New European Union rules from January 13 aim to prise open banking to more competition by allowing outside firms to make payments and offer other financial services by directly accessing a customer's account.
The new directive will also ban surcharges for consumer debit and credit card payments.
The Payments Services Directive 2, or PSD2, is a major reworking of the payments rules to reflect rapid advances in technology like smart phones for accessing financial services.
The new system will comprise not only financial institutions but also retailers, high tech companies, gaming, gambling, social media and potentially any firm that involves financial information or transactions.
Valdis Dombrovskis, Vice-President for Financial Stability, Financial Services and Capital Markets Union at the European Commission said the legislation is another step towards a digital single market in the EU.
"It will promote the development of innovative online and mobile payments, which will benefit the economy and growth," he said.
He also said the banning of debit and credit card surcharges could save more than €550m a year for EU consumers.
"Consumers will also be better protected when they make payments," he added.
The introduction of PSD2 is meant to create a level playing field for new entrants and traditional market players, offering more opportunities for competition and innovative payment services.
According to PwC, banks under the new directive need not only offer services to be consumed by third parties, but will also need to think about how to use third party services for their own offerings.
PwC said the big difference for consumers is that that they are now in full control of the services they want to consume.
"Application Programming Interface will be the new channel for doing business. As banking services are unbundled, consumers, through the API 'economy', will determine where the demand will come from and reshape how society is going to work," it added.
The main elements of the new directives are:
- With a customer's permission, a bank must allow an outside company authorised by regulators to take a payment directly from an account for goods and services.
- A bank must allow an outside firm to access transactions history from a customer's account for the purposes of aggregating information from several current and savings accounts into a single "dashboard".
- Tougher customer authentication of online payments will be introduced from the second half of 2019.
- Banks will have to spell out reasons for refusing an application for a new account, making it harder to hide behind generic concerns like money laundering.
- Banks are required to give refunds for unauthorised transactions.
- Outside payment firms must respond to complaints within 15 days.
- Firms authorised under PSD2 are not allowed to take deposits or grant loans like traditional banks.
- Most PSD2 firms that take data from a bank account will also come under a separate EU General Data Protection Regulation that comes into force in May to reinforce safeguards on personal data.
Sinead Ovenden, a partner at PwC Ireland Financial Services, said the new regulation will completely overhaul banking as we know it.
Ms Ovenden said that compliance with PDS2 has been a challenge for many banks.
But she added that compliance is not their only concern.
"Banks need a proper strategic response to avoid becoming disintermediated by more customer oriented third-party offerings. They will need to analyse the emerging payments landscape and identify new revenue opportunities for services, something most have yet to do," she added.