eSignature Lawfulness for Purchasing in European Union - Simplify Document Signing

How to eSign a document: eSignature lawfulness for Purchasing in European Union

thanks so much for joining us today for the webinar where we will be unpicking one of the big topics of the last year and I'm sure for years to come as well the eu's payment services regulation PSR and the third iteration of the payment services directive otherwise known as psd3 now one thing I do know from the last few years is that psd2 has been groundbreaking payments yet many in the EU have felt that some Provisions didn't go far enough and didn't encourage the competition or harmonization that was necessary and desired by everybody when that uh directive was first agreed um as other jurisdictions as also have also begun to jump ahead on topics like open Banking and open finance and fraudulent payments are also causing endless headlines and headaches for the payment services industry it is clear now that the EU needs to step up its work on these initiatives and that's what we will be discussing over the next hour at vixio regulatory intelligence it's never strayed far from our day-to-day work and I've been following both the psd3 and PSR closely as the European Parliament which agreed its position earlier um this year and the council as well have been working out what they want the final text to look like and I'm sure that once the elections in the EU happen next week and uh the um Council and the commission and the Parliament as well well I'll begin to do those negotiations we will get an idea of how those final texts will look on this subject I also like you to walk you through what we do at vixio vixio is a regulatory technology company or regtech and we are like to think of ourselves as a trusted source of independent authorative and actionable Regulatory intelligence for compliance regulatory strategy and development Professionals in highly regul regulated industries that are goinging rapid and radical change we deliver comprehensive time sensitive and actionable Intelligence on payments and gambling compliance covering more than 180 jurisdictions across the globe and organized by product or service type and to tell you who I am um I'm Jimmy and I work as a senior journalist with vixio payments compliance my role has included looking at some of those huge regulatory developments including what we're discussing today as well as others such as the Central Bank digital currencies like digital Euro and um the digital pound and also Jrock in the UK looking at open banking uh and AML laws and also various consumer protection rules across the world I'd now like to introduce our esteemed speakers today uh stanislav let's start with you y thank you Jimmy U my name is s and I am a manager at Flagship advisory Partners uh we are a boutique consultancy company focused on on payments area generally uh strategy and m&a and uh we are working like for for for finex financial investors Banks and helping them with the strategy in this payments space me personally I'm uh in payments for more than eight years now and uh in Flagship like for three before I join Flagship I worked as a senior product manager for in one of the biggest bank in Czech Republic uh in brag where I'm based also and uh yeah I was focused there on the on cards issuing uh was implementing also the psd2 uh within the bank and was very close to the overall operations So yeah thank you very much for having me brilliant and Simone hi Jimmy Hi everyone my name is Simone jordano I'm a partner at the mates law which is a boutique Law Firm which is specialized in EU payments regulation our main focus is about psd2 and the upcoming PSR R mpd3 and um strong customer authentication licensing and also other Financial regulation um Financial regulation like anti laundering cryptocurrencies and um we we are focusing right now on the on the new uh regulatory payment package fantastic thanks very much guys um and before we get start some the questions I want to do a little shout out to the audience beforehand um just to send your questions to US during the webinar we'll try and go through um those at the end of the webinar and I've always found that it makes the webinar much more interactive and engaging if people can send these in I know that Jack said at the start as well um for now though I'd like to explore what the key changes introduced by psd3 and the new payment services regulation are so stanislav maybe we can start with you on that yeah of course so um PD well in general PSD and PSR they brought like significant or big changes they are basically like building on top of the changes introduced by psd2 in general and I split the key changes into into four areas first area is the changes around licensing and supervision second area is around the payment system access third area is um around the transactions or the clarification there like the exemptions and fourth area is risk management and customer protection so basically like this area focus more on front so if I will start with the licensing and supervision area the biggest change I see there is the merging pi and Emi license right so uh what this is exactly what psd3 brings that well from now on there will be only PI license the Emi license will basically uh disappear and it uh links to the reauthorization process which is basically like required by by psd3 and it's going to be like a big big big bur like for compliance departments for legal departments and for every like financial institutions because what psd3 say it that well within 24 months after psd3 will come into force all bi and Emi licensed companies will need to basically reauthorize uh go through this reauthorization process which will basically like include give like all the documentation go through this process and also add additional documentation such as like winding up plans or operational structures so there are also