In July 2019, the EBA delivered a report on the current trends and drivers impacting the business models of payment institutions (PIs) and electronic money issuers (EMIs) (collectively referred to as Institutions)


A number of so called “BigTech” firms (Google, Amazon, Facebook, Apple, Samsung) have already obtained PI/EMI licences, and existing players expect them to participate more actively in the EU payments sector. This is as a result of the level of development of: (i) innovative technologies, (ii) cloud services (iii) digital/mobile wallets; and iv) an increasing interest in the use of artificial intelligence, big data analytics and biometrics. 

The EBA's Report suggest that Institutions are facing different threats and challenges depending on their business models. The potential impact of active participation of the BigTech firms and the key dependencies on banks and card processors are observed to be the key threats to the sustainability of Institutions’ business models, along with the operation resilience, ICT security, operational capacity, regulatory changes and customer education. 

The Report however also says that the outlook for the payments and e-money sectors is quite positive in terms of revenues and profitability, with an overall expectation of an increased customer base and the introduction of new/revamped products, accompanied by an increase in internal FinTech developments and ICT spending. 

Key trends

The global payment services business is growing significantly, rising by 11% from 20016 to 2017. This reflects an increase in the use of online services in ecommerce, with around 68% of EU users shopping online in 2017 (which has no doubt risen further since).

The Report also shows a significant development in the use of e-money and contactless payments using cards or smartphone. 

Even more dramatic is the wider growth of FinTech in the use of digital and mobile wallets, which are currently positioned as one of the fastest-growing technology markets: digital wallets are estimated to have added approximately USD 40 billion to global payments revenues in 2017 and online consumers are becoming mobile consumers, with a clear preference for smartphones. 

In the EU, instant payments and the Second Payment Services Directive (PSD2) are creating new opportunities. New players are entering the payments market, using technology to redesign traditional networks and business models across retail and wholesale payments. Notably, a new regulation in the FinTech sector seems one of the reasons behind this booming market, rather than a constraint to its development, as too often happens with the implementation of new regulations. 

According to the EBA Register of PIs and EMIs, as at 25 May 2019, 961 PIs and 297 EMIs were authorised or registered within the EU, from the entering into force of the 1st PSD and new licences were obtained/reauthorised, after PSD2 implementation, also by entities operating outside the regulatory perimeter. 

It is not a surprise that the financial services activities of BigTech firms appear to be growing, particularly in payments, lending to small and medium-sized enterprises (SMEs) and other specific market segments. Many BigTech firms will have started in payments, often to facilitate their core business ecommerce or advertising (such as Google Pay, Amazon Pay, Apple Pay, Samsung Pay). 

Some PIs and EMIs offer a wide range of payment and e-money services, while a few have also obtained credit institution licences and are engaging with FinTech and more and more customers seem to have switched to PIs and EMIs for money transfers, utilising online tools, while corporate and SME customers often use PIs and EMIs as an alternative to banks for payment accounts and other services with the use of digital wallets. 

It is worth mentioning that behind the payments services there are many other businesses and in fact PIs and EMIs are also offering services related to peerto-per lending, crypto assets and data analytics, ICT, which increase the level of fees and the value of the services. 

Regulatory changes

It is not only the development of the financial technology which is enabling the dramatic rise of the payments services. It is also the new regulatory landscape, following the recent implementation of the PSD2 and General Data Protection Regulation (GDPR), dealing with: data protection, secure data sharing, security of payments and customer consent. The combination of these two facts provides the legal foundation and aims to further develop a more integrated internal market for electronic payments within the EU, including for the first time EU security requirements, in order to make electronic payments, as easy, efficient and secure as possible. 

Based on the EBA survey, more than 85% of Institutions expect BigTech firms to participate more actively in the EU payments and e-money businesses in the near future, by introducing and integrating payment services on their platforms and apps. The reality is that BigTech firms can pose a material threat to the sustainability of existing Institutions’ business models,as they have significant investment capacity, technological knowledge and expertise, as well as scaling experience to provide services at lower costs in large volumes. 

Moreover, a large number of Institutions have already embraced or are actively looking at embracing the new services provided under PSD2, namely: (i) account information services (AIS) and (ii) payment initiation services (PIS), looking at expanding their service offerings to customers. Open banking is the new frontier of FinTech and after the deadline is met (14 September 2019), the financial services market will again significantly change

These new services appear to potentially add value to Institutions’ business, as they will be enabling customers to have an aggregate view of their account services data, or to use alternative payment channels, to the benefit of services across borders. Based on the March 2019 EBA survey, most Institutions (77%) are not yet providing the new services under PSD2, with currently 12% of Institutions providing both AIS and PIS, 8% providing only AIS and 3% only PIS, but a significant number of Institutions indicated they had already applied to provide one or both of these new services under PSD2 and are planning to use passporting rights to offer cross-border services under the freedom of service provision or the establishment of a local presence in host EU Member States.  

As already stated by the EBA opinion dealing with financial agents' regulation, considering the nature of the activities performed by an agent of a PI/EMI, the engagement of an agent located in the host Member State is likely to trigger, in most cases, an establishment of that PI/EMI in the host Member State, if the mandate given to that agent involves a sufficient degree of stability. Similarly, the distribution of e-money through distributors located in a host Member State may come under the scope of the right of establishment under the same conditions as those applicable to agents. 

The point to be addressed is whether the regulatory framework for open-banking provides significant challenges for the newcomers and small/mediumsized existing Institutions, which may prevent them from entering the market and deciding not to adopt technology-based financial innovation; or whether the regulations present a huge opportunity for the BigTech firms and those Institutions investing in their own technology to challenge banks and credit institutions' market position.  


According to the Report, most Institutions are adapting their business models to cope with the competitive pressure, embrace PSD2 regulatory changes and benefit from the positive impact of FinTech developments. In the medium to long term, a number of factors will define the transformation of Institutions’ business models: (i) the beginning of the “open-banking” era; (ii) the level of implementation of innovative technologies; and (iii) the activity of BigTech firms in the financial service sector.

The current landscape may lead to more technologyoriented players in the payment market, offering innovative solutions to customers and many PIs appear to be shifting into ‘consumer data analytics’ business models (e.g. for customer profiling, marketing or fraud prevention purposes), which may pose privacy concerns that need to be understood and addressed in order to prevent detriment to consumer protection. 

On the basis of the above, it seems crucial that any competitor willing to play a significant role in the FinTech sector invests in technology as well as knowledge of the new financial rules: 

  • PSD2: opening up new payments services and open banking opportunities;
  • RTS: setting standards for customer security enabling payments services;
  • AML: requiring that payments services shall be provided in full compliance with the anti-money laundering and terrorism rules;
  • GDPR: given that data flows and data collections are a core part of the new payments services enabled by PAS2 (AIs and PIs). 

These regulations may pose constraints, but they also indubitably present significant new opportunities.

In fact, whoever is enabling payments to customers, exploiting the open-banking opportunities and offering new valuable PSD2 services, will likely become a serious player able to compete either with the BigTech or with the more traditional banks and credit providers.