By David Gardner, Partner and
Grace Roddie, Solicitor at TLT LLP
Welcome to the revolution!
On January 13, 2018, the European Union’s (EU’s) Second Payment Services Directive (PSD2) was implemented in the United Kingdom. PSD2 provides a legal framework for more open, transparent and competitive banking services across the EU. It introduces significant changes about how non-bank third-party providers (TPPs) can access consumer bank-account information and initiate banking transactions on consumers’ behalf. In the UK, this builds upon the work of the Competition and Markets Authority (CMA) to introduce Open Banking reforms and create open standards to facilitate communication between banks and TPPs on a standard basis.
The outcomes envisaged by these reforms are nothing short of revolutionary. This could be the catalyst for a wave of challenger banks and fintech startups to supplement traditional retail banks. Providers old and new will be able to offer new kinds of digital-banking services, tailored to customers’ specific requirements, based on the rich data made available to them for the first time. Customers will embrace the opportunities to obtain new and better services, and only the strongest and most agile providers will survive…
…or so the theory goes. As we will see, there are a number of technical, commercial and legal barriers to realising this vision. However, it’s no exaggeration to say that Open Banking has the power to stimulate a paradigm shift in the banking sector. The revolution will be digitised.
The devil’s in the details
PSD2 and Open Banking reforms are underpinned by detailed policy changes, legal frameworks and new technical standards. In the UK, the nine largest current-account providers, known as the CMA 9, are now obliged to give access (with customer consent…see more on this below) to customer accounts via an open application-programming-interface (API) framework. PSD2 opens up the playing field to newly regulated categories of TPPs, known as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs may access customers’ bank account data to provide services as diverse as price comparison and identity verification. PISPs may access customer bank accounts to authorise bank payments on the customer’s behalf.
AISPs and PISPs do not need to hold banking licences, but they will need to satisfy certain regulatory requirements and register with the relevant supervisory authorities (the Financial Conduct Authority in the UK). Apple Pay doesn’t turn Apple into a bank, but it does put Apple at the frontend of the payment process. We can expect future PISPs to try to replicate this model, potentially cutting across traditional customer/bank relationships. In this model, you will still pay money out of your bank account, but the transaction will be processed by your bank at the request of the PISP received via secure API connections.
Sound complicated? You wouldn’t be alone in thinking so. The run-up to the introduction of PSD2 saw a flurry of activity in the financial sector, with prospective AISPs and PISPs (and their lawyers) looking to hit the ground running on January 13, and the banks working to finalise their API developments to enable the required communication to third parties. However, PSD2 has failed to have that “big bang” effect on the payments sector that some were hoping for. A key reason is that (so far) these changes have also failed to capture the engagement and trust of customers, which is fundamental to driving adoption and revenues. Instead, there are considerable misgivings from a customer perspective about new, untested business models and providers, and concerns about the risks of sharing data and security breaches.
Watch this space!
All of this presents an opportunity, —available to anyone from a new entrant to an established player, —to be the first to make a big impact in this transformative market. All that this hypothetical unicorn, bank or collaborative venture needs to do is overcome the technical challenges and regulatory requirements to launch a service strong enough to win the hearts and minds of sceptical customers.
That may sound like a tall order, but it’s only a matter of time before one or more providers manage to do this. The value of the data available to AISPs and PISPs via open APIs when combined with existing and developing data-analytics tools makes this a challenge worth taking on.
In the rest of this article, we look at the impacts of disruption in the banking sector as a result of Open Banking and consider the challenges relating to customer engagement, which are critical to the success of these reforms.
Facing the challengers
Open Banking is a challenge to the traditional banking model and aims to leverage technology and data to transform the sector as we know it. It is intended to bring new entrants into the market and break up the market monopoly currently held by large providers, such as the CMA 9.
Fintech providers and challenger banks are well placed to disrupt the market in the ways envisaged by the CMA and PSD2. They are less tied up by red tape, ageing systems and inherently risk-adverse decision-making, and more culturally responsive to change and the opportunities it presents. Challenger banks are already experimenting with new business models, and we have advised on collaborations between challenger banks and fintech providers (including newly registered AISPs).
More established banks have faced greater challenges in preparing themselves for PSD2 and Open Banking. Five of the CMA 9 have been granted extra time to comply with Open Banking requirements. Many of these banks also have large legacy technology and compliance-remediation programmes, which limit their bandwidth for innovation and horizon-scanning. Regulatory investigations and heavy fines live long in the memory, which means that decision-makers are understandably cautious about venturing into the uncharted territories opened up by Open Banking.
However, established banks possess a number of inherent advantages that other players in the market lack and cannot easily obtain. For example, the larger banks have a broad and deep customer base, the capacity to invest and (comparatively) high levels of consumer trust and confidence.
Whilst it would be easy to understand the established banks falling into a defensive pattern in the face of PSD2, what we have actually seen is an increasing interest in co-operation and collaboration between banks and fintech providers, because each has something the other wants and needs. They may sometimes be uneasy bedfellows, but this may be the best route to success for all parties. For the established banks, it may also be the only way to remain relevant and competitive.
The customer is king
Whilst the introduction of PSD2 is intended to promote competition and drive down costs for customers, this isn’t currently high on the agenda for most customers. Consumer awareness of Open Banking and the benefits of using AISPs and/or PISPs is currently low.
Unsurprisingly, the focus in the run-up to the introduction of PSD2 (particularly in the FCA and the banks) was to ensure the necessary infrastructure was in place to support Open Banking, rather than consumer engagement with the new reforms. However, customer engagement and support will be key to the success of the reforms.
As a result of PSD2, customers now have greater control of their bank-account data and can provide express consent to allow AISPs and/or PISPs to access it. This consent can be given for a range of purposes, notably to allow aggregating of all of the customer’s account information from different banks and to compare the current products on the market and find the best deals.
The FCA has stated that banks may not dissuade their customers from using these newly regulated services. However, banks have failed to engage their customers on the benefits of Open Banking, potentially due to the perceived risks of customers switching their accounts and services. Banks have also had to change their terms and conditions to accommodate Open Banking and notify customers of the same, but this has happened without any substantial customer engagement on the reasons for the changes.
From a customer’s perspective, Open Banking introduces more complexity to the market, which is usually a turn-off for most customers. Combined with high-profile data breaches over recent years, scepticism is rife, and there appears to be a lack of desire from consumers to jump onboard.
Counteracting these negative impressions will be key to the success of Open Banking. Smarter communications are needed at an industry level to build up trust and confidence in the market. Trust is central to customer engagement, and, as noted above, the established banks have the most leverage to promote this. Fintech providers should take note of this, too—particularly if they are keen to attract customers and become the new “face” of banking services in the “Open Era”.
The start of the Open Era:
PSD2 and Open Banking introduce opportunities for banks, service providers and customers alike. The stage is set for a new era of improved services, better customer choice and new revenue streams. It’s still the early days, but the race has begun to develop that killer app and become the face of Open Banking. Watch this space!