like they introduce also new new types of documentations so uh this is I think like the the biggest change within uh within this area another change within this area is uh that well all Pi companies will be able or will be allowed to open an account at central banks this I think it's uh also interesting one because well it's uh currently like all Pi companies they will need to find they have to find someone who will B like open the account on behalf of them but now they will have a direct access there it's a good a good thing for them because they will be able to cut up the mement so they will uh be like more cost efficient more efficient like from the cost perspective but also it's a good uh good good uh good for customers uh because well they will be like better protected in case of bankrupt proping so uh these two so these are the main main changes from this licensing and supervision area another one is the payment system access so uh allbi companies they will have access to all Payment Systems within the EU it won't be as easy as it sounds they will need to go through the process again like file the documentation process is not exactly known yet or not to me but uh I'm expecting that well in general it uh will bring like more competition it will be easier to enter the markets in in case of like expansion and from from companies like outside of Europe but also for companies like within the European space also like bring I expecting it will bring like smoother process uh better like the it will be easier like from the technology standpoint because the connection will be fin like directly between the company and there will be again like No mman And uh it will also bring the cost reduction on the side and uh another area which is like very important is open banking uh open banking is uh like it's like one of the key of it was one of the key uh key key requirements from the from From psd2 perspective and now the PS the PSR uh btic like building on top of it because the problem was that well the the technological standards across Europe it wasn't like unified across every countries there were like slightly slight nuances uh in the requirements from the technological perspective but well as also from like the legal requirements how to connect to this open apis and this is exactly what PSR brings the unification across all all all markets another thing like from this open banking is that well um the banks or basically the account providers they will not they will not be uh they they they will not be able they will not need to uh maintain like two environments one for fallback and one for like life environment but only one environment which is also good uh things for for them for from the development perspective but on the other hand uh they will need to create so-called customer portal the customer portal it basically means that uh me as a c holder when I will uh when I will uh go to my intern banking or smart banking app there will be so the portal and I I will be able to see who has an access like from the third party providers to to my account like through this open API and I will be able to see it and decline it so uh it's basically be the overview of third party providers L access to to to my account through this open API which is again like a good thing from the from customer standpoint but this is something what banks and account providers needs to need to come with like inter of development it won be as as easy and straightforward third area and here I will be generally brief is the transactions so here it's like the more more the clarifications about exemptions especially Moto and MIT clarifications because in psd2 world is it wasn't like super clear this motor to use MIT and Moto transaction so there will some kind of like an overlaps so here's the like basically p ps PSR the clarification is is better better formulated so it's easier SAR charge fees the changes around sarch charge fees currently it was used only for cards but uh basically brings that well expands to other payment types such as like direct debits Bank transfers and also it's going to be apply like to all currencies not only Euro so basically for example here in Czech Republic where you have like Czech Corona so it will apply also to this and uh last part from this transaction area is the make cash more access accessible so basically like changes around cash back so whenever I will go to to to Merchant I want to do the cash back I need to buy I need to make a purchase before the cash back right but well uh with the PSR basically change is that well I can do the cash back even without without the purchase before up to 50 and it's it's a good thing like especially smaller Villages where the ATM network coverage is basically not not not as Broad and the last last area is risk management and customer customer protection and this is gener like around the the fraud and I think it's like at least from my point of view it's a I like the most interesting part because whats said well and we need to fight with fraud and to do that we introduce the transaction risk analyis but well you are not using it as we expected so now you're required to use it more this transaction risk analyzis basically so uh and I think it's again it's a good thing because uh the general ux from the like car holder perspective especially for e-commerce transactions it's not very smooth right like you need to add your car details then go through the checkout page 3D secure verification SMS uh onetime password or the biometric verification so in general it's not very smooth and the approval rate or abundant rate it's basically like higher so uh this is like a great opportunity this transaction risk analyzes is a great opportunity how to use it uh how to improve this uh user experience and another part like around this fraud management what basically P says that well you need to apply the multi layer authentication and more