By Emily Frost, International Banker
The payments industry is currently undergoing significant transformation, especially with the advent of fintech (financial technology), which is now posing a serious threat to the revenues and customer bases of traditional financial institutions. To compound matters for banks in particular is the revised Payment Services Directive (PSD2), a data- and technology-based directive that aims to promote competition and innovation within the European payments market, as well as improve the security of online payments and account access. The PSD2 comes fully into effect in January 2018, when each of the European Union (EU) member countries will transpose the directive’s financial guidelines into their national laws. Many believe it could play a vital role in changing banking as we know it.
The aim of the directive is to establish a legal foundation upon which a better integrated market for electronic payments within the EU can be developed. It will allow a bank’s customers to utilise third-party providers to manage their finances, which means that soon a whole host of companies will be on hand with which customers can make outstanding payments such as bills, execute payment transfers and conduct analyses on spending patterns, all while they continue keeping their money in their bank accounts.
Two new entity classes will be ushered in by the directive. Account Information Service Providers (AISPs) will be enabled to have access to banking customers’ account information. They will also be permitted to analyse customers’ spending habits, as well as coordinate customers’ account information from various banks into single viewpoints. Payment Initiation Service Providers (PISPs), meanwhile, will be able to initiate payments on behalf of customers, including bill payments and P2P (peer-to-peer) transfers. According to estimates from Accenture, PISP services could make up around 16 percent of online retail payments by 2020.
The Access to Account rule under the PSD2 is particularly important; it mandates that banks or other payment-service providers facilitate secure access via APIs (application programme interfaces) to customer accounts and data upon consent being granted by the account-holders. To provide such access, banks must also allow for customer-identity verification and authentication via APIs. As such, the rule allows companies to offer financial services using the banks’ data and technology infrastructure, which means that banks will now be competing against a raft of new companies across a range of financial products and services, in addition to other banks.
According to research of the European financial sector conducted by EY, most financial institutions consider the Access to Account regulation to be the most important component of the PSD2 from the perspective of expected implementation efforts, business and technical impacts, and risk-mitigation efforts that must be borne by account-servicing payment-services providers. Implementation of the rule poses threats to existing market participants in terms of new entrants not being connected to existing information-technology (IT) infrastructures; possible heightened security risks; data-protection regulation and requirements; potential fraud risks; and the undesirable consequences of unauthorised transactions and data breaches. That being said, providing regulated access to a payer’s account for PISPs and AISPs is likely to offer business opportunities for banks to improve their current product and service offerings.
Clearly, the PSD2 puts banks under considerable economic pressure. In addition to being exposed to greater competition, IT costs are expected to rise as more security requirements will need to be implemented, while the opening of APIs will also trigger more expenditures. As non-banks start accounting for a significant chunk of customer interactions, banks may also find it an increasingly tougher challenge to differentiate themselves when offering loans.
While banks are likely to feel additional pressures as a consequence of the PSD2, they can adjust to the directive by preparing accordingly. Accenture identifies four strategic options for banks to use to respond effectively to both the threats and opportunities that are likely to arise from the implementation of the directive.
Firstly, those banks that aim to attain minimum compliance with the directive are likely to experience disintermediation and a loss in volume and quality of customer interactions. Secondly, banks should both facilitate and monetise access—they can extend and enhance their API development by creating standing orders and direct-debit mandates, or by completing product applications via API. By doing so, banks can monetise additional APIs and collaborate with third parties to create new products and services. Thirdly, banks should offer advice and new services in order to leverage customer insight, and which boost the banks’ ability to provide customer-centric, digital-banking portals. Finally, by investing in open APIs, banks will be able to seize more opportunities for partnerships with third-party companies, such as in the areas of consolidation of services or data.
The new regulations will, therefore, help to make international payments within the union just as straightforward and secure as making payments within any one single country. By opening up the payments market to new entrants, moreover, the industry will be significantly competitive, which should in turn lead to lower prices and greater choice for consumers. According to the official wording of the directive, it will establish “a clear and comprehensive set of rules that will apply to existing and new providers of innovative payment services”. These rules aim to ensure that such entities can compete more effectively, which should lead to “greater efficiency, choice and transparency of payment services, while strengthening consumers’ trust in a harmonised payments market”.
With the implementation of the PSD2 looming, perhaps it explains the acceleration in banks’ efforts to collaborate with fintech companies, as well as experiment with their APIs and establish innovation labs. The directive is very likely to expedite the process of digital disruption that is currently redefining global financial services. It is now just a few months away from being implemented, and with European banks across the region now preparing to open their systems, the opportunity for digital transformation within the banking sector is substantial.