All You Need to Know About PSD2 & Open Banking

October 6, 2021

PSD2 is part of a global trend in banking regulation that aims to foster market competition, innovation, and security. In late 2015, the European Parliament passed the revised Payment Services Directive (PSD2) to disrupt the existing monopoly that the banks were holding. PSD2, which came into effect in 2018, replaced PSD, an earlier directive that created a single market for payments and the foundation for a Single Euro Payments Area (SEPA).

PSD2 is administered by the European Commission to regulate payment services and payment services providers throughout the European Union (EU). PSD2 mandates banks and other financial institutions to give third-party service providers (TPPs) access to consumer transaction accounts based on the account holders’ consent (for retail and corporate customers). It establishes a clear and comprehensive set of rules that will apply to existing and newer providers of innovative payment services.

Main objectives of PSD2:

  • Contribute to a more integrated and efficient European payments market to enable greater choice and transparency of payment services
  • Create a level playing field for payment service providers, including new players
  • Make payments safer and more secure
  • Strengthen consumer trust by enforcing higher security to protect consumer data
  • Ensure better pricing for consumers

PSD2 has forced the banks to reconsider their position and business models. Many FinTechs, merchants, large consumer tech players, and banks themselves have been applying for licenses to operate in the capacity of these TPPs. TPPs are categorized as AISP (account information service provider) and PISP (payment initiation service providers):

  • Payment Initiation Service Providers: PSD2 allows regulated third-party PISPs to initiate payments directly from customer payment accounts (provided they have the customer’s consent).
  • Account Information Service Provider: Regulated third-party AISPs can access customer data (provided they have the customer’s consent) to provide an overview of a customer’s payment accounts with different banks in one place to manage their finances better (e.g., a mobile app).

Source: Open Banking

Customers will need to provide explicit consent to use their transaction data. The EU’s General Data Protection Regulation (GDPR) requires that customers are made fully aware in a clear, concise, and transparent manner concerning how their data will be used and by whom.

What is Open Banking?

The global financial landscape is continuously evolving, but one concept inevitably stands out is Open Banking. Think of the business model shift that happened when Apple launched the App Store in 2008. It gave consumers the power to choose the applications they wanted on their smartphone tailored to their own lives. Open Banking has the potential to have a similar effect.

Changes in consumer behavior, regulatory changes, search for new business models, and the threat for digital ecosystems like Google, Amazon, Facebook, and Apple is driving banks to walk the path of Open Banking. Open Banking is a systematic paradigm shift in the way financial services are delivered along the entire value chain, providing access to consumer banking, transaction, and financial data from banks and other financial institutions through the use of application programming interfaces (APIs). API platforms are the technological backbone for the implementation of Open Banking. Through the use of these APIs, FinTechs, banks, and other companies can build new and innovative financial services and products, such as third-party PFM apps (personal financial management apps) that provide a consolidated view across all your accounts and streamlined lending where lenders can get the required data to acquire the ability to make informed decisions instead of manually gathering data and so much more.

With Open Banking, this data belongs to the account holder and not the bank. Open Banking will re-architect the industry by placing the end customer/business in charge of their data held by the banks and, more importantly, how they want to use banking services, with consumers/businesses required to consent to data sharing.

Open Banking can achieve the following objectives:

  • Foster greater innovation (new business model, adoption of more modern technologies) and competition in the financial services industry so that specialist providers/FinTechs can compete with banks on an equal footing.
  • Reduce transaction cost: Payments – by cutting out intermediaries like global card schemes and other regional intermediaries. Lending – with more transparency and quicker access to machine-readable information and data coming easily from various sources, due diligence can be more confident, which, in turn, can potentially bring down the cost of credit.
  • Boost financial inclusion, especially in emerging economies, by providing solutions to an underserved audience at a lower cost. E.g., access to credit at a reasonable price.
  • Ensure more security for all stakeholders; screen scraping has been a common but insecure way of sharing data. Open Banking, driven by security guidelines, can make data sharing secure. Also, customers/businesses will be in charge of their data and decide whom they want to share their data with and under what conditions.
  • Improve customer experience:
  • Provide a more straightforward comparison of products and services.
  • Flexibility to choose between innovative offerings provided by banks or third parties based on service quality, pricing, speed, and transparency.
  • New, innovative products like personal finance management, instant money transfer between bank accounts, and credit cards.