fraud tools so not only the transaction screening but combine it while do it in several layers so use device finger printing for example when when your customer will be uh will basic like log in to internet banking or smart banking like use device finger printing IP analyzes Behavior scoring you know so so this is what uh this is what they are Lally pushing because for rosters they are you like innovating yeah so yeah so generally from my perspective this is like a very good uh very good approach and so yeah so that was basically everything from my side like around this key changes yeah I think with um it's interesting with fraud because I think uh certainly it's a real push in all over Europe it's definitely a push in the UK as well we're seeing at the moment to try and improve the fraud situation and with the instant payments regulation coming in um I think there's definitely an expectation across the the EU from people I've spoken to that fraud is about to jump up um Sim I don't know if you wanted to add anything on to that or if um it'd also be good if you could go through the difference or the ne necessity for there to be a directive this time and also a regulation for um payment services yes thank you thank you Jimmy this is a very good question because um as we know the U the psd2 will be updated and replaced by two different piece of legislation on the one hand we will have the so-called um payment service regulation which as a regulation will be directly applicable in member states without the need for National transposition it will become applicable 18 months after its um entry into Force which basically means uh publication in the official journal and um most of the provision of the psd2 of the current PS2 will flow into this regulation and I'm talking about all the requirements on transparency on execution time on open banking on strong customer authentication and on customer protection and liability for fraud so we can say that the bulk the bulk of the PS2 will flow into our regulation and on the other hand we will have the psd3 uh which will be substantially emptied because it will only contain the requirement for licensing of f institution and for their supervision so the choice of the commission was to um to have a regulation to have more harmonization a full harmonization of requirements across Europe that was a key objective of the commission and uh the idea is to to avoid regulatory Arbitrage across Europe because what the commission have seen has seen uh after it has conducted its study on the application on the impact of the psc2 which was published last year in February 2023 if not if I'm not wrong is that there were a lot of provision in the psd2 that were implemented differently in member states and one example is sarging sarging is the uh the the extra cost that Merchant can apply for accepting a given payment instrument and the P2 leave some discretion to member State on how to apply this uh on how to apply s charging and half of member states have basically allowed s charging for certain payment instrument like for example corporate payment cards which are payment cards that are issued to corporate customers while the other for member states completely ban so charging so there was a need to avoid this regulatory Arbitrage and the need for this uniformity is not only evidenced by the the fact that the commission uh adop adopted proposed regulation but also on the number of level two texts that are contain in this regulation and in the psd3 because you know that PSR and PS D3 will be the level one text but the ebaa will have to develop what is so-called regulatory technical standards which is level two text uh which will be formally adopted by the commission as a delegated regulations so also in this case directly applicable in member states and just to give you an idea under the psd2 the EBA was mandated to develop seven set of RTS under the PSR and psd3 the ebaa is required to develop 16 sets of RTS and this shows that there is a need for full harmonization swifter enforcement and to avoid the regulatory abrage across Europe yeah and with um the EA's rtss that it will have to create what has been your past experience with this how long does it take them and how what's that process like for uh for payments and E money firms to deal with yeah the process to issue RTS uh can vary in in in general the Eda is required to um to develop its RTS within 12 months from the entry into force of the PSR and the PSD trip this is the timeline for almost all the sets of RTS with the exception of a couple of set of RTS which have a longer period of 18 months but in general 12 months and the idea is that the ebaa develop its draft RTS and then it shares with the commission which can propose amendments and this process can last several months so the idea is uh probably we will have the RTS not before one year one year and a half after the adoption of the PSR and the PS3 it came T some time the good thing for the industry the good news is that that every time the ea uh develops its RTS generally launch public consultation to allow the industry to give their feedback and this feedback is very valued by the ebaa because after all it's cooperation between the Eva and the industry is very important of course absolutely and and in terms of what firm should be doing at the moment to uh prepare for the psd3 and PSR if they need doing anything at all what would your guys uh recommendations be um sanl maybe we can start with you well yeah well definitely I def so they can start even now even if it is not finalized yeah I'm not expecting like any significant changes or like big impacts so they can start even now and the first step and what we are gener like advising is to summarize like the preliminary findings so the psd3 so literally like create a table go through and basically like take like what applies to me if I meure acquire or Merchant or whoever