Timetable and objectives of regulation
Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC was published on 23 December 2015. This PSD2 Directive must be transposed into national law no later than 13 January 2018.
The Directive will be transposed in two parts. Legislative changes to the Payment Services Act are being prepared by a working group led by the Ministry of Justice. The Financial Supervisory Authority has a representative on the working group. The term of the working group is 2 May 2016–28 February 2017 (decision on appointment, pdf, in Finnish only). Changes to the Payment Institutions Act are being prepared by Ministry of Finance officials.
Government Bills for Acts amending the Payment Services Act and the Payment Institutions Act (HE 132/2017 vp and HE 143/2017 vp, in Finnish only) were submitted to Parliament in October 2017. The proposed provisions are scheduled to take effect on 13 January 2018.
The objective of the Directive is to extend the scope of regulation to the various types of payment services and to update payment services regulation in line with market developments.
Key changes to payment services legislation
The scope of application of the Payment Services Act will be extended by bringing Third Party Providers (TPPs) within the scope of regulation and supervision. The new providers of payment services are:
- Payment Initiation Service Providers (PIS)
- Account Information Service Providers (AIS)
Account-servicing banks must provide these Third Party Providers with access to customer accounts on the explicit consent of the customer. The payment initiation service provider and the account information service provider have the right to utilise strong customer authentication procedures provided to the customer by the account-servicing bank.
The scope of regulation will also include the issuing of card-based payment instruments connected to an account provided by another payment service provider (Third Party Payment Instrument Issuer).
The Directive also requires the payment service provider to apply strong customer authentication when the customer initiates an electronic payment transaction and accesses its payment account online. Derogations from these requirements will be provided in Level 2 regulations issued by the European Banking Authority (EBA).
The Financial Supervisory Authority has established a PSD2 Monitoring Group. The objective of the Group is to disseminate topical information to the industry, discuss interpretation issues and give guidance and advice to supervised entities. The PSD2 Monitoring Group convenes approximately once a month and is planned to operate at least until summer 2019.
Level 2 regulations
The Directive is complemented by the EBA’s Regulatory Technical Standards (RTS) and guidelines (GL).
Level 2 regulations prepared by the EBA: