By Anna Fedorova
PSD2 was intended to revolutionize the world of transactions by allowing banks’ customers to use third-party providers to manage their finances, placing an obligation on banks to offer these third-party providers access to customer accounts, with permission, through open application programming interfaces (APIs).
The European Commission’s aim was to improve innovation, reinforce customer protection, and improve the security of internet payments and account access within the EU and European Economic Area, as well as promoting competition in the market by breaking the stronghold of incumbent banks.
Yet only two quarters after the January 2018 implementation date of PSD2, “some of the wind has been taken out oits sails”, according to online payments company Paysafe.
“Perhaps now a new approach is needed.”
Lack of incentive
One of the key problems Dunlop sees with the regime as it stands is the lack of incentive for banks to move beyond the minimum requirements of the legislation.
She notes that on the implementation date in January, household names such as the Bank of Ireland, Barclays, HSBC, RBS and Santander were not ready to comply with the regulation.
In part, this reluctance is the result of the potential high implementation costs, with banks forced to overhaul legacy technology to permit open API integration.
In an open letter to the Open Banking Implementation Entity – a company set up by the UK’s Competition and Markets Authority (CMA) to set guidelines for competition and innovation in UK retail banking – Tony Craddock, director general at the Emerging Payments Association (EPA), wrote: “EPA members have noted that the nine banks currently covered by the CMA framework have displayed varying levels of enthusiasm in embracing some aspects of open banking, with some being described as striving to meet the letter, rather than the spirit of open banking.”
This is having the knock-on effect of making it difficult for many third-party providers to build usable services that plug into APIs being made available by the banks, while rumours suggest that some non-CMA9 banks – CMA9 being the nine largest personal and small business current-account providers in the UK – are not intending to build APIs at all, fearing they will not meet required standards.
Many of these could use the currently permitted fall-back option of screen scraping to bypass the costs of building this new technology, according to Paysafe’s Dunlop.
Unless banks put customers first, PSD2 will have the better of them- Sameet Gupte, Servion Global Solutions
Meanwhile, there is also a lack of understanding among customers in the UK about the benefits of open banking.
“Concerns around consumer protection and data security, together with unfavourable press coverage, have resulted in open banking receiving a somewhat cool response from consumers,” Craddock wrote. “EPA members believe that this lack of understanding and trust in open banking presents a significant obstacle to customer uptake.”
According to Sameet Gupte, CEO at Servion Global Solutions, retail banks must put more effort into customer engagement, otherwise they risk being relegated to an administrative role and lose their relationship with their customers, who may choose to interact with more engaging apps at the front end.
“Poor customer experience will damage a bank’s reputation, customer retention and – ultimately – its bottom line,” he says. “Unless banks put customers first, PSD2 will have the better of them.”
However, the banks can be spared some of the blame, since their efforts have been hampered by the lack of regulatory clarity around the legislation.
Whilst January 2018 was the deadline for banks to ensure they offered ‘access to account’ under Articles 65-67, banks must still wait more than a year for the directive that clarifies how they should be permitting access to customer data.
The European Banking Authority’s regulatory technical standards (RTS) on strong customer authentication, and common and secure open standards of communication are due out on the September 14, 2019, and until then banks are left guessing what their exact obligations will be.
Paysafe’s Dunlop says this “is the root cause of the confusion and frustration that has slowed PSD2 progress since January”, since it has allowed financial institutions to defer full compliance with the regulation until that date.
Not all bad news
However, though take-up has been slow and information is lacking, PSD2 has been at the forefront of banks’ thinking over the past seven months.
The Nordic banks have been particularly keen to get ahead of the curve. Danske Bank has recently invested in Danish-based personal-finance app Spiir, with a potential to develop its platform, the Nordic API Gateway, which will make it easy for third parties to build new smart customer solutions.
Lars Malmberg, head of commercial excellence, group development in Danske Bank, says: “Open banking and PSD2 are in their early days and it is hard to predict exactly how these market forces will play out. We have only just begun understanding all of the opportunities ahead of us.
“Our approach is clear: we want to open up all of the bank’s touchpoints with the customer as much as possible, including new and relevant partnership offerings, in order to put the customer in the driver’s seat.”
“I am quite convinced it is going to be transformative,” he says. “There are a number of challenges, but it is very important to acknowledge how far we have come.”
He believes there will be additional benefits from further clarity that the RTS will bring to the regulatory landscape, but says “even in the absence of this I believe the industry will get there”.
According to Seo, JPMorgan aims to become firmly embedded in terms of actively participating in open banking, and the bank is taking action to help shape and steer open-banking standards.
“We are also looking at other tech solutions,” he adds. “One is what we call the universal adapter, which will allow us to adapt to different standards in different jurisdictions.”
He also sees some positive responses from clients as their understanding of what open banking entails improves.
Seo says: “[Since January], we have seen a real shift in the dialogue with our clients. More recently, we have been trying to partner with clients on how we can jointly shape open banking. This goes beyond the single-pay bank account model, looking at angles that we can explore by combining AISP [account information service provider] and PISP [payment initiation service provider].”
AISP and PISP are new services introduced by PSD2. The former allows retail customers to access all of their account information at various banks in one place, while the latter allows them to pay companies directly from their bank accounts, rather than via debit or credit cards.