The world of banking changes dramatically. We witness a huge shift from traditional banking with brick-and-mortar branches, wide portfolio of products and services gathered together in one place, towards fintech companies, which use innovation and the latest technology to take place occupied by the big financial players. This evolution is very dynamic and often means that new solutions are far ahead of law regulations imposed over the traditional banking sector. If you haven’t heard of PSD2, it is recommended to take a look at PSD2 explanation article after you have read the content below.

The PSD — What Is It?

In the EU, all banks and other financial institutions are regulated by directives such as the Payment Services Directive (PSD), which was accepted as Directive 2007/64/WE by the European Parliament and Council on November 13, 2007. The European Commission officially describes this directive as the legal foundation for the creation of an EU-wide single market for payments. The PSD aims at establishing a modern and comprehensive set of rules applicable to all payment services in the European Union. The target is to make cross-border payments as easy, efficient and secure as ’national’ payments within a Member State. The PSD also seeks to improve competition by opening up payment markets to new entrants, thus fostering greater efficiency and cost-reduction. At the same time the Directive provides the necessary legal platform for the Single Euro Payments Area (SEPA).

As we can see, this is a truly important tool for the whole financial environment in the EU. Unfortunately, it is also clearly out of date: after almost a decade, the situation in the area covered by the PSD is a lot different than it was when the original directive went into force. There are many new players on the market using techniques and innovations out of the PSD’s scope, and the national regulators were at least reluctant to them, if not actively against them.

Embrace The New

The European Commission decided to revise the PSD to include all new fintech companies recognized as “third party providers”, as well as methods of automated communication between these providers and existing established institutions. The goal was to obtain a fully interoperable ecosystem with a smooth data exchange among the involved parties.

With the beginning of 2016, a revised PSD directive, called PSD2, was published. It was extended to embrace third party service providers and to design a universal API—information exchange protocol, which could enable access to client’s data stored in banks and other financial institutions. The directive will become fully effective in January 2018, so it seems there is plenty of time for preparations. But the truth is, designing and implementing the API itself with accompanying security measures will take many months—probably much more than eighteen months left until the PSD2 goes into force. And the directive is silent on what should be done in case the API is not ready on time.

The PSD2 does say that in the transitional period existing and active third party providers can still operate on today’s terms, but after January 2018 they will be verified and regulated just like banks and other financial institutions, and they will have to use the provided API to reach for customer’s data stored elsewhere. Nobody knows yet, how they will be able to do it without the API.