PSD2 and Open Banking: What to Expect in 2020
January 8th, 2020
It sometimes feels as if we’ve been talking about PSD2 forever, yet awareness of the Open Banking aspect remains limited, even within banking. It hasn’t helped that some markets, such as the UK, have undertaken their own Open Banking initiatives in addition and parallel to PSD2.
When it comes to PSD2, every bank has to offer two things to approved third parties – the ability to get account level information (such as balances) and the ability to initiate a payment on behalf of the bank’s customers. Note we don’t say APIs – the RTS, or Regulatory Technical Standard, that sets out what banks have to do, doesn’t actually specify how they have to do it. In fact, the RTS is neither regulatory, technical nor a standard. More on that in a moment, but APIs are how the majority of banks have tackled this.
Where are we?
Largely on track, given the size of the task, at least from a technical perspective, though it’s unclear that every bank will meet the deadline. In the UK, where the deadline was earlier, there look to have been improvements in performance as well, so that will likely happen with the PSD2 variations as well.
The less good news is threefold. First, the majority of banks have done just the bare minimum required to be compliant, with just those two APIs. Second, few banks have really promoted Open Banking beyond telling customers they can connect their other banking products to them. Third, and linked to the previous point, there seems to be little awareness of what can be done with the APIs, and very few examples of FinTechs successfully disrupting the market, which is the very point of PSD2.
To be fair, those FinTechs can’t launch their services until they know quite what they’re connecting to and how, and that they are available to do so. Banks have struggled with becoming compliant because the lateness of the guidance, as well as the significant technical challenges for them. Yet will the regulator see it that way? At the very least, we expect a PSD3 with even more APIs, and at worst, the prospect of the regulator somehow ensuring their usage.
Celent believes that a significant growth in Open Banking usage will be seen in those markets adopting Instant Payments. Together, there are far greater possibilities for new services and solutions. Some of these are emerging already:
- FinTechs and banks are offering bank account management products that sit on top of the customers’ existing accounts
- A French retailer is seeking to use the combination to replace card transactions
- An Indian bank is enabling an internet retailer to give instant refunds, automatically
Celent is excited about all the possibilities; equally, we’re aware that this new paradigm isn’t without its challenges.
Use cases utilizing Open Banking are one example. If the move to Instant Payments from cards happens, particularly at the PoS, traditional models are going to need to adapt quickly to reflect different payment patterns. And of course, without the revenue to offset the cost of doing so.
Banks have been told that they must treat all third-party payments providers (TPPs) as if they were peers and can be trusted – they therefore can’t validate with the customer themselves. At the same time, the tools are not in place in most banks to do all the checks required. Are they a registered TPP? What are they allowed to do and in what country? Do they meet the requirements in the country that they are requesting payment from or to?
What does a bank need to do in 2020 to prepare for this?
First, education. When Open Banking launched in the UK, it did so with little fanfare. So how are customers to know how to do even the most basic things to protect themselves? An industry-wide approach using the same language and consistency of message would benefit all. This would ideally include a Europe-wide website where users can check the status of a TPP, perhaps including what complaints have been made against them.
Second, work proactively with TPPs and the value chain in a help us help you rather than the current them and us. For example, if TPPs adopted similar layered fraud prevention systems as traditional FIs, such as device profiling and behavioural biometrics at customer endpoints, banks will be less likely to intervene in the transaction, minimizing friction. It would also allow the sharing of known bad actors, and proactively protect against them. It’s a win-win.
Third, recognize Open Banking as “channel plus.” That is, while it isn’t as clear and distinct as other channels, it does overlap or integrate with other channels. This will become increasing important as banks move from the regulatory requirement to open banking, where they are a suite of APIs. Which leads to another point: the solution will need to look across not just one payment type, but across a of range of different interaction types. Silo thinking will lead to silo solutions, which will increasingly fall short of the mark.