The political, technical and business developments of the 21st century, above all digitalisation and globalisation, have led to a significant increase in the number of regulations for payment service providers and financial institutions. Compliance with these regulatory requirements, especially in payments, is inevitable for every financial service provider and implementation is often a challenge. Moreover, a clever, customer-friendly implementation is decisive for the market. PPI's experts accompany and support you with individual solution strategies and implementation concepts. By integrating regulatory knowledge, business requirements and IT expertise, they can deal with complex issues such as the Payment Services Directive (PSD2/PSD3), the Regulatory Technical Standards (RTS), the SEPA (Price) Regulation or the EU Funds Transfer Regulation (FTR).
Directives, regulations and laws play a decisive role in payments. They do not have to be an obstacle.
Payments are a highly regulated economic sector. Interdependencies have to be considered for a multitude of directives, regulations and laws and have an influence on every business decision. For example, it is necessary to differentiate between payments made within a country, within EU borders or in the context of non-European payments. Regulatory provisions such as the Payment Services Directive (PSD2/PSD3) or the SEPA Regulation standardise the legal framework, promote fair competition and create transparency for all parties involved. Furthermore, they serve to implement political and economic objectives, for example as an innovation incentive or to standardise markets. Their implementation and compliance continues to present challenges for payment service providers.
In order to further promote the European internal market and the necessary harmonisation of laws, European legislation is increasingly stipulating the framework conditions. In this context, the European Banking Authority (EBA) acts as an independent expert advisory body to sustainably pursue and achieve the stated objective: to create EU-wide uniform rules applicable to payment service providers in all countries of the EU.
The stability of the financial system shall also be strengthened as a result. To this end, the EBA is responsible for analysing the impact of certain regulatory instruments and continuously improving cross-border supervisory cooperation. The EBA furthermore has a statutory mandate to define Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS) for certain areas.
Network with national authorities such as BaFin
The task of the EBA, together with the European Central Bank (ECB) as the supreme European supervisory body and the national supervisory authorities of the EU member states, is to use its resources to ensure an effective and coherent level of regulation and supervision in the European banking sector. In Germany, the Federal Financial Supervisory Authority (BaFin), which is also represented in the ECB's Supervisory Board, is the national supervisory authority for the financial sector. The ECB's Supervisory Board proposes draft decisions to the Governing Council under the non-objection procedure. The ECB and BaFin also participate in the development and updating of standards and guidelines in the various EBA working groups.
The Payment Services Directive (PSD2/PSD3)
The second European Payment Services Directive, PSD2 for short, regulates central topics in payments. The PSD2 is the main regulatory cornerstone and thus forms one of the most important legal frameworks for payments. The review required by the PSD2 on its legal implementation and the associated effects has since taken place. Further already foreseeable changes and updates are expected to be published in a PSD3. Individual PSD2 guidelines have already been revised. In addition, market participants and institutions were invited to comment. One of the most important position papers published is that of the EBA dated 23/06/2022. Due to the central role of the EBA, it is an important indication for possible changes towards PSD3. Essential cornerstones will be reflected in the new set of rules.
Reporting: the EU directive on combating VAT fraud
Throughout the European Union, VAT fraud evades billions of euros in taxes every year. In order to effectively combat VAT evasion in e-commerce, payment service providers as defined by PSD2 have been obliged by the amending Directive 2020/284/EU to report certain payment data on cross-border payments to national tax authorities as of 1 January 2024. This data is then forwarded to the European Central Electronic System of Payment Information (CESOP) for retention. The aim is to strengthen the cooperation between the national authorities and improve the availability of information for the respective authorities. The data from CESOP is made available to officials of the Eurofisc network for analysis and evaluation in the course of combating VAT fraud. The European "Guidelines for the reporting of payment data from payment service providers and transmission to the Central Electronic System of Payment information (CESOP)" dated 03/08/2022 compile information on the payment data to be provided by payment service providers in the future.
The second Payment Services Directive has a whole range of different objectives that make it the most important regulatory instrument for payments in the euro area.
The European Commission, the Council of the European Union and representatives of the European Parliament reached a preliminary agreement on the Digital Operational Resilience Act (DORA) proposal on 22 May 2022. The European Commission had published the legislative proposal on DORA on 24 September 2020 as part of the "Digital Finance Package". It also includes a strategy for the digitalisation of the financial sector, legislative proposals on crypto-assets (MiCA and DLT pilot regime), legislative proposals on the operational stability of digital systems (DORA) and a retail payments strategy.
The DORA regulation pursues two important goals: firstly, to strengthen the digital resilience of financial companies throughout the EU and, secondly, to create a uniform legal framework. Among other things, it calls for the harmonised introduction of regulations on the documentation, classification and reporting of serious incidents related to information and communication technology (ICT). Requirements are also defined for ICT risk management, regular tests of the operational stability of digital systems are prescribed in the scope of business continuity management (BCM), and supervisory monitoring of third-party IT providers (TPPs) of critical systems is also intended. In the course of implementation, a fundamental structural change in supervisory governance and practice is to be expected in large parts of European financial market regulation.
Implementing regulations with PPI AG
Be it the PSD2 or soon PSD3, Accounts Directive, SEPA Regulation or changes in customer communication – PPI accompanies payment service providers and financial institutions in planning the upcoming regulatory changes and supports them in reviewing or updating already implemented requirements. Just as important as the goal of meeting the regulations is not losing sight of the stakeholders along the way. Linking regulatory requirements with positive customer and employee experiences creates significant added value for all parties involved. PPI helps with the interpretation of the requirements and derives the best possible implementation strategies together with the financial institutions.