FinTech: PSD II - status and bank cooperation in Norway
The Payment Services Directive (Directive 2015/2366 / EC – “PSD II”) was formally adopted on 25 November, 2015, and published in the Official Journal on 12 December, 2015. The directive replaces Directive 2007/64 / EC (PSD I). The member states have a two-year implementation deadline, 13 January, 2018. The directive must be read in conjunction with the Council Regulation (EU) 2015/751 on interbank fees for card-based payment transactions.
The purpose of the directive is to modernize the regulatory framework for payment services and to promote innovation. Furthermore, the EU wishes to increase consumer choice and reduce costs associated with the use of payment services, by facilitating that third parties may offer payment solutions.
Status of the implementation of PSDII in Norwegian law
The Norwegian Ministry of Finance has published a paper summarizing the process pertaining to the implementation of the directive. The actual timing of the implementation of PSDII into Norwegian law will depend on the order of the adoption of new financial EU-legislation, a process which until recently has been on hold due to issues regarding the EEA-supervision. The government is currently writing up legal text in order to implement EU-regulation and directives in EEA-agreement and Norwegian law. In a letter of 29 September, 2015 the Ministry of Finance asked the Norwegian FSA to prepare a consultation paper on the proposed changes. The consultation has not yet been published. Amendments to the Norwegian Financial Contracts Act and The Finance Companies Act are most likely needed.
The European Banking Authority, EBA, is currently working with technical standards, including “Consultation on Guidelines on major incidents Reporting” and consultation of 8 December, 2016 on strong customer authentication.
The main amendments
The two main changes the PSDII directive will bring are the following: 1) a broader scope than before with fewer exceptions, and 2) regulation of third parties that offer payment services (TPPs “third-party payment service providers”). The latter includes both payment order services and account services at TPPs. These operate as in-betweens between the sellers’ website and consumer’s bank. This is an alternative to credit card payments. The transactions are usually carried out without the TPP having possession of the funds. The TPP shall pursuant to the directive be registered, authorized and supervised to ensure consumer protection, security and liability for the payments.
The directive also regulates a number of measures affecting national supervisory authorities. The maximum limit on consumer losses by misuse or other irregularities which he has incurred through the use of payment services will be reduced from a maximum of 150 EUR to 50 EUR.
How Norwegian banks meet the PSDII challenge
PSDII allows for operators other than banks to offer payment services to Norwegian bank customers in the same way as Vipps and other similar solutions developed by the banks themselves. The customers consent that a third party gets access to their account information to complete payment transactions. Thus, banks must facilitate access to their customer care programs to such third parties. This, having to give new entrants access to their customer base, could pose a significant threat to banks. In addition there will be challenges with regards to secure payments, responsibility for errors and fraud, “know-your-customer” and anti-money laundering.
More than 100 banks have recently teamed up with DNB to collaborate on the mobile payment solution called Vipps, aiming to build a strong payment service provider in Norway. The theory is that if Norwegian bank customers already have access to efficient, user friendly and widely used solutions for payment services, it will most likely be harder for new service providers to enter the payments market in Norway.