The introduction of the Payment Services Directive II (PSD2) will open up the payment services market by regulating the FinTech revolution currently happening on a community level. The EU-wide harmonization of online payments is aimed at increasing the security for payment transactions and account information and creating a level playing field to enhance competition. PSD2 introduces the Third Party Provider (TPP) as a definition to regulate new payment services. Two new types of TPPs are introduced, namely Account Information Service Providers (‘AISPs’) and Payment Initiation Service Providers (‘PISPs’).
Banks are obligated to open up their IT infrastructure to TPPs. Through the initiation of PSD2, innovative payment services companies are enabled to compete with the banks.
Both AISPs and PISPs will have to comply with the regulatory requirements under PSD2 and perhaps also to apply for a license under the PSD2. The PSD2 licensee is allowed to passport this license to other EU/EEA member states (single license regime), which allows them to provide their services in those countries. Without such license, parties qualifying as a TPP are prohibited to offer their services as per January 13, 2018.
Formalization of the governance and the risk management function is critical: a solid risk management framework needs to be designed and set up including a risk appetite statement, risk management policies and procedures, risk reporting and an internal control framework. This requires extensive strategic, risk management, compliance, IT, legal and HR knowledge and expertise.