Compliance

What would have happened if... Daitomic already existed at the time of PSD2

10/10/2023

How are European regulations transposed by financial institutions? The PSD2 case

Currently there is nothing more obvious than electronic payments. Indeed, these transactions are now really common, but, not so long ago, electronic payments have represented a huge innovation within the financial ecosystem, even at the legal level. As we will see later, the European authorities have in fact responded to this technological innovation with the Payment Services Directive - hence the acronym “PSD”, namely the Directive 2007/64/EC. Obviously, the entire financial market had to react to the innovations brought by this regulation and, subsequently, also by PSD2, namely the second European Directive on electronic payments - Directive (EU) 2015/2366. Focusing on this latter, a question arises: how have financial institutions actually behaved in transposing the new regulations? The reactions with which the market has greeted them have basically been twofold:

rely on external consultants for the regulatory analysis of the directives, the development of gap analyses and the drafting of subsequent impact analyses;
attempting to set up a compliance project internally and then, having ascertained the difficulties, deciding to delegate all or part of the project externally.

Without going into the details of the compliance processes followed by financial institutions here, let us directly analyze the use case represented by PSD2 with respect to, for example, a PSP (Payment Service Provider), which, three months after three months after the date of commencement of application of the PSD2 internal transposition provisions, found that the deadline imposed by the internal legislator would not be met. Having realized the second of the two situations described a few lines ago, the entity relied on a team of external consultants who had ensured the success of the project within the minimum terms and conditions required by the legislation. The team of consultants, consisting of around twenty people, included heterogeneous skills, but consistent with the objective. The three sub-teams that formed it - each with its own objectives and deadlines - were:

the Legal & Compliance team, in charge of creating a new legal inventory and sharing with both the other teams and the PSP an analysis of the regulatory gap produced by the introduction of PSD2 into the domestic legal system;
the BIA (Business Impact Analysis) operations team, in charge of modifying and/or creating internal procedures and policies adapted to all the new regulatory provisions;
the IT team, in charge of translating the needs identified by the Legal & Compliance team and the BIA team into effective and efficient IT solutions.

In spite of the fast pace of work, the consultants were unable to complete the project in its entirety, prompting the PSP to open an informal channel with the competent authority to obtain an unofficial extension of the compliance deadline. But how would this story have gone with a technological tool that was up to the complexity and importance of the regulatory changes introduced by PSD2?

All about the European Payment Services Directive: legal references and objectives

Before answering this question, it is appropriate to open a parenthesis on PSD and PSD2. As it happens with other regulations, the one on electronic payment services is summarized by an acronym: PSD. As mentioned earlier, the Payment Services Directive is the Directive 2007/64/EC, issued by the European Commission in 2007 and transposed into Italian national law by Legislative Decree No. 11 of 27 January 2010. This is the document that, for the first time, outlined a modern and coherent EU legal framework for electronic payment services. The spread of these latter and, in general, the increasing digitisation of all spheres of society, then made it necessary to issue a regulatory update on the subject, namely the Directive (EU) 2015/2366, the aforementioned PSD2, which came into force in the European Union on 13 January 2016 and was transposed in Italy with Legislative Decree no.218 of 15 December 2017. As we have seen above, the regulatory analysis concerning electronic payment services has proven to be a complex activity, also due to the continuous technological evolutions, thus making this regulatory area one of the most recurring thoughts for financial compliance professionals.

Regulatory analysis and PSD2 compliance: what would have changed with Daitomic?

At this point we can answer the question we asked earlier, namely: how would it have been if financial institutions could expoloit Daitomic - our RegTech SaaS - when they had to analyze and implement PSD2? Firstly, Daitomic would have enabled compliance professionals to prepare well in advance for the entry into force of the regulations, exploiting the regulatory outlook function, which allows analyzing the documents in the stages prior to their official publication in the Official Gazette. At the same time, Daitomic would have offered an identification of risk areas in relation to the PSP's internal regulations and the possibility to interactively and intelligently compare the various regulatory updates that followed one another. In addition to this, Daitomic would also send customizable email notifications created to keep users up to date - automatically and in real-time - on changes concerning the regulatory areas of their interest, such as electronic payment services. But Daitomic's functionality would not stop at the so-called regulatory alerting, as it is also capable of preparing the impact analysis on the internal transposition of the PSD2. In fact, once users received the email alert notifying a regulatory update, they would also have been able to leverage the platform to automatically identify related regulatory obligations and cross-reference them with impacted internal procedures. In summary, if the PSP presented as a use case had had Daitomic at its disposal, it would have benefited from:

constant and timely monitoring of the electronic payment services legislation issued from day to day;
real-time regulatory gap analysis on all sources in its legal inventory related to electronic payment services;
an instantaneous impact analysis on internal procedures and policies impacted by the legislation as it evolved.

Therefore, not only Daitomic would have answered the need to ensure the compliance to the PSD2, but it would also have allowed the PSP to make strategic decisions in light of the obligations introduced by the European Payment Services Directive. At the very least, this would have allowed the PSP to choose whether to entrust the development of effective IT solutions to internal teams or to seek consultancy help on this specific aspect alone. This option alone would have made it possible to complete the two-thirds of the project with minimal human effort and a high standard. Because Daitomic does not only optimize the most time-consuming day-to-day activities, but also provides accurate and up-to-date legal information to allow key strategic decisions in the life of financial institutions.