More than half a year has passed since the second Payment Services Directive (PSD2) came into force across Europe. Now is the perfect opportunity for a mid-term evaluation! Are the parties concerned complying with the requirements? Is it being implemented across the EU? Are people making the most of the opportunities? We would like to get to the bottom of these questions in order to be able to assess how the new financial world is fairing since the introduction of PSD2.
Progress and Challenges in the Implementation Stage
Though there are gradual signs of progress when it comes to implementing the Payment Services Directive, the integration of PSD2 into national law is far from being the standard across the whole of EU. In fact, just under half of the member states have implemented the directive. This is a poor result, but the EU has not reacted with sanctions as of yet. At the same time, other directives are in the pipeline, such as the planned anti-fraud strategy of the European Banking Authority (EBA). It is therefore not surprising that many banks and lending institutions have been acting at a rather leisurely pace.
Nevertheless, the projects on the entrepreneurial side, which have the aim of implementing the regulatory technical standards of strong customer authentication, are gaining increasing momentum. Let’s not forget that service providers who maintain payment accounts for customers (mostly banks) must meet all technical requirements by September 2019 in order to provide third parties with access to customer data. This primarily means the preparation of an API (application programming interface) as a basic requirement for Open Banking or API banking.
However, it is precisely the lack of standards for the banking APIs that creates uncertainty and problems in the implementation stage. To date, the industry has often been unable to agree on a national standard, never mind a standard across Europe. The European range provided by the Berlin Group, UK Open Banking and PRETA is abundant. In February, the Berlin Group, an initiative of the German banking industry in cooperation with parties from more than 15 countries, provided an interface with NextGenPSD2 that enables third-party providers to access accounts (XS2A), all of which is compatible with PSD2. This API provides the technical framework for standardised querying of transactions and initiation of bank transfers.
In Germany, some banks have already begun to address this challenge by investing in the professional development of interfaces by FinTechs. Ultimately, this will require a central platform across Europe that guarantees the compatibility of the different interfaces in order to make PSD2 viable and to ensure consistency.
The extent to which account-holding banks or ASPSPs (Account Servicing Payment Service Providers) will use the developed APIs in the next stage remains largely unclear at present. The ideas for this new type of banking are innovative and numerous, but the lack of information provided by the national supervisory authorities regarding the possibilities and duties of operating and monitoring API banking is problematic.
At the end of February, the Application Programming Interface Evaluation Group (API EG), a group dealing with the implementation and evaluation of programming interfaces, began to actively look into evaluation criteria and advice on APIs. The range of topics they cover also includes dealing with issues related to APIs in the context of PSD2, GDPR and regulatory standards (RTS). Among other things, the regulatory standards stipulate that Account Information Service Providers and Payment Initiation Service Providers may only access the bank customer’s account via a dedicated technical interface of the account-holding institution. This serves as the basis for API banking.
The Right PSD2 Strategy?
At the moment, the implementation of and compliance with the directive and the delegated regulation on strong customer authentication on the part of the EU member states has top priority. For ASPSPs, the creation of the interface is the most important step in the implementation of the directive. However, it must be said that there has been increased focus and investment in this regard.
Many ASPSPs are already working on concepts and pilot programmes in cooperation with third-party payment service providers or FinTechs. The focus is often on account access (XS2A), the extended account information service with extensive data analysis, the new role of banks as aggregators and innovative solutions such as granting loans or payment services.
Even if proven business models are still scarce, work on them is in progress. Banks and lending institutions are increasingly relying on ideas beyond the initial focus of PSD2 and are investing in the development of new ecosystems with third-party providers whose technology is boosted by FinTechs.
EU Licensing and BaFin
There is an increasing interest throughout the EU in ECB licensing for anyone wishing to conduct banking business or provide financial services, in particular as an Account Servicing Payment Service Provider or an AISP. The British Financial Conduct Authority has already granted such a licence to more than 25 AISPs, but a similar short-term result is unthinkable in countries struggling to implement PSD2. In Germany, BaFin is responsible for the licence. We have summarised all the important information for you in our blog post on PSD2.
We know very well by now that some countries take longer than others to implement something, and the same is true regarding the regulation of the payments market in Europe. Some member states have already implemented the Payment Services Directive, whilst others are not even in the planning stage. The desired benefits of increased competition, security and quality in all member states as well as the liberalisation of banking with equal conditions for all market participants are getting closer, but for the time being they belong very much in the future.
Apart from a few notable exceptions, ASPSPs have increasingly tackled the topic of PSD2 in recent months and are getting better and better prepared for the upcoming changes. Nevertheless, large-scale developments of new concepts and use cases for Open Banking are still the exception.
After the rather slow start, it is encouraging to see that the efforts of affected companies, banks and co. are intensifying. The current phase can now be used to focus more on strategic and long-term solutions in the sense of the new API banking. This strategy should take into account attractive products and services that offer more security and convenience in addition to real added value, whilst always remaining customer-centric. By cooperating with technology service providers, banks are able to attract and retain new customers. In addition, by having high-quality and secure products, they can also dispel users’ fears regarding a lack of data security.
At any rate, there is increased interest on the part of customers. However, this interest is not so much in the implementation of PSD2, but rather in new business models that PSD2 brings with it, especially relating to Open Banking.
The motto remains the same: Cooperation is the key to customer satisfaction. Find out what your customers really want – even if they don’t know it yet!