PSD2: The Implications for Banks and Online Businesses

header image

On 8 April 2015, Jamie Dimon, Chairman and CEO of JP Morgan, wrote to shareholders with the following caution: “Silicon Valley is coming”. This warning is often cited by those predicting the “imminent demise” of traditional banks and the rise of “FinTech”. But, fast-forward two years and Rome has not burned. The big banks are still here, and whilst FinTech continues to disrupt and challenge the financial services sector, the companies that have pioneered FinTech do not dominate the sector and the traditional banks seem pre-eminent as ever. The banks and FinTech have come to realise that they need each other. FinTech can improve bank customer participation and experience, whilst Banks can give FinTech the missing component to their businesses - users.

But will the current symbiosis last? Online businesses such as the US tech giants are viewed by many as the biggest threat to banks. In January 2017, Accenture reported that 40% of Generation Y respondents (to a survey conducted in 2016) said that they would consider banking with the US tech giants if the option were available. This threat has garnered much attention in the press, with some commentators reaching fever pitch over an incoming piece of EU legislation: the revised European Directive on Payment Services in the internal market (2015/2366/EU) (“PSD2”).

Enter PSD2

PSD2 is due for implementation across all EU Member States (including, despite Brexit, the UK) on 13 January 2018. PSD2 will replace the existing European Directive on Payment Services (2007/64/EC). One of the most significant changes under the new regime requires Member States to ensure that payment service providers (“PSPs”) and payment institutions (“PIs”) have access to credit institutions’ (i.e. banks) payment accounts services (“PAS”) on an “objective, non-discriminatory and proportionate basis”. According to HM Treasury, this does not mean that banks *must provide PSPs and PIs with access to their PAS (as some have been led to believe). It merely requires that banks treat applications by PSPs and PIs seeking access to their PAS on an equal basis. Accordingly, banks will “need to make available criteria for assessing applications for PAS to PSPs requesting such access”.

So, why is this important?

Under the previous regime, Third Party PSPs (“TPPs”) offering payment initiation or account and aggregation services faced significant barriers to operating within the internal market. PSD2 changes that. It brings those TPPs within its scope by creating two new functions: payment initiation services (“PIS”); and account information services (“AIS”). Under PSD2, online businesses authorised as PISs, will be able initiate payments on behalf of a consumer without recourse to acquirer banks and card networks. Similarly, PSD2 will enable online businesses registered as AIS to consolidate a consumer’s bank account information to provide the consumer with an instant overview of their financial situation across their various bank accounts.


The Interchange Fee Regulation has already reduced the fees that can be generated from card-based transactions in the internal market. Despite this, card-based transactions still represent a significant source of revenue for many retail banks. As described above, PSD2 creates a situation where PISs can initiate payment directly from the customer’s bank account, removing acquirer banks and card networks from the transaction. Under this scenario, the interchange fees, network fees and acquirer fees received by the customer’s bank, card network and the acquirer bank are displaced and, in effect, retained by the merchant. Whilst the gross impact of this will depend on the extent to which firms adopt PIS services, it is clear that should online businesses such as the US tech giants seek to gain authorisation as PISs, millions of daily transactions, and the fees to be generated by those transactions, could be removed from the revenues of retail banks and card networks and placed in the hands of the merchant. For organisations such as the US tech giants, the opportunities presented by gaining authorisation as a PIS are compelling. Not only will online businesses such as the US tech giants be able to pass-on the interchange, card network and acquirer fees from the transactions they process, but they will also benefit from reduced liquidity risks and the possibility of faster clearing funds.

Customer relationships

Customer engagement is critical for businesses seeking to build loyalty and cross-sell partner products and services. Indeed, many of today’s retail banks are full service firms offering current accounts, insurance, loans, financial planning, and payment services. At present, banks play a critical role in our day-to-day lives with many of us using our online banking apps to make, take, and review payments. The liberalisation of payment initiation services puts the banks at risk of losing that day-to-day role, along with the direct customer contact that comes with it. Registered AISs with access to customer account information could fulfil many of our online banking needs, creating a one-stop-shop for those seeking to review their financial status and transaction history across various bank accounts and numerous merchants. This has led some commentators to argue that banks could be reduced to nothing more than a utility service, with little or no direct contact with the customer, reducing their ability to cross-sell products.

