Payment Service Directive (PSD2) – 2018 will be a game-changing year for banks

Payment Service Directive (PSD2) – 2018 will be a game-changing year for banks

 Sigla_IBR_2017  deloitte logo  

Logo Reff&Associates negru 


As PSD2, the revised Payment Services Directive will come into force early next year across the EU, the online payments and account information services market will open for new entrants, ending the banking sector decades-long exclusive monopoly over its customers’ payment account data and payments transactions.The aim of PSD2 is to increase EU-wide competition by fostering innovation through opening of the banking market for the so far largely unregulated third-party providers (TPPs) like FinTechs. Key element of the new regulation is that banks will be forced to open their platforms via so called APIs (Application Programming Interfaces) to enable TPPs access to previously privileged account data and to enable TPPs initiate payments on behalf of the customer.This seminar aims at getting an overview of the PSD2 matters, which a financial institution will face in its current activity.


At the end of the lecture, the attendees will be able to:

  • Have an overview of the PSD2 rules generally applicable
  • Understand and identify the main PSD2 issues encountered in practice in the banking sector
  • Identify significant business opportunity for innovative banks that came together with PSD2 requirements

AUDIENCE This lecture is specially addressed to bank specialists involved in IT, risk management, internal audit, business, legal & compliance teams.

CONTENTS PSD2 requirements – Open Banking and PSD 2, Opportunities and Challenges

  • Application Programming Interfaces will be able to aggregate and exploit valuable banking account data.
  • Payment Initiation Service Providers will provide a convenient direct online payment alternative to card payments.
  • A very new challenging situation for banks: the core threat to banks comes from the potential loss of control of the customer’s primary online banking interface and loss of cross-sell opportunities resulting thereof: third-party providers will be able to offer aggregation and payment services that intermediate the relationship between a bank and its customer. Similarly, new entrants can leverage account information in credit risk decisions (diminishing incumbents’ advantage in client insight-driven lending offers) and other added-value offerings.
  • Mitigating factors: Broader licensing/registration requirements. The standards of communication with third party providers have not been fully harmonised.
  • Is PSD2 compliance cost or a significant business opportunity for innovative banks? PSD2 implementation options for banks.

PSD2 requirements – key compliance points to address

  • Enhanced security requirements: Strong customer authentication.
  • Additional reporting requirements: Special procedure to report security incidents.
  • Liability split between the consumer, the Account Servicing Payment Provider and the Payment Initiation Service Providers.
  • Ensuring GDPR compliance in the implementation of PSD 2;
  • Antitrust concerns: when bank’s strategy interferes with competition law.

SHORT PRESENTATION OF THE LECTURERS Petr Brich  – Director, Deloitte Czech Republic

Petr is a Director in the Consulting practice of Deloitte Czech Republic, specialized in advisory for the financial services sector. With 14 years of management experience in banking and 10 years in consulting he specializes primarily in risk management, fraud detection, process optimisation in sales and lending, strategy development and areas of customer experience and analytics. He leads the PSD2 regulatory initiative of Deloitte CE.
Before joining Deloitte, Petr held senior management positions in the banking sector as retail division head, director of consumer finance and member of the Board of Directors with responsibility for operations and retail.Petr’s recent relevant experience includes:

  • Customer retention strategy for consumer loans for leading Czech retail bank
  • Strategy refresh for Czech market for a large regional Austrian savings bank
  • Internet banking digital sales maximization analytics for a retail bank
  • Selection and PoC for application fraud detection system for a CEE retail banking group

 Andrei Burz-Pînzaru – Partner, Reff & Associates – head of Deloitte Legal in Central Europe

Andrei is Partner in Reff & Associates and Head of Deloitte Legal in Central Europe. Overall 20 years multidisciplinary advisory experience in Banking, Capital Markets, M&A, Corporate Governance. Recommended by IFLR 1000 as a Leading Financial and Corporate Lawyer. Prior to becoming a lawyer he was for several years a licensed securities broker and advisor on capital markets, banking and M&A transactions. In banking he worked on loan and security documentation in bilateral/ syndicated loans, LMBOs, debt restructuring & loan workouts, NPL deals and advised on securitization structures. In Capital Markets he worked on local / cross-border stock option plans, securities/rights offerings, pre-IPO preparation, insider dealing and market manipulation cases. His experience also includes assistance in M&A deals in various industries with a particular focus on financial services industry. In the Corporate Governance area, Andrei assisted entities operating in regulated/non-regulated industries on various legal risk management aspects (including compliance and corporate governance matters, legal risk management tools – prevention and compliance programs, dealing with white collar crime risks – prevention and defense, etc.). His FSI regulatory experience includes assistance to the financial supervisory authorities/operators, banks, non-banking financial institutions, insurance companies, fund management companies, publicly traded companies on various financial/ securities regulatory matters, including: Capital Requirements Directive/Regulation (CRD/CRR), Market Abuse Directive / Regulation (MAD/MAR), MIFID/MIFIR, EMIR, and cross-border resolution of credit institutions.

Adrian Ifrim – Manager Cyber Risk Advisory, Deloitte Romania

With more than ten years of experience in the financial, telecom and IT security sector, Adrian is currently serving as senior consultant for the Deloitte Romania Cyber Risk Services team.  After obtaining a bachelor degree as Engineer in Automatics and Computer Science, he continued his studies and obtained a Master’s Degree in Information Security over Complex Networks. He specialized in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert, (OSCP) Offensive Security Certified Professional (OSCP) and System Security Certified Practitioner (SSCP) certifications.Adrian managed and has been involved in various projects in relation to internal, external penetration testing, social engineering testing and vulnerability assessments for various companies and financial institutions in Romania and Germany.Adrian has also extensive experience in Information Risk Management and IT Audit in Financial sector where he handled and aided in the implementation and improvement internal processes in relation to identification of IT risks and assessment of controls.In 2015, he participated in the DARPA Cyber Grand Challenge with project DESCARTES (Distributed Expert Systems for Cyber Analysis, Reasoning, Testing, Evaluation, and Security) and was invited as speaker at OWASP EEE Bucharest Event. 

DATE –TBA, from 9:00 to 17:00

RBI will hold the course on its premises, providing specialised lecturers, course materials and catering services during the training day.  

CERTIFICATION: certificate of attendance                                

LANGUAGE: English/Romanian

CONTACT:Emilia Frunză, Training managerMobile phone: 0748886834e-mail:

 Sigla_IBR_2017  deloitte logo  


Logo Reff&Associates negru