From this blog two years ago, how much has changed?
So PSD2 arrived in a flurry of nothing. As underwhelming as it was entirely predictable, not only was the first deadline missed by pretty much all concerned, the innovative and enticing new services PSD2 is supposed to facilitate are far from fruition. Banks
either feel there is little in it for them, or that the average customer simply couldn’t give two figs about such services, or they are just so slow to move that it will take another year or two yet for this new ‘era’ to settle in. The reality is that it’s
all three, but, quite aside from a regulatory mandate, revenue and profit will always be the chief concerns.
The combination of PSD2 with GDPR updates in May has created a certain amount of complexity and confusion. A recent survey of global financial institutions conducted by Finextra found that
94% of respondents perceive there to be a contradiction between PSD2, requiring banks to share more data, and incoming GDPR updates, requiring
them to be ever more careful about sharing data.
A key feature of the GDPR updates is the deletion of data on request. It’s a complex undertaking but the problem for most banks won’t be the deletion of the data, it’ll be locating the data in the first place.
Says Brian Costello, chief information security officer, Envestnet, Yodlee, “Most banks don’t have internal APIs let alone external ones -they don’t have a single view of their customer.”
Is that to say they are not up to the challenge though? Banks are large, long-standing complex organisations that have been dealing with regulatory hoops and hurdles (albeit more in the last ten years than ever before) since the dawn of their time. This
is do-able. So is it just an excuse for banks to delay something that doesn’t have immediate gains for them? And in fact represents considerable losses? Well, yes.
Cross border payments represent a potentially great loss for banks in this new set-up. PwC’s Guenther Dobrauz, director at PwC Legal FS Regulatory and Compliance Services, speaking at Enterprise Ireland’s Future of Fintech event in Dublin (part of the European
Financial Forum), goes so far as to say, “it is one of the last remaining areas of legal theft”, even. When it’s put like that, it’s easy to understand why no bank would want to throw it open to cannibalisation.
Dobrauz adds the perceived contradiction between PSD2 and GDPR is being exaggerated by banks. No doubt they are both complex and they’ll need to figure out, but is it just an excuse to drag their heels because they stand to lose out a fair bit on that lucrative
legal theft revenue.
“It's a nice little earner for them which is being disrupted. And PSD2 is the first, to my knowledge, regulation penned in a way to specifically open up banking architectures for new providers, opening up the holy grail- access to client data. Yes, there
is complexity but only half-honest, it is also a defence battle.”
Bragi Fjalldal, director at Meniga throws a further aspect into the mix in saying GDPR will favour third parties, because consumers expect to accept new terms and conditions from new providers, but to accept a plethora of new opt-in style permissions from
their own bank, be it entirely for their benefit or not, will present a tiresome exercise.
Let’s not also forget that the standards were only set in November and access to accounts will only take effect November 2019.
“Only at the end of this year will there be a race for banks to get the APIs in place”, according to John Broxis, managing director of PRETA/Open Banking.
Metro Bank’s chief commercial officer, Paul Riseborough said banks will likely use data aggregation to offer lending services but that these won’t really take hold for another three years. Riseborough also reckons SMEs to be the sector that represents the
biggest opportunity for banks. Services such as cash management can be revolutionised- cash collection and deposits, for example, and the digitisation thereof.
Meniga’s Fjalldal, commenting on the Finextra survey in which global bank respondents cited Google, Apple, Facebook and Amazon (aka the GAFAs) as the biggest threat, he said, “if that’s [the banks’] biggest fear, why aren’t they doing more? The one thing
that can prevent PSD2 or open banking from being a gradual process is if these guys do something, and it wouldn’t be that hard for them to build a much more compelling digital banking experience- they could just become a marketplace in return for access to
data- they wouldn’t need a banking licence.”
What could the banks do to compete then, exactly? Fjalldal says banks talk about building algorithmic AI-driven engagement and chatbots- but is that what people want?
“Monzo's popularity shows people want categorisation, simple stuff, merchant mapping, target setting. It’s not that complicated,” he says.
Card-linked offers are an example, where banks can share with retailers a database of consumer spend in their retail sector, enabling the merchant to offer a whole new reach of customers significant discounts to bring them in, ie 20-30%, and in return gives
the bank the marketing budget. Consumer card spend is easily tracked by the bank and the discount easily refunded to the customer at the end of the month.
Aggregated consumer data analytics is another potential source of new revenue for banks, according to Fjalldal. Real time market share developments, per supermarket, for example, per area, average ticket size, time per visit, etc.
“Currently, companies buy data from Nielsen and other market research companies, based on interviews, not market data. This is a subscription model, you need consent to do it but it’s only based on aggregated data, not personalised,” Fjalldal contiunues.
In the meantime, however, financial organisations do need to get on top of their data storage, pronto. They'll be obliging no such deletion request if they can't find it in the first place.