The conviction that FinTech companies will play a decisive role in the future banking landscape is now firmly established. Global investment in financial technology has increased more than tenfold in recent years. Since 2014, FinTechs have benefited from around 23 billion of capital, with this figure set to rise. In January 2018, the cards were reshuffled completely. The second edition of the Payment Services Directive (PSD2) now has to be transposed into the national law of all EU countries. This means that banks and savings banks are obliged to provide third-party providers (TPPs) with interfaces (APIs) that grant access to bank data. Got no time to engage with PSD2? This overview gathers everything worth knowing about the topic in a short and effective article.
There Was Already a Directive: PSD1
The Payment Services Directive itself is not new. In its original form, it was called PSD or PSD1, Payment Services Directive 2007/64/EC. Effective throughout the European Union and the European Economic Area, it applied to the regulation of electronic and non-electronic payment services such as credit transfers, card payments, mobile payments as well as every type of online payment processing.
The aim of the European Commission in 2007 was to increase competition across Europe and encourage the involvement of third parties in the financial sector. The participation of non-banks should improve consumer protection in terms of equal rights and obligations for service providers and users.
The original directive was the cornerstone for the Single European Payment Area (SEPA) and the SEPA payment, which standardises European payment transactions with Regulation (EU) No 260/2012 and serves as an important step towards diversification of the banking system through new payment service providers.
PSD1 meant more flexible business operations for the regulation of marketplaces, since at that time there was room for a rather open interpretation. Until now, it was thus also possible, though with restrictions, for online platforms to carry out financial transfers between buyers, subcontractors and their own companies without the permission of BaFin.
In 2014, BaFin made the conditions stricter and also demanded a contractual authority from the so-called commercial agents. PSD2 clearly continues along the path of this administrative practice: without appropriate permission or license from a supervisory authority, Europe only has a very limited transaction volume.
PSD2 Takes Digital Transformation into Account
The rapid technological development that has taken place since 2007, both in the payments market and as a result of digitalisation, has led to the need for a timely adjustment to the directive. For this reason, several new regulations in the form of a revised payment directive (Directive (EU) 2015/2366, Payment Service Directive 2) were adopted at the end of 2015.
The biggest change in the new directive is the long-discussed inclusion of third-party payment service providers within the scope of application, which offer services for account information and payment initiations. We would be pleased to inform you about the wealth of business models emerging from this in our blog post about new business models.
PSD2 regulates the access that these third parties have to payment accounts at the house banks. Thanks to the new regulations, these banks must create interfaces for external companies.
In doing so, PSD2 also contributes two technical terms or rather, service providers, to the banking world: Account Information Services (AIS) and Payment Initiation Services (PIS). Account information services (AIS) enable fully automated retrieval of account information from the account-holding bank in order to present the transaction data in a user-friendly, categorised and clearly arranged way. In addition, the PSD2 defines a new group of payment initiation services (PIS). With the help of a payment initiation service provider, the user can easily initiate a bank transfer by accessing their online banking, without interacting directly with their bank. Probably the best-known example is the payment service provider Sofort (previously Sofortüberweisung), both in the classic or customised form.
When does the PSD2 take effect?
The new directive was transposed into national law with the new version of the German Payment Services Supervisory Act (ZAG) on 13th January 2018. Some of the ZAG requirements, such as strong customer authentication, do not have to be implemented until September 2019.
The results so far have been rather sobering. In recent months, only 13 of 28 EU countries have met the PSD2 deadline. For one thing, interested parties cannot apply for authorisation in the 15 countries that have not yet transposed the directive. In an interview with an IT financial magazine, Dirk Rudolf, founder and managing director of FinTecSystems, explains that the biggest problem is probably the countries’ lack of commitment:
“The different status of implementation brings competitive disadvantages with it, especially for the new payment service providers, the so-called TTPs (third party providers, usually FinTechs).” – Dirk Rudolf, founder and managing director of FinTecSystems
This disadvantage arises from the fact that the competition in the states behind schedule can continue to perform the payment initiation services and account information service in the home state.
The banks haven’t been up to much either. Many seem to need time to think before developing their business model with PSD2. Maybe some will wait and see what the competition has up their sleeve. There are still very few interfaces and these are often restricted. This can be seen in the example of Deutsche Bank’s dbAPI, which provides transaction information and metadata, though without authorising payment initiations. What’s more, the TPP project must be evaluated positively by Deutsche Bank.
What has changed since the beginning of 2018?
While banks are holding back, many FinTechs and non-banks are already availing themselves of the opportunities afforded by the new regulations. The possibility of getting a much bigger slice of the financial market pie since PSD2 will continue to spur on the scene’s bright minds in the coming years.
Why PSD2: Easy and secure money transfer in the EU
The principle objective of the PSD2 is to simplify and diversify payment transactions. The incentive for new FinTechs and apps is set to grow as companies from the financial sector gain quick and easy access to customers.
More competition for payment services is particularly good news for private individuals, but other market participants can reap the benefits as well. The EU wants to expand the market, promote innovative solutions and start-up companies, but also strengthen consumer protection and improve the security of internet payments within the EU and EEA.
The biggest hurdle: In principle, all services require permission or registration. In order to offer the new payment services listed in the PSD2, companies and FinTechs must apply for permission to provide these services through the Federal Financial Supervisory Authority (BaFin).