what that what out of these like apply to me then uh basically like the second step is go through like through the operational changes and compare like with which like you are compliant with and which we are you are not compliant basically like do the review of your current processes so from the operational standpoint but well also from the like a fraud perspective right because well this psd3 and the PSR basically push forward like the the general like foro tools usage so this is something what well should be also part of this operational changes and this review process and then out of it like set like the Strategic and Commercial impacts like what needs to be changed set like the kpis where you want to be so if I will get back like to to to fraud for example so do I want to be like the Baseline of the of the and meet the requirements from the like the legal requirements or do I want to be like highly effective in this and build on top some something so do I want to be like Best in Class here or so basically like set the kpis and set the expectations and uh yeah and basically like some some bar bar for you and also like from fra perspective but also from the technological perspective for example like this open API do I want to leverage it for additional products for example do I want to go live with with an app I want to connect with other other Banks so these are the questions well you need to you need to answer and uh then basically like the four fourth step is to allocate the capacity from the for compliance and development you know so even now we we know that well there will be like impacts on uh every financial institution every issue every acquire from the compliance point of view because of this whole reauthorization process so because well they don't need to go through the reauthorization process but also create like additional documentation so and it won't be easy like it it won't be easy so this is something what you what you know already now so allocated capacity for compliance and legal department and also for the development department because we know that well you will need to create like uh additional additional stuff around open API or open banking this customer portal for example but there are also another like requirements what you need to build so for example in the statements you need to uh when you will be issuing the statements to your client you will need to basically link every transaction to the merchant so this is also like additional additional step like required like any development so uh so yeah so there are things well we need we know even now that will uh the banks will need to go through so from this perspective like to allocate the development capacity this is the four step from my perspective and is it coming up with your clients yet are you are you having any clients um ask about preparing for psd3 and PSR yet yes well we are getting these questions I the questions are not in general like super specific that's well around like how you understand this how how understand for example authorization process yeah so this is the deed questions like we are understanding well but uh what we are getting and so we are like uh we are we are explaining them that well this the authorization process we don't have any like detail because it wasn't finalized that we are waiting also for this regulatory technology standards regarding this open API and all these uh other other areas but the general questions are what is included in the psd3 how what's going to be the impact and how we should like in general prepare so this is like literally what what we are telling them and we did it like for several clients already so like this this process literally setting up the Strategic and Commercial impacts their goals so this is exactly like what what we do uh and these are the general questions we are getting interesting nice and Sim I wonder if um if there's any anything that you think that firms need to be preparing for at the moment yes we we also receive a lot of question about the interpretation of the requirements in the PSR and psd3 which sometimes these are difficult question because uh you know these are moving targets the the text are still under discussion uh we have a good basis which is the prop initial proposal of the commission presented last year but know that co-legislator the Parliament and the council are still discussing on several aspects and um I've seen that there is a a big interest by payment firms on the issues of of uh security strong customer authentication and customer protection liability for fraud I think this two sector are um of particular interest for the impact they can have on payment service provider and in General on payment firms just to give you a couple of example of Hot Topics at the moment one is about the use of Behavioral B behavioral and environmental characteristics for authentication this was a very much debated topic because it's one of the key changes introduced by the the PSR what are Beav and VI behavioral and environmental characteristics It's a combination of data points related to a transaction which includes pay location pay location transaction history spending pattern shipping address and so on which taken together can constitute what we could call like a transaction fingerprint something very unique for the transaction and for that payer and what the European commission proposed is to um include this data this behavioral environmental data in the PSP's transaction monitoring mechanism which are the transaction monitoring that each and every payment service provider must carry out for each and every transaction but on this for example there is a slight difference between the European commission text and the Parliament text that was approved last month in April because the parliament goes one step further it says okay this behavioral and environmental data can also be used to authenticate