Piero Cipollone: Towards PSD3 - the dynamics of digitalized payment systems
Speech by Mr Piero Cipollone, Deputy Governor of the Bank of Italy, at the International Conference, Roma Tre University, Rome, 14 April 2023.
The views expressed in this speech are those of the speaker and not the view of the BIS.
Good Morning everyone,
I would like to thank the organizers for inviting me to this conference to talk about the path towards PSD3.
The payments sector is a key component of the European single market. Because of its lingering fragmentation along national borders, it has been the focus of several technical and regulatory interventions aimed at improving harmonization among Member States.
During this journey, PSD2 has been a landmark: it has brought about greater harmonization and competition in payment services. However, two more milestones need to be achieved before we can claim the creation of a single EU retail payments market: to complete the job and thereby allow innovation to be as disruptive as it was meant to be in PSD2 and to embed in the regulation the dramatic changes in the technological landscape since PSD2 came into force.
As for completing the job, three hurdles need to be overcome: first, the lack of full harmonization and complete application of the rules across Member States; as a matter of fact, the payment services framework still needs to be fully aligned with other EU policies and legislation: I am referring in particular to the General Data Protection Regulation - GDPR, the Electronic Money Directive - EMD2 and the Market in Crypto-Assets Regulation - MiCAR. The cost of payment services is the second obstacle; it can be further reduced by fostering stronger competition within and across Member States. Third, the role of technological providers (including BigTechs) in the payments sector still needs to be clarified.
As regards the technological shift, we should consider that PSD2 entered into force in Italy in 2018; back then, worlds such as smart contracts, DeFi, consensus mechanism, Dao and DLTs did not even exist and, when they did, they were unknown to most of us. Today they are part of everyday jargon and they have made their way into important legislation. As a matter of fact, the Pilot Regime entered into force on March 23. This is a legal framework that supports those who want to use DLTs to issue, trade, regulate and store assets. With the decree enacted on March 17, Italy was able to make the needed adjustment to its domestic legislation so that our financial industry can take advantage of the Pilot Regime.
This new technological landscape offers many opportunities to develop new payment solutions that can improve general welfare. Whether this potential will be realized or not it depends on the way we design PSD3. However, because of the new technological infrastructure underlying the payment ecosystem, we cannot proceed with the same mindset that guided us in the past. On the contrary, we need to be creative and to approach the drawing board with three pillars in mind: i) how to solve the eternal question of whether to regulate entities, activities, or both; ii) the fact that the whole ecosystem is evolving continuously and swiftly; and iii) the need to promote public-private partnerships aimed at designing pro-innovation regulations; let me now elaborate on them.
To answer the first question about who or what should we be regulating, I think we should first and foremost grasp the profound implications of the new technological environment; for me, the most striking feature is that the supply chain of a payment service is increasingly being fragmented among specialized and interdependent actors caught up in the structure created by the technology, even in absence of any contractual relationship.
To make clear what I am trying to say, let's recall that before PSD2 came into existence, the main actors in the field of payment services were traditional PSPs (banks, electronic money institutions and payment institutions) and the regulations were centred on these entities.
The PSD2 has contributed to bringing the exclusivity of the bank-customer relationship to an end; it allows new players such as Third Party Providers (TPPs) to offer new services to their customers, namely open banking services, without having any contractual relationship with the incumbent Payment Services Providers on whose books these customers hold their savings. As a matter of fact, PSD2 laid out a regulatory framework establishing that PSPs have to grant access to payments accounts to TPPs through technology solutions, known as Application Programming Interfaces – APIs.
Here we can clearly see the innovative and disruptive potential of PSD2 and how it was able to foresee well in advance the technological leap that the payment industry could make for the benefit of the whole financial world: as a matter of fact, in the 'open' system, the technological standards replace the traditional 'private rules' (such as the agreements typical of card schemes) and become technological law themselves. This is why, in the context of open banking, agreements are not only unnecessary but are even forbidden; it's the 'API law' that regulates relationships between parties that do not know each other and that can only trust each other thanks to the digital guarantee offered by technological standards: this is also the path that will lead open banking towards open finance.
