Things have gone a little quiet on PSD2, so it’s probably a good time to review the state of play.
Back to the beginning (briefly)
The European Banking Authority was mandated by the European Commission to draw up the standards around the implementation of PSD2. The work officially started on January 13th 2016, though preparatory work was done in advance.
The focus in the market throughout 2016 was on the Regulatory Technical Standards (RTS) on Strong Authentication & Secure Communication, but the EBA has actually been charged with creating 6 sets of Regulatory Technical Standards, 5 sets of Guidelines and a Register.
Why was the focus on just one set of RTSs?
One practical reason was that the EBA decided to take a rolling approach to the development of the RTSs. This meant that since the RTSs on Strong Authentication & Secure Communication was one of the first they started, it was also one of the first they finished.
More importantly, these RTSs were expected to provide an understanding of the nuts and bolts of how PSD2 might be implemented, especially for the new Third Party Providers – the Account Information Service Providers (AISPs) and the Payment Initiation Service Providers (PISPs) – who are of particular interest to those operating in the Fintech space.