PSD 2: an Italian approach to new competition in FinTech services
November 2016 | EXPERT BRIEFING | BANKING & FINANCE
On 28 July 2016, the Italian Parliament instructed the government to adopt and enact (within one year) the new EU electronic payment regulation set by the Payment Services Directive 2 (PSD 2). This may represent a once-in-a-lifetime opportunity to ensure Italy gains a competitive edge in the development of a FinTech regulation and is able to ensure a dynamic financial market which is open to new ventures and the recognition of intermediaries. Following Brexit and the uncertain future of London as Europe’s financial capital, Milan has unveiled its aspirations in the field, and this appointment appears a step toward Italy taking a leading role in the new EU when it comes to banking and financial services.
One of the key areas of regulation is the role of intermediaries in payment transactions. Particular emphasis has been given to the enactment of parliamentary law on the roles, duties and responsibilities of operators involved as middle-men in the processing of online payments and related data. In this respect, a crucial role is played by authentication as an initiation service – authentication must be ensured and performed by intermediaries within a general regulation focused on ensuring transparency and non-discriminatory, open and objective environments. The legislative framework envisages interoperability and net neutrality as key ingredients in the correct development of a competitive level playing field, and particular attention has been paid by the legislator to avoiding the development of market barriers focused on technologically non-neutral standards, which are able to limit or jeopardise transactions or the development in general of FinTech services, much as SEPs (standard essential patents) have become in other technologically competitive areas, where the essential facility doctrine has often been invoked.
The development of truly inter-operative new application protocol interfaces (API) in payment transactions thus plays a fundamental role. The delegating law clearly identifies the intermediary figures involved in FinTech services, such as the “account servicing payment service provider”, the “payment initiation service provider” and the “account information service provider”, all operators not dealing with funding obligations of payment subjects or of beneficiaries (“third party payment service providers” (TPPs)).
TPPs will be recorded in a public register and will offer online banking services ensuring appropriate security levels. Stringent obligations will apply, such as privacy, data treatment and security. For the purposes of a valid execution of payments, and also in view of avoiding barriers to market entry, TPPs will need to comply with specific norms, ensuring authentication for valid order of payments, and will need to address and inform on authorisation requirements imposed by payment institutions. The system will ensure that the rules on access of authorised or registered payment service providers to payment systems shall be objective, non-discriminatory and proportionate, and that those rules do not inhibit access more than is necessary to safeguard against specific risks such as settlement risk, operational risk and business risk.
With respect to transactions, payment systems may not impose on payment service providers restrictive participation on other payments systems or other discriminating or restrictive practices. API restrictions in fact may easily be triggered by protective practices of restricted access to banking account data, part of which appears to play a strategic role in the commercial use of consumer data and successful profiling.
Data mining and data stewardship will be regarded as services and TPP strong authentication measures and relevant data treatment duties will need to be defined.
In all this, the valid expression of consent will still play a fundamental role, also in ensuring possible revocation of orders or refusal to confirm a valid transaction. In this respect, Article 64 of PSD 2 states that Member States shall ensure that a payment transaction is considered to be authorised only if the payer has given consent to execute the payment transaction, consent which may evidently take a variety of forms related to the specific apparatus involved and possible consensus arrangements between TPPs and payment subjects. Identifiable, personalised and traceable electronic tools will thus ensure certainty of consent and online (and real time) electronic fulfilment of the transaction. TPPs as data stewards will also be able to take on the limited role of credential holders for valid execution of payments, taking into account the classic definition of “payment instrument”, which is defined as “any personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used by the payment service user in order to initiate a payment order”.
Similar to the physical world, a ‘digital wallet’ will possibly contain identification information on the wallet holder, on payments instruments accessible to the wallet holder and optionally personal information items belonging to the holder (for example, pictures, documents, etc.). This may include information related to eIDs, digital signatures and certificates, log on information and billing and delivery addresses as well as payment instrument related information such as SCT and SDD products and payment cards (prepaid/purse, debit, credit). Furthermore, it may include other applications such as loyalty, transport or ticketing.
In the context of an interactive and extremely mobile and dynamic economic environment, a ‘digital wallet’ will end up as being defined as a service allowing the wallet holder to access, manage and use identification and payment instruments in order to initiate payments, jointly with non-payment applications. Relevant services will reside on a mobile device owned by the consumer (i.e., the holder of the wallet) or may be remotely hosted on a secure server (or a combination thereof) or on an accessible TPP website.
Fabrizio Cugia di Sant’Orsola is the founding partner of Cugia Cuomo & Associati. He can be contacted on +39 06 960 38 103 or by email: email@example.com.
© Financier Worldwide
Fabrizio Cugia di Sant’Orsola
Cugia Cuomo & Associati