Prestatech has been recognized among the World’s Top FinTech Companies 2025 by CNBC
Markteinblicke--

7 Minuten

The CCD2 Directive and the future of consumer credit

The second EU Consumer Credit Directive (CCD2) – Directive (EU) 2023/2225 – fundamentally changes the regulatory framework for consumer credit in Europe. Adopted on October 18, 2023, and published in the EU Official Journal on October 30, 2023[1], it will replace the previous directive from 2008. Member States must transpose CCD2 into national law by November 20, 2025, at the latest; the new rules will apply from November 20, 2026[2]. The aim of the reform is to adapt the credit market to digital developments and significantly strengthen consumer protection[2]. New, previously unregulated forms of credit – such as microloans, interest-free or fee-free purchases, and buy now, pay later (BNPL) – will now be covered[3][4]. The rules on transparency, advertising, and creditworthiness checks will be tightened to ensure responsible lending.

In Germany, the directive is being implemented through amendments to, among other things, the Civil Code (BGB), the Introductory Act to the Civil Code (EGBGB), the Banking Act (KWG), and the Trade Regulation Act (GewO)[5]. The Federal Ministry of Justice presented a draft bill in June 2025, followed by a government draft in September 2025[6]. The latter incorporates most of the proposals and adds detailed provisions, e.g., on supervision[6]. The competent supervisory authorities will be, in particular, the Federal Financial Supervisory Authority (BaFin) for credit institutions and – for credit intermediaries and certain financing providers – the trade offices due to new licensing requirements (GewO §34k)[7][8]. Many of the basic principles of CCD2 are based on the EBA guidelines on lending and monitoring (EBA/GL/2020/06), which have been incorporated into supervisory law in Germany since 2021 via MaRisk. For lenders, the reform represents a paradigm shift: it is no longer sufficient to superficially check the customer's solvency – a comprehensible, objective creditworthiness assessment carried out in the interest of the consumer is mandatory. All relevant information must be taken into account and the decision documented.

1.1 Creditworthiness assessment in the consumer's interest

Every credit decision must be based on relevant, accurate, and proportionate information that is appropriate to the nature, amount, and risk of the credit[12]. In particular, CCD2 requires a comprehensive assessment of the consumer's financial circumstances. The German implementing provisions (Sections 505a and 505b BGB, as amended) require three key categories of data to be included in the assessment[13].

What is new is that all consumer loans – including micro-loans under €200 and BNPL transactions – must undergo such a check. In future, for example, the customer's creditworthiness will also have to be checked for interest-free "purchase on account" transactions. The directive and its implementation also set limits on data sources: unreliable or irrelevant information may not be used. For example, the use of social media data for creditworthiness assessments is not permitted, nor may particularly sensitive personal data within the meaning of Art. 9 GDPR (e.g., on ethnic origin, health, religious affiliation, or political views) be included[13]. Internal and external creditworthiness databases are permitted, however, meaning that in practice, queries to credit agencies such as SCHUFA or Creditreform will also become standard practice for small loans[13]. Finally, it is important that the assessment is always carried out in the interest of the consumer: a loan may only be granted if there is a likelihood of orderly repayment – otherwise, the loan should not be granted in order to protect the customer[14].

1.2 Documentation and verification of information

The CCD2 emphasizes that a creditworthiness check is only sound and reliable if it is based on verifiable data. For lending institutions, this means a documentation and verification obligation: all information used should be supported by reliable documents or sources wherever possible. For example, stated income should be verified by pay slips or bank statements; significant household expenses (rent, loans, maintenance) must be plausible in relation to income and can be substantiated by account analyses or invoices, for example. The total debt ratio must also be checked by querying credit registers in order to disclose the customer's parallel obligations.

This approach, based on objective evidence, is not just a matter of internal guidelines, but a compliance requirement: regulations require verifiable, careful credit checks. For the bank, this also means protecting its reputation – those who carry out incomplete or undocumented checks risk complaints from the supervisory authority and legal disputes with consumers. In contrast, complete documentation of all decision-making criteria creates transparency and legal certainty. It also promotes consistency in credit decisions and facilitates internal and external controls. In short, anything that is not documented is considered not to have taken place. Accordingly, banks must design their processes in such a way that all relevant customer information is checked and the results of the check are recorded in a comprehensible manner.

