New PSD2 regulations in the EU offer opportunities for the financial and FinTech sectors and will enhance customer’s payment experience and wealth management options. However, banks will need to redesign payment business models, and TPPs will now need to submit to regulatory supervision.
The European Union (EU) recently updated its 2007 Payment Services Directive (PSD) regulations by issuing the Revised Payment Services Directive (PSD2), also sometimes known as Open Banking in the UK. In general, “open banking” refers to the use of open application programming interfaces (APIs) that enable third-party software developers to build an open banking platform and other programs, as well as to provide services, structured around financial institutions.
The PSD2 legislative revision became effective on the 13th of January 2018 except for its security measures known as strong customer authentication (SCA). The new SCA account and payment access measures will take effect 18 months after the Regulatory Technical Standards (RTS) is published, which is currently scheduled for September 2019.
These new EU regulations bring both challenges and opportunities to the traditional financial and banking sector, as well as to various FinTech firms. The net effect will most likely be favourable though, since the pros generally outweigh the cons for consumers and most businesses catering to them are capable of competing effectively. Furthermore, understanding the challenges arising from Open Banking PSD2 changes gives your firm an opportunity to react earlier to obtain the best possible outcomes.
Changes that PSD2 mandates
In effect, PSD2 established a framework to allow new services, such as an open banking provider, to link to personal financial accounts, including account information services and payment initiation services. The changes dictated by PSD2 will impact six primary areas:
- The range of transactions covered
- The scope, access, regulation and type of payment service providers
- Greater liability for payment service providers
- Information access limitations
- Enhanced personal data protection
- Payment validity enhanced via strong customer authentication (SCA)
Most important for consumers, PSD2 implements stronger security measures designed to protect consumer account data. It was also intended to increase competition and innovation among providers, as well as to encourage the ability for consumers to make efficient, fast, convenient and secure payments.
In addition, this directive also allows third parties to access data and to make payments via APIs for any transaction with one side originating via a payment service provider (PSP) situated in the EU.
Individuals and companies can allow access to their payment information by third party providors (TPPs) that provide payment-related services. TPPs are usually other banks, but they can also be FinTech firms. These TPPs can include payment initiation services providers (PISPs), as well as account information service providers (AISPs).
Furthermore, PSD2 expressly prohibits TPPs from accessing data from a customer payment account other than what the customer specifically authorised. Under PSD2, customers must agree to allow the access, use and processing of data obtained, so “screen scraping” such data by using software designed to copy data from a website will no longer be allowed after the transition period that ends when the SCA takes effect.
Opportunities arising from PSD2
Banks may be able to develop more advanced open banking APIs and PSD2 solutions that differentiate between AISPs and PISPs and go even further for a fee charged to the TPP. This could help pay for the infrastructure change and raise revenues. They can also offer their own branded payment services to compete with non-bank TPPs that would be strengthened by their existing customer data base.
The FinTech sector will generally come out ahead as a result of PSD2 since they now have a considerably broader opportunity to provide their services. As customers increasingly use non-bank TPPs to make payments with, instead of banks, that sector will grow, and demand for FinTech services will increase along with it. TPPs can also refine their offerings based on information obtained each time they handle an account information or payment request.
Challenges arising from PSD2
Banks will now have to set up APIs for access and make sure to implement strong customer authentication required under PSD2. They may lose the direct relationships with consumers and firms who prefer to use TPPs. They may lose out to more technologically advanced TPPs.
TPP firms will still need to expand their customer base to compete more effectively with established banks that have existing clients and strong brands. Previously unregulated TPPs will also now have to submit to regulation, which can inhibit their growth and activities due to new compliance requirements.
The enactment of PSD2 regulations will offer significant opportunities for the financial and FinTech sectors that include expanded revenue, and it will also enhance and broaden the customer payment experience considerably.
Nevertheless, banks will probably need to redesign their payment related business models, while some TPPs will need to tighten up their operations to comply with new regulatory supervision.
Taken overall though, the implementation of this new EU directive seems likely to bring more opportunities and revenue to the payment services sector than challenges.