FCG / Offer / Current topics / Directive on payment services – PSD 2

Directive on payment services – PSD 2

The new Payment Services Directive (“PSD 2“) is to reform the European payment market. The scope of the directive is to harmonize regulations within EU and push for a more open payment market, but also to strengthen the payment services user’s rights. PSD 2 will affect all operators offering payment services which consists of both credit institutions and more specialist payment institutions. In addition to affect current authorized operators does PSD 2 also extends the definition of payment services to include operators that today operates without authorization. This means that these operators must authorize themselves through the FSA.

PSD 2 contains the following essential news:

  • Payment initiation services and account information services becomes licensable.
  • Strengthened rights for payment service providers to be granted access to payment accounts and payment systems provided by credit institutions.
  • Strengthened protection of payment services user’s and increased obligations for payment service providers.
  • Processes and procedures for managing operational and security risks are required.
  • Operational and security incidents must be reported.
  • Demand to use strong customer authentication when identifying a client remotely.

The new requirements mean that operators subject to PSD 2 needs to:

  • Review support systems and business models in order for account servicing payment service providers to convey information to the other payment service providers and for non-account servicing payment service providers to receive, manage, and use information.
  • Review business model to ensure that the right authorization is held.
  • Review and revise internal rules for granting access to payment accounts and payment systems.
  • Analyze fees, timelines and information disclosure in relation payment service users to ensure that these are compliant with PSD 2.
  • Establish internal rules and systems to identify, manage and report operational and security risks.
  • Ensure that strong customer authentication is applied when identifying customers remotely.

PSD 2 was adopted the 25th of November 2015 and shall have been implemented in the member states the 13th of January 2018. Below follows a timeline of the implementation process.



FCG provides the following services within PSD 2

  • GAP-analysis and implementation
    • Identification and analysis of an organization’s current status in relation to PSD 2.
    • Identification of GAPs and proposals for concrete actions.
    • Implementation of measures, for example establishment of processes and procedures or technological solutions for operational and security risks.
  • Training and advice
    • Training and advice on payment services and authorizations.
    • Training and advice on new routines and processes, e.g. regarding information requirements in relation to payment service users.
    • Training and advice on the changes in PSD 2 for operational and security risk functions.
  • Pilot study
    • Brief analysis of PSD 2’s effect on a business, for example, identification of new requirements and obligations for payment service providers.
    • Analysis of previously non-licensed operations in order to investigate possible authorization requirements.
    • Analysis of potential opportunities arising from PSD 2 from a business and regulation perspective, for example, how PSD 2 can allow access to more information and how the information can be utilized and optimized.
  • Project management
    • Development of implementation plan.
    • Operational project management team specialized in managing existing and future regulations.
    • Processes and routines or technical assistance in implementation of incident reporting and strong customer authentication requirements.
  • Management of risk and compliance functions
    • Ongoing advice, support and controls of the business compliance with the requirements of PSD 2 after implementation.
    • Ongoing advice, support and control of operational and/or security risk functions.
    • Advice on introduction of systems for operational and security risks.
    • Authorization projects
    • Advice and support on applications for authorization of payment institution or registration of payment service providers.
    • Development of the authorization application including the necessary regulatory documents and business plan.

Want to know more?