the user as an authentication factor of inherence something the user is and the idea behind this proposal this proposed amendments by the European Parliament is that if you are buying the same product from the same website from the same Merchant and you ask it to be shipped to the same postal address and the building address is also the same and other factors are the same then the the the bank your bank can be pretty sure it's you it's actually you the legitimate payer and this is a very important move for the industry because allowing this data as inherence authentication Factor would basically open the door to a number of new authentication solution that are on the one end more secure because this combination of factor is very difficult for a froster to steal because it's a unique it's like a fingerprint it's quite unique and it's more secure than static password for example and on the other hand there are significantly more convenient for Consumer they are frictionless and seamless they offer an unmatchable payment experience and can be adapted to new payment model like for example internet of things like smart cars or smart fridge so this is a an example of a key change on which uh payment service providers and payment firms are very eager to know about and just to give you another very short example is about like ability uh you know that one of the key objective of the commission was to take with the the PSR was to take uh new type of frauds uh in particular in particular impersonation fraud also called SPO spoofing frauds which are frauds where by a froster convince you to make a payment that you would never made in normal circumstance yeah and um and so far under the psd2 the payer is always liable for this uh this kind of fraud but the commission proposed that the payers PSP the the payment service providers is liable unless there is gross negligence by the user and this is also a very big big move because it basically shift liability to the payment service provider and this would require a significant allocation of financial resources to to prepare to bear this liability yeah I think um I do have some L questions I hope you don't mind but with uh strong customer authentication I mean I remember when I just started working at vixio when everyone was getting ready to to implement that in late 2020 um with the changes that are being suggested would you say but it's going to be as big a deal for payments firms and uh and others in the ecosystem um being able to prepare for for these changes as as it was when SCA was first when was first put into place uh let's say that there are big opportunities for uh for payment firms to to deploy new and Innovative authentication solution and uh of course the there will be more requirements on SCA I cannot hide it because uh but this is very evident uh from the number of provision of the PSR that are dedicated to SCA we have now seven articles in the PSR where verus only two articles in the psd2 and we have five sets of RTS on SCA under the PSR versus one set under the psd2 so of course there will be more requirements but the good thing is that the um the industry is already well prepared because uh uh the SC that SCA infrastructure have be has been deployed in the industry and this is a good starting point of course in my view what is important is that the industry the payment firms continue to cooperate with regulators and policy makers and especially their central banks to find a good balance between security and convenience because this is ultimately what counts to increase approval rates and to continue to create a very solid European payment ecosystem yeah and um on the liability side and I don't know if s slav you also want to um come in on this you mentioned fraud earlier is is there anything that payments firms can do at the moment to prepare for um this I guess these liability rules changing because I mean in the UK as well we have the authorized push payment rules coming in in October this year and um certainly I know that people when I told people in Brussels about those they've seemed quite alarmed because of the level of reimbursements that payments going to have to prepare to make so um yeah it'd be interesting to know whether there's anything that you know payments firms or PSPs in general can can do to prepare for I guess having a lot more responsibility and liability when it comes to fraud I think well today like around the liability for fraud in general it's it's about like the the the data you are using the the tools you are using and also like your strategy for fr because well uh back maybe like to the strong customer authentication it's also one part of the of the PSR that well the the like payment firms they will need to they can now combine like two same factors so they can combine like knowledge knowledge which wasn't there before right well they need to combine two different factors but well basically like not to discriminate like elderly or or not as digital like sa SE people they can combine like two same factors so it's a other thing but well in general like for this liability I think that well it's all about the throw strategy and throw tools you are using today and data you are leveraging because well today what we what we also heard like from our client and if you are on the merchant or required site well you have like plenty of data you can evaluate right because well you are getting like from the transaction from this check page you are getting lots lots of data but well on the issuer side you not going getting as much of the data because well Merchant dat they usually do not pass as much data to your side so you can use either like third party data sort of like a consortiums which is I think about also like also part of the BSR that well they are U motivating like issuers and requires to establish like consortiums and while using the consortiums to share the thir part well use