The Empire Strikes Back: New Revolution in Payments
Published: October 18, 2023
The Single Euro Payments Area (SEPA) is an integration initiative that is the cornerstone of Europe’s efficient financial market. It comprises 36 countries, including several that are not members of the EU.
SEPA enables financial transactions (both in cash and without a physical currency) without barriers. Its benefits regarding the ease of doing business across many countries have even surpassed the introduction of euro banknotes and coins in 2002.
But the creation of SEPA in 2008 did not merely involve technical solutions, it also required the harmonisation of banking sector practices, the streamlining of customer habits in the member countries and, of course, far-reaching regulatory changes.
Under SEPA, competition has been encouraged and innovation has been promoted. As the then President of the European Central Bank, Jean-Claude Trichet, said at the time, SEPA was not just a “one-time operation”, but a constantly evolving project that drives European integration and strives to continuously improve all aspects of the euro area retail payments market.
The truth is that we Europeans consider that the measures taken by our legislators in Brussels tend to come along too late and, once implemented, do not obey the logic of the market. Whenever I hear European projects announced with great fanfare, a phrase from Master Yoda from the 1980 Star Wars film The Empire Strikes Back, comes to mind:
“Do. Or do not. There is no try.”
I agree with this sentiment. The payments system worked properly in most developed European countries and especially in Spain. It is true that cross-border flows were handled poorly, but Spanish direct debits, for example, reached levels of efficiency and robustness that have been difficult to achieve with the SEPA Direct Debit (SDD) that replaced it in 2009.
While the SEPA Instant Credit Transfer (SCT Inst), launched in 2017, quickly began to show its advantages, companies and individuals have found the requirements and operation of SDD harder to work with.
It was initially difficult to assimilate that an authorisation now had to be signed to be remitted (creating a mandate). And yet the operation worked. Issuers of invoices have learnt to manage returns (chargebacks) that occur when their customer’s bank rejects the invoice, due to insufficient balance or for an unrecognised charge.
Although the idea was that banks would allow SDD users to make receipt returns to protect against fraudulent charges, the reality is that customers sometimes return the charge when it is simply not convenient for them, or because there are insufficient funds in their account. Indeed, SDD allows up to eight weeks to return a charge without providing justification. If the transaction was genuinely unauthorised (i.e. the collection does not relate to the signed mandate), the payer can ask for a refund up to 13 months after the direct debit. Either way, this can be a major problem for the invoice issuer.
However, with the improvement of controls, SDD (in its basic or B2B modality) has reached significant levels of use, representing 45% of transactions. This shows the advantages it provides in terms of security, efficiency, and certainty for the purposes of treasury forecasts.
PSD2 arrives
After assimilating what was the first stage of SEPA, with the first Payment Services Directive (PSD1) in 2007, we then moved on to PSD2 in January 2018. Its advent conflicts with the quote by Sansón Carrasco in Don Quixote that “second parts are never good for anything”.
PSD2’s arrival in Spain in September 2019 was far more understated, and yet also more efficient than its predecessor. PSD2’s reason for being was none other than to verify that the previous regulations embodied in the PSD1 had become obsolete.
The European Commission’s (EC’s) proposed Directive 2015/2366 (PSD2) was launched with the purpose of updating the legal framework for online payments, increasing security, and implementing the two-step authentication. Based on this, the person making the payment is authenticated using at least two of the three possible elements, known as authentication factors:
- something you have (mobile phone or ID)
- something you know (password)
- something you are (eye, face or fingerprint identification)
The second aspect proposed by PSD2 was to simplify payment processes by reducing the number of actors, such as payment platforms integrated into online store pages. A third innovation was open banking: making a bank’s customer accounts available to third parties through secure technical channels.
All of these innovations enabled increased efficiency and competition between market players that already surpassed financial institutions, leaving a less ‘bank-banked’ and more sophisticated market.
What happened next? On June 23, the EC approved a proposed regulation for payment services with the purpose of standardising certain aspects. Essentially, it has been identified that the transposition of the Directive in the member states has not been homogeneous and creates competitive differences that are being used by different third parties, distorting the initial idea of equal conditions for the single market that SEPA implies.
Onwards to PSD3
It is claimed that payment services have changed radically in recent years, with increasing electronic payments, the entry of new providers offering open banking services and fintechs. At the same time, more sophisticated types of fraud have emerged, putting consumers at risk.
Therefore, a joint PSD3 with a Payment Services Regulation (PSR) will be launched at a date to be announced, although it is not expected before 2026.. PSD3 intends, with these pieces of legislation, to combat and mitigate payment fraud by allowing the sharing of information, increasing consumer awareness, strengthening customer authentication rules, and expanding the reimbursement rights of consumers who are victims of fraud and identity theft if the verification process fails.
This new regulation aims to solve many issues. These range from improving transparency about charges when withdrawing money from an ATM, to information about the exchange rate applied on transfers outside of SEPA. They also include further levelling of the playing field between banks and non-banks, permitting the non-banks payment service providers (PSPs) to access all payment systems, while regulating access to financial data for which the client will have to give their express consent.
Reading between the lines of what PSD3 will mean, only one question arises: are we not regressing towards a level of control that renders the processes inefficient and takes us back to the time of the arrival of PSD2?
Let's hope this is not the case and that we are all able to understand the reason for this new regulation that comes with a mission to improve things rather than make them worse. We don’t want to be agreeing with the American industrialist Henry Ford who, apparently, said: “It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning.”
Cuevas is Vice President of the Spanish Association of Corporate Financiers (ASSET) and a member of the boards of the European Association of Corporate Treasurers (EACT) and the International Group of Treasury Associations (IGTA).
He is also a member of the Oversight Committee at the European Money Markets Institute (EMMI).