As the dust starts to settle on the implementation projects related to PSD2 in the European Economic Area, it's time to reflect on what is happening with the move to open banking and ask, what has it given us so far - and is it really just about payments?
The move to open banking is now well on the way. Not least because of the impact of the Revised Payment Service Directive, PSD2, and open banking regulation in the EU and the UK respectively over the last few years. The implementation of the PSD2 technical standards were largely completed in 2019, with a few exceptions that are still being worked through. Moreover, the implementation of specific parts of the legislation, for example the Secure Client Authentication (SCA) still has till December 2020 to be implemented for ecommerce companies. However, for many banking clients it is questionable whether they have noticed any dramatic changes. Indeed, while there have been some changes to their user experience, other changes are in the background of their banking service and are either too subtle to or too early to detect. Nevertheless, things have changed. Here are five things that have changed because of open banking and PSD2:
1. Fee transparency and a level playing field have improved the economics for clients
Clients based in the European Economic Area (EEA) and beyond, have received letters or notifications from banks and other payment service providers outlining adjustments to terms and conditions. These banks and service providers have been forced by the regulators to make transparent their payment terms and standardize them. Credit transfers, direct debits, card payments, mobile and online payments all operate under one set of rules that apply to all ‘payment service’ companies. Liabilities from unauthorised payments have been reduced, with ‘no question asked’ refunds being facilitated, surcharges on credit cards have been completely prohibited and complaint procedures have been reduced to a maximum of 15 days. Ultimately, the open banking and PSD2 legislation have sought to provide a ‘level playing field’ for new players and encourage competition. Consumers should be, by now, benefiting from lower payment costs and improved service.
2. User experience – payments have become easier and faster
Perhaps the most obvious change over recent years, and something we now take for granted is the ease in which we can make payments digitally. Without the need to log in or access our banks directly, there are numerous ways where payments can be initiated via various apps or cards. While some of these innovations would have come along without the direct pressure of the regulator, the introduction of the Payment Initiation Service Providers (PISP) and Account Information Service Provider (AISP) is unlikely to have come about so easily. A PISP is a third-party company that is authorised by the client to make a payment on their behalf, without the need for the client to visit their own bank’s online service, and the AISP is a company authorised to provide a combined aggregated view of multiple client accounts. Clearly a PISP or an AISP can, in effect, disintermediate a bank from its own client, so it may not have been in a bank’s immediate own interest to be cooperative. Moreover, the technical mechanism required to make this happen needed to be highly standardized across the whole industry and made very secure. These are both points that banks would have found difficult to agree upon alone without the regulatory intervention.
3. The use of the Strong Client Authentication (SCA) is making digital transactions more secure
The greatest paradox of the term ‘open banking’, is that consumers expect banks to hold their money with stead-fast security, ideally locked in a closed volt, and yet we ask them, at the same time, to be open to third party apps, so that the user experience can be fast and seamless. Invariably, coupled with today’s cyber security requirements, the industry needed an agreed process for dealing with payment requests securely. Therefore, the Strong Client Authentication (SCA) mechanism was mandated, which has led to the need to authenticate many types of payments over smart phones to provide a second level of authentication. There is some way to go to make this mechanism user friendly for all, or indeed cover the millions of people who do not use smartphones. But with the new versions of the industry protocol, 3D Secure 2.2, being set for rollout by the end of 2020 and specialist firms, such Avaloq’s partner Ergon, to implement them, this method of authentication is rapidly becoming the norm.
4. Fintech ecosystems are delivering new innovations
Open banking is more than just about making payments simpler and more secure. It is about providing innovative new services to clients. By forcing banks to put the right infrastructure in place, and standard processes to interact with third-party providers (TPP), the regulator has created an environment where smaller fintech and service companies can compete to provide better client experiences. Whether consumers are yet adopting these new services is difficult to assess. At a digital banking conference in London in 2019, it was estimated that there were over 100 PISP or AISP apps in some form of existence in the UK, yet across Europe less than a dozen at that time. Nevertheless, companies like Money Dashboard, Sofort, Trustly and Intuit Mint are now providing such services. And, there are a rapidly growing number of the fintechs now developing to the REST open API standards required for app integration. The Avaloq.one Ecosystem has over 100 fintech partners that are working with its community of banks and wealth managers to support their service offering to clients.
5. Rapid time to market of new services with open banking architectures
It is unlikely that banking or wealth management clients would be immediately cognizant of the benefit of underlying system architecture changes. However, the effect will be perhaps the greatest on the industry over the coming era. The days of banking rigidity are numbered, as one of the indirect consequences of the open banking regulations is that many banks have taken the decision to move away from their long held monolithic architectures and aim instead for agility. The new architectures make use of containerised API based microservices and SaaS based delivery. Upgrades and changes that would in the past have to be scheduled over several days of a long weekend can now be deployed piecemeal in a matter of hours. New technical innovations can be trialed quickly in small steps, without the risks associated with mass deployments. Many banks and wealth manager are now taking the steps needed to become the real-time, always-on, service-driven organisations that their clients have come to expect.
Find out more in this case study about the implementation of the open banking and PSD2 regulations at Avaloq clients.
Written by Mark Shields
Mark has over 20 year's of experience working with financial technology across the banking, asset management and capital market sectors. He regular writes content for Avaloq's global community of banks and wealth managers, covering technology trends and innovations, to provide insight and provoke new ideas.
Download the case study
Learn more about:
What are the challenges of open banking and the PSD2 regulation
Open banking has become a strategic priority and an IT security paradox for many financial institutions. The castles have to open their gates and lower their drawbridges, while, at the same time, finding new ways to defend against unwanted guests. In this context, many see IT security as a challenge and an inevitable evil – but nothing could be further from the truth. When done right, securing APIs can actually be the key factor to improving user experience in an ecosystem.
To keep their competitive edge, banks and wealth managers require efficient ways to operate and increasingly turn to SaaS or BPaaS providers offering cloud-based solutions to implement rapid business model shifts. Many are moving to a platform model of operation, and are adopting cloud-based services to achieve their aims.
We have noticed, that your browser language is not Japanese and you have tried to access our Japanese website avaloq.com/ja-jp. Please note, that we provide a global version of our website.
By clicking the "accept" button, you agree to be redirected to the global English version of this website avaloq.com. If you would like to stay on the Japanese localized website, please click "cancel" or the close button "X".
お客様のブラウザの言語設定が日本語でないのにも関わらず、日本語の Web サイト avaloq.com/ja-jp にアクセス頂いております。弊社ではグローバルバージョンの ウェブサイトを提供しております。