1.3 Automation and the right to human review

In light of digitalization, many institutions rely on automated scoring models and AI to make quick decisions on credit applications. While CCD2 recognizes the advantages of automation, it also establishes crucial guidelines: technology cannot completely replace human expertise. Specifically, consumers are granted new rights if their credit application is rejected entirely by an automated process. In this case, the customer must be informed that the rejection was based on automated data processing and must be given the right to request a review by a human[15]. This right to human intervention requires lenders to take two practical measures:

1. Transparency about automated processes: Lenders must be able to trace which decisions were made by algorithms at any time. If a system rejects an application, this must be clearly communicated to the customer. Rejection notices must include references to the automated result, the right to review, and the appeal process.

2. Established review processes: If the customer requests a manual review, this must be carried out promptly and documented by a qualified person. The human reviewer must explain the relevant decision-making criteria to the customer in an understandable manner and reassess the application, taking into account any additionalinformation[17]. The result of this re-review (e.g., a possible loan approval on the second attempt) must also be documented.

This combination of automation and human control ensures that the credit process remains efficient, yet transparent and fair. The customer is not at the mercy of an opaque algorithm, and any incorrect decisions can be corrected. For the bank, such procedures reduce the risk of complaints and promote trust in the digital credit process – in line with the directive.

1.4 Transparency and fair business practices

CCD2 puts transparency towards consumers at the forefront. All customer information – from advertising and pre-contractual information to the contract itself – must be clear, truthful, and understandable. Advertising for loans must not raise false expectations, for example about the costs or availability of the loan[18]. In future, for example, it will be prohibited to use wording that gives the impression that a loan will improve the customer's financial situation, or to emphasize particularly quick and easy payouts[19]. Consumer loans are not a carefree product – this must be made clear in communications. In fact, the directive stipulates that all credit advertising must contain a prominent warning that "credit incurs costs"[18]. The planned amendment to the German UWG (Unfair Competition Act) implements these requirements: The rules for credit advertising are being tightened; lenders must clearly state that taking out a loan involves costs, and certain advertising methods (such as downplaying the risks of borrowing or aggressively promoting loans as a solution to financial problems) are expressly prohibited[20].

Pre-contractual information must also be provided comprehensively and in a timely manner. Consumers should receive all important terms and conditions (interest rate, effective annual interest rate, term, total costs, etc.) in a standardized form (European Standard Information for Consumer Credit) before concluding the contract. In addition, in the digital environment, it is mandatory that key information be visible on the first screen (or on a maximum of two screen pages, if necessary)[21]. If, in exceptional cases, the statutory advance information period cannot be complied with (e.g., if the contract is concluded immediately after the information is provided), the customer mustalsobe informed of or reminded of their 14-day right of withdrawal[22]. These rules ensure that consumers do not enter into commitments hastily without having the opportunity to process the information – in case of doubt, the loan can be revoked within two weeks without giving reasons.

For credit institutions, this transparency is not merely a formality, but also offers advantages: clear, understandable communication reduces queries and complaints and promotes a trusting customer relationship ( ). In the long term, fair advice and information pay off, because satisfied, informed customers remain loyal to their banks and recommend them to others. Compliance and customer focus go hand in hand here.

1.5 Ongoing monitoring and post-contractual obligations

Unlike in the past, the lender's responsibility does not end with the disbursement of the loan. CCD2 obliges credit institutions to continuously monitorconsumer credit and to take early action if there are signs of payment problems[23]. This principle was already the subject of the EBA guidelines on loan monitoring and is now explicitly enshrined in law. Lenders must establish strategies and processes to monitor the consumer's financial situation during the term of the loan (e.g., through regular checks of payment behavior or account turnover) and define early warning indicators[24][25]. For example, payment delays, a constantly exhausted overdraft facility, or a noticeable drop in income can be signs that the customer is getting into trouble.

