25 March 2018
Chris Brown

Trusek Technical

Chris Brown - Trusek

8Posts 84,137Views 13Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Does PSD2 have to be complicated?

28 July 2017  |  1910 views  |  0

There has been a huge amount written about PSD2 recently and much of it appears to be, with the greatest respect, over complicating the issue.


Very fundamentally, to provide for all of the requirements of PSD2, we have three transaction types: balance, transaction list / statement and payment. 


Obviously, since these requests are coming from companies that are not the account holder, the requests must be authorised. The most straight forward way of handling that is by a set of account holder mandates. The company sends a request to the account holder, by way of their bank, requesting a mandate to complete the desired transaction. The account holder is notified that a request for mandate is pending on their account, and the next time they log in to their account they can choose to accept or reject the request.


The mandate request should be of the form: 

Company: XYZ Ltd has requested access to: see your account balance on your account: 12345678 Sort code: 12-34-56 from: dd/mm/yyyy to: dd/mm/yyyy


It must be possible for the account holder to rescind the mandate at any time.


On successful acceptance of the mandate request, a mandate key is to be sent to the company. When the company later sends a transaction request they will include the mandate key under which they have been authorised.


So far, so simple.


Of course account holders will not want to be constantly bombarded with mandate requests from all and sundry so it would make sense to ensure the companies making the requests have a bank account with a European bank and that the bank has authorised them for the request. This has the added benefit that, should the banks request any transaction fees, these are then just a matter of cross charging between banks.


So how does it work? The company’s bank provides an API that the company can use to request a mandate. The account holder’s bank provides an API, only accessible to banks, that allows the company’s bank to forward the mandate request. When the request has been approved by the account holder the account holder’s bank calls an API, only accessible to banks, provided by the company’s bank, that allows the mandate to be given. The company’s bank will hold the mandate for the company and provide a unique reference to it to the company.


You can see where the complexity is creeping in. Each of those API’s must be agreed and created according to a standard such that each bank is able to communicate with each other effectively and that standard doesn’t exist. If nothing is done now, each bank will create their own API according to their own standards and a whole, unnecessary, industry will be born aggregating and unifying them so that they can actually be used.


In fact the whole business lends itself to the payments network I have discussed previously, although this could be better described as a banking network. On such a network these transactions, with associated mandate management, are simply another way for banks to do business together in a competitively cooperative manner. 


Once you have introduced the concept of a mandate you can go further though. How much more confident would you feel about a direct debit mandate that was of the form:


Company: XYZ Ltd has requested access to: Directly Debit on your account: 12345678 Sort code: 12-34-56 once a month on the 13th of the month, for an amount in the range: £10 - £200


Is that not a bit more controlled than what we have now? Effectively: 

“I give company: XYZ Ltd free rein to take from my account as much as they like whenever they like and we’ll fight about it later if I disagree with what they have done.”


Or how about banks becoming the main KYC repository for all industry? If a company wants to confirm the identity of a customer they send a request, via the network, to the customer’s bank. The customer can approve the request, including how much information should be given, and the KYC confirmation can be returned to the company. Clearly this is a service the bank could charge for and the account holder remains in control of their data.


So, in answer to the original question: no. It doesn’t have to be complicated. But we could do with a decent inter-bank communication system to enable this and all the other transactions that banks have with each other.

a member-uploaded image TagsPaymentsInnovation

Comments: (0)

Comment on this story (membership required)

Latest posts from Chris

Who else will eat the banks' lunch?

15 September 2017  |  5971 views  |  0 comments | recomends Recommends 0 TagsInnovationOpen APIsGroupFintech

Does PSD2 have to be complicated?

28 July 2017  |  1910 views  |  0 comments | recomends Recommends 0 TagsPaymentsInnovationGroupInnovation in Financial Services

An upgrade for Credit Unions and Community Banks?

21 July 2017  |  6686 views  |  0 comments | recomends Recommends 0 TagsRetail bankingInnovationGroupInnovation in Financial Services

Banking on a pre-paid card platform

14 July 2017  |  21134 views  |  3 comments | recomends Recommends 0 TagsInnovationStart upsGroupFintech innovation and startups

What will replace the card schemes?

07 July 2017  |  13832 views  |  5 comments | recomends Recommends 3 TagsCardsPaymentsGroupInnovation in Financial Services

Chris's profile

job title CTO
location Amersham
member since 2017
Summary profile See full profile »
Co-founder and CTO of Trusek (trusek.com). Trusek is a FinTech development house with 3 products: a multi-currency core banking platform. A connections hub: for connecting FinTech service providers to...

Chris's expertise

Member since 2016
8 posts13 comments
What Chris reads
Chris's blog archive
2017 (8)

Who's commenting on Chris's posts

Ketharaman Swaminathan
David Godfrey
Susan Hall
João Bohner
Anthony Pickup