Open Banking is a way of facilitating data sharing and not an app or product. Thus, it will take customers a while to see a tangible impact of Open Banking only after many solutions that augment value to consumers and businesses are implemented. Open Banking will push some passive, reactive banks to ramp up their tech efforts; it will also pave the way for several new services and business models that banks can adopt. Here are a few Open Banking use cases:

  • Providing inter-bank payment facilities and bill payments
  • Analyzing the financial behavior of the consumer
  • Aggregation of product information from different banks onto a single platform
  • Banking-as-a Service
  • Effective disbursement of lending/micro-lending products
  • Analyzing cash flow (businesses)
  • Wealth advisory
  • Digital onboarding

The Open Banking onset started when the Competition & Market Authority (CMA) in the UK investigated the supply of retail banking services to personal current account customers and small-and-medium-sized enterprises (SMEs). In 2016, it was concluded that there was a need to improve retail banking and financial services competition. Several changes were proposed, and “Open Banking” went into effect on January 13, 2018, as a regulation in the UK.

The CMA announced a mandate for the nine largest UK banks (also known as CMA9 banks) – HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds, and Nationwide – to implement recommendations developed by the UK government-appointed Open Banking Working Group (OBWG).

Open Banking has gone hand in hand with data privacy and protection laws in many geographies. GDPR & PSD2 in the EU, PDP & AA in India, and CDR & Open Banking in Australia. Based on the UK’s Open Banking and the EU’s PSD2, different jurisdictions worldwide are adopting their own versions of Open Banking either in the form of regulations or as guidelines for the market to adopt.

Pros and cons of Open Banking on key stakeholders

Source: Open Banking Report 2018

Potential opportunities and business models

With Open Banking, banks could be relegated to a utility role and lose control over customer interactions as non-banking organizations embrace the open API economy. Therefore, they face a stark strategic choice. Do they want to become another utility providing commoditized, “white label” banking products and services, or do they want to maximize future shareholder value? A proactive approach is a best-case scenario. Here are some potential opportunities and business models across the ecosystem that are emerging out of Open Banking:

  • Account Aggregators: Banks/FinTechs/other third parties can launch their own account aggregation services by dashboarding their customers’ and non-customers’ various bank account details. E.g., HSBC Bank has launched an account aggregation platform by partnering with a FinTech startup ‘Bud.’ By capturing their account data, banks can also provide PFM, spend categorization, and savings tools, which will enable them to engage with their customers on newer dimensions.
  • Payment Service Providers: Third-party providers, based on customer consent, can directly execute payments and collections between financial services providers without depending on intermediaries such as card schemes, i.e., between wallet and banks, between banks and e-commerce, and other applications.
  • Banking-as-a-Service: Termed as the “Uberization of Banking,” companies can offer white label banking suits with various core functionalities in the form of APIs to various external solution providers. With this model, banks retain stakes in product and service development, as well as distribution, by acting as a market intermediary and facilitating activity among customers, producers, and distributors.
  • Ecosystems: Ecosystems could be Open Banking’s final development stage. Open Banking APIs are the starting point for new-age networked banking. Banks can complement their digital services and provide services to affiliated partners and others beyond banking services to offer comprehensive end-to-end financial services. This can create a new experience for the customer, much like the App Store. Customers can choose which partner solutions they want, and the bank becomes the navigator of their own services and other third-party products and services via APIs. Some banks such as Starling Bank, N26, and Monzo have adopted this model and are seeing increasing success. 
  • Bank API Portals: Traditional or challenger banks that have direct-to-customer models but also offer their products and services as APIs to third-party players such as FinTechs, which use them to build innovative services propositions. 
  • Financial Infrastructure API Companies: Financial institutions are also investing in financial infrastructure API companies to accelerate the Open Banking strategy. There are over 150+ financial infrastructure API companies, with some prominent ones mentioned below:

Source: Financial Infrastructure API Companies Are Coming of Age

How countries are putting Open Banking into practice

Following Europe and the UK, similar aspirations for Open Banking are now being seen worldwide. These broadly fall into two categories: market-driven and regulatory-driven. Since the drivers for Open Banking vary across geographies, it would be inaccurate to favor either of these models. However, the regulatory model supported by well-defined standards seems to have worked well in the UK, starting to see positive results in the EU.