It is important to note that if the bank recognizes such warning signs, it must not remain inactive. Before resorting to termination or harsh collection measures, reasonable concessions must be offered[26]. The directive requires a catalog of forbearance measures designed to enable the customer to adjust their situation rather than immediately driving them into insolvency or a negative credit rating. Specifically, lenders must offer appropriate solutions to ease the burden, e.g., restructuring or deferral of outstanding amounts (partially, if necessary), extension of the loan term, temporary reduction of the interest rate or other installment components. Such adjustments can give consumers breathing space to get their finances in order without the bank waiving its claims – often a temporary reduction in installments or extension of the term makes more sense than a complete default.

The CCD2 even gives consumers a civil law claim to this leniency and sanctions violations by lenders as administrative offenses[28]. For banks, this means that before initiating enforcement measures, they must document what assistance has been offered. At the same time, processes must be in place to identify at-risk customers at an early stage (in the KWG, this is specified in new requirements in §18a)[25][29]. This may also include referring customers to external debt counseling services if they are more than 90 days in arrears[26]. The aim of all these requirements is to prevent over-indebtedness and avoid financial exclusion. By accommodating customers in difficult phases, the bank maintains a relationship of trust and achieves higher returns in the long term than it would with hasty enforcement measures. In this sense, ongoing credit monitoring is not only an obligation, but also makes good business sense: proactive risk management improves portfolio quality, reduces credit defaults, and strengthens customer loyalty at the same time.

2. Use of account data before and after lending

The analysis of account and transaction data has become one of the most effective tools for accurately and continuously assessing the financial performance of consumers. In conjunction with open banking regulations (PSD2), CCD2 enables credit institutions to access customers' payment account data at other banks with the customer's express consent[30]. This means that a lender can—only with the consumer's consent, of course—read and evaluate transaction histories (at least for the last 90 days). This data provides a comprehensive, up-to-date view of the customer's economic profile and ideally complements traditional credit reports[30]. Account analyses provide objective facts both during the loan application phase and inongoing monitoring after disbursement.

In practice, this means that by evaluating actual cash inflows and outflows, uncertainties in the assessment of a loan application can be significantly reduced. The bank sees not only snapshots or self-reported information from the customer, but also their actual spending behavior and income patterns. This leads to better-informed decisions, higher credit quality, and early detection of risk developments—all without unnecessarily slowing down the process. On the contrary, with modern analysis systems, these checks run automatically in real time. Open banking technology thus becomes a strategic lever: it not only meets the new regulatory requirements, but also helps to proactively combat over-indebtedness by providing reliable, up-to-date data directly from the source (the bank account).

2.1 A new information standard for creditworthiness checks

The inclusion of account data brings about a paradigm shift towards dynamic credit analysis. Until now, creditworthiness checks have often been based on static snapshots – such as proof of income and a SCHUFA credit check – which only reflected the status quo at the time of application. In future, the assessment will be continuously updated and linked to the customer's actual financial movements. Account transaction data makes it possible to obtain detailed key figures from real payment flows. Instead of relying on estimated flat rates or self-reported information, the lender receives a precise financial profile of the applicant.

This information provides a holistic picture: algorithms for categorization and scoring calculations convert raw account transactions into structured financial indicators. This allows the bank to see at a glance how much reliable disposable income is available, how much of this is already tied up in fixed costs, whether there is anything left over at the end of the month, or whether the customer is living "at the limit" from paycheck to paycheck. Historical anomalies (e.g., a series of late fees or installment arrears reflected in the account statement) become just as visible as positive behavior patterns (e.g., continuous saving). This makes the otherwise abstract credit assessment tangible and up-to-date. The CCD2 explicitly requires such relevant and accurate income and expenditure information[12] – account data provides this with unprecedented granularity[32].

2.2 From transaction to decision: the value of data

The integration of account data into the credit process marks a turning point for risk management and decision-making quality. CCD2 requires in-depth, ongoing knowledge of the customerand a well-founded credit decision. Attempting to achieve this level using conventional means – such as manually requesting numerous documents and conducting frequent checks – would greatly increase the effort involved and negatively impact the customer process. Automated account analysis offers an elegant solution[31]: it enables a detailed financial profile to be created in seconds and incorporated into the credit decision. The key is not only to have the data, but to integrate it seamlessly into internal processes. This creates a continuouscycle:

1. Data collection: With the customer's consent, the bank retrieves the transaction data from the last few months via a licensed Account Information Service Provider (AISP) or via direct account upload – securely and in compliance with the GDPR.

