The PSD2 directive will be effective starting from January 2018 — a plenty of time it seems. However, two years for EU member states and banks to incorporate new regulations are in fact very tight schedule.
Meeting new directive requirements means to banks a lot of work on infrastructure. They typically rely on legacy systems with monolithic structures not prepared for communicating with the outside world other than the user’s frontend interface. Implementing
support for APIs can be tricky and will definitely take some time and effort.
More time, more trouble
Fortunately—and sadly—for banks, they will have more than two years for tweaking their systems to let third party providers (TPPs) use the clients’ data stored there. Banks
have to wait for the European Banking Authority (EBA) to define necessary guidelines and regulatory technical standards (RTS): the PSD2 relies heavily on strong customer authentication
and secure communication, and the RTS is the essential tool to achieve this. What’s so sad about it then? The problem is that the standard will not appear very soon. The EBA closed an industry discussion on this RTS two months ago and expects to publish the
draft version this summer for another three-month consultations. And even if the standard is ready and adopted by the EU Commission, it will come into force 18 months later — at least 8 months after the PSD2 becomes effective. “At least” is the key.
In other words, banks will gain more time, but the real technical work on infrastructure will be possible only after the RTS is finalized and published. This raises questions about the PSD2 status in the meantime: how can it be effective if it can’t be
Prepare for war
The extra time banks got from the delays in the legislative/technical timeline should be spent on preparations other than just modifications of the software. Financial institutions of today have to adapt to the new world of tomorrow, with new players and
Bank-as-a-Service model of business. It’s not that hard to imagine banks with no infrastructure, but rather using APIs to other banks and service providers as building blocks of their own offer: pick the best deal on bank account, combine it with the most
attractive deposits from another financial institution, add some PFM, third party payment services and express transfers, spice it with a hard to beat credit card, mix with peer-to-peer or regular loans and voila! They don’t even have to open any branch offices—KYC
process and customer support can be done remotely, and the cash withdrawal or depositing is also available through the third parties: ATMs owners or points of sale with card readers or proper software applications.
What will define the PSD2 era of banking? Agility. Banks now have the time to think out their strategies for the inevitable: fighting smart competitors and customers always able to pick the best deals on the market. Financial institutions will have to be
very flexible, keeping their costs on the lowest level possible. When the clients’ data start to move freely among banks and the third parties, the last stand of the old fashioned banking will be over.