The banking sector is soon set to witness the effects of the PSD2 (Revised Payment Service Directive) this year. Heralded as the defining moment for European banking sector, the PSD2 has created a clean slate for all banks, new entrants and old players, facilitating data sharing of customer data and payment networks to third-party providers (TPPs) under a standard format.
Open banking is not a new concept in the world of finance. Countries like Singapore, South Korea and India have gained significant traction in terms of open banking APIs. The US and Australia are expanding their financial standing via offering consumers more choice of financial service providers. Joining the Open Banking digital revolution is Europe with its PSD2 mandate. The European financial ecosystem would see banks defining their Open API strategy for new entrants. PSD2’s main aim is to foster innovation through a healthy-competitive environment. The new directive opens ups the playing field for FinTech startups and other companies to create innovative products through APIs and new payment strategies.
What does the revised directive mean?
PSD2’s multi-faceted regulation has its implications on banks, tech companies, financial institutions and customers. Banks are looking at increasing security measure for online payments with strong customer authentication. The digital strategies would need to incorporate interoperability between various financial institutions. Third-party providers on the other hand enter a regulated environment wherein they get technical access to all payment systems.
As banks head towards a single digital market, customers stand to benefit from this directive via reduced costs of operation through higher competition and decrease in card transactions. Innovation would bring about a new host of products and services with respect to account information service providers (AISPs) and payment initiation service providers (PISPs) – leading to an improved customer environment.
Are banks prepared?
Giving data access to non-banks puts them in the same league as traditional banks in providing similar payment services. Merchants and third party providers can highly benefit by selecting specific services to hyper focus and capitalize on. Banks would be competing against retailers like E-commerce vendors, social media sites and other established businesses that can effectively function as independent AISPs and PISPs – effectively bypassing banks.
Traditional banks need to reposition their revenue streams through innovative customer servicing technologies and strategic alliances. Banks will need to look into:
- Payment Dispute Resolution – Effective from July 2018, payment service providers (PSPs) will be obligated to respond to payment complaints within 15 business days, as opposed to the standard 8 weeks timeline.
- Two Factor Authentication (2FA) – Strong Customer Authentication (SCA) is a key element of PSD2, calling for a minimum 2FA for digital transactions.
- Right to privacy – The General Data Protection Regulation (GDPR), which is due to take effect from 25th May, 2018, is aimed at regulating data sharing between parties. This raises a compliance concern for banks and what comes under the purview of legal consent at the end user.
- API disruption - Banks have till September 2019 to introduce the API technology to new FinTech partners as part of the PSD2 RTS (Regulatory Technical Standards). Opening new financial services under the API would require extra security measures to be implemented along with a robust framework for network protection.
It’s positive to note that banks are viewing PSD2 not as a threat but a strategic opportunity to develop on bank’s core services. In a recent survey by PwC, it was noted that 71% of banks are considering partnerships with FinTech to develop new products and services. The survey also highlighted the difference in PSD2 readiness between the UK and mainland Europe. While UK is proactive with PSD2, mainland Europe is still holding back on partnering with FinTechs.
The transition period is tricky as consumers and banks grapple with the changes. A recent survey by Which? found that 92% of the public haven’t even heard about Open Banking. The earlier PSD rule applied to European Economic Area (EEA) countries only, but the revised directive has its implication across Europe. The complex architecture of PSD2 shifts the power of data relevancy to consumers – raising data concerns regarding what is perceived as “sensitive data” by banks versus end users. Hence, the need of the hour being for all stakeholders to clearly communicate data permission and privacy laws to customers.
Overall, 2018 is going to be an interesting year to see how the financial markets shift in Europe with the formation of new bank consortiums and partnerships. With players like Facebook, Google and Amazon entering the payments market, banks need to look into the impact of disintermediation on their business.