James McMorrow, head of payment strategy, Lloyds Bank, believes it is time for financial institutions to choose their strategic path to PSD2 compliance – and to embrace the benefits of open banking.
Designed to drive increased competition, innovation and transparency across the European payments market, the revised directive on Payments Services (PSD2) has potential to reshape the financial services industry as we know it.
One of the most disruptive elements of the new directive, which banks must implement in January 2018, is the Access to Account rule (XS2A) whereby third-party providers (TPPs) who are regulated and authorised by customers will be able to receive account data from banks. This will enable them to provide the customer with an aggregated view of their balances and transaction information, for example.
As such, PSD2 signals a clear move towards European 'open banking’ - a model which has already gained significant traction in the UK and is being supported by the UK government as an opportunity to drive innovation and competition in financial services.
Competition as a catalyst
In the eyes of many traditional banks, however, the 'open’ philosophy behind PSD2 appears to introduce a significant competitive threat. Although the proposed barriers to entry are low for third parties, and the openings for challenger banks and technology vendors could be wide-ranging, PSD2 actually offers a new world of opportunities for incumbents too.
What dictates the size of those opportunities is how banks respond, and how quickly. It may be tempting to ‘wait and see’ given the current lack of clarity around the Regulatory Technical Standards (RTS) - particularly in relation to the data security standards and transparency requirements around ‘one leg out’ (OLO) transactions. But slow-movers can risk being left behind as there are a number of strategic decisions and actions that banks can already work towards, even without defined RTS.
First and foremost, banks must decide what their business response to PSD2 will be. Do they intend to simply achieve basic compliance with the regulation, or do they want to look for opportunities in regulatory change? The answer will depend largely on which customers the bank serves and what their needs are.
A large asset management bank that has a very small corporate or consumer customer base in the European Economic Area (EEA), for instance, may feel that basic compliance - simply supplying customers with the minimum level of data required - is the best business case for them.
Meanwhile, a bank with a considerable customer base and an appetite to grow its business within the EEA may prefer a proactive stance. This means looking not only at compliance, but how to leverage PSD2 as a catalyst for developing new business models and delivering services to customers in a more intuitive way.
This 'regulatory plus’ route might involve leveraging new technology to consider new payment channels and technologies, such as innovative blockchain solutions, or low value disbursement models which provide end-to-end transparency around transaction charging. It might also involve the provision of value-added services around data.
If, for example, a multi-banked corporate customer chooses to use the bank as a provider/aggregator of choice, there is an opportunity for the bank to then deliver rich data and analytics to the corporate. This information can be plugged back into the business to help the corporate better understand their working capital, for instance. Leveraging standardised data in this way could significantly reduce the operational burden on clients, whilst also allowing banks to better understand their customers.
Of course, opportunities for data-sharing will be limited by how the final legislation is set out, and there will be delivery model challenges for banks to overcome (since the provision of data services is not a traditional activity for banks), but much of the groundwork and evaluation around value-added services can be done now.
Partnering for growth
Similarly, from a technology infrastructure perspective, many of the requirements for complying with PSD2 are already clear. Application programming interfaces (APIs) will play a huge role in facilitating PSD2 and many banks will therefore be looking to leverage providers to help them achieve the right technology infrastructure.
Again, for those banks viewing PSD2 as a catalyst for change, the aim will be not just to meet compliance but to build a platform that will deliver in line with customer needs and future regulatory developments into the 2020s.
It is not just technology vendors which require consideration, however, partner banks must also be assessed. This may be the case for financial institutions which aren’t fully-fledged members of payment schemes in a particular country, such as the UK, who could consider leveraging future developments from access providers, including larger banks.
In addition, although PSD2 only defines requirements for data sharing within the EEA, banks could consider creating private networks to share data via APIs for the benefit of their customers, subject to the relevant agreements. This may be between banks to provide value-adding solutions, but also with alternative providers, making private networks and partnerships an exciting option to explore.
A step forward
Elsewhere, as a result of the significant technology change required, PSD2 also represents an opportunity for banks to review and improve the way in which services, products and data (such as end-to-end international transaction costs) are delivered to clients.
Where banking has largely been behind the curve in the digital space, banks now have a chance to start designing more intuitive solutions that put the user-experience first. Competition will encourage banks to turn traditional product design processes on their head, starting first with the user experience and channel, and working backwards to the underlying solution.
As PSD2 unfolds, Lloyds Bank will continue to design and build a digital product and service environment that not only delivers an excellent user-experience but also maintains robust security standards around channels and customer data.
Throughout 2016, we will also continue to evaluate our own business models, working hard to understand how Lloyds Bank can develop new services and solutions to support our customers in a post-PSD2 environment.
After all, this is a defining moment in the history of European banking, and the way financial institutions react today will inevitably impact their ability to compete, grow and thrive in the future.