So PSD2 arrived in a flurry of nothing. As underwhelming as it was entirely predictable, not only was the first deadline missed by pretty much all concerned, the innovative and enticing new services PSD2 is supposed to facilitate are far from fruition. So
why is this? Banks either feel there is little in it for them, or that the average customer simply couldn’t give two figs about such services, or they are just so slow to move that it will take another year or two yet for this new ‘era’ to settle in. The reality
is that it’s all three, but, regulatory mandates aside, revenue and profit will always be the chief concerns.
The combination of PSD2 with GDPR changes in May has created a certain amount of complexity and confusion. A recent survey of global financial institutions conducted by Finextra found that 94%
of respondents perceive there to be a contradiction between PSD2, requiring banks to share more data, and incoming GDPR updates, requiring them to be ever more careful about sharing data.
A key feature of the GDPR updates is the deletion of data on request. It’s a complex undertaking but the problem for most banks won’t be the deletion of the data, it’ll be locating the data in the first place.
Said Brian Costello, chief information security officer, Envestnet, Yodlee, “Most banks don’t have internal APIs let alone external ones -they don’t have a single view of their customer.”
Is that to say they are not up to the challenge though? Banks are large, long-standing complex organisations that have been dealing with regulatory hoops and hurdles (albeit more in the last ten years than ever before) since the dawn of their time. This
is do-able. So is it just an excuse for banks to delay something that doesn’t have immediate gains for them, and in fact represents considerable losses? Well, yes.
Cross border payments represent a potentially great loss for financial organisations in this new set-up. PwC’s Guenther Dobrauz, Partner & Leader, PwC Legal Switzerland, speaking at Enterprise Ireland’s Future of Fintech event in Dublin (part of the European
Financial Forum), went so far as to call cross border payments "one of the last remaining areas of legal theft”, even. When put like that, it’s easy to understand the reticence in throwing it open to cannibalisation.
Dobrauz said the perceived contradiction between PSD2 and GDPR is being exaggerated by banks. No doubt they are both complex pieces of regulation requiring significant attention, but it is just an excuse to drag their heels because they stand to lose out
a fair bit on that lucrative legal theft revenue.
“It's a nice little earner for them which is being disrupted. And PSD2 is the first, to my knowledge, regulation penned in a way to specifically open up banking architectures for new providers, opening up the holy grail- access to client data. Yes, there
is complexity but only half-honest; it is also a defence battle.”
Bragi Fjalldal, director at Meniga throws a further aspect into the mix in saying GDPR will favour third parties, because consumers expect to accept new terms and conditions from new companies and organisations, but to accept a plethora of new opt-in permissions
from their existing financial provider, be it entirely for their benefit or not, will present a tiresome exercise.
Let’s not forget, however, that the standards were only set in November and access to accounts will only take effect November 2019.
“Only at the end of this year will there be a race for banks to get the APIs in place,” said John Broxis, managing director of PRETA/Open Banking.
Metro Bank’s chief commercial officer, Paul Riseborough said banks will likely use data aggregation to offer lending services but that these won’t really take hold for another three years. Riseborough also reckons SMEs to be the sector that represents the
biggest opportunity for banks. Services such as cash management can be revolutionised- cash collection and deposits, for example, and the digitisation thereof.
Meniga’s Fjalldal, commenting on the Finextra survey in which global bank respondents cited Google, Apple, Facebook and Amazon (aka the GAFAs) as the biggest threat, said, “if that’s [the banks’] biggest fear, why aren’t they doing more? The one thing that
can prevent PSD2 or open banking from being a gradual process is if these guys do something, and it wouldn’t be that hard for them to build a much more compelling digital banking experience- they could just become a marketplace in return for access to data-
they wouldn’t even need a banking licence.”
How can banks compete then, exactly? Fjalldal said banks talk about building algorithmic AI-driven engagement and chatbots- but is that what people want?
“Monzo's popularity shows people want categorisation, simple stuff, merchant mapping, target setting. It’s not that complicated.”
Card-linked offers are an example, where banks can share with retailers a database of consumer spend in their retail sector, enabling the merchant to offer a whole new reach of customers significant discounts to bring them in, ie 20-30%, in return giving
the bank what would have been the marketing budget. Consumer card spend is easily tracked by the bank and the discount easily refunded to the customer at the end of the month.
Aggregated consumer data analytics is another potential source of new revenue for banks, according to Fjalldal. Real time market share developments, per supermarket, for example, per area; average ticket size, time per visit, etc.
“Currently, companies buy data from Nielsen and other market research companies, based on interviews, not market data. This is a subscription model, you need consent to do it but it’s only based on aggregated data, not personalised,” Fjalldal contiunued.
In the meantime, however, financial organisations need to get on top of their data storage, pronto. They'll be obliging no such deletion request if they can't find it in the first place.