the risk course or the like the some frosters like database to uh to use it so I generally think that fall for for issures as especially it's about like how smart like they use use the data authenticate and uh make this overall uh made this like yeah basically like the approv not the approval rate but the user experience for customers like smoother so basically like not to overule usually for example like the uh exemption applied like from the acquires because well this is something what also we see like quite often that well they that issues that they don't have like in place um this type of stuff so uh so they usually like overload this exemption so this is like usually what we are not not not recommending but well General like for this world what we are recommending is like do the do do the review of those processes set up set up the rules what you have today and uh use basic basically basically more and don't don't don't be afraid to use this like transaction risk analyis and all these additional multilayer tools absolutely and when it comes to um the psd3 and PSR do you guys think that it will make life easier for payments any money firms where are things about to get trickier it be because I I mean when Eric De Colombia was originally promoting this last year I remember term I constantly heard was um Evolution not a revolution so yeah be be interesting to get your guys response to that yeah it's a it's a difficult question I I recall that the the PSR and the PS3 was presented as an evolution rather a revolution but as we have seen from the excellent complete overview the St provided before there are many changes and um um so okay maybe it's not a revolution but it's a very big evolution so I would say whether whether it makes life easier for payment institution and IM man institution it will ultimately depends on the on the final text of course and um on the also in this case on the cooperation that uh payment service provider will have the opportunity to provide to Regulators in particular to uh to the Eva in the context of the consultation for the level two text because um don't forget that of course the level one text set out the general regulatory framework but many many aspects will be actually uh regulated through the level two txt we have SE we have seen something similar for example with with the Dora regulation which is a different piece of of legislation about cyber security and whereby um many many technical aspects are regulated through this level two regulation so it's probably a bit too early to say whether it will the new rules will facilitate the life of PSP of course this will depend this will depend on on what uh what the final text would be yeah know I do agree when M was going through the different changes involved at the start thinking there is a lot more than I was originally anticipating was actually going to change with the p P3 in PSR so yeah I think it's going to definitely be one to watch and also when firms are having to prepare to implement things like Dora which um is you know certainly the countdown is on for that this year um and I think kind of moving on to some of the other regulations that uh are coming up and there are plenty um how do these regulations the the psd3 and PSR that is link with the digital Euro instant payments uh the open finance framework as well uh what do you think think it is that the EU is is trying to do here um Sim I don't know if you if you want to take that yeah this is a very good question because we always have to take a holistic view to the new payments regulation it's not just a case that the commission proposed psd3 and PSR the same day it proposed also the uh digital Euro regulation the regulation on cash as legal tender and the uh proposal for a financial data access act act which is f also called f and let's start with the instant payment regulation instant pain regulation has already seen the light in in March basically this is um a regulation that HS at making instant payments instant credit transfer mainly as as The New Normal in Europe and uh of course there is a a big interplay between these two regulation first of all because instant credit transfer are payment Service uh and then there are subject to all the rules under the psc2 now and in the future under the PSR for example on transparency on open banking strong customer authentication customer protection so on so there is a clear interplay between these two legislative act there is also a nice interplay procedural interplay between the two act between the psd3 and instant payment regulation because as you may recall when the commission proposed the psd3 in June last June it insert a new provision allowing payment institution to directly access to designated payment system which means the biggest payment system in Europe which are designated under the settlement finality directive and um at some point around the December this provision of the psd3 was moved from the psd3 into the pay into the East payment regulation and this was basically done to frust track its adoption because at the time the payment regulation was at this final stage and so there is a Clear Connection on digital Euro digital Euro of course is also we can apply this same reasoning here because digital Euro transaction just to give you a little context about digital Euro digital Euro regulation is the uh an initiative proposal of the commission which provide the regulatory framework to the ECB to the industry and to the ECB for the insurance of digital Euro because digital euro is a ECB initiative but the idea is that the ECB will provide a technical infrastructure for the insurance of digital Euro while the uh European commission will provide the legal framework and also in this case digit Euro transaction will be payment transaction under the psc2 and the PSR so they will be subject to all the requirements out therein and uh fa f is also Fida is the another