Market-driven: Countries like Singapore and India do not have compulsory Open Banking regulations, but the policymakers are introducing a range of measures to promote and encourage the uptake of Open Banking. In Singapore, the MAS and the Association of Bank published a Finance-as-a-Service API playbook and launched a regulatory sandbox for experimentation between FIs and FinTechs. The US has also opted for a market-led approach, and there is no government-sponsored Open Banking policy. Many progressive financial institutions are leaning into open API-based business models to fight back data aggregators’ insecure practices of screen-scraping. India has had a very different and intriguing approach to Open Banking. Unlike many other geographies where Open Banking and instant payment initiatives are running in parallel, India instead launched Open Banking with payments on what is known as the Unified Payments Interface (UPI). It is now widely considered the best real-time payments network worldwide. After the large-scale success of UPI, India has launched an Account Aggregation framework, which is its first foray into consent-based financial data sharing (though this is not a regulatory mandate in India).

Regulatory-driven: Countries like Hong Kong and Australia have gone down the path of a regulatory-driven approach. The HKMA published the Open Application Programming Interface Framework for providing guidelines and time frames for deploying Open APIs. The framework has a four-phase approach to implementing various Open API functions. The HKMA has made it a regulation for Hong Kong’s larger banks to comply with the Open Banking regulation and provide Open APIs. In Australia, Open Banking was introduced as part of the Consumer Data Right (CDR) by Australia’s Federal Government. The CDR will allow consumers to share their data with authorized third parties they choose. The critical difference is that CDR is a data policy initiative and not just a financial services initiative; it will be extended to other sectors like telecom and energy sectors, to begin with. Japan has introduced a “soft” Open Banking regulation. The FSA has amended its Banking Act to establish a framework for regulating electronic payment service providers, where banks were required to publish their affiliation and cooperation with third parties. Banks in Japan can charge fees to disclose customer data, unlike the UK’s Open Banking and PSD2.

Barriers to adoption of Open Banking

  • Lack of customer awareness: Customers need to be educated to familiarize themselves with the concept and generate buy-ins. Consumers will need time to become aware of and understand the benefits. It is ultimately the ability to engage customers that will determine the success of Open Banking.
  • Cost of transformation: For some banks, the incremental cost to enable, roll out, and maintain Open Banking is a barrier to adoption, especially if they do not have a strategic view; it’s not clear how much they can profit from this.
  • Legacy systems: Banks’ core and legacy systems have become complicated over time and can make interoperability with Open Banking APIs a challenge.
  • Data security and fraud: Open Banking relies on data sharing. When it comes to Open Banking, banks are particularly concerned about data security and customer privacy because they can be held liable resulting in hefty fines and a loss of customer trust. Concerns over fraud and data security inhibit customer adoption.
  • Data sharing anxiety to competitors: Banks are faced with a dilemma on how much customer data they should expose to make Open Banking meaningful, but without losing control over customer data and product cannibalization.
  • Better entrenched competition: Today, banks face competition by FinTechs, neobanks, and technology giants like Amazon, Google, and Facebook that are improving existing financial services by enhancing capabilities, improving convenience, or lowering prices and fees for consumers. Banks that don’t proactively think about their strategy could face eroded market share, increased customer churn, and increased pressure on margins.

Success Factors – Open Banking

Open Banking is still a relatively new development, and it will likely take some time to observe its full impact on financial services. Gaining consumer trust is the most vital element for realizing the true potential of Open Banking. Regulations are a catalyst and can create a conducive environment for innovation and customer reassurance. However, it is ultimately the ability to engage customers that will determine the success of Open Banking. Ecosystems and the digital economy could be the ultimate expansion of Open Banking!

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Keep reading

See all blogs
Prove’s Tim Brown Explains How to Reduce Fraud and Improve Onboarding with Identity Verification

Reporters from GreenSheet, a popular publication that highlights trends in the banking, financial services, and fintech markets, recently met with Prove’s Global Identity Officer, Tim Brown to learn how advanced identity verification solutions are driving faster and better digital customer onboarding.

Kaushal Ls
May 21, 2024
Prove CEO Rodger Desai Featured on Fintech Leaders Podcast

Prove CEO and co-founder Rodger Desai was recently the featured guest on the Fintech Leaders podcast with fintech leader and entrepreneur Miguel Armaza. The two discussed the identity verification market, innovations in onboarding and customer enablement, and explained how smartphone data provides the most effective way to verify customers.

Kelley Vallone
May 16, 2024
Marketplace Risk Proudly Names Prove as the Leader in Identity Authentication

Marketplace Risk, a leading authority in risk management for online platforms, has announced the recipients of its annual Solution Provider Excellence Program. This prestigious initiative spotlights industry leaders in risk, trust, and safety solutions, showcasing their expertise in addressing the challenges encountered by digital marketplaces, gig economy, and digital platforms. Among the winners is Prove.

May 15, 2024