2. Transaction analysis: The raw booking data is automatically classified (e.g., as salary receipt, rent payment, purchase amount) and evaluated using algorithms. Key figures such as average income, fixed costs, savings rate, or unusual account movements (e.g., returned direct debits) are calculated[32].

3. Credit decision: The indicators obtained are fed into the decision-making system together with traditional creditworthiness information (e.g., SCHUFA score). The result is an up-to-date and reliable creditworthiness profile[33][24]. Defined rules or AI models are used to decide whether the loan appears affordable. Every decision – whether acceptance or rejection – is justified and documented with the underlying data.

4. Dynamic monitoring: Even after the loan has been granted, this process can be repeated at regular intervals (e.g., monthly or quarterly). If, for example, there is a significant change in income or an increase in payment difficulties, the system recognizes this at an early stage and can trigger preventive action (see section 1.5).

The result of this integration is a continuous improvement process: uncertainties are reduced, processing times for loan applications are shortened, and operational risks (e.g., manual errors or misjudgments) are minimized. Lenders who use the right technologies can even turn the implementation of CCD2 into a competitive advantage: Data quality and efficiency become a strength in the market by enabling faster and more accurate customer service[31]. In short, the real addedvalue of comes not only from access to account information, but also from its intelligent use in decision-making processes – from initial scoring to ongoing portfolio monitoring.

2.3 Data protection and datagovernance

As valuable as the use of account data is for credit checks, the regulations governing the handling of this sensitive information are just as strict. CCD2 and GDPR set narrow guidelines here: the consumer's consent is mandatory before their account can be accessed[30]. In addition, the principle of data minimization applies – only information that is necessary for the credit decision may be collected and processed[13]. Traceability must be guaranteed: the data used in the decision should be documented and disclosed to the customer upon request. Of course, high IT security and confidentiality requirements must also be met when financial data is transferred and stored.

Another important aspect is non-discrimination in automated models. Account data analysis must be objective and must not include characteristics that lead to unjustified discrimination. Criteria such as the customer's age, origin, religion, or health have no place in scoring models. Instead, only factors that have a factual connection to creditworthiness (income, expenses, existing debts, etc.) should be included. Transparent algorithms and regular reviews help to identify bias or undesirable developments at an early stage. This allows the technology to become what it should be: a tool of trust that makes decisions better and fairer.

3. Prestatech: A partner for credit transformation

The new CCD2 requirements pose significant challenges for credit institutions. Processes need to be fundamentally revisedand modern tools implemented in order to meet the increased requirements – without sacrificing the efficiency and speed that customers expect today. In this context, Prestatech positions itself as a strategic partner that supports banks and financial service providers in the digitalization and optimization of their lending business. Prestatech's platform covers the entire credit lifecycle – from application to review to monitoring – and is highly automated and auditable. Threecorecomponentsdistinguishthesolution:

1. Granular account data analysis: Prestatech enables in-depth evaluation of the customer's bank transaction data. Account transactions can be accessed in real time via interfaces to the PSD2 infrastructure, or digital account statements can be uploaded directly. This raw data is automatically categorized and converted into financial indicators (see section 3.1) to create a meaningful profile of income and expenses.

2. Document automation: Typical supporting documents in the credit process – such as pay slips, account statements in PDF form, employer certificates – are automatically read and verified by the platform. OCR (Optical Character Recognition) and intelligent data extraction are used to capture relevant information (e.g., income, employer, account numbers) in a structured manner. The result is verifiable data records instead of unwieldy mountains of paper. Errors caused by manual entries are eliminated and processing time is drastically reduced.

3. Flexible integration: Prestatech can be seamlessly integrated into the bank's existing IT systems via API. The data obtained – whether from account analysis or document reading – can be fed directly into the workflows for credit decisions, risk management, and monitoring. Data sovereignty always remains with the institution: All analyses are carried out in accordance with GDPR requirements, and it is transparently traceable which information was used at which stage of the process.

