PSD2: Another painful compliance exercise or an opportunity?

By Sarkis Akmakjian | 19 September 2016

The European Commission’s revised Payment Services Directive (PSD2) will bring about one of the biggest changes that the banking sector has ever faced. However, as the Commission has indicated this is not a change being dictated by banks; it is a reaction to the ongoing disruption of payments in the digital age.

In the words of the Commission, PSD2 “seeks to improve competition by opening up payment markets to new entrants, thus fostering greater efficiency and cost-reduction”. In fact, the payment market has been opening up to new entrants for quite some time – companies such as Xoom and Trustly, who provide payment services that occupy the space between the customer and their bank, are well established.

It has long been recognised that fintechs’ innovative technology and customer service models have the ability to add value to the market, but in order to get the most out of many of their innovations, these firms need wider access to data about a customer and their transactions – more than they hold themselves. PSD2 makes this sharing of customer information possible.

The Directive introduces and regulates two categories of third party service providers:

  • Payment Initiation Services Providers (PISP), and
  • Account Information Service Providers (AISP).

Starting with PISP, when a customer makes a purchase the Directive will allow the retailer (or merchant) to ask their customer’s permission to use their bank details. Once permission is given, the bank and retailer are connected directly through an open API (Application Programming Interface). The retailer or a fintech can be the PISP, while the bank would be the Account Servicing Payment Service Provider (ASPSP). AISPs, by contrast, consolidate account information from several ASPSPs in one portal – such information aggregators are already established in the US.

It is hardly surprising that some banks see PSD2 as a threat. It opens the door for a wide range of entities to provide payment services and it will undoubtedly limit the direct interaction that banks have with their own customers. PSD2 also introduces a new layer of compliance on already overstretched organisations and will require a significant further investment in systems and processes. It will be the ASPSP’s responsibility, for example, to provide the facilities to securely communicate with PISPs and AISPs, and banks will also be required to apply what the EC calls ‘strong customer authentication’ when an e-payment is made. Adding to the challenge is the narrow preparation time: EU Member States have until October 2017 to incorporate the Directive into national law.

Real opportunities in PSD2

For some, PSD2 will be seen as yet another painful compliance exercise. There are boxes to be ticked and requirements to be met, and that is as far as the thinking goes. Viewing PSD2 in this limited way would be a costly mistake; there are real opportunities available in the PSD2 world, if we are prepared to look beyond the minimum requirements.

Information sharing does not have to be a one-way street. PSD2 mandates the flow of customer information in one direction – from the bank to the PISP or AISP. However, there is nothing in the legislation to prevent banks for coming to a reciprocal arrangement with PISPs and AISPs, opening up rich new channels of data. The information that banks hold on their customers at the moment is very one-dimensional; sharing information will give banks access to far greater insights on what their customers are doing, how they are organising transactions and the services and products that they might want and need. This is information that could help a bank become better for its customers and a better business partner for the growing number of third party providers. There is a real opportunity to engineer these open APIs to the bank’s benefit and this can be realised in modularising different information aimed at monetising these data assets. Similarly, there is nothing in the legislation to prevent a bank that is acting as an ASPSP from also acting as a PISP or AISP, or both. In fact, some banks are already taking on this challenge by spinning up technology divisions to function as PISPs and AISPs.

There are conditions, though, for success under the PSD2 regime. Top of list is the need for banks and fintechs to work together as partners. There is much that they can learn from each other – fintechs excel on innovation and delivering what customers want, while established banks have years of experience, capital available to invest and the trust of their customers. Some established banks see innovation and the fintechs as a threat to their very survival; others see the potential that working together can bring. This partnership and collaboration between banks and fintechs will deliver more value to the customer and it has the potential to provide new business to fintechs and even more importantly, new revenue streams for banks.

Trust and information sharing

Trust is essential if PSD2 is going to work. Critically, the sharing of information depends on the customer’s consent; end user authorisation is required before banks and other companies can share information. The tech-savvy generations are more willing to share their information but that does not mean that banks or fintechs can afford to be complacent. The entire industry will have to work hard to sell the idea of information sharing to customers and there will need to be a strong drive and investment in developing excellent security. Everyone needs to work hard to persuade end users that they will see the value if they agree to share their information and that their data will be safe and protected.

This does require a culture change on the part of the banking sector; sharing customers’ information is not something that comes naturally to them. The risk, if too many customers are unwilling to share their details, is that the adoption rate will be lower than expected and if that happens, the industry, consisting of both the banks and the newer fintechs, will only have itself to blame.

Success also depends on banks making the best possible use of the data that becomes available under PSD2. Fintechs already have excellent analytical sense and capability but everyone involved will need to be open to new technology and ideas. The pace of technological innovation in the sector means that greater integration and the sharing of information is not something that can be avoided. Open banking is becoming a reality.

Of course there are many details around PSD2 still to be established, not least in developing a business model that works for everyone. My feeling is that a revenue sharing model will eventually become the norm – the early adopters and leaders in the field will have the most say in how the PSD2 world develops.

This is a time to be bold and brave. Banks can resist and run from PSD2, or they can grab the opportunity to gain valuable insight into their customers’ behaviour and preferences, creating growth.

By Sarkis Akmakjian, Senior Director, Product Management, Accuity. 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development