These technological interdependences will be equally strong for payment solutions and financial services developed on blockchain platforms (I am referring in particular to e-money tokens as defined in the MiCA regulation).
We then need to ponder the consequences of this new technological paradigm on our regulatory framework: the traditional supervisory and/or oversight approach, which postulates responsibilities that can clearly be traced back to specific entities, is no longer fit to meet the challenges posed by the new fragmented ecosystem of entities.
It is therefore important to go beyond the 'single entities dimension' and to consider how to factor the relationships between subjects, infrastructures, tools and services into the new regulatory framework. One way forward is to think about a product-oriented approach, whereby all entities involved in the supply chain of payment services, such as the provision of digital wallets for payment transactions, need to comply with the core principles underpinning the oversight of payments systems, including beyond their reciprocal contractual relationship.
This approach is in line with the new Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA), applicable as of November 2022, which is important because it introduces two significant innovations.
First of all, it goes beyond the traditional notion of a 'funds transfer', embracing instead that of a 'value transfer', thereby extending the oversight scope to digital payment tokens (e.g. crypto-assets used within a scheme and stablecoins). The framework also targets not only traditional payment schemes but also 'arrangements', (e.g. the aforementioned digital wallets) thereby bringing the complex dimensions that characterize the new digital ecosystems under the overseer's competencies.
This somewhat lengthy discussion about who and what should be on the regulator's radar brings me to my second pillar, which is the need to constantly bear in mind that we are dealing with a very dynamic ecosystem. Therefore, while we are looking at the current supply chains, and in particular at their single components, we also need to monitor how they evolve over time and, more importantly, whether new ones are established with the aim of providing new services or old services in an innovative way. I have in mind, for example, all micro-payments, machine initiated payments, and payments in real time using online services.
Continuous monitoring of the current ecosystem is therefore pivotal to designing regulations that are flexible enough to be 'future-proof' so to speak, in an attempt to accommodate the continuous flow of innovation.
Finally, and this is my third pillar, we must ask ourselves whether we, as regulators, are fully equipped to achieve the daunting task I have tried to sketch out so far or whether a closer interaction with payment industry might be useful. To be frank, we do not know a great deal about how to regulate areas where the boundaries among activities and subjects are blurred; these are uncharted waters for us and a more prudent approach is needed.
Therefore, in addition to the rules on entities and activities and to the oversight framework on payments systems and services, it might be wise to rely on 'soft' regulations based on the definition of standards and practices developed according to a logic of public-private collaboration; this collaborative mode could ensure a sufficient degree of adherence with respect to ongoing technological development.
A practical example of this approach is represented by the Protocol that the Bank of Italy has signed with two Italian Universities – Roma Tre and Cattolica di Milano – to explore the role of smart contracts in DLTs and to provide a basis for the development of technical standards and rules to be shared with those who, like the developers of the algorithms, are outside the traditional perimeter of intervention of the regulatory and control authorities; the first results of this work (a taxonomy of DLTs and the relative smart contracts) will soon be made public to collect observations and suggestions from all interested parties in order to be able to proceed to the most important phase for defining 'good principles'.
To conclude, the retail payments industry is an incubator of innovation. Central banks and supervisory authorities can play a key role in ensuring that the positive externalities of innovation benefit consumers and businesses alike. The Bank of Italy is actively involved in this process by monitoring market developments, interacting with market operators and supporting the early adoption of digital technologies by the financial market.
In this context – particularly with regard to interaction with the market – the activities of the Bank of Italy's innovation facilitators are noteworthy, especially those of the Comitato Pagamenti Italia (Italian Payments Committee, CPI), managed by the Bank of Italy, which recently launched three technical working groups dedicated respectively to: (i) PSD2 Review, (ii) Open Banking and (iii) Public Collections and Payments. The CPI is the reference forum within which the national community can define strategic orientations and actively participate in defining the solutions under discussion in the European arena, including those that are the subject of today's conference and that concern, through the PSD2 review, the future of the European payments industry.