However, banks understand change, they have seen much of it before. They are also keenly aware of the implications of PSD2 and the need to adapt their consumer offering, and whilst many consumers may have a love/hate relationship with their Banks, for most consumers, it is still their principal or only financial services relationship and may prove a hard habit to break.

The regulatory burden

In order for PISs to gain access to banks’ PAS, they must first become authorised as a PI. Applications for authorisation are governed by Article 5 of PSD2. HM Treasury has transposed the provisions of Article 5 into Regulation 6 of the draft Payment Services Regulations 2017 (“PSRs 2017”), which is extensive to say the least. For example, under Regulation 6, a PIS must:

  • be a UK company having its head office and registered office (if any) in the UK;
  • carry on at least part of its payments service business in the UK;
  • provide, or include in its application, the information set out at Schedule 2 of the PSRs 2017;
  • comply with the UK Money laundering Regulations 2007;
  • satisfy the FCA as to its compliance with the provisions of paragraphs (6), (7) and (9);
  • have, immediately before the time of authorisation, initial capital of 50,000 Euros;
  • hold professional indemnity insurance or “a comparable guarantee” against their regulatory liabilities which covers the territories in which the PIS proposes to operate. The European Banking Authority is yet to develop final guidelines on the criteria to be used by Member States to establish the minimum monetary amount of professional indemnity insurance or comparable guarantee to be held by PISs, having previously consulted on the matter; and
  • comply with its duty to notify the Authority (i.e. the Financial Conduct Authority (“FCA”) in the UK) of changes to its information.

Whilst significant, the regulatory burden is not insurmountable. The appropriate allocation of resources and careful consideration of the regulations should see most firms wishing to operate as PISs and/or AISs succeed in achieving authorisation as a PI.

In contrast, the regulatory burden for firms seeking to operate as AISs is somewhat lighter. AISs do not need to be authorised as payment institutions. Instead, an AIS must merely be registered as a PI with the competent authority. This does not mean that AISs can disregard Regulation 6 in its entirety. AISs will still need to comply with certain provisions of Regulation 6 should they seek to register with the FCA. Furthermore, whilst AISs are not required to hold a minimum amount of initial capital, they are required to hold professional indemnity insurance or “a comparable guarantee” which, amongst other things, covers the territories in which the AIS proposes to operate.

Opportunities for all

PSD2 doesn’t mean the end of the big banks. On the contrary, PSD2 offers banks the opportunity to invest in technology and build new lines of business in order to diversify and improve their current offering for their extensive consumer network. Collaboration, not competition, will continue to be the path trodden by many banks in their relationship with FinTech. But, it is likely that some banks will not see the opportunity until it is too late.

The Open Bank Project and Accenture have both produced illuminating reports which highlight some of the opportunities for banks in the payments services industry going forward. The common theme identified is that banks can leverage their expertise to create an ecosystem of consumers, PISs and AISs that trust using the banks’ services and develop on that basis. This would allow the banks to retain their position as the heart of the payments services industry, and consumers’ lives, enabling them to introduce new lines of business and create new methods by which they can cross-sell both bank and partner services.


No discussion of PSD2 is complete without mention of Brexit. On 24 June 2016, the FCA stated that “Firms must continue to abide by their obligations…derived from EU law and continue with implementation plans for legislation that is still to come into effect”. Thus, we can rest assured that, for the time being at least, the FCA will be keeping an eye on firms’ implementation activities. However, PSD2 concerns payment services in the internal market. The UK’s implementation of PSD2 does not guarantee UK firms’ access to data and payment transactions emanating from the internal market, nor does it guarantee that PISs and AISs authorised and registered as PIs by the FCA will be recognised as such across the EU. More important, perhaps, is the possibility that once Brexit has been finalised, UK based PISs and AISs may no longer be able to passport their authorisation into and across the internal market, inhibiting their ability to conduct payments services business in those jurisdictions. The loss of passporting rights would undoubtedly have a significant impact on the structure of UK based AISs and PISs going forward.

David Ramm (Partner)
Philip Stone (Trainee Solicitor)

David Ramm is a Partner in Morgan Lewis’ Corporate and Business Transactions team and Philip Stone is a Trainee Solicitor with experience in Financial Regulation, Investment Management, Corporate transactions and Litigation.