This combination of data intelligence and automation enables institutions to achieve the balancing act required by CCD2: conducting thorough checks without sacrificing customer service and speed. The software takes care of routine tasks, allowing staff to focus on exceptions and advisory services. The Prestatech platform turns unstructured data into actionable information and ensures that every step is documented. The result is a digital credit application process with built-in compliance that both satisfies customers and meets regulatory requirements. At the heart of this solution is the Bank Account Data Analytics module, which we will take a closer look at below.

3.1 Bank Account Analytics – deep insights into payment flows

CCD2 makes it clear that, now more than ever, the soundness of a credit decision depends on analyzing the customer's actual financial flows. In the new regulatory framework, account data becomes a key source for objectively and verifiably assessing the sustainability of a loan, whether for lending or ongoing credit monitoring. Prestatech's Bank Account Data Analytics service enables credit institutions to gain actionable insights from every account statement. Using AI and rule-based methods, the information relevant to a sound credit assessment is extracted from large volumes of transactions. Twocentralfunctionalprinciplesapplyhere: taggingand clustering.

1. Tagging: Each individual account movement is automatically assigned an "economic label." This means that the economic purpose of each transaction is recognized and classified in a standardized manner.Prestatech uses several dimensions in parallel to paint a complete picture of each transaction:

- Type: technical type of transaction – e.g., transfer, card payment, direct debit, cash deposit.

- Purpose: economic category – e.g., salary payment, rent, supermarket shopping, loan repayment.

- Cash flow: assignment to a cash flow statement – e.g., classification as income or expenditure, and within expenditure as operational (living expenses) vs. financial (loan payment) vs. investment;

- Entity: Identification of the counterparty involved – e.g., employer XY, landlord Z, energy supplier ABC GmbH. This allows you to identify who the payment recipient or sender is (if this can be deduced from the purpose of the transaction).

- Adverse: Flagging of potential risk factors – e.g., whether the transaction indicates a payment default (returned direct debit due to insufficient funds) or whether there are indications of debt collection or seizure;

- KYC: Comparison with sanctions and anti-money laundering lists – here, checks are made to see whether, for example, the payment partner is on an international sanctions list or whether there are unusual transaction patterns that are relevant for regulatory purposes.

This multi-layered tagging turns every single booking into a meaningful data point. Instead of just seeing "XY € direct debit to Z," the system now knows: "Salary payment from employer ABC, net €2,500, recurring monthly" or "Direct debit €650 to landlord M, corresponds to rent payment, regularly at the beginning of the month." This structuring creates the basis for more in-depth analyses.

2. Clustering: In the next step, the tagged transactions are grouped together. For example, the platform recognizes that a salary payment comes from the same sender every month – this is assigned to a "salary" cluster as a recurring pattern. Similarly, all rent payments to landlord M are bundled into a "rental agreement" cluster. This clustering creates homogeneous families of transactions – effectively virtual "contracts" derived from the account statements. This makes it easier to assess regularities and deviations: for example, you can see whether salary payments are always made on the same date and in the same amount (or whether there are fluctuations), whether all installments for a known loan have been debited on time, or whether certain expenses are rising unusually. In short, clustering combines individual entries into meaningful units that correspond to the customer's real life (salary, rent, consumer loan 1, credit card, etc.).

By combining these two levels of analysis—detailed tagging and intelligent clustering—Prestatech gains comprehensive insights into the customer's financial situation. Based on this, the platform calculates a series of key indicators and scores that are essential for credit decisions and monitoring, including:

- Confidence Engine: An overall indicator of the customer's financial "health" (scale 0–100). It combines factors such as income surplus, account fluctuations, and payment history into a single score.

- Loan Affordability Analysis: An analysis of how much additional credit burden the customer can bear. This checks whether, after deducting all fixed costs, there is enough disposable income left to sustainably service a new installment of a certain amount.

- EBITDA and Cash Flow Statement: An annual projection of income and expenses (similar to a profit and loss statement for private individuals). This shows, for example, the "freely available" annual surplus or whether the customer's lifestyle regularly exceeds their income.

