The short answer is 'not much'. While PSD2 could bring changes in the long-term (more competition, collaboration and innovation), in the short-term it's more of a slow transition than a big bang. That said, we don't know for sure if Saturday could hold some surprises – will the transition to open banking be seamless and hitch-free? Speaking to CNBC in November last year, Tom Blomfield, co-founder and chief executive of UK digital financial bank Monzo, said: “It's just unclear how PSD2 is going to roll out in January. Is it going to be smooth or bumpy? We don't quite know yet.”
Slow transition period
But the facts seem to suggest that the PSD2 deadline will not be a big bang but more the start of a slow and staggered transition period that will certainly last throughout 2018 – until the last of the PSD2 provisions are finalised and have gone through the official European Commission processes.
Delays have been announced well in advance of the deadline and the European Banking Authority (EBA) outlined some of the transitional issues that need to be addressed for a clean roll-out across all 28 EU member states. In an announcement last month it noted: "Either because of a delay in adoption or because PSD2 intended it to be so, not all the provisions of PSD2 or EBA technical standards and guidelines will be applicable on 13 January 2018."
12 provisions of PSD2
The EBA has developed 12 instruments under PSD2 – but only 10 are expected to be finalised by 13 January and only three will actually be applicable from that date due to the time it takes for EBA technical standards or EBA guidelines to be either published in the EU's Official Journal (OJEU) or to be translated into all official EU languages.
Therefore, the EBA expects only the following three mandates to be applicable from 13 January:
- the RTS on passporting (EBA-RTS-2016-08) that were published in the OJEU on 11 November 20173;
- guidelines on authorisation and registration (EBA-GL-2017-09); and
- guidelines on the minimum amount of professional indemnity insurance (EBA-GL- 2017-08).
The EBA comments: “These three mandates support key provisions of PSD2, and their completion and legal application ensures that, from the first day of PSD2, legal entities know how to obtain authorisation or registration; know what insurance cover or guarantee to take out for that purpose; and be able to passport into other EU Member States using consistent processes.”
The EBA expects that the following three guidelines will apply during Q1 of 2018:
- guidelines on incident reporting (EBA-GL-2017-10);
- guidelines on procedures set up by competent authorities (CAs) for complaints of alleged infringements (EBA- GL-2017-13); and
- guidelines on security measures for operational and security risks (EBA-GL-2017-17).
That leaves a further six instruments, most but not all of which have been finalised and submitted to the European Commission. Those instruments are on:
- fraud reporting;
- strong customer authentication (SCA);
- common and secure communication;
- the EBA register;
- central contact points; and
- home-host cooperation.
So, even though this coming Saturday is the deadline day, most of the provisions under PSD2 will not apply until later this year. Payment institutions should note, however that they must be authorised or registered in line with PSD2 requirements. The EBA states: “Payment institutions, electronic money Institutions, account information service providers (AISPs) and payment initiation service providers (PISPs) cannot start operating or continue to operate from 13 January 2018 unless they are authorised or registered under PSD2 or are exempted from immediate authorisation.”
CTMfile take: The EBA's opinion on the transition to PSD2 provides more detail on what we can expect come Saturday.
9 facts to clarify how PSD2 will affect security and e-payments
A fact sheet published by the European Commission explains how the payments directive will pave the way for innovation and enable a safer payments environment for consumers and businesses
Banks face PSD2 compliance challenge before 2018
Few banks are ready for the revised EU Payments Services Directive (PSD2) and just 9 per cent were in the implementation stage of the new PSD2 requirements earlier this year
EBA publishes final guidelines on PSD2 security measures
Guidelines for appropriate security measures to mitigate operational and security risks under PSD2 have been issued by the European Banking Authority