2023/0210/COD: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services in the internal market and amending Regulation (EU) No 1093/2010

The EU Commission has published a proposed new payment service regulation in the Official Journal (OJ) of the EU. The draft is the result of a recent review of the Payment Service Directive 2 (PSD 2) which revealed some shortcomings in the regulatory framework for payment services providers (PSPs), including shortcomings with respect to the provision of open banking services and the access of non-bank PSPs to key payment systems. To remedy these deficiencies, the Commission is proposing this new regulation, together with an entirely new Payment Service Directive 3, the proposal of which is discussed in EventID 21768. It shall be noted in this context that the Commission has explicitly opted to make this new regulation vs. to implement the provisions in the proposed new PSD 3 to ensure a uniform application of the measures outlined below. Many provisions that will be included in the regulation stem from the previous PSD 2 and the Directive for Electronic Money Institutions (Directive (EU) 2009/110/EC).
#### Specifically, this new regulation would – among other things
– introduce some new definitions, including Merchant Initiated Transactions (MITs) and Mail Orders or Telephone Orders (MOTOs) to specifically define such transactions for purposes of (dis)applying strong customer authentication (SCA) requirements.
– extend the requirement for payment system operators to have objective, non-discriminatory access rules to include payment service systems designated under Directive 98/26, the Settlement Finality Directive (SFD).
– extend the obligations of payment system operators to perform a risk assessment of a PSP following its application to participate in the system. The regulation would also establish related provisions, e.g. with respect to the rights of a PSP to file for an appeal or the process as regards a decision by the payment system operator.
– require credit institutions to only refuse or withdraw the access to payment accounts by payment institutions (PIs), their agents, or distributors, if there are serious grounds for doing so (e.g. suspicion of illegal activity of the PI or potential risks to the credit institution). Any such decision must be provided in writing.
– require PSPs that engage in credit transfer or money remittances from the European Union (EU) to non-EU countries to inform users of the estimated time it will take for funds to reach the recipient’s PSP located outside the EU. Additionally, in order to ensure better transparency and comparability, the estimated currency conversion fees for these international transactions must be expressed as a percentage mark-up over the latest euro foreign exchange reference rates issued by the European Central Bank (ECB).
– require PSPs to include in their payment account statements clear identifying information on the payee of a transaction.
– require PSPs to adopt transaction monitoring mechanisms which shall take into account various elements associated with normal use of payment services. These elements would include environmental and behavioral characteristics such as the user’s location, transaction time, device used, spending patterns, and the online store where a purchase is made.
– require PSPs to apply SCA in certain circumstances (initial data access). Account information service providers (AISPs) must apply SCA at all times for user access to aggregated account data where such access occurs at least once within a 180 day time period.
– grant new product intervention powers to the European Banking Authority (EBA) to temporarily prohibit the sale of high-risk payment products.
—
As the above summary only presents the key provisions of the proposed new regulation, please refer to the original legal document for more detailed, comprehensive information.