Open Banking and Innovation: Let’s not wait for PSD3!
Let’s start with a fundamental question about the future of banking, finance and innovation.
Our question is – in this fast-paced, digital age, how can the financial institutions drive innovation whilst enabling open and safe data use and staying compliant with regulations? Is there a role left for the legislator?
In this blog I will open up this conversation and highlight some of the key issues.
Let’s not wait for PSD3
During my recent panel session at MPE 2019, a key question posed was, ‘Can we expect a PSD3?’
Even though this is expected (there is a revision clause in PSD2), hopes were expressed by the panel that the market will develop towards Open Banking without the need for further regulation.
Many agreed that we should not wait around for the regulator to take further action and instead, the market should embrace access to account (XS2A) under the revised Payment Services Directive (PSD2) and build further on that.
In addition, innovation and development of the payments landscape must not be stifled because of the time it takes for regulations to be drafted and implemented.
Indeed, some of the more agile and forward-thinking players are already planning their innovation roadmaps and discussions.
This is encouraging, but there are I’m afraid, many other obstacles.
Lack of digital innovation
In simple terms, banking infrastructures and technologies should make our financial lives easier and safer.
They should therefore, be leaders in digital innovation.
Why for example, am I still unable to download an app that shows all my financial information in one centralised place – my current accounts, credit card balances, savings, pension, mortgage, insurances, etc.? That was the first consumer desire that came to my mind when I first learned of PSD2.
OK, it’s likely that this will be available in the future, but it is, still some way off. And of course, I cannot underestimate the complexities and the integrations needed with non-financial institutions, but it is not impossible.
Stalled delivery from PSD2
The big PSD2 idea was that it would create a level playing field, stimulate competition and set us on the path to real Open Banking.
We are however, a full year down the road and very little has changed.
Complex PSD2 requirements are creating huge additional compliance burdens and in particular, holding back small companies.
And whilst PSD2 has to some extent, opened up the market to companies, it has done this in a limited and costly way.
Sluggish movement on TTP and APIs
A recent Innopay report revealed that only six EU countries have issued TPP licenses with the numbers limited to one or two licenses, with the exception of the UK (over 50) and France (five).
This UK head start could be attributable to it been the first country to transpose PSD2 into local law and it having instigated Open Banking already, a number of years ago.
The market however stills seems divided and whilst a select group of banks look to exploit the opportunities of PSD2, others are hindering.
Only a few for example, have so far published their APIs.
Go-slow from the banks
Contributing to the current go-slow is the fact that too many questions still need to be answered.
These include questions relating to the final requirements for banks and authenticated screen scraping fallback, the registry services and use of eIDAS certificates.
What’s more, local authorities seem to be acting inconsistently in terms of their interpretation of requirements for Strong Customer Authentication (SCA).
The UK for example has excluded certain card transactions; and some countries see SMS-TAN code as compliant, some as not.
The speed of adoption is also delayed by the RTS SCA not coming into effect before September of this year.
A lack of a technical standards (although perhaps understandable from the regulator’s point of view) and consistency of technical implementation is resulting in different interfaces and potentially numerous standards.
This is despite welcome efforts from the Berlin Group and some others.
Article 108 of PSD2 provides for a scheduled review by January 2021 on the application and impact of the Directive.
This clause says specifically, that the review report will focus on:
- The appropriateness and impact of the rules on charges
- Access to payment systems
- Level of competition
- Thresholds for the scope of exclusion for mobile payments by a telecom provider
- Thresholds for exempt/ small Payment Institutions
- Reviews of maximum limits for amounts to be blocked if the transaction amount is not known in advance.
The clause also states that the Commission shall submit a legislative proposal together with its review report, if appropriate.
There is however no mention of the XS2A provisions.
Is this omitted by mistake or on purpose?
I am wondering why the European Commission would not want to review the impact and appropriateness of banks providing access to their account?
Lack of standardisation
Another issue I have previously raised, is that existing EU regulation does not provide sufficient guidance on what constitutes a payment account.
Currently, because of local interpretations, the accounts an individual will be able to see from the banks will be based on the country they’re in.
We need a much more standardised view of what constitutes an account and increased industry collaboration to create a standard.
The European Court of Justice judgment in October 2018 provided guidance on the functionalities an account should offer in order to constitute a payment account under the PSD.
This was a welcome step towards standardisation but was unfortunately insufficient in terms of a practical assessment of the different types of accounts held by payment players.
What’s more, we are still not seeing see local supervisors embracing this ruling and updating their guidance.
What needs to happen now?
The question I posted at the beginning of this blog was, ‘How can the financial institutions drive innovation whilst enabling open and safe data use and staying compliant- and what is the role of the legislator?’
Within the current Directive then, what positive steps can be taken to move towards Open Banking?
One thing we would like to see is the EBA spending a lot more time answering questions in their Q&A tool to achieve a standardised implementation of how XS2A will work, as well as how SCA and the exemptions should be applied, and which transactions and accounts are involved.
This needs to be done sooner rather than later, to address the increasing fragmentation currently hitting the payment landscape.
This is also a call for the market to submit more questions.
Then, once the fog has cleared and the APIs of the biggest banks are working properly, we will potentially see a huge amount of change.
With this we can also expect to see many payments players shifting position as they try to find their competitive niche, post-PSD2 and, whist there may be disputes between FinTechs and banks, these could be resolved with involvement from the anti-competition authorities.
The good news is, we are seeing some movement in the market and the more banks are able to include certain accounts, transactions and access within the PSD2 scope, the more this will help.
There is therefore, a glimmer of light at end of the tech innovation tunnel – but still significant work to do.
Regardless, the legislator’s work is done. It has laid down an important framework for open banking, but this now needs to be picked up by the market.
The legislator should not try to make further improvements or implement further legislation.
As PSD2 has shown, regulations may not suit in a rapidly-changing world. The level of complexity and rigidness added by the EBA only adds to this observation.