Blog article
See all stories »

PSD2: the time to act is now

There’s nothing quite like an impending deadline to shake you out of summer holiday mode – and PSD2, due to come into force on September 14th, is a significant one.

Whilst the FCA recently confirmed an 18-month delay to the Secure Customer Authentication (SCA) aspect of the directive, PSD2 is about so much more than multi-factor authentication. It presents an entirely new legal structure for payments throughout the EU, introducing new types of third-party providers and, crucially, requires banks to allow secure access tothose third parties.

In a sense, this leaves banks and financial institutions with something of an existential crisis. They can provide straightforward access to third-party services – and risk becoming static utility providers. Alternatively, they can become dynamic orchestrating hubs, bringing together services such as budgeting tools, personal financial management, direct payment applications and third-party loans in a consolidated way, in order to offer genuine added value to customers.

Clearly, the second option is a much better choice. It allows the organisations at the heart of the hub to actively build ecosystems centred on their customers’ evolving needs. It enables banks and financial institutions to differentiate themselves on the basis of innovative supplementary services, without having to develop those services in-house. But delivering a hub structure requires banks and financial institutions to achieve seamless – and secure – access to those third parties, integrating their own data with those of partner organisations in a unified and dynamic way.  

So, how do banks achieve this? It is all dependent on the API economy, where APIs are the connection points which provide third-party providers access to banks’ and financial institutions’ databases – specifically, the banking accounts of customers.

This API-driven structure is more transparent, more reliable and offers tighter security than alternative techniques for offering third-party access to internal systems. So-called ‘screen scraping’, for example, may mean that if a bank changes its user interface, then the third party services it offers access to will stop working altogether. Additionally, with APIs, customers do not have to share credentials such as usernames and passwords with the third parties in question.

As third-party service providers become more tightly integrated with banks, and data flows more smoothly and at greater volume between them, so value creation will come less from owning and more from sharing. In other words, services developed in-house will be superseded by more specialist third parties. Thanks to far freer flows of data between organisations in this open banking ecosystem – and the ability to aggregate, analyse and intelligently harness these data – the ability of third parties to build services absolutely tailored to customer behaviours and needs will be enormous.

What does all this mean in practice for banks and financial institutions? In this rich ecosystem, differentiation on the basis of supplementary services will be key – and rapid responsiveness to customer demands will be critical. If customers are clamouring for an innovative new payment method, banks will need to be able to offer it at speed.

Readiness for the PSD2 deadline, then, means that banks need to establish their place within open banking, and ensure that the right technological infrastructure is in place. Third parties can then build their services directly on those APIs. Banks need modern, customer-centric platforms with a flexible integration layer which can connect to new services quickly and easily.

The era of banks and financial institutions focusing their attention inwards and ensuring that their proprietary products and services are top-quality is over. In the post-PSD2 landscape, looking outwards, and ensuring a seamless, adaptable and secure approach to linking up with others, is crucial.


Comments: (1)

Prasoon Mukherjee
Prasoon Mukherjee - Societe Generale Bank - Bangalore 15 September, 2019, 04:18Be the first to give this comment the thumbs up 0 likes

Good writeup.

Two more elements that can add value to your thought would be 

1) How will banks mange the (somewhat) conflicting need of going open (that's inevitable) on one side, and as well ensure that all regulations related to data privacy (like GDPR) are taken care. May seem easy, but will involve critical thinking and process re-engineering.

2) Standardization of APIs, which today is one of the biggest detterents to move towards API strategies at scale.


Blog group founder

Member since




More from member

This post is from a series of posts in the group:

Open Banking

Open Banking regulation, innovation and technology and it's potential to revolutionise the Financial Services Industry.

See all

Now hiring