piece of legislation that was presented in June and it's about open finance f regul is about what it's commonly called open finance and what is open finance we can Define open finance as open banking Beyond banking basically is access to customer financial data beyond the banking sector so for example for insurance for pensions for um investment so it's a enance open banking we could call it like this and what is important with with the f I think that we are still in the early days of course of F and open finance is that um the rules on open Banking and the and the experience that the industry gain with open banking in the last 10 years is capitalized and can serve as a blueprint to uh to build the regulatory framework on finance and this is very important it is important that there is a um there is a um a consistent legal framework between open Banking and open finance and this is also important to allow open banking firms engage in open banking to extend their activities leverage new business opportunities to extend their activities in open finance sector yeah absolutely I think um certainly seems to be I mean f it seems to be the most uh or the biggest step change I guess uh and it will be interesting to see how quickly um the institutions are able to agree on the final text for that I was wondering as well I can see you nodding your head for out sisl and um I'll come to both you on this but what would you say at the moment is coming up with your clients the most out of all of the you know I guess this conveyor belt of of Regulation that you know these that vintex and and others are going to have to comply over the next few years whether that's psd3 PSR um instant payments or or fer or the digital Euro with that as well well I think definitely like the psd3 and PSR are the most like critical regulations for for our clients and this is like what we hear uh yeah this is like literally literally what we hear because this psd3 and PSR is most like around payments it's like this strong customer thing and basically like around these processes within the card so mostly mostly this psd3 and PSR around CL clients and 100% and maybe I will uh quickly respond to to your previous question about uh like uh if the PSD and PSR make life easier for these money firms yeah but it's going to be like brief but well I think that well in shortterm perspective like not really because well they will need to go through the discovery phase you know they will need to set this like strategy goals you only need to start like development or develop all the all the open Banking and this B like everything what we have discussed go through this reauthorization process but as we hear it even from our clients and as we also think like from the from the long-term perspective it will because this unification across all the countries which PSR will hopefully like bring it's like the basically like it especially like for Geographic expansion the overall management will be easier so and it we think that well it also bring brings like more companies into Europe like especially like from from like us Asia know because well this overall like requirements and this legal legal Frameworks and given the fact well they are slightly there are nuances between the countries it's not as easy like for these companies to enter so this overall appication I think that well it will uh make the life uh definitely like easier for companies from this perspective interesting nice and I guess we are into the final 10 minutes of a webinar we do have some um questions that have come through and if anyone wants to um send through some more that's absolutely fine send them through sooner rather than later and one of the questions we had is we're in 2024 and an financial institution or payment service provider is still unable to provide for merchant that might be a subject person under the AML law the card holder's name any developments on that um Simone I don't know if you'll be able to help with that yeah this is a c Point uh on U on we were talking about before is um that's an important point because uh we talk about the transaction risk monitoring and all the data that should be um analyzed for each and every transaction to evaluate the risk of a transaction this is part of the uh SCA framework and one of the one of the key elements of this transaction monitoring is that not only payment service provider are able to verify this data including for example cardor name as what asked in this question but that there is an infrastructure that allows uh this information to flow from between the the various payment actors between the merchant between the bank of the merchant between and the bank of the the card holder for example in the payment cards the issuer and uh this is very important because we see a big difference here for example in the world of cars and the world of bank transfer because for example with cars a technical infrastructure has been built to help this uh to help the the sharing of this information it is the MV 3DS secure 3D s infrastructure which allows a lot of data points to to flow from the merchant to the acquirer which is the merchant bank and to the issuer and this will of course facilitate a lot transaction monitoring in the future and a similar infrastructure at least in my knowledge is not yet present in the um crate transfer environment and it will be interesting to see how the whether it will be built in the future but of course it is very important that all the payment actors can share information for to increase security of the of the payments Berlin and we have had another question come through um this one is on the commercial agent exemption which is something that I've written about a bit during my time at vixio um and it would be great to know if I you able to take this on in your opinion is there a significant difference between psd2 and psd3 scope of the commercial agent exemption