By Gianluca D’Imperio, Group CIB Compliance, UniCredit S.p.A.
What for you are the benefits of attending a conference like the Payments Europe Summit and what can attendees expect to learn from your session?
PSD2 regulatory framework entered into force with its Regulatory Technical Standards from 14 September 2019, but there are still uncertainties (e.g. postponed deadline for the migration to SCA for e-commerce card-based payment transactions). During the session we will talk about the consequences of PSD2 RTS drafted by the European Banking Authority and finalised by the European Commission that showed to be difficult to agree due to the complexity of reconciling competing requirements, particularly in the consideration of the deployment of Application Programming Interfaces (APIs), identity and security. Despite the EU lawmaker intention to introduce a regulatory framework to encourage innovation in the payment industry also introducing new security measures to better protect the end customer, all of these new measures at the same time created a number of unplanned consequences. Amongst them there are new Strong Customer Authentication requirement required by the RTS and implemented by Account Servicing Payment Service Providers (ASPSPs) across their Payment Service User (PSU) interfaces that brought issues to Third Party Providers (TPPs) business because TPPs needed to adapt their access methods to the new ones. Such unintended consequences go also beyond the relationship between ASPSPs and TPPs, causing customer detriment since customers have to adapt to these new rules too. Therefore we would share our views to understand where we are from a regulatory standpoint and market readiness.
How can risk professionals manage compliance to the evolving regulatory landscape amidst political uncertainty.
As compliance managers we have to go beyond political issues, it is of utmost importance to always stick to the available regulation in order to be ready to promptly answer every potential concern raised by the supervisory authorities. In turn we need to try to liaise, where possible, both with local and EU lawmakers because in a cross-border payments scenario, the industry needs to be prepared to illustrate their challenges in a fragmented regulatory landscape.
Why is alignment with stringent regulations a key concern?
In an evolving payment ecosystem, it is even more important than ever to reach a level playing field with the right application of the well-known principle “same activity, same rules, same supervision”. Otherwise apart from the difficulties to adhere to grounded rules, there should be potential competition issues amongst the market players (e.g. incumbent vs new entrants).
What are the challenges of aligning requirements with changes to customer behaviour?
One of the most difficult challenges of aligning and applying the new rules on payments is the new security rules affecting the balance between the need for security (eg. Data Protection) and the best possible user experience.
What do you see ahead for keeping up with the pace of change in a global environment?
Innovation and new digital solutions can increase choice, but the full potential of these solutions has not yet been achieved in the EU and it is clearly more difficult to be achieved at global level. Starting from Europe, the initiatives by the European Banking Authority (EBA) uses to highlight these issues through documents like the one released on October 2019, where divergences are identified in regulatory requirements and supervisory practices across the Member States. For the sake of example there are a lot of EU laws that are not fully harmonised or are not yet covered by EU law. In particular, the EBA identified issues relating to authorisations and licensing, consumer protection, conduct of business requirements and so on. According to the EBA identifying and resolving these issues is a necessary step to addressing barriers to market entry, supporting the scaling up of financial services across EU, and improving the competitiveness of the EU Single Market.