The journey of the European Union's Payment Services Directives has witnessed a significant evolution in the digital payments’ ecosystem. The Second Payment Services Directive (PSD2), which took effect in January 2016, has played a pivotal role in enabling an open payments ecosystem and driving the growth of new products and services. It introduced new types of third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), and Card Issuer Service Providers (CISPs).

While PSD3 is upcoming legislation set to regulate the provision of electronic payments and the banking ecosystem within the EU's single market, its significance extends beyond the European borders. The implications of PSD3 are of great importance for the Middle East, even though it does not directly cover this region. The Middle East has been actively embracing Open Banking and Open Finance, with several countries taking significant steps toward its implementation and adoption. Therefore, understanding the evolution from PSD2 to PSD3 provides valuable insights for regulators, financial institutions, and fintech companies in the Middle East to ensure alignment with international standards and best practices.

However, with rapid developments in the digital payments landscape in recent years, the European Commission initiated a review of PSD2 in May 2022 to assess its effectiveness in light of the evolving payment industry and identify areas for improvement. The review highlighted several key aspects:

. the evaluation of PSD2's objectives,
. costs and benefits for payment providers and clients,
. and the need to regulate activities currently unregulated or under-regulated, such as crypto payments and Buy Now Pay Later (BNPL) services.

Additional areas of focus encompassed:

. safeguarding requirements,
. API standardization,
. and the impact of Strong Customer Authentication (SCA) on end users and merchants.

As a result of the review, the European Commission is expected to introduce a new legislation tentatively called PSD3. The details of PSD3 are currently under consultation. The consultation process has raised important concerns, such as the impact of SCA on merchants and users without smartphone access, the rise of certain types of fraud, and the need for standardized API standards across banks, Open Banking platforms, FinTechs, and TPPs.

Regulators in the Middle East can draw valuable insights from these reviews and consultations, emphasizing the significance of continuous evaluation and adaptation in the regulation of digital payments. Key areas to consider include user protection, fraud prevention, and achieving a balance between openness and security.

What's happening in the MENA region now, in terms of Open Banking/Finance?

Open Banking/Finance in the Middle East and North Africa (MENA) region has gained substantial traction, with several countries taking significant steps towards its implementation and adoption. Here are some key insights regarding Open Banking developments in specific countries:

- UAE: In the UAE, several initiatives have been launched to drive innovation in Open Finance. The Central Bank launched the Financial Infrastructure Transformation program, and the Dubai International Financial Center (DIFC) established the Open Finance Lab. Concurrently, Abu Dhabi Global Market (ADGM) has introduced a new regulatory framework for fintech firms, enhancing their collaboration with financial institutions while securing customer transactions and data. This initiative also promotes open finance growth by giving customers and businesses increased control over their financial data. Moreover, the framework is designed to attract global fintechs, as it extends beyond traditional open banking to adapt to other financial services such as investment and insurance.

- Saudi Arabia: The Central Bank of Saudi Arabia (SAMA) introduced the Open Banking framework in November 2022, providing a standardized structure for sharing financial information among different entities. SAMA also released the Account Information Services (AIS) framework for guidelines on sharing banking data and announced the upcoming launch of the Payment Initiation Services (PIS) framework. Additionally, an Open Banking Lab has been established to facilitate the development and deployment of Open Banking services.

- Egypt, Oman, Kuwait, and Qatar: The Central Banks of Egypt and Oman have established regulatory sandboxes to promote experimentation with new fintech solutions. The Central Bank of Kuwait has issued regulatory guidelines to facilitate innovation in the fintech sector. In Qatar, QNB, the largest financial institution in the Middle East and Africa, has become the first bank to launch an Open Banking platform.

- Bahrain: Bahrain has witnessed the implementation of several live Open Banking initiatives and plans to expand into Open Finance. Numerous fintech startups have emerged, focusing on developing Open Banking solutions.

