PSD2 and the New Era of Open Banking – How Can Banks Prepare for the Age of Disruption
The advent of the revised Payment Services Directive is a real game-changer for the European banking sector. PSD2, which went live in January 2018, is a directive adopted by the EU that is designed to regulate payment services and payment service providers throughout the EU and the European Economic Area (EEA). While in other sectors like transport and leisure, we have seen private businesses driving change and disruption, in financial services, as the advent of PSD2 demonstrates, it is government-driven regulation that is really shaking up the industry.
PSD2 is essentially a consumer-orientated initiative that is designed to increase the level of transparency, innovation and competition across the European payments landscape. One of its likely consequences will be to make retail banks across the region relinquish the tight control of the sector that they currently hold and allow a lot more options and a lot more competition within the financial services space. These new competitors are likely to be split into two main areas – third party providers (TPPs) and account aggregators.
Opportunity Knocks for TPPs
PSD2 effectively stipulates that banks should grant TPPs access to a customer’s online account/payment services in a secure and regulated manner. This potentially provides an opportunity for large and powerful technology and retail giants to move into the financial services space and start to compete head on with the banks themselves.
To explain how the new regulation might change the prevailing approach, let’s take as an example an individual making a traditional purchase using a debit or credit card. Historically, the individual concerned would have made a payment using one of these cards. The card company would have then contacted the cardholder’s bank to check that sufficient funds were available to make the payment. The bank would release the money; the flow would go back to the retailer from which the cardholder was purchasing, and they would then authorise the cardholder to buy the goods.
What PSD2 is now effectively stipulating is that if the consumer gives the retailer their bank account information, they can go directly to the bank and draw the money themselves without having to follow the process of the debit or credit card company. This change effectively takes control of the consumer’s accounts away from the bank. The bank no longer has the right to manage the relationship. That’s important because in this context the relationship is key. Historically, the bank would have held most information about the consumer’s shopping spend, where they spend funds and how they spend them. Basically, this is now being taken away from the bank and the consumer is in effect giving it to the retailer or technology company instead.
Another form of licence that will be issued under PSD2 will be to so-called account aggregators. As is the case with the TPPs, account aggregators will also be able to access consumer information if the consumer allows them to do so. However, the account aggregators will be opening up the banking market in a different way to the TPPs. Their raison d’etre is to gather all of an individual’s information in one place for that consumer to view easily. A typical example would be where a consumer has multiple bank accounts or other financial products and can view the balance they have on each through a single portal in any currency they choose. Ideally, they should, in addition to this viewing capability, also be able to control their account and transact on it too.
Testing Times
All the above represents a huge challenge for the banks as it means that they will lose control of their customers’ financial data and ultimately too the direct relationship they have with the customer. Critically too, the need to comply with PSD2 will place significant demands on the banks in terms of the way they manage data and the systems infrastructure they put in place. Opening up the banking industry entirely, PSD2 demands banks put an end to data silos with integration enterprise wide. It also means banks need to discover the ability to analyse data in real-time.
In effect, these demands make it necessary for them to completely rethink their technology stack and the systems they have in play. After all the advent of PSD2 means that if the customers authorise it, the banks must provide the relevant account information to third-party providers through an open API.
Currently though many do not have flexible enough infrastructures to do this. Many are reliant on legacy systems infrastructures that do not readily support high levels of integration. Typically, banks have multiple different kinds of databases, together with a vast range of applications that operate in silos across the organisation. Coupled with this, they have large volumes of data in place, much of it unstructured, and with little means of achieving analytic and transactional processing of that data, let alone in real-time.
In the past, with little history of innovation and with budgets tight, banks have done little to address this problem of overreliance on legacy systems. When faced with the new wave of regulation that came in after the 2008 banking crash, they generally invested in different applications on an ad hoc basis to meet each individual regulation, without necessarily touching their legacy systems.
Many remain fundamentally unprepared to meet the latest more disruptive wave of banking regulation. Every bank is different, though, and the level of investment required from each will depend on a range of factors such as: what their current systems are; when they last updated them; how successful their integration strategy has been and, of course, how old their legacy systems are.
New banks generally are well placed because of their lack of legacy systems. Older banks that have had the resources to invest in new technology systems over the past five years or so may be in a good position too. Others that have done very little to implement new systems and remain reliant on legacy systems introduced in the 20th Century are likely to have more serious concerns to address. For these organisations, significant investment in new systems will be required to meet the regulatory stipulations.
Putting a System in Place
The more stringent demands of PSD2 in particular are however, really focusing minds across the sector and making many realise that they will have to take more urgent action to ensure that their infrastructure, systems and data are really fit for purpose.
To do this they need a unified data platform open enough to integrate any number of legacy systems and silos, reaching out to disparate databases, bringing the information back into one place and making sense of it. This platform should be able to handle massive volumes of data, to easily scale up when these grow further and to absorb data from real-time activity, transactional activity and from document databases. That’s particularly important now with the new environment supported by PSD2 meaning that a whole host of new third-party providers will be looking to access information, pushing up overall volumes, and especially transactional volumes, still further.
There’s more too; the platform must also have the agility to separate out the data needed. It must enable data to be interrogated even if is in large data sets to enable the bank to comply with regulatory requirements such as answering unplanned, ad hoc questions from the regulators.
Another key advantage of making a significant investment in this kind of technology is that it will take the bank far beyond compliance with PSD2. However, this kind of investment also offers organisations an opportunity to further future proof themselves, moving beyond compliance more generally.
Banks will now have a secure, panoramic view of disparate data which can be used for distributed big data processing, predictive and real-time analytics and machine learning. Real-time and batch data can be analysed simultaneously at scale, allowing developers to embed analytic processing into business processes and transactional applications, enabling programmatic decisions based on real-time analysis.
However, if PSD2 turns out as disruptive as some industry commentators predict, banks are also going to be challenged by new market entrants as well as the regulators. Upgrading their data platform in this way will help them become more agile and innovative, as well as provide the insight to drive the development of new, highly-targeted propositions for customers.
The more they are storing on legacy systems, the more they are going to need this updated platform. Choosing the right one could serve a valuable dual purpose, providing the right tools to ensure compliance – and to see off the competition. Only then can they turn the crisis into a real revolution.
Looking Forward
Banks should not despair of course at the scale of the challenge they face in achieving PSD2 compliance, however daunting it might appear to them. Penalties are likely to be left to the regulator’s discretion. It is unlikely that they will impose significant fines if they feel the bank is making a serious effort to achieve compliance. The likelihood is that if they feel the bank is on the right path, they will instead offer them their support in trying to get where they need to be as part of an ongoing process of assessment. PSD2 represents such a significant change for the whole banking industry that it is appropriate for the regulators to take a measured approach to its implementation and rollout.
Banks should ultimately be quite clear about the direction of travel though. PSD2 is here and it heralds a new era of open banking. Banks need to start to release their data in a secure standardised form to enable it to be more easily shared with authorised third-party providers. To do this, as we have seen, they will need to put in place far more flexible, agile and well-integrated systems infrastructures that can manage vast volumes of data and also support high-speed and high-performance analytics. The future of banking is changing all the time. Traditional banks may not exist in their current form in a decade or two. However, the more forward-thinking among them will see PSD2 not just as a threat but also an opportunity to adapt to the new landscape and start using APIs as a driver of innovative services.
To navigate the future wave of regulatory disruption and give themselves the best chance of surviving and thriving in the future, they need to ensure they are taking steps today to ensure they are adapting their whole approach and putting in the place the right systems and solutions to make success much more likely in the future.