any Tak yeah well my answer will be brief and not not as smart but well what we heard well what I heard is that well it's going to be like stricter that well this agent exemptions that well it won't be uh as um won't be the same as this psd2 but well as far as I heard well uh it's not finalized yet like the the the the structure and the final meaning cor because well I heard that well it's not finalized and it's not uh yeah it's it's not finalized absolutely um yeah I mean with the commercial agent exception I would say but it does seem to get be getting stricter as time goes on if you look at the um difference between the PSD 1 PSD 2 and now the PSD 3 is definitely going to become increasingly stricter I think it seems to be to to take on online marketplaces is very reasoning and Sim I don't know if there's anything you want to add on yes as you said the big difference uh was between psd1 and psd2 and with PSD psd3 basically um reproduce the psd2 exemption with some tweaks which are still uh under discussion so it's a little bit too early but it's not a major shift between the psd2 and psd3 on this exemption anyway thanks very much so yeah we've come to the end of the webinar and I guess a thing that would be good to sign up with from both of you just quickly what would you say is the biggest um or most important point in the psd3 OR PSR that people need to be paying attention to well yeah I can go I can go first so in in general like it's uh is this whole like the process and from me from my point of view it's like the planning planning of the of the steps like how to implement the psd3 because well I remember when we are when we implementing the psd2 in psd2 uh like three or four years back the planning while everything was like super unclear and the planning as well we did everything in the in the last moment you know so if I would be in the same position and I was I would be implementing like the psd3 I would uh plan like more carefully uh allocated resources I would be like very careful on this the authorization process and uh even like these all informations in advance start like working on these do this additional documents uh as earlier as possible and uh another part is the open Banking and this customer portal because if you will if you will be able like as a account provider if you will be able to to build it like properly you can like sell it to your customers you know like because this is this this is something what I think that all customers will like that they have they had the overview has an access and if you will be able to Market it like properly it can be like your big benefit and the third area is the fraud uh fraud fraud fraud management over like this transaction Lisk analyzes and this multi-layer authentication because from perspective it's like yes it's a legal requirement but well it's also an opportunity how to improve the general like the ux because I think that well today they said the C holder C holder flow like the ux for e-commerce transaction is not as smooth and we see that while these account to account payments for example it's growing the cards Ur as well but not as quick as these account to accounts because the process is smoo so this basically brings the opportunity to to to to to to build build on it and to work on it so I would definitely like focus on it and focus on this fraud strategy and try to try to build not only like fulfill the legal requirements but also go like one step ahead and anything from you um I think that the most important point for uh for payment service provider in general for payment firm to prepare for the PSR and PSD three is an advice I would give to to all firms in the payment sector in the payment ecosystem is to design their solution now in a way that it's future proof that can accommodate adjustment to make sure that for example on authentication but also on any other field that can be accommodate the new requirements uh that will be brought by the PSR and psd3 because um one could think that the new requirements will be live only in two or three years and so they are not right behind the corner but that's not true because uh it's important to prepare because what we have seen in the past it was the industry made a lot of efforts and invested a lot of resources to adapt to the psd2 rules especially on SCA and in that occasion the European banking Authority and the European commission granted an extension period to give extra time for to the industry to comply it is very unlikely that this will happen again so it's very important to be prepared and to start uh designing all payment solution right now in a way that is really fure proof fantastic thanks very much for that so I'd like to say thank you to our speakers today it's been a pleasure to speak to you both about this issue I think it's um and it's definitely going to be something I'm going to be watching very closely over the next few years and before I sign hand over back to Jack I will just point out I am at um money 2020 in Amsterdam next week and then in two weeks I'm going to be at ebj in Lisbon so hopefully if any of you in the audience are there just give me a message it would be great to catch up and if I could now pass back to Jack that would be great thank you Jimmy and big thank you to Simon and stanislav um and thank you again everyone for attending today's webinar uh as mentioned at the start of the session this webinar was recorded and a video will be sent to All attendees in the coming days uh before I sign off uh just a quick reminder uh Jimmy's already mentioned but uh both Jimmy and the vixio team will be at money 2020 uh in Amsterdam next week uh so if you are in the area uh please drop by vixio stand 1 h264 where a member of the team we'll be happy to give you an on the spot demonstration of the vixio product um if you wanted to schedule a meeting with anyone uh attending money 2020 you can do so at vio.me