- Jordan: the Central Bank has instructed banks to start sharing information via open banking APIs by the end of 2023. To support this shift, the Jordan Payments and Clearing Company (JoPACC) and the Open Bank Project hosted a hackathon in early 2023. Coders, designers, and entrepreneurs used a sandbox with over 500 APIs to create and showcase prototypes aimed at improving financial services access for micro, small, and medium-sized enterprises (MSMEs). This event highlights the Middle East's emergence as a financial hub, with Jordan's new framework fostering an environment conducive to fintech innovation.

The transition from PSD2 to PSD3

This complex process involves a comprehensive consultation process between regulators and stakeholders to identify the strengths and weaknesses of PSD2 and determine necessary improvements. Areas under review and improvement include evaluating how well PSD2 has met its objectives, assessing costs and benefits for payment providers and clients, considering the extension of regulation to currently unregulated or under-regulated activities, gathering feedback on digital payments, assessing the impact of SCA, reviewing changes to safeguarding requirements, creating more precise API standards, and understanding the use of existing Open Finance services and data protection.

Feedback on PSD2 has been mixed, with SCA successfully reducing fraud but also raising concerns about increased friction, poor user experience, and exclusion of users without smartphone access. Looking towards PSD3, the European Banking Authority (EBA) emphasizes the importance of establishing clear regulatory standards for TPPs and potentially extending regulation to AISPs and PISPs.

PSD3 versus PSD2

- PSD3 is the upcoming legislation that will regulate electronic payments and the banking ecosystem within the EU's single market, while PSD2 is the current framework that has been in use since 2019/2020.

- PSD2 governs digital payments and Open Banking in the EU and EEA, while PSD3 is expected to potentially broaden its scope.

- The consultation phase for PSD3 has raised important questions and areas for reconsideration, including the adequacy of current Open Banking requirements, alternative methods to Strong Customer Authentication (SCA), the extension of the SCA period, contactless payment limits, disclosure of applicable currency conversion costs, exceptions under PSD2, speeding up one-leg payment transactions, streamlining authorization for payment providers and institutions, and regulating currently unregulated activities like crypto payments and Buy–Now–Pay–Later (BNPL). It also addresses cross-border payments and triangular passporting.

- The consultation phase included a public consultation, a targeted consultation on the technical aspects of PSD2, and a targeted consultation on Open Finance.
- The results of the consultation are not binding and do not constitute formal proposals or final positions.
- The European Banking Authority (EBA) provided its opinion on the issues, opportunities, and challenges posed by PSD2 and proposed PSD3.
- Compliance with PSD3 will eventually be mandatory for companies accepting electronic payments and banks/financial institutions processing them, with a deadline to be determined.
- Based on the timeline of PSD2, it is expected to be at least three years after PSD3 becomes EU law until companies are required to fully comply.
- Payment processors, banks, and financial institutions are advised to start the process of adapting their systems as soon as PSD3 becomes EU law.

Middle East keeping an eye on the advancements

Regulators in the Middle East can leverage the iterative process of PSD2 to PSD3 and learn from the challenges faced and feedback received during the consultation phase. It is crucial to be mindful of the dynamic nature of the digital payments landscape and be prepared to regularly review and update regulations to keep pace with technological advancements and market changes.

PSD2 has brought significant changes to the payment industry, fostering an open ecosystem, facilitating data sharing between banks and third parties, and implementing SCA for enhanced security. As the transition to PSD3 progresses, the industry will focus on evaluating the achievement of objectives, addressing potential regulatory gaps, and ensuring a secure and innovative payments landscape.

At Fintech Galaxy, we are closely monitoring the developments related to PSD3 and the implications for the region. As the Middle East continues to advance in Open Banking and Finance, it is vital for regulators, financial institutions, and fintech companies to stay informed and collaborate in shaping the future of digital payments.

Reach out to us today to learn more about our Open Finance solutions and how we can support your organization's journey towards a thriving digital payments ecosystem in the Middle East.