- Risk Scores and Business Flags: Key figures for risk assessment, supplemented by automatic "flags" for anomalies. For example, a score for payment stability, an indicator for overdraft usage, and flags for potential problem areas (e.g., "declining income" or "frequent reminder fees").

- Cash flow trend & forecasting: A trend analysis of account balances and cash flows, including a projection for the next three months. This enables the bank to identify early on wh , for example, liquidity reserves are running low, and to forecast how a new loan installment would affect the customer's prospects.

The output of this analysis is a constantly updated and explainable financial profile of the customer. This can be linked to traditional creditworthiness data (SCHUFA score, existing loans, etc.) and fed into internal rating systems. For the credit institution, this means faster and more informed decisions that are also fully documented – exactly what the supervisory authorities expect in the CCD2 era. What is particularly valuable is that the results provide not only hard figures, but also qualitative insights: the bank understands the story behind the numbers (e.g., "customer has had a stable job for 5 years, but expenses have increased in the last 2 months due to a new addition to the family") and can thus act in a more customer-oriented manner.

All in all, bank account analytics in the CCD2 context forms the interface between compliance and competitiveness. It enables lenders not only to meet stricter data usage and documentation requirements, but also to derive added value from them.Data quality translates into operational efficiency: better decisions, fewer defaults, more satisfied customers. This not only makes lending safer, but also smarter – in line with the sustainable, transparent credit industry that the new directive aims to achieve.

4. Conclusion

The introduction of CCD2 marks a significant step toward a more responsible and modern consumer credit market in Europe. The directive brings greater transparency, stronger consumer rights, and harmonized standards in the EU single market. It responds to digital trends such as BNPL and closes loopholes from the past. For credit institutions, implementation will initially require considerable effort to adapt – from revising contract forms and redesigning creditworthiness processes to introducing ongoing monitoring systems. But these efforts also offer an opportunity: those who optimizetheir processes early on and integrate modern technologies such as account analysis and document automation can combine compliance and efficiency.

The new rules will apply in the German market from November 2026[2] – so there is not much time left to set the course. Decision-makers should use the transition period to develop implementation strategies, train employees, and, if necessary, bring partners such as Prestatech on board. The end result will not only be compliance with regulatory obligations, but also an improvement in credit portfolios and customer relationships. A loan that is transparently brokered, carefully reviewed, and prudently monitored benefits both sides: the customer, who feels neither taken advantage of nor left alone, and the bank, which conducts solid, trust-based business.

The Consumer Credit Directive II is therefore more than just a regulatory hurdle—it is a guide to a more stable, fairer credit ecosystem in which sustainability and trust form the basis for the mutual success of consumers and lenders. [10][35].

References

[1] [12] [30] [31] [32] CCD2: An accelerator for Open Banking?

https://www.soprasteria.com/insights/details/ccd2-an-accelerator-for-open-banking

[2] [15] [18] [19] [21] [22] [23] EU revamps consumer credit rules - Lexology

https://www.lexology.com/library/detail.aspx?g=e3b79cec-ed4c-4526-bfc9-17630f200869

[3] [4] [5] [24] [25] [33] Proposed bill implementing Directive (EU) 2023/2225 on credit agreements for consumers adopted - PwC Legal

https://legal.pwc.de/en/news/articles/proposed-bill-implementing-directive-eu-2023-2225-on-credit-agreements-for-consumers-adopted

[6] [7] Government publishes bill for the implementation of the Consumer Credit Directive 2023

https://www.noerr.com/en/insights/government-publishes-bill-for-the-implementation--of-the-consumer-credit-directive-2023

[8] [9] [10] [11] [13] [14] [16] [17] [26] [27] [28] [29] [34] [35] EU and UK Drive Consumer Loan Reforms To Boost Protection and Modernize Credit Markets | Insights | Skadden, Arps, Slate, Meagher & Flom LLP

https://www.skadden.com/insights/publications/2025/10/eu-and-uk-drive-consumer-loan-reforms

[20] Warning! Borrowing money costs money! | PayTechLaw.com

https://paytechlaw.com/en/warning-borrowing-money-costs-money/