems. Overall, SMEs on both sides of the market are expected to be net gainers from this initiative.

    Will there be significant impacts on national budgets and administrations? 

    Enhanced enforcement and implementation activity, including in the area of Open Banking, will require many national supervisors to reinforce their staffing in the payments area.

    Will there be other significant impacts? 

    The initiative contains measures to improve the coherence of payments rules with the General Data Protection regulation, for example clarifying the application in the payments area of the GDPR concepts of explicit consent, silent party data, and processing of special categories of data.

    D. Follow up

    When will the policy be reviewed?

    A review clause will require a review of the new legislation five years after its application.

    Top