(This blog was originally written by our CTO Dave Tonge in collaboration with independent UK law firm, Burgess Salmon, and can also be viewed here)
The EU's 2nd Payment Services Directive (PSD2) implementation deadline of January 2018 is fast approaching. This is having far reaching effects for banks and the wider financial services industry. In this article we'll look at the current state of play in the industry, the challenges and the opportunities that it brings.
First let’s have a look at timelines:
There are two legislative drivers to the adoption of Open Banking in the UK - PSD2 and the CMA's Investigation into Retail Banking. The UK treasury is involved in both and has been consistently advocating for these changes in order to increase competition, accelerate innovation and enhance the end-user experience. The new and improved services built on top of this platform have the potential to bring huge efficiencies - especially for HMRC.
PSD2 in short
PSD2 has four broad themes - market efficiency, consumer protection, competition & choice and security. There are lots of tweaks to consumer protection and improving efficiency of the European financial services system. The most noticeable changes are the introduction of two new types of service:
- Payment Initiation Services - these allow users to initiate payments directly from their bank accounts
- Account Information Services - these allow users to authorise services to directly access the data relating to their bank accounts
Banks are obligated to integrate to these new services - hence the reference to unbundling in the title.
Open Banking Standard
This was produced by a cross-industry collection of experts at the request of HMT at the end of 2015. It was picked up by the CMA as they investigated remedies that could improve competition in retail banking. The CMA extended the report to provide a governance and funding structure to enable the standard to be developed.
The key differences from PSD2 are:
- Internet APIs are mentioned explicitly, rather than by inference
- Banks are instructed to develop a "common" API - there will be a single UK standard
- The standard will only support Current Accounts (PSD2 supports all payment accounts accessible online).
- The standard will be delivered by an "Implementation Entity", paid for by the top 9 UK Banks, but with an independent trustee and cross-industry advisory groups.
EBA and its Regulatory Technical Standards
(not very technical and not very standard)
PSD2 in its nature as a pan-European far-reaching piece of legislation is necessarily vague. The responsibility of producing some of the missing detail has been given to the EBA.
The EBA are currently consulting on the regulatory technical standards around Strong Customer Authentication. This is a key phrase in the text of PSD2 and its application is hotly contested. The EBA received a record number of responses to its recent consultation paper on this subject. One of the key complaints from the industry is that the standards effectively outlaw "One-click" payments.
The standards are due to be published in January 2017, but the EBA is already hinting at a delay. The final standards are unlikely to please everyone, we just hope they don't bring in unnecessary artificial limitations to innovation.
To fill the gaps in the RTS - the Euro Retail Payments Board (ERPB) has started work on a Standardisation Initiative. This is a new piece of work - but showcases the many moving parts to the implementation of PSD2.
Opportunities & Challenges
PSD2 is bringing a fundamental change to the Financial Services sector. For centuries banking has operated in a closed environment with high barriers to entry. This is changing, banking is being unbundled. Post PSD2, registered third parties will have unparalleled ability to offer services built on top of existing banks. There is a worry that some banks will become "dumb pipes" - with the high costs of KYC and other compliance costs, but with customers interacting via third parties.
In the same way that the unbundling of telecoms has allowed multiple operators to offer services over the same physical lines - many "virtual banks" may spring up. These companies will be able to focus on building an excellent "user experience", while utilising another bank’s infrastructure. Under PSD2, banks aren't allowed to charge third parties who build these services AND banks needs to integrate to third parties from across Europe.
This should be good news for the end-customer as in theory there will be greater choice and reduced costs. There is a worry that the actual implementation of PSD2 may produce a convoluted user journey - this would slow adoption and require early work on PSD3.
PSD2 applies to business banking as well as consumer banking. Holistic solutions to banking and accounting such as Holvi, will become more common and cover more sectors. If the industry takes the opportunity and links PSD2 implementation to electronic ID initiatives such as eIDAS it could enable a significant increase in efficiency of many business processes.
Payment Initiation Services are of interest to many large retailers as they could significantly reduce their exposure to card processing fees. By 2018 you will probably be able to directly link your bank account to your Amazon account - bypassing the card operators. This may lead to reduced fees for end-consumers, but it has another benefit: easy management of payees from your bank account. Currently a consumer has no central visibility of all the companies where they have lodged their card details - if they want to cancel with one company they need to login to that company or cancel their card completely. Once they can connect directly to individual companies it becomes possible to cancel directly from their online banking interface.
There is still some uncertainty over the exact implementation of PSD2 - but this will become clearer over the next few months. The governance structure and tighter mandate of the CMA Open Banking Implementation Entity is likely to lead to a successful roll out of PSD2 compliance in the UK. In fact, the UK has a strong opportunity to lead Europe as we will have a "common" API with excellent infrastructure built around it - all paid for by the top 9 UK banks.
PSD2 compliance affects firms within the financial services industry - if you will be affected you need to start work on compliance as soon as possible. Once implemented PSD2 will have far-reaching effects on businesses from multiple sectors. It has the potential to unleash a wave of innovation and make possible many new business models - be sure to understand it.
–Written by Dave Tonge, CTO