Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Regulation & Compliance

Group

EBAday
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

PSD2 is fast approaching. Don’t bury your head in the sand

The PSD2 deadline is just seven months away, and we all know just how quickly time flies. Market feedback suggests that many financial institutions are still in the ‘reflection’ phase. So far, this year we have seen the EBA (European Banking Authority) publish the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and common and Secure Communication (SC) – this, in hand with the approaching PSD2 deadline, will force these banks to increase their efforts.

When we consider the complex infrastructures, inflexible roadmaps and long development / implementation lifecycles typical within most financial institutions then the urgency to implement a compliant solution becomes apparent. If we add to the mix that PSD2 inevitably brings its own complexities, such as strong security challenges associated to PSD2 XS2A (Access to Accounts) and the strategic implications of the directive, then that seven-month period is right behind you.

Over 4,000 European banks must open their legacy (mainframe) data stores to Third Party Players (TPP) for retrieving account information or initiating payments via APIs.

Those banks, which already launched studies in context of PSD2 know that the impact of the IT and operational related issues are considerable:

  • A secure API gateway with coarse grained and fine grained API authorization.
  • Integration with different - often very closed - legacy systems.
  • Management of the customer consents for TPPs to retrieve data.
  • The technical and operational process for onboarding TPPs.
  • A sandbox for TPP developers to find the documentation about the bank’s APIs and to test them.
  • Providing a trained support desk to TPP developers to contact in case of integration issues.

Considering the effort this involves, it is very likely that many banks will just do the bare minimum to be compliant. This could be a short-sighted strategy and the banks who adopt this approach risk missing out on future revenue opportunities, as PSD2 is just the beginning! Banks must accelerate their transformation to an Open Bank environment, offering innovative value-added customer services in several ecosystems. To help them on their journey, banks should acquire a solution to build tailored digital experiences faster and more agile and which provides a full pre-packaged PSD2 offering. If financial institutions don’t invest now to become more actively present on the new playing field by creating innovative, customer-centric services, they are likely to get left behind.

Don’t bury your head in the sand, if you act now the chances are you could start to fly.

11860

Channels

Regulation & Compliance

Group

EBAday
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (1)

Tom Hay
Tom Hay - Payment Systems Europe - London 22 May, 2017, 09:51Be the first to give this comment the thumbs up 0 likes

Looking for a "a full pre-packaged PSD2 offering" is rather like the futile quest for El Dorado. The purported solutions we have seen so far offer only a fraction of the required functionality. Some work only for mobile devices; most do not address the requirement to handle corporate payments; consent and data redaction are not addressed; and so on. In any case, the ongoing controversies around the RTS make PSD2 compliance a moving target.

It's a racing certainty that any bank that is still 'reflecting' rather than doing will miss the Jan 2018 deadline. There's no 'silver bullet' solution they can plug in to achieve instant compliance.

Report abuse
Join the discussion
Stacey Small

Stacey Small

Business Development

The Glue

Member since

10 Nov 2016

Location

Leigh on Sea

Blog posts

9

More from Stacey

This post is from a series of posts in the group:

EBAday

EBAday is the annual event for European payments professionals organised by Finextra and the Euro Banking Association. This community has been created to deliver a forum for EBA delegates to exchange views on instant payments, open banking and new developments in payments processing and technology.

See all
Community
See all blogs »
Banking 

FCA and BoE data sharing changes: the impact on lenders

Nick Green

Nick Green

Data Management and Governance 

Why those in financial services must spring clean their customer databases

Barley Laing

Barley Laing

Banking Strategy, Digital and Transformation 

Future of Payment Review: six-months on – Digital Payment Infrastructure

John Bertrand

John Bertrand

Artificial Intelligence  

Towards AI Agents: addressing rule-based governance deficiencies

Freddie McMahon

Freddie McMahon

Now hiring

See more