Prerequisite: The account holder’s express wish
A small, yet very important detail for all those involved! The Federal Association of German Banks is stressing that private individuals do not have to fear that companies will have uncontrolled access to their data.
Technical Implementation of the PSD2 via Banking APIs
The Payment Services Directive clearly defines interfaces disclosed by banks. These banking APIs allow direct access to bank data. Third-party providers may then access account information or make transfers through the account using account information such as PIN and TAN.
Banking APIs are interfaces through which banks make data and transactions available to third parties. This means that users of payment and banking services are no longer solely dependent on the direct services offered by their own bank, but can process transactions via third-party providers. You can find out exactly what a banking API is by reading this blog post.
A concrete example of this is AISPs (Account Information Service Provider), which can summarise the expenses or data of different accounts and banks in an overview. You also have the PISP (Payment Initiation Service Provider), which processes payments for your customers. The EU is planning a register of certified providers for such services. In Germany, third-party providers must then register through BaFin. So far, however, very few banks have specifically grappled with the topic of open APIs. It is also questionable whether it will make sense for every bank to provide its own interface.
Growing Challenges for Banks
For banks, the PSD2 represents a serious economic challenge. IT costs are increasing due to several security measures and the APIs to be disclosed. More obvious, however, are the difficulties facing banks as a result of the new competition. So far, it has all worked out well: only the banks knew how much money their customers had and what they were spending it on. They were able to offer customised services – for example, construction financing, credits, insurance or securities. However, banks had to bid farewell to this monopoly in January. As soon as a user wishes to provide their data to third parties, their bank is obliged to disclose its interfaces accordingly. Depending on the business, bank revenues could decline by 10 to 40 percent by 2025.
Experts agree that the majority of institutes have so far not sufficiently addressed the consequences of the directive. The strategy is quite careless considering that the concept of the traditional bank for all financial transactions as well as for the rest of life is foreign to all younger customers today. On the other hand, banking experts reckon there will be considerable effects on the business of the institutions. According to Thomas Sontheimer of Accenture, the directive will “increase transparency in European payment transactions and probably increase price pressure.”
At first glance, the PSD2 only refers to payment transactions. However, other sectors of banking, such as securities and the credit sector, will certainly have to adapt.
New Opportunities for Banking Newcomers
Finances, personal credits, corporate credits, payments and wealth management – at first glance, banks seem to be losing their competitive edge. However, it is worth not losing sight of two important opportunities: collaboration and positioning. In an interview with Horizont, Christian Meyer, Vice President Risk & Compliance at FinTecSystems emphasises a different side of the innovations:
“With the PSD2, banks and FinTechs now have a reliable framework” – Christian Meyer, FinTecSystems
PSD2 is just that: less uncertainty, clearer do’s and don’ts for planning the future. On the one hand, much is expected from and for third parties, but PSD2 can also open up new business for banks. However, this is not a time for relaxing. Newer institutions such as long-established banks have to decide whether they want to exclusively remain a product provider, whether to work as a platform for others or which strategic partnerships they want to form.
PSD2 will make payment transactions more convenient for consumers. They will benefit from the new competition in the form of advantageous offerings. No wonder, then, that the German Retail Association is positive about the new directive. HDE expert Ulrich Binnebößel puts it this way: “Payments are increasingly being made on the move. Customers want to try out new payment options and use them for themselves. In order for new payment methods to be applied in practice, the policies need to adopt a risk-based approach that does not require someone to overcome a maximum security procedure with so-called strong authentication for every small payment.”
When used intelligently, this newly-found consumer interest offers more unexpected potential to established banks, rather than serving as a threat to them. Most of the respondents to a study conducted by the consulting firm PwC were rather impressed with the new possibilities of FinTech tools. Nevertheless, around 80 percent would prefer the services to be offered by their own bank.
“This is a great opportunity for banks to become the link between end customers and financial start-ups”, says Peter Kleinschmidt, Head of Digital Financial Services at PwC. “Institutions that succeed in implementing an appropriate open banking strategy could become the big winners of PSD2.”
PSD2: Green Light for Open Banking
Whether considered an opportunity or a risk, the introduction of the PSD2 will definitely have an impact on existing financial institutions. There is no doubt about it: the acceleration of open banking by the legislator is real. The opening of interfaces forces credit institutions to share their platforms. As part of the regulation, we can assume that a number of new payment offerings for private and business customers will try to capture the market.
However, an important nuance is often overlooked here – BaFin permission is now neither optional nor given as a gift. Banks can get it without any problems, but other companies have to meet certain organisational requirements in terms of data protection and compliance. The simplest option for many will be the umbrella principle (license as a service): using the permission of others and processing the specially created services through them. It is therefore hardly to be expected that the market will be inundated with new offerings from one day to the next.
PSD3 Won’t Be Waiting Forever
It is unknown whether the PSD3 will bring about the new revolution in payment transactions – details on how to implement this revolution are also a mystery. However, it’s a fact that the financial market will and must change. In recent years we have already seen that non-banks are arousing the interest and gaining the trust of customers.
Thanks to banking newcomers, the financial market in the EU will grow together and be increasingly unified. PSD2 will only reinforce this trend. This is the reason why all those involved now have to make the most of the opportunities and work together instead of turning a blind eye. After all, the PSD3 won’t be waiting forever.