Since 13 January 2018, the second Payment Services Directive (PSD2) has been in force in the EU. It replaces the first Payment Services Directive (PSD1), which came into force on 25 December 2007, which primarily aimed at creating a Single Euro Payments Area (SEPA) and establishing a uniform and modern framework for payment transactions within Europe. The PSD2 essentially pursues the same objective as its predecessor, PSD1, but introduces improvements to make electronic payments more standardized, convenient and cost-effective.
The PSD2 plays a central role in the SEPA project. It creates a uniform supervisory regime for payment service providers. It also creates uniform rights and obligations in the payment service agreement between the payment service provider and the users of payment services. The agreement in the PSD2 is a consumer protection contract, as was the case in the previous directive of 2007. This also reflects the fact that the risks for bank customers have been further reduced by the liability regulations that allocate the majority of the risks for unauthorized payments to the banks.
The PSD2 in particular obliges banks to open their application programming interfaces (API) and regulates so-called third party providers (TPP) of payment service that can access the banks client accounts in order to provide their payment services.
The PSD2 is an EU directive. It therefore does not apply directly in Switzerland, since it is not a member of the EU. Moreover, the Swiss Bankers Association (SBA) spoke out against introducing PSD2-equivalent regulation regarding the obligations for banks to open access rights to TPP.
However, the PSD2 is important for Switzerland, namely because a retail sector related dispute between an EU based customer and a Swiss bank triggers the application of mandatory consumer jurisdictions. These may further lead to the application of the PSD2 - irrespective of the Swiss banks terms and conditions on the choice of law - due to the principle of favourability, which enables to apply the law with the higher level of consumer protection, i.e. the PSD2.
Moreover, Switzerland became a member of the SEPA member states in 2006, which allowed Swiss institutions to sign so-called SEPA Adherence Agreements, binding the participating financial institutions and the European Payments Council to comply with its rulebooks. Virtually all Swiss banks have for instance joined the SEPA Credit Transfer Scheme, which requires implementation or an equivalent implementation of the Titles III and IV of the PSD2 (only civil, no the supervisory parts). Consequently, Swiss banks have to provide their customers with a euro-credit transfer equivalent to that required by the PSD2.
Although the PSD2 is relevant in the bank-customer relationship, it is irrelevant in the bank-TPP relationship: The SEPA Credit Transfer Scheme expressly states that compliance with the PSD2 equivalent rules or obligations does not imply compliance with the rules for access to payment initiation services in the case of art. 66 PSD2 and related articles. The reason for this is that the required opening of API in the PSD2 is linked to the licensing requirements for payment institutions, which in turn only apply to payment service providers in the European Economic Area (EEA). This implies that Swiss SEPA financial institutions are not obliged to open their API in the sense of the PSD2.
This means that every Swiss bank - regardless of whether it is a SEPA financial service provider or not - is free to decide whether and how it wishes to make its API accessible to TPP after the customer has given her/his consent, as long as there are no analogous regulations in Switzerland to the PSD2. However, if a Swiss financial services provider intends to open its API, it must ensure compliance with adequate security requirements. This already results from Swiss financial market regulation. If the financial services provider itself cannot technically ensure compliance with these requirements from the outset, it is advisable to agree the most important requirements with the TPP contractually.
Susan Emmenegger, Prof. Dr. iur., LL.M., director of the banking institute at the University of Bern.