Will PSD2 be the driver for a new era in open banking?
So after the protracted and ongoing rollout of SEPA, along comes further European Union regulation in the guise of the second phase of the Payment Services Directive with further challenges to banks impacting the provision of one of the core banking services – namely payments, writes Neil Clarke
Following the initial PSD aimed at harmonising European Economic Area payments to ensure consistency of processing between countries and creating the legal platform for SEPA, PSD2 looks to extend this evolution by opening up the payments marketplace to newer entrants thereby increasing competition and, in turn, choice for consumers and businesses.
Leaving aside changes to card transaction interchange fee regulation and strengthened rules on Credit and Debit disputed payment refunds, in a nutshell the main tenet of PSD2 – is a provision for third party provider open access to consumer (known as Payment Service Users or PSU) accounts for payment initiation and account information services now commonly known as XS2A.
The mechanism by which XS2A is to be implemented by institutions is to be finalised (recommended technical standards from the EBA are not expected to be issued for a year after the statute is expected to be issued in Q4 this year) however it’s expected that use of APIs to enable access to PSU accounts will be the mechanism. The idea of API adoption for payment services is not a new one with a significant number of major non-bank payment providers publishing APIs for access to their services.
In fact, in the UK the idea of Open API adoption by banks is already high on the UK Government’s Treasury Department agenda. With a paper published in September last year bolstered by comments on this subject by George Osborne the UK Chancellor of the Exchequer. The paper outlines the case and some of the technologies available to enable open access to accounts. The view is that a positive adoption by banks will potentially create a market for value added services generated by third parties (and possibly the banks themselves) to thus offer an extended range of products that an account holding institution may have never considered. Essentially the view is that by adopting open APIs banks and FIs can create platforms for financial innovation. The Open Bank Project formed in 2014 by German Consultancy firm Tesobe has gone a step further, already outlining a bank architecture showing how banks may offer open API access to bank held PSU data.
When is this going to happen? As with SEPA, the timelines for implementation and adoption should be taken with a large pinch of salt. There are still legal issues of liabilities to be resolved, but as it stands the timing is as follows; From the EPC legal support group; The European Parliament is expected to approve the directives in September with the formal publication in the Official Journal of the EU before the end of 2015. Member states will be expected to formally adopt in their own national legislation sometime in Q4 of 2017. How this may align with the UK and its own plans for such open access to banking remains to be seen.
Not only will banks need to create TPP-facing, open access front ends, there will clearly be technical challenges in the back office integration of the existing (sometime legacy) core banking systems to provide the data requested. Banks with the right tools enabling rapid and cost effective integration will be in a position to ensure their customers’ demands for this new world of fast and secure open access are met before they consider the move to those banks who do offer TPP access.
Though at first glance the requirements of open access to account information may appear little more than a technical compliance overhead, opening the vault doors to their customers’ data and offering little value to banks, banks perhaps should embrace this technology based evolution, considering how, with customer approval of course, they can leverage the rich source of customer data they hold; payment profiles, KYC info, finance history, etc. It is worth noting that the directive does not preclude banks themselves becoming TPPs potentially offering competing consolidated and innovative payment services to their clients.
Thus with PSD2 on the horizon and the general move towards more open consumer data, it’s not a case of if but when Banks will need to consider their strategy in open banking.