PSD2 – a game changing regulation

What challenges and opportunities could the new directive provide?

Almost all new regulations since 2008 have focused on tightening the banking business and operating model. The Second Payment Services Directive (PSD2) on the other hand requires banks to open their payments infrastructure and customer data assets to third parties that can then develop payments and information services to your customers. That is why PSD2 is not only a regulatory compliance and technology challenge, but also a strategic and operational one. Meeting this challenge requires a clear strategy, operational and infrastructure change, a clear focus on assessing and managing risks, and meticulous execution.

To hear from our experts why PSD2 is such a game changer, watch our video taken from our Being Better Informed newsletter.


Playback of this video is blocked because of your cookie preferences.

You can change your settings on the Cookies information page: you need to accept Advertising cookies to see this YouTube video.


Key areas of focus

2018 is set to be a game-changing year for retail banking as PSD2 takes effect across the EU and the European Economic Area. By 13 January 2018, Member States will have to implement the revised Payment Services Directive into their national regulations. PSD2 builds on the legislative framework established by PSD. It acknowledges the rise of payment-related ‘FinTech’ companies and aims to create a level playing field for all payment services providers while ensuring enhanced security and strong customer protection.

In preparation for the directive, here are some key strategic imperatives to consider:

Define your strategic ambition and positioning

Opening up the front-end of payments initiation and information services has the potential to dramatically shift the competitive landscape. The ability to engage directly with and add value to customers will no longer be just the advantage of banks but shared with FinTechs, technology firms, and even retailers and telecommunications providers.

You will need a clear strategy which articulates your role in the future financial services ecosystem, the business models with which you will drive value, how you will innovate, collaborate with other ecosystem partners and remain relevant to customers.

Find out more...

Address your technology and data capabilities

Most banks have legacy cores e.g. mainframe systems, data warehouses and payments infrastructure that were built years if not decades back. PSD2 works on an expectation of scalability, security and resilience that matches silicon valley firms that routinely offer open interfaces.

Banks also have slow change management processes, highly manual customer support and fragmented reference data which can make it difficult to respond to evolving customer needs with speed and effectiveness.

How will you systematically transform your operations and infrastructure for an open, rapid response future?

Find out more...

Assess, measure and manage cybersecurity and privacy risks

PSD2 has been introduced against a backdrop of high profile cyber attacks across industries. In a post-PSD2 environment, the primary responsibility for security risks will lie with payment service providers, and increasing the number of partners you interact with via APIs will increase your cyber attack surface and make you more vulnerable to data security breaches. Further, Cybersecurity breaches can expose you to severe financial crime and reputational incidents and fines.

While PSD2 requires opening up customer data to third parties, the new EU General Data Privacy Rules (GDPR) demand protecting customer data privacy as well as capturing and evidencing customer consent with potential steep penalties for breaches.

PSPs must ensure that comprehensive security measures are in place to protect the confidentiality and integrity of customers’ security credentials, assets and data.

Find out more...

Determine legal and regulatory compliance

Implementing PSD2 will require you to review key areas and processes across your organisation and is likely to increase compliance requirements:

The application of PSD2 across a wider geographical scope and to new currencies and transactions introduces new information requirements. All firms, including those already approved as PSPs, will need to confirm compliance with PSD2 and face new reporting requirements. Customers will need to be informed of revised rights and obligations. While, the obligation on account servicing payment service providers (ASPSPs) to grant access to customer accounts and to share data must implemented alongside the requirements of other key pieces of regulation such as the GDPR.

Find out more...

Optimise your finance/tax

The opportunities and challenges that PSD2 provides, are likely going to impact and change the service offerings firms provide to their customers.

In doing so, this will lead to a reconsideration of the business operating model and how the organisation seeks to provide those new services to customers.

This change provides an opportunity to review and optimise the group tax structure.

Find out more...

As the trend towards Open Banking gathers pace, PSD2 is set to accelerate industry disruption by regulating new forms of Payment Institutions, introducing new interaction models, and mandating the opening of banks’ application programming interfaces (APIs) to third parties. PSD2 responds to evolving customer demands for real-time, personalised and seamless payment experiences. The Directive also creates new opportunities that could enable banks to recapture some of the feared lost payments revenue. The potential upside for banks will vary depending on the strategic options they choose to pursue.




New services for a new customer experience

By removing barriers to entry and sharing of data, PSD2 will facilitate numerous developments in the customer experience

Payment Initiation

Innovative payment services for merchants, alternative to cards

Advanced Apps (account aggregation, money exchange)

  • Access to information through a single touchpoint / app
  • integrated and aggregated monitoring of accounts and expenses

Cardless Withdrawal

Withdrawal via NFC technology on different accounts and comparison of the commissions applied


Geolocation and integration of offers, discounts, coupons, conventions

Instant P2P Payments

Instantaneous payments via mobile wallet on many p2p accounts and towards operators with advanced features

Decoupled Cards

White-label cards decoupled from payment accounts


With implications for all…

PSD2 represents a paradigm shift in the payments system, and as such, there are implications across all stakeholder groups that present both threats to the status quo, but also opportunities. So what does this mean for:


European banks must open their data and infrastructure to fulfil regulatory requirements. Even though the professed focus of PSD2 is on payments and access to accounts, its ramifications extend far beyond that limited area.

Banks could pursue an ecosystem, or platform approach by adding third-party capabilities to their core business offerings via APIs, thereby creating innovative business models and sources of revenue. Banks could collaborate with other infrastructure providers, corporates and FinTechs to dramatically improve their cost and time to market for innovations.

While the initial focus for PSD2 at most banks has been on retail banking, strong competitors are already implementing open APIs in transaction banking and investor services to offer superior customer experience, insight and value to corporate customers as well as retail customers; while extracting bank wide efficiencies as a result.

Payment Companies

PSD2 will increase competition in the payments sector by promoting open access to payment systems and accounts.

Although the introduction of PSD2 may be considered a threat to the traditional business model of payment processing companies, there are opportunities here to provide integration services into third-party networks and apps, as well as the point-of-sale systems of merchants.

The business models for credit card companies and cards divisions of banks may be affected by PSD2 as retailers and other industries switch to using open APIs rather than cards processing. Visa and Mastercard have announced innovation initiatives that indicate a focus on new services and revenue streams.

Other Ecosystem Participants

PSD2 will create new PSPs but also new competitors given the “Third Party Access” requirements. The Open Banking provisions in PSD allow non-banks, corporates (like Amazon) or FinTech businesses to directly access consumer bank accounts to perform payments activities and/or gain access to customer data . One UK retail bank has said this could mean £20m per annum of revenue lost if the 10 biggest retailers become authorised as PSPs.

From an end user perspective, customers are embracing new technology; the volume of online and mobile payments has increased significantly, and customers will be able to enjoy instantaneous payments via mobile wallets on many p2p accounts and towards operators with advanced features.

Consumer protection will be boosted through greater transparency of costs and protection from charges, including reduced liability for customers from fraudulent payments.

For more information

We have published a range of blogs and thought leadership which can be found here. This content will be updated regularly in the coming weeks and months:


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Follow us