Or maybe the headline should really read EU PSD2, open access APIs are not just for banks and the first thing we all need to be clear on is that UK open banking, that has been launched with the CAM9, is not the same as PSD2 open access APIs.
So who does PSD2 open access APIs apply to? Well PSD2 uses the term ‘Transactional Account’ and in the UK the FCA defines a transactional account in the FCA handbook as a ‘Payment Account’. So what we need then is a definition of a Payment Account which
is covered in the FCA regulation 2 as:
"an account held in the name of one or more payment service users which is used for the execution of payment transactions"*
So the first thing to be clear on is the definition is far wider than just bank accounts. In fact based on Konsentus estimations there could be around 8,500+ Financial Institutions in Europe the regulation will apply to. Of course not all Electronic Money
Institution or Payment Institutions will offer payment accounts. Thus whilst over 80% of us in the UK bank with Barclays, HSBC, Lloyds, Santander or Royal Bank of Scotland the regulations are going to effect a far wider audience.
Types of FIs Number in Europe
Banks (*1) 4,800+ across EU Member States
Building Societies (*2) UK: 44
Credit Unions (*3) 1,548 across EU Member States
Electronic Money & Payment Institutions (*4/5) UK: 5,500+, EU over 8,800+
Prepaid Programme Managers (*6) EU: 50+
The next thing to clarify is that it is also not just about consumer products, PSD2 open access API requirements apply to business payment accounts as well.
So what does this mean in reality, well it applies to pretty much every physical open loop prepaid card even those targeted for instance at children like goHenry or travel cards like FairFX and Caxton. Although they may be regarded as not really offering
an ‘account’ under the regulations, they offer payment accounts and thus will need to offer open access APIs.
The other slightly unusual aspect of this as with FairFX, is that FairFX is the brand owner, PCT is the Programme Manager, Wirecard Card Solutions is the issuer. So although the regulatory obligation will fall on the issuer (Wirecard) they will in turn
pass this down to the Programme Manager who will in most cases, but not all deliver the API solution on behalf of the brand.
But the regulation is even wider, it also applies to all those wallets you might know such as Paypal, Skrill and Neteller, but it also equally applies to lesser known wallets such as Neosurf which look to serve distinct customer segments.
That is not to say end-users today understand this. Which? found that 92% of respondents hadn’t even heard of it. Imran Gulamhuseinwala, head of Open Banking Limited, the non-profit coordinating the system, admits that “it's going to take a while for us
to see really new, very different services.”
So whilst many companies will consider themselves not to be banks, and many may not even consider they have transactional or payment accounts in reality the new PSD2 open banking access will apply to them. They will need to put into place open APIs that
approved Third Parties can access along with a consent and preference management system to manage this access.
*Source: FCA Handbook PERG 15 Guidance on the scope of the Payment Services Regulations 2009
(*1)
https://www.ecb.europa.eu/stats/ecb_statistics/escb/html/table.en.html?id=JDF_MFI_MFI_LIST (excluding the United Kingdom)
(*2) https://www.bsa.org.uk/statistics/sector-info-performance/sector-information
(*3) http://www.creditunionnetwork.eu/cus_in_europe
(*4) https://paymentinstitutions.eu/about-epif/the-payment-institutions-sector/about
(*5) http://www.telegraph.co.uk/business/2016/09/20/almost-5500-finance-firms-use-passports-to-access-single-market/
(*